Date
July 14, 2025, 10:38 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 24.233591] ================================================================== [ 24.234262] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 24.234504] Write of size 16 at addr ffff8881058420a0 by task kunit_try_catch/215 [ 24.234774] [ 24.235047] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.235142] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.235156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.235195] Call Trace: [ 24.235208] <TASK> [ 24.235238] dump_stack_lvl+0x73/0xb0 [ 24.235275] print_report+0xd1/0x610 [ 24.235297] ? __virt_addr_valid+0x1db/0x2d0 [ 24.235335] ? kmalloc_oob_16+0x452/0x4a0 [ 24.235354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.235379] ? kmalloc_oob_16+0x452/0x4a0 [ 24.235399] kasan_report+0x141/0x180 [ 24.235420] ? kmalloc_oob_16+0x452/0x4a0 [ 24.235444] __asan_report_store16_noabort+0x1b/0x30 [ 24.235467] kmalloc_oob_16+0x452/0x4a0 [ 24.235487] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 24.235508] ? __schedule+0x10cc/0x2b60 [ 24.235531] ? __pfx_read_tsc+0x10/0x10 [ 24.235553] ? ktime_get_ts64+0x86/0x230 [ 24.235580] kunit_try_run_case+0x1a5/0x480 [ 24.235604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.235626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.235650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.235683] ? __kthread_parkme+0x82/0x180 [ 24.235704] ? preempt_count_sub+0x50/0x80 [ 24.235775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.235797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.235850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.235875] kthread+0x337/0x6f0 [ 24.235895] ? trace_preempt_on+0x20/0xc0 [ 24.235919] ? __pfx_kthread+0x10/0x10 [ 24.235960] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.235981] ? calculate_sigpending+0x7b/0xa0 [ 24.236005] ? __pfx_kthread+0x10/0x10 [ 24.236026] ret_from_fork+0x116/0x1d0 [ 24.236045] ? __pfx_kthread+0x10/0x10 [ 24.236065] ret_from_fork_asm+0x1a/0x30 [ 24.236096] </TASK> [ 24.236107] [ 24.249408] Allocated by task 215: [ 24.251042] kasan_save_stack+0x45/0x70 [ 24.251777] kasan_save_track+0x18/0x40 [ 24.252523] kasan_save_alloc_info+0x3b/0x50 [ 24.253218] __kasan_kmalloc+0xb7/0xc0 [ 24.253370] __kmalloc_cache_noprof+0x189/0x420 [ 24.253525] kmalloc_oob_16+0xa8/0x4a0 [ 24.253654] kunit_try_run_case+0x1a5/0x480 [ 24.253820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.253991] kthread+0x337/0x6f0 [ 24.254115] ret_from_fork+0x116/0x1d0 [ 24.254241] ret_from_fork_asm+0x1a/0x30 [ 24.254374] [ 24.254440] The buggy address belongs to the object at ffff8881058420a0 [ 24.254440] which belongs to the cache kmalloc-16 of size 16 [ 24.256376] The buggy address is located 0 bytes inside of [ 24.256376] allocated 13-byte region [ffff8881058420a0, ffff8881058420ad) [ 24.258589] [ 24.259558] The buggy address belongs to the physical page: [ 24.260459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 24.261585] flags: 0x200000000000000(node=0|zone=2) [ 24.262324] page_type: f5(slab) [ 24.262832] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.263801] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.265165] page dumped because: kasan: bad access detected [ 24.265384] [ 24.265451] Memory state around the buggy address: [ 24.265607] ffff888105841f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.266683] ffff888105842000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.267604] >ffff888105842080: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 24.268269] ^ [ 24.268431] ffff888105842100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.268643] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.269622] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 24.200597] ================================================================== [ 24.201087] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 24.201350] Read of size 1 at addr ffff888103d99800 by task kunit_try_catch/213 [ 24.201668] [ 24.201789] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.201840] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.201853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.201876] Call Trace: [ 24.201888] <TASK> [ 24.201906] dump_stack_lvl+0x73/0xb0 [ 24.201938] print_report+0xd1/0x610 [ 24.202004] ? __virt_addr_valid+0x1db/0x2d0 [ 24.202027] ? krealloc_uaf+0x53c/0x5e0 [ 24.202054] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.202078] ? krealloc_uaf+0x53c/0x5e0 [ 24.202099] kasan_report+0x141/0x180 [ 24.202120] ? krealloc_uaf+0x53c/0x5e0 [ 24.202144] __asan_report_load1_noabort+0x18/0x20 [ 24.202167] krealloc_uaf+0x53c/0x5e0 [ 24.202188] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.202208] ? finish_task_switch.isra.0+0x153/0x700 [ 24.202230] ? __switch_to+0x47/0xf80 [ 24.202256] ? __schedule+0x10cc/0x2b60 [ 24.202279] ? __pfx_read_tsc+0x10/0x10 [ 24.202301] ? ktime_get_ts64+0x86/0x230 [ 24.202325] kunit_try_run_case+0x1a5/0x480 [ 24.202348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.202367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.202390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.202596] ? __kthread_parkme+0x82/0x180 [ 24.202624] ? preempt_count_sub+0x50/0x80 [ 24.202646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.202683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.202708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.202732] kthread+0x337/0x6f0 [ 24.202761] ? trace_preempt_on+0x20/0xc0 [ 24.202785] ? __pfx_kthread+0x10/0x10 [ 24.202805] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.202826] ? calculate_sigpending+0x7b/0xa0 [ 24.202849] ? __pfx_kthread+0x10/0x10 [ 24.202870] ret_from_fork+0x116/0x1d0 [ 24.202888] ? __pfx_kthread+0x10/0x10 [ 24.202908] ret_from_fork_asm+0x1a/0x30 [ 24.202938] </TASK> [ 24.202998] [ 24.213679] Allocated by task 213: [ 24.214305] kasan_save_stack+0x45/0x70 [ 24.214501] kasan_save_track+0x18/0x40 [ 24.214848] kasan_save_alloc_info+0x3b/0x50 [ 24.215227] __kasan_kmalloc+0xb7/0xc0 [ 24.215613] __kmalloc_cache_noprof+0x189/0x420 [ 24.216075] krealloc_uaf+0xbb/0x5e0 [ 24.216274] kunit_try_run_case+0x1a5/0x480 [ 24.216481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.216738] kthread+0x337/0x6f0 [ 24.216909] ret_from_fork+0x116/0x1d0 [ 24.217175] ret_from_fork_asm+0x1a/0x30 [ 24.217382] [ 24.217464] Freed by task 213: [ 24.217601] kasan_save_stack+0x45/0x70 [ 24.218236] kasan_save_track+0x18/0x40 [ 24.218416] kasan_save_free_info+0x3f/0x60 [ 24.218744] __kasan_slab_free+0x56/0x70 [ 24.218915] kfree+0x222/0x3f0 [ 24.219195] krealloc_uaf+0x13d/0x5e0 [ 24.219332] kunit_try_run_case+0x1a5/0x480 [ 24.219619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.220214] kthread+0x337/0x6f0 [ 24.220370] ret_from_fork+0x116/0x1d0 [ 24.220803] ret_from_fork_asm+0x1a/0x30 [ 24.220984] [ 24.221174] The buggy address belongs to the object at ffff888103d99800 [ 24.221174] which belongs to the cache kmalloc-256 of size 256 [ 24.221668] The buggy address is located 0 bytes inside of [ 24.221668] freed 256-byte region [ffff888103d99800, ffff888103d99900) [ 24.222469] [ 24.222667] The buggy address belongs to the physical page: [ 24.223192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98 [ 24.223487] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.224130] flags: 0x200000000000040(head|node=0|zone=2) [ 24.224524] page_type: f5(slab) [ 24.224708] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.225177] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.225601] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.226140] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.226594] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff [ 24.226963] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.227203] page dumped because: kasan: bad access detected [ 24.227453] [ 24.227547] Memory state around the buggy address: [ 24.227747] ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.228413] ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.228958] >ffff888103d99800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.229425] ^ [ 24.229578] ffff888103d99880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.229937] ffff888103d99900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.230478] ================================================================== [ 24.165175] ================================================================== [ 24.166330] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 24.167382] Read of size 1 at addr ffff888103d99800 by task kunit_try_catch/213 [ 24.167633] [ 24.167962] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.168197] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.168211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.168236] Call Trace: [ 24.168250] <TASK> [ 24.168272] dump_stack_lvl+0x73/0xb0 [ 24.168314] print_report+0xd1/0x610 [ 24.168338] ? __virt_addr_valid+0x1db/0x2d0 [ 24.168363] ? krealloc_uaf+0x1b8/0x5e0 [ 24.168383] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.168408] ? krealloc_uaf+0x1b8/0x5e0 [ 24.168429] kasan_report+0x141/0x180 [ 24.168449] ? krealloc_uaf+0x1b8/0x5e0 [ 24.168472] ? krealloc_uaf+0x1b8/0x5e0 [ 24.168492] __kasan_check_byte+0x3d/0x50 [ 24.168513] krealloc_noprof+0x3f/0x340 [ 24.168540] krealloc_uaf+0x1b8/0x5e0 [ 24.168560] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.168580] ? finish_task_switch.isra.0+0x153/0x700 [ 24.168602] ? __switch_to+0x47/0xf80 [ 24.168628] ? __schedule+0x10cc/0x2b60 [ 24.168651] ? __pfx_read_tsc+0x10/0x10 [ 24.168686] ? ktime_get_ts64+0x86/0x230 [ 24.168711] kunit_try_run_case+0x1a5/0x480 [ 24.168742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.168762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.168784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.168807] ? __kthread_parkme+0x82/0x180 [ 24.168827] ? preempt_count_sub+0x50/0x80 [ 24.168849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.168870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.168894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.168918] kthread+0x337/0x6f0 [ 24.168937] ? trace_preempt_on+0x20/0xc0 [ 24.168961] ? __pfx_kthread+0x10/0x10 [ 24.168981] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.169002] ? calculate_sigpending+0x7b/0xa0 [ 24.169026] ? __pfx_kthread+0x10/0x10 [ 24.169047] ret_from_fork+0x116/0x1d0 [ 24.169065] ? __pfx_kthread+0x10/0x10 [ 24.169085] ret_from_fork_asm+0x1a/0x30 [ 24.169116] </TASK> [ 24.169127] [ 24.181617] Allocated by task 213: [ 24.182409] kasan_save_stack+0x45/0x70 [ 24.182601] kasan_save_track+0x18/0x40 [ 24.182925] kasan_save_alloc_info+0x3b/0x50 [ 24.183267] __kasan_kmalloc+0xb7/0xc0 [ 24.183438] __kmalloc_cache_noprof+0x189/0x420 [ 24.183645] krealloc_uaf+0xbb/0x5e0 [ 24.184183] kunit_try_run_case+0x1a5/0x480 [ 24.184367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.184767] kthread+0x337/0x6f0 [ 24.185111] ret_from_fork+0x116/0x1d0 [ 24.185447] ret_from_fork_asm+0x1a/0x30 [ 24.185646] [ 24.185932] Freed by task 213: [ 24.186297] kasan_save_stack+0x45/0x70 [ 24.186487] kasan_save_track+0x18/0x40 [ 24.186679] kasan_save_free_info+0x3f/0x60 [ 24.187115] __kasan_slab_free+0x56/0x70 [ 24.187284] kfree+0x222/0x3f0 [ 24.187409] krealloc_uaf+0x13d/0x5e0 [ 24.187861] kunit_try_run_case+0x1a5/0x480 [ 24.188249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.188441] kthread+0x337/0x6f0 [ 24.188612] ret_from_fork+0x116/0x1d0 [ 24.188793] ret_from_fork_asm+0x1a/0x30 [ 24.189271] [ 24.189345] The buggy address belongs to the object at ffff888103d99800 [ 24.189345] which belongs to the cache kmalloc-256 of size 256 [ 24.190547] The buggy address is located 0 bytes inside of [ 24.190547] freed 256-byte region [ffff888103d99800, ffff888103d99900) [ 24.191295] [ 24.191376] The buggy address belongs to the physical page: [ 24.191764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98 [ 24.192271] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.192617] flags: 0x200000000000040(head|node=0|zone=2) [ 24.193130] page_type: f5(slab) [ 24.193279] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.193631] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.194349] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.194753] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.195222] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff [ 24.195558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.196096] page dumped because: kasan: bad access detected [ 24.196409] [ 24.196503] Memory state around the buggy address: [ 24.196860] ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.197363] ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.197708] >ffff888103d99800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.198397] ^ [ 24.198573] ffff888103d99880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.199166] ffff888103d99900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.199525] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.142433] ================================================================== [ 24.142760] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.143350] Write of size 1 at addr ffff88810587a0eb by task kunit_try_catch/211 [ 24.143718] [ 24.143843] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.143925] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.143938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.143972] Call Trace: [ 24.143991] <TASK> [ 24.144011] dump_stack_lvl+0x73/0xb0 [ 24.144044] print_report+0xd1/0x610 [ 24.144067] ? __virt_addr_valid+0x1db/0x2d0 [ 24.144091] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.144114] ? kasan_addr_to_slab+0x11/0xa0 [ 24.144134] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.144156] kasan_report+0x141/0x180 [ 24.144178] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.144205] __asan_report_store1_noabort+0x1b/0x30 [ 24.144228] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.144252] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.144275] ? finish_task_switch.isra.0+0x153/0x700 [ 24.144298] ? __switch_to+0x47/0xf80 [ 24.144323] ? __schedule+0x10cc/0x2b60 [ 24.144345] ? __pfx_read_tsc+0x10/0x10 [ 24.144369] krealloc_large_less_oob+0x1c/0x30 [ 24.144390] kunit_try_run_case+0x1a5/0x480 [ 24.144413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.144432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.144454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.144477] ? __kthread_parkme+0x82/0x180 [ 24.144497] ? preempt_count_sub+0x50/0x80 [ 24.144548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.144570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.144596] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.144631] kthread+0x337/0x6f0 [ 24.144650] ? trace_preempt_on+0x20/0xc0 [ 24.144682] ? __pfx_kthread+0x10/0x10 [ 24.144703] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.144724] ? calculate_sigpending+0x7b/0xa0 [ 24.144747] ? __pfx_kthread+0x10/0x10 [ 24.144768] ret_from_fork+0x116/0x1d0 [ 24.144786] ? __pfx_kthread+0x10/0x10 [ 24.144806] ret_from_fork_asm+0x1a/0x30 [ 24.144836] </TASK> [ 24.144847] [ 24.154039] The buggy address belongs to the physical page: [ 24.154364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.154869] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.155283] flags: 0x200000000000040(head|node=0|zone=2) [ 24.155623] page_type: f8(unknown) [ 24.155855] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.156173] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.156577] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.156959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.157434] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.157810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.158498] page dumped because: kasan: bad access detected [ 24.158805] [ 24.158894] Memory state around the buggy address: [ 24.159157] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.159372] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.159767] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.160243] ^ [ 24.160799] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.161194] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.161493] ================================================================== [ 23.952695] ================================================================== [ 23.953171] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.953482] Write of size 1 at addr ffff888104a978ea by task kunit_try_catch/207 [ 23.953813] [ 23.953921] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.953973] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.953986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.954009] Call Trace: [ 23.954029] <TASK> [ 23.954056] dump_stack_lvl+0x73/0xb0 [ 23.954087] print_report+0xd1/0x610 [ 23.954108] ? __virt_addr_valid+0x1db/0x2d0 [ 23.954132] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.954154] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.954178] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.954202] kasan_report+0x141/0x180 [ 23.954222] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.954249] __asan_report_store1_noabort+0x1b/0x30 [ 23.954273] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.954297] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.954320] ? finish_task_switch.isra.0+0x153/0x700 [ 23.954342] ? __switch_to+0x47/0xf80 [ 23.954369] ? __schedule+0x10cc/0x2b60 [ 23.954392] ? __pfx_read_tsc+0x10/0x10 [ 23.954415] krealloc_less_oob+0x1c/0x30 [ 23.954436] kunit_try_run_case+0x1a5/0x480 [ 23.954458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.954478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.954500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.954522] ? __kthread_parkme+0x82/0x180 [ 23.954542] ? preempt_count_sub+0x50/0x80 [ 23.954566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.954587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.954611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.954635] kthread+0x337/0x6f0 [ 23.954654] ? trace_preempt_on+0x20/0xc0 [ 23.954758] ? __pfx_kthread+0x10/0x10 [ 23.954778] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.954799] ? calculate_sigpending+0x7b/0xa0 [ 23.954823] ? __pfx_kthread+0x10/0x10 [ 23.954844] ret_from_fork+0x116/0x1d0 [ 23.954863] ? __pfx_kthread+0x10/0x10 [ 23.954883] ret_from_fork_asm+0x1a/0x30 [ 23.954914] </TASK> [ 23.954925] [ 23.961305] Allocated by task 207: [ 23.961500] kasan_save_stack+0x45/0x70 [ 23.961722] kasan_save_track+0x18/0x40 [ 23.961915] kasan_save_alloc_info+0x3b/0x50 [ 23.962132] __kasan_krealloc+0x190/0x1f0 [ 23.962708] krealloc_noprof+0xf3/0x340 [ 23.962894] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.963149] krealloc_less_oob+0x1c/0x30 [ 23.963286] kunit_try_run_case+0x1a5/0x480 [ 23.963424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.963596] kthread+0x337/0x6f0 [ 23.963800] ret_from_fork+0x116/0x1d0 [ 23.964001] ret_from_fork_asm+0x1a/0x30 [ 23.964190] [ 23.964278] The buggy address belongs to the object at ffff888104a97800 [ 23.964278] which belongs to the cache kmalloc-256 of size 256 [ 23.964813] The buggy address is located 33 bytes to the right of [ 23.964813] allocated 201-byte region [ffff888104a97800, ffff888104a978c9) [ 23.965281] [ 23.965347] The buggy address belongs to the physical page: [ 23.965599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96 [ 23.966167] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.966467] flags: 0x200000000000040(head|node=0|zone=2) [ 23.966687] page_type: f5(slab) [ 23.966883] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.967397] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.967714] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.967990] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.968274] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff [ 23.968594] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.968902] page dumped because: kasan: bad access detected [ 23.969430] [ 23.969515] Memory state around the buggy address: [ 23.969686] ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.970012] ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.970223] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.970425] ^ [ 23.970618] ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.970831] ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.971036] ================================================================== [ 23.928333] ================================================================== [ 23.928610] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.929384] Write of size 1 at addr ffff888104a978da by task kunit_try_catch/207 [ 23.929719] [ 23.929904] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.930035] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.930058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.930081] Call Trace: [ 23.930101] <TASK> [ 23.930121] dump_stack_lvl+0x73/0xb0 [ 23.930157] print_report+0xd1/0x610 [ 23.930180] ? __virt_addr_valid+0x1db/0x2d0 [ 23.930203] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.930226] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.930250] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.930272] kasan_report+0x141/0x180 [ 23.930293] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.930319] __asan_report_store1_noabort+0x1b/0x30 [ 23.930342] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.930366] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.930389] ? finish_task_switch.isra.0+0x153/0x700 [ 23.930410] ? __switch_to+0x47/0xf80 [ 23.930436] ? __schedule+0x10cc/0x2b60 [ 23.930458] ? __pfx_read_tsc+0x10/0x10 [ 23.930482] krealloc_less_oob+0x1c/0x30 [ 23.930502] kunit_try_run_case+0x1a5/0x480 [ 23.930524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.930543] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.930565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.930587] ? __kthread_parkme+0x82/0x180 [ 23.930607] ? preempt_count_sub+0x50/0x80 [ 23.930629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.930649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.930687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.930712] kthread+0x337/0x6f0 [ 23.930731] ? trace_preempt_on+0x20/0xc0 [ 23.930763] ? __pfx_kthread+0x10/0x10 [ 23.930783] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.930804] ? calculate_sigpending+0x7b/0xa0 [ 23.930828] ? __pfx_kthread+0x10/0x10 [ 23.930848] ret_from_fork+0x116/0x1d0 [ 23.930867] ? __pfx_kthread+0x10/0x10 [ 23.930886] ret_from_fork_asm+0x1a/0x30 [ 23.930916] </TASK> [ 23.930927] [ 23.940403] Allocated by task 207: [ 23.940561] kasan_save_stack+0x45/0x70 [ 23.941100] kasan_save_track+0x18/0x40 [ 23.941450] kasan_save_alloc_info+0x3b/0x50 [ 23.942142] __kasan_krealloc+0x190/0x1f0 [ 23.942374] krealloc_noprof+0xf3/0x340 [ 23.942722] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.943116] krealloc_less_oob+0x1c/0x30 [ 23.943524] kunit_try_run_case+0x1a5/0x480 [ 23.943951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.944197] kthread+0x337/0x6f0 [ 23.944321] ret_from_fork+0x116/0x1d0 [ 23.944448] ret_from_fork_asm+0x1a/0x30 [ 23.944582] [ 23.944649] The buggy address belongs to the object at ffff888104a97800 [ 23.944649] which belongs to the cache kmalloc-256 of size 256 [ 23.945471] The buggy address is located 17 bytes to the right of [ 23.945471] allocated 201-byte region [ffff888104a97800, ffff888104a978c9) [ 23.945928] [ 23.946053] The buggy address belongs to the physical page: [ 23.946424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96 [ 23.946746] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.947074] flags: 0x200000000000040(head|node=0|zone=2) [ 23.947288] page_type: f5(slab) [ 23.947408] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.947748] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.948176] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.948470] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.948753] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff [ 23.949051] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.949311] page dumped because: kasan: bad access detected [ 23.949601] [ 23.949700] Memory state around the buggy address: [ 23.950292] ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.950587] ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.950885] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.951138] ^ [ 23.951395] ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.951823] ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.952038] ================================================================== [ 23.971501] ================================================================== [ 23.971901] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.972273] Write of size 1 at addr ffff888104a978eb by task kunit_try_catch/207 [ 23.972595] [ 23.972713] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.972763] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.972775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.972852] Call Trace: [ 23.972875] <TASK> [ 23.972894] dump_stack_lvl+0x73/0xb0 [ 23.972975] print_report+0xd1/0x610 [ 23.972998] ? __virt_addr_valid+0x1db/0x2d0 [ 23.973021] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.973097] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973123] kasan_report+0x141/0x180 [ 23.973144] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973170] __asan_report_store1_noabort+0x1b/0x30 [ 23.973193] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973219] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.973241] ? finish_task_switch.isra.0+0x153/0x700 [ 23.973265] ? __switch_to+0x47/0xf80 [ 23.973290] ? __schedule+0x10cc/0x2b60 [ 23.973313] ? __pfx_read_tsc+0x10/0x10 [ 23.973337] krealloc_less_oob+0x1c/0x30 [ 23.973357] kunit_try_run_case+0x1a5/0x480 [ 23.973379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.973399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.973421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.973444] ? __kthread_parkme+0x82/0x180 [ 23.973464] ? preempt_count_sub+0x50/0x80 [ 23.973486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.973506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.973530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.973555] kthread+0x337/0x6f0 [ 23.973574] ? trace_preempt_on+0x20/0xc0 [ 23.973597] ? __pfx_kthread+0x10/0x10 [ 23.973617] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.973638] ? calculate_sigpending+0x7b/0xa0 [ 23.973672] ? __pfx_kthread+0x10/0x10 [ 23.973693] ret_from_fork+0x116/0x1d0 [ 23.973711] ? __pfx_kthread+0x10/0x10 [ 23.973732] ret_from_fork_asm+0x1a/0x30 [ 23.973762] </TASK> [ 23.973773] [ 23.981043] Allocated by task 207: [ 23.981220] kasan_save_stack+0x45/0x70 [ 23.981375] kasan_save_track+0x18/0x40 [ 23.981502] kasan_save_alloc_info+0x3b/0x50 [ 23.981643] __kasan_krealloc+0x190/0x1f0 [ 23.981785] krealloc_noprof+0xf3/0x340 [ 23.981932] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.982152] krealloc_less_oob+0x1c/0x30 [ 23.982388] kunit_try_run_case+0x1a5/0x480 [ 23.982585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.982842] kthread+0x337/0x6f0 [ 23.983004] ret_from_fork+0x116/0x1d0 [ 23.983185] ret_from_fork_asm+0x1a/0x30 [ 23.983410] [ 23.983473] The buggy address belongs to the object at ffff888104a97800 [ 23.983473] which belongs to the cache kmalloc-256 of size 256 [ 23.983830] The buggy address is located 34 bytes to the right of [ 23.983830] allocated 201-byte region [ffff888104a97800, ffff888104a978c9) [ 23.984648] [ 23.984836] The buggy address belongs to the physical page: [ 23.988598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96 [ 23.989140] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.989368] flags: 0x200000000000040(head|node=0|zone=2) [ 23.989545] page_type: f5(slab) [ 23.993134] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.994217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.996043] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.996303] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.996548] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff [ 23.996886] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.997171] page dumped because: kasan: bad access detected [ 23.997390] [ 23.997457] Memory state around the buggy address: [ 23.997649] ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.998417] ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.998919] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.999201] ^ [ 23.999393] ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.999600] ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.000007] ================================================================== [ 24.122299] ================================================================== [ 24.122847] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.123340] Write of size 1 at addr ffff88810587a0ea by task kunit_try_catch/211 [ 24.123808] [ 24.123911] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.123965] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.123978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.124029] Call Trace: [ 24.124049] <TASK> [ 24.124069] dump_stack_lvl+0x73/0xb0 [ 24.124184] print_report+0xd1/0x610 [ 24.124208] ? __virt_addr_valid+0x1db/0x2d0 [ 24.124244] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.124266] ? kasan_addr_to_slab+0x11/0xa0 [ 24.124286] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.124308] kasan_report+0x141/0x180 [ 24.124357] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.124384] __asan_report_store1_noabort+0x1b/0x30 [ 24.124435] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.124459] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.124481] ? finish_task_switch.isra.0+0x153/0x700 [ 24.124503] ? __switch_to+0x47/0xf80 [ 24.124528] ? __schedule+0x10cc/0x2b60 [ 24.124552] ? __pfx_read_tsc+0x10/0x10 [ 24.124575] krealloc_large_less_oob+0x1c/0x30 [ 24.124596] kunit_try_run_case+0x1a5/0x480 [ 24.124619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.124677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.124699] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.124723] ? __kthread_parkme+0x82/0x180 [ 24.124753] ? preempt_count_sub+0x50/0x80 [ 24.124785] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.124806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.124831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.124855] kthread+0x337/0x6f0 [ 24.124875] ? trace_preempt_on+0x20/0xc0 [ 24.124898] ? __pfx_kthread+0x10/0x10 [ 24.124936] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.125032] ? calculate_sigpending+0x7b/0xa0 [ 24.125058] ? __pfx_kthread+0x10/0x10 [ 24.125079] ret_from_fork+0x116/0x1d0 [ 24.125118] ? __pfx_kthread+0x10/0x10 [ 24.125147] ret_from_fork_asm+0x1a/0x30 [ 24.125178] </TASK> [ 24.125189] [ 24.134582] The buggy address belongs to the physical page: [ 24.134922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.135308] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.135760] flags: 0x200000000000040(head|node=0|zone=2) [ 24.136066] page_type: f8(unknown) [ 24.136316] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.136683] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.137298] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.137555] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.138067] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.138338] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.138556] page dumped because: kasan: bad access detected [ 24.138723] [ 24.138819] Memory state around the buggy address: [ 24.139088] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.139462] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.140053] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.140409] ^ [ 24.140649] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.140901] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.141428] ================================================================== [ 23.883346] ================================================================== [ 23.883852] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.884216] Write of size 1 at addr ffff888104a978c9 by task kunit_try_catch/207 [ 23.884902] [ 23.885028] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.885083] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.885096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.885118] Call Trace: [ 23.885131] <TASK> [ 23.885150] dump_stack_lvl+0x73/0xb0 [ 23.885181] print_report+0xd1/0x610 [ 23.885203] ? __virt_addr_valid+0x1db/0x2d0 [ 23.885228] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.885267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.885303] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.885327] kasan_report+0x141/0x180 [ 23.885348] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.885374] __asan_report_store1_noabort+0x1b/0x30 [ 23.885397] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.885421] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.885444] ? finish_task_switch.isra.0+0x153/0x700 [ 23.885466] ? __switch_to+0x47/0xf80 [ 23.885492] ? __schedule+0x10cc/0x2b60 [ 23.885515] ? __pfx_read_tsc+0x10/0x10 [ 23.885538] krealloc_less_oob+0x1c/0x30 [ 23.885558] kunit_try_run_case+0x1a5/0x480 [ 23.885581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.885622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.885644] ? __kthread_parkme+0x82/0x180 [ 23.885676] ? preempt_count_sub+0x50/0x80 [ 23.885698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.885743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.885989] kthread+0x337/0x6f0 [ 23.886010] ? trace_preempt_on+0x20/0xc0 [ 23.886033] ? __pfx_kthread+0x10/0x10 [ 23.886060] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.886081] ? calculate_sigpending+0x7b/0xa0 [ 23.886105] ? __pfx_kthread+0x10/0x10 [ 23.886125] ret_from_fork+0x116/0x1d0 [ 23.886144] ? __pfx_kthread+0x10/0x10 [ 23.886164] ret_from_fork_asm+0x1a/0x30 [ 23.886194] </TASK> [ 23.886206] [ 23.895571] Allocated by task 207: [ 23.895764] kasan_save_stack+0x45/0x70 [ 23.895920] kasan_save_track+0x18/0x40 [ 23.896102] kasan_save_alloc_info+0x3b/0x50 [ 23.896322] __kasan_krealloc+0x190/0x1f0 [ 23.896513] krealloc_noprof+0xf3/0x340 [ 23.896649] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.896929] krealloc_less_oob+0x1c/0x30 [ 23.897129] kunit_try_run_case+0x1a5/0x480 [ 23.897391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.897580] kthread+0x337/0x6f0 [ 23.897706] ret_from_fork+0x116/0x1d0 [ 23.897877] ret_from_fork_asm+0x1a/0x30 [ 23.898075] [ 23.898164] The buggy address belongs to the object at ffff888104a97800 [ 23.898164] which belongs to the cache kmalloc-256 of size 256 [ 23.898684] The buggy address is located 0 bytes to the right of [ 23.898684] allocated 201-byte region [ffff888104a97800, ffff888104a978c9) [ 23.899251] [ 23.899318] The buggy address belongs to the physical page: [ 23.899486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96 [ 23.899897] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.900348] flags: 0x200000000000040(head|node=0|zone=2) [ 23.900597] page_type: f5(slab) [ 23.900727] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.901100] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.901433] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.901667] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.902006] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff [ 23.902808] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.903058] page dumped because: kasan: bad access detected [ 23.903223] [ 23.903287] Memory state around the buggy address: [ 23.903444] ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.903785] ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.904099] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.904351] ^ [ 23.904540] ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.905135] ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.905431] ================================================================== [ 24.082795] ================================================================== [ 24.083396] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.083744] Write of size 1 at addr ffff88810587a0d0 by task kunit_try_catch/211 [ 24.084148] [ 24.084276] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.084358] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.084371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.084394] Call Trace: [ 24.084407] <TASK> [ 24.084438] dump_stack_lvl+0x73/0xb0 [ 24.084471] print_report+0xd1/0x610 [ 24.084520] ? __virt_addr_valid+0x1db/0x2d0 [ 24.084544] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.084566] ? kasan_addr_to_slab+0x11/0xa0 [ 24.084596] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.084619] kasan_report+0x141/0x180 [ 24.084639] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.084674] __asan_report_store1_noabort+0x1b/0x30 [ 24.084698] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.084723] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.084745] ? finish_task_switch.isra.0+0x153/0x700 [ 24.084793] ? __switch_to+0x47/0xf80 [ 24.084819] ? __schedule+0x10cc/0x2b60 [ 24.084842] ? __pfx_read_tsc+0x10/0x10 [ 24.084876] krealloc_large_less_oob+0x1c/0x30 [ 24.084898] kunit_try_run_case+0x1a5/0x480 [ 24.084938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.084967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.084989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.085046] ? __kthread_parkme+0x82/0x180 [ 24.085066] ? preempt_count_sub+0x50/0x80 [ 24.085088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.085108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.085133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.085158] kthread+0x337/0x6f0 [ 24.085177] ? trace_preempt_on+0x20/0xc0 [ 24.085200] ? __pfx_kthread+0x10/0x10 [ 24.085220] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.085241] ? calculate_sigpending+0x7b/0xa0 [ 24.085264] ? __pfx_kthread+0x10/0x10 [ 24.085284] ret_from_fork+0x116/0x1d0 [ 24.085302] ? __pfx_kthread+0x10/0x10 [ 24.085322] ret_from_fork_asm+0x1a/0x30 [ 24.085353] </TASK> [ 24.085364] [ 24.094428] The buggy address belongs to the physical page: [ 24.094751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.095176] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.095544] flags: 0x200000000000040(head|node=0|zone=2) [ 24.095874] page_type: f8(unknown) [ 24.096153] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.096524] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.097023] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.097714] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.098174] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.098569] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.098975] page dumped because: kasan: bad access detected [ 24.099206] [ 24.099269] Memory state around the buggy address: [ 24.099745] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.100203] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.100550] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.100885] ^ [ 24.101057] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.101485] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.102033] ================================================================== [ 24.060880] ================================================================== [ 24.061803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.062601] Write of size 1 at addr ffff88810587a0c9 by task kunit_try_catch/211 [ 24.063113] [ 24.063234] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.063290] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.063304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.063327] Call Trace: [ 24.063342] <TASK> [ 24.063361] dump_stack_lvl+0x73/0xb0 [ 24.063397] print_report+0xd1/0x610 [ 24.063421] ? __virt_addr_valid+0x1db/0x2d0 [ 24.063444] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.063468] ? kasan_addr_to_slab+0x11/0xa0 [ 24.063488] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.063511] kasan_report+0x141/0x180 [ 24.063531] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.063558] __asan_report_store1_noabort+0x1b/0x30 [ 24.063581] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.063605] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.063628] ? finish_task_switch.isra.0+0x153/0x700 [ 24.063650] ? __switch_to+0x47/0xf80 [ 24.063687] ? __schedule+0x10cc/0x2b60 [ 24.063710] ? __pfx_read_tsc+0x10/0x10 [ 24.063735] krealloc_large_less_oob+0x1c/0x30 [ 24.063769] kunit_try_run_case+0x1a5/0x480 [ 24.063793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.063813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.063835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.063857] ? __kthread_parkme+0x82/0x180 [ 24.063877] ? preempt_count_sub+0x50/0x80 [ 24.063899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.063919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.063944] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.064035] kthread+0x337/0x6f0 [ 24.064056] ? trace_preempt_on+0x20/0xc0 [ 24.064080] ? __pfx_kthread+0x10/0x10 [ 24.064100] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.064121] ? calculate_sigpending+0x7b/0xa0 [ 24.064144] ? __pfx_kthread+0x10/0x10 [ 24.064165] ret_from_fork+0x116/0x1d0 [ 24.064184] ? __pfx_kthread+0x10/0x10 [ 24.064204] ret_from_fork_asm+0x1a/0x30 [ 24.064234] </TASK> [ 24.064245] [ 24.074317] The buggy address belongs to the physical page: [ 24.074603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.075210] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.075557] flags: 0x200000000000040(head|node=0|zone=2) [ 24.075864] page_type: f8(unknown) [ 24.076112] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.076519] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.076840] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.077627] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.078129] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.078434] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.078741] page dumped because: kasan: bad access detected [ 24.079045] [ 24.079223] Memory state around the buggy address: [ 24.079473] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.079811] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.080216] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.080586] ^ [ 24.080886] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.081241] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.081601] ================================================================== [ 23.905967] ================================================================== [ 23.906883] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.907779] Write of size 1 at addr ffff888104a978d0 by task kunit_try_catch/207 [ 23.908346] [ 23.908444] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.908497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.908510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.908532] Call Trace: [ 23.908546] <TASK> [ 23.908564] dump_stack_lvl+0x73/0xb0 [ 23.908598] print_report+0xd1/0x610 [ 23.908620] ? __virt_addr_valid+0x1db/0x2d0 [ 23.908643] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.908677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.908702] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.908724] kasan_report+0x141/0x180 [ 23.908745] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.908771] __asan_report_store1_noabort+0x1b/0x30 [ 23.908794] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.908818] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.908841] ? finish_task_switch.isra.0+0x153/0x700 [ 23.908863] ? __switch_to+0x47/0xf80 [ 23.908888] ? __schedule+0x10cc/0x2b60 [ 23.908910] ? __pfx_read_tsc+0x10/0x10 [ 23.908935] krealloc_less_oob+0x1c/0x30 [ 23.909007] kunit_try_run_case+0x1a5/0x480 [ 23.909029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.909049] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.909072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.909094] ? __kthread_parkme+0x82/0x180 [ 23.909114] ? preempt_count_sub+0x50/0x80 [ 23.909136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.909157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.909181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.909205] kthread+0x337/0x6f0 [ 23.909224] ? trace_preempt_on+0x20/0xc0 [ 23.909248] ? __pfx_kthread+0x10/0x10 [ 23.909270] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.909292] ? calculate_sigpending+0x7b/0xa0 [ 23.909317] ? __pfx_kthread+0x10/0x10 [ 23.909338] ret_from_fork+0x116/0x1d0 [ 23.909357] ? __pfx_kthread+0x10/0x10 [ 23.909377] ret_from_fork_asm+0x1a/0x30 [ 23.909407] </TASK> [ 23.909418] [ 23.917218] Allocated by task 207: [ 23.917368] kasan_save_stack+0x45/0x70 [ 23.917654] kasan_save_track+0x18/0x40 [ 23.918001] kasan_save_alloc_info+0x3b/0x50 [ 23.918521] __kasan_krealloc+0x190/0x1f0 [ 23.918732] krealloc_noprof+0xf3/0x340 [ 23.918938] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.919227] krealloc_less_oob+0x1c/0x30 [ 23.919365] kunit_try_run_case+0x1a5/0x480 [ 23.919503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.919741] kthread+0x337/0x6f0 [ 23.919924] ret_from_fork+0x116/0x1d0 [ 23.920108] ret_from_fork_asm+0x1a/0x30 [ 23.920342] [ 23.920481] The buggy address belongs to the object at ffff888104a97800 [ 23.920481] which belongs to the cache kmalloc-256 of size 256 [ 23.920897] The buggy address is located 7 bytes to the right of [ 23.920897] allocated 201-byte region [ffff888104a97800, ffff888104a978c9) [ 23.921347] [ 23.921437] The buggy address belongs to the physical page: [ 23.921692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a96 [ 23.922088] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.922412] flags: 0x200000000000040(head|node=0|zone=2) [ 23.922582] page_type: f5(slab) [ 23.922710] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.923133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.923478] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 23.923829] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.924467] head: 0200000000000001 ffffea000412a581 00000000ffffffff 00000000ffffffff [ 23.924860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.925083] page dumped because: kasan: bad access detected [ 23.925246] [ 23.925308] Memory state around the buggy address: [ 23.925597] ffff888104a97780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.925924] ffff888104a97800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.926180] >ffff888104a97880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.926473] ^ [ 23.926646] ffff888104a97900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.927259] ffff888104a97980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.927571] ================================================================== [ 24.102724] ================================================================== [ 24.103129] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.103505] Write of size 1 at addr ffff88810587a0da by task kunit_try_catch/211 [ 24.103870] [ 24.104032] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.104169] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.104183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.104206] Call Trace: [ 24.104225] <TASK> [ 24.104256] dump_stack_lvl+0x73/0xb0 [ 24.104289] print_report+0xd1/0x610 [ 24.104339] ? __virt_addr_valid+0x1db/0x2d0 [ 24.104362] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.104384] ? kasan_addr_to_slab+0x11/0xa0 [ 24.104415] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.104437] kasan_report+0x141/0x180 [ 24.104458] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.104485] __asan_report_store1_noabort+0x1b/0x30 [ 24.104534] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.104558] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.104581] ? finish_task_switch.isra.0+0x153/0x700 [ 24.104613] ? __switch_to+0x47/0xf80 [ 24.104638] ? __schedule+0x10cc/0x2b60 [ 24.104696] ? __pfx_read_tsc+0x10/0x10 [ 24.104720] krealloc_large_less_oob+0x1c/0x30 [ 24.104742] kunit_try_run_case+0x1a5/0x480 [ 24.104789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.104830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.104882] ? __kthread_parkme+0x82/0x180 [ 24.104902] ? preempt_count_sub+0x50/0x80 [ 24.104923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.104996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.105052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.105077] kthread+0x337/0x6f0 [ 24.105097] ? trace_preempt_on+0x20/0xc0 [ 24.105131] ? __pfx_kthread+0x10/0x10 [ 24.105151] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.105172] ? calculate_sigpending+0x7b/0xa0 [ 24.105196] ? __pfx_kthread+0x10/0x10 [ 24.105216] ret_from_fork+0x116/0x1d0 [ 24.105234] ? __pfx_kthread+0x10/0x10 [ 24.105254] ret_from_fork_asm+0x1a/0x30 [ 24.105301] </TASK> [ 24.105311] [ 24.114523] The buggy address belongs to the physical page: [ 24.115026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.115339] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.115553] flags: 0x200000000000040(head|node=0|zone=2) [ 24.115881] page_type: f8(unknown) [ 24.116245] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.116722] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.117000] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.117574] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.118002] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.118250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.118572] page dumped because: kasan: bad access detected [ 24.119229] [ 24.119344] Memory state around the buggy address: [ 24.119616] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.119893] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.120165] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.120578] ^ [ 24.121076] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.121395] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.121736] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.036872] ================================================================== [ 24.037355] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.038503] Write of size 1 at addr ffff88810587a0f0 by task kunit_try_catch/209 [ 24.039605] [ 24.039964] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.040023] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.040037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.040059] Call Trace: [ 24.040078] <TASK> [ 24.040099] dump_stack_lvl+0x73/0xb0 [ 24.040137] print_report+0xd1/0x610 [ 24.040161] ? __virt_addr_valid+0x1db/0x2d0 [ 24.040184] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.040206] ? kasan_addr_to_slab+0x11/0xa0 [ 24.040226] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.040248] kasan_report+0x141/0x180 [ 24.040268] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.040294] __asan_report_store1_noabort+0x1b/0x30 [ 24.040317] krealloc_more_oob_helper+0x7eb/0x930 [ 24.040339] ? __schedule+0x10cc/0x2b60 [ 24.040362] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.040384] ? finish_task_switch.isra.0+0x153/0x700 [ 24.040406] ? __switch_to+0x47/0xf80 [ 24.040431] ? __schedule+0x10cc/0x2b60 [ 24.040452] ? __pfx_read_tsc+0x10/0x10 [ 24.040475] krealloc_large_more_oob+0x1c/0x30 [ 24.040497] kunit_try_run_case+0x1a5/0x480 [ 24.040519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.040538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.040560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.040583] ? __kthread_parkme+0x82/0x180 [ 24.040603] ? preempt_count_sub+0x50/0x80 [ 24.040625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.040645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.040682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.040706] kthread+0x337/0x6f0 [ 24.040725] ? trace_preempt_on+0x20/0xc0 [ 24.040749] ? __pfx_kthread+0x10/0x10 [ 24.040769] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.040790] ? calculate_sigpending+0x7b/0xa0 [ 24.040813] ? __pfx_kthread+0x10/0x10 [ 24.040834] ret_from_fork+0x116/0x1d0 [ 24.040852] ? __pfx_kthread+0x10/0x10 [ 24.040873] ret_from_fork_asm+0x1a/0x30 [ 24.040904] </TASK> [ 24.040915] [ 24.052011] The buggy address belongs to the physical page: [ 24.052267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.052558] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.053096] flags: 0x200000000000040(head|node=0|zone=2) [ 24.053343] page_type: f8(unknown) [ 24.053510] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.053758] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.054321] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.054585] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.054928] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.055262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.055534] page dumped because: kasan: bad access detected [ 24.055728] [ 24.055890] Memory state around the buggy address: [ 24.056433] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.056732] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.057119] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.057391] ^ [ 24.057646] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.057880] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.058325] ================================================================== [ 23.819068] ================================================================== [ 23.820103] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.820520] Write of size 1 at addr ffff888103d996eb by task kunit_try_catch/205 [ 23.821415] [ 23.821646] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.821754] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.821768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.821792] Call Trace: [ 23.821808] <TASK> [ 23.821828] dump_stack_lvl+0x73/0xb0 [ 23.821866] print_report+0xd1/0x610 [ 23.821889] ? __virt_addr_valid+0x1db/0x2d0 [ 23.821912] ? krealloc_more_oob_helper+0x821/0x930 [ 23.821995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.822021] ? krealloc_more_oob_helper+0x821/0x930 [ 23.822059] kasan_report+0x141/0x180 [ 23.822080] ? krealloc_more_oob_helper+0x821/0x930 [ 23.822107] __asan_report_store1_noabort+0x1b/0x30 [ 23.822130] krealloc_more_oob_helper+0x821/0x930 [ 23.822151] ? __schedule+0x10cc/0x2b60 [ 23.822175] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.822198] ? finish_task_switch.isra.0+0x153/0x700 [ 23.822220] ? __switch_to+0x47/0xf80 [ 23.822246] ? __schedule+0x10cc/0x2b60 [ 23.822267] ? __pfx_read_tsc+0x10/0x10 [ 23.822291] krealloc_more_oob+0x1c/0x30 [ 23.822312] kunit_try_run_case+0x1a5/0x480 [ 23.822334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.822354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.822376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.822398] ? __kthread_parkme+0x82/0x180 [ 23.822418] ? preempt_count_sub+0x50/0x80 [ 23.822440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.822460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.822484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.822508] kthread+0x337/0x6f0 [ 23.822528] ? trace_preempt_on+0x20/0xc0 [ 23.822551] ? __pfx_kthread+0x10/0x10 [ 23.822571] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.822592] ? calculate_sigpending+0x7b/0xa0 [ 23.822616] ? __pfx_kthread+0x10/0x10 [ 23.822636] ret_from_fork+0x116/0x1d0 [ 23.822655] ? __pfx_kthread+0x10/0x10 [ 23.822694] ret_from_fork_asm+0x1a/0x30 [ 23.822725] </TASK> [ 23.822754] [ 23.836347] Allocated by task 205: [ 23.836734] kasan_save_stack+0x45/0x70 [ 23.837196] kasan_save_track+0x18/0x40 [ 23.837673] kasan_save_alloc_info+0x3b/0x50 [ 23.838089] __kasan_krealloc+0x190/0x1f0 [ 23.838516] krealloc_noprof+0xf3/0x340 [ 23.838885] krealloc_more_oob_helper+0x1a9/0x930 [ 23.839384] krealloc_more_oob+0x1c/0x30 [ 23.839845] kunit_try_run_case+0x1a5/0x480 [ 23.840269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.840819] kthread+0x337/0x6f0 [ 23.841033] ret_from_fork+0x116/0x1d0 [ 23.841179] ret_from_fork_asm+0x1a/0x30 [ 23.841483] [ 23.841655] The buggy address belongs to the object at ffff888103d99600 [ 23.841655] which belongs to the cache kmalloc-256 of size 256 [ 23.842832] The buggy address is located 0 bytes to the right of [ 23.842832] allocated 235-byte region [ffff888103d99600, ffff888103d996eb) [ 23.843977] [ 23.844145] The buggy address belongs to the physical page: [ 23.844733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98 [ 23.845184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.845880] flags: 0x200000000000040(head|node=0|zone=2) [ 23.846121] page_type: f5(slab) [ 23.846330] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.846993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.847761] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.848447] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.848700] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff [ 23.849353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.850052] page dumped because: kasan: bad access detected [ 23.850627] [ 23.850795] Memory state around the buggy address: [ 23.851279] ffff888103d99580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.851698] ffff888103d99600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.852412] >ffff888103d99680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.852876] ^ [ 23.853292] ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.853685] ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.854364] ================================================================== [ 23.855130] ================================================================== [ 23.855516] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.856069] Write of size 1 at addr ffff888103d996f0 by task kunit_try_catch/205 [ 23.856851] [ 23.857079] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.857134] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.857148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.857171] Call Trace: [ 23.857186] <TASK> [ 23.857205] dump_stack_lvl+0x73/0xb0 [ 23.857239] print_report+0xd1/0x610 [ 23.857263] ? __virt_addr_valid+0x1db/0x2d0 [ 23.857286] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.857309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.857334] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.857356] kasan_report+0x141/0x180 [ 23.857376] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.857403] __asan_report_store1_noabort+0x1b/0x30 [ 23.857426] krealloc_more_oob_helper+0x7eb/0x930 [ 23.857447] ? __schedule+0x10cc/0x2b60 [ 23.857470] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.857493] ? finish_task_switch.isra.0+0x153/0x700 [ 23.857515] ? __switch_to+0x47/0xf80 [ 23.857541] ? __schedule+0x10cc/0x2b60 [ 23.857562] ? __pfx_read_tsc+0x10/0x10 [ 23.857586] krealloc_more_oob+0x1c/0x30 [ 23.857615] kunit_try_run_case+0x1a5/0x480 [ 23.857638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.857677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.857701] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.857723] ? __kthread_parkme+0x82/0x180 [ 23.857744] ? preempt_count_sub+0x50/0x80 [ 23.857775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.857796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.857820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.857844] kthread+0x337/0x6f0 [ 23.857864] ? trace_preempt_on+0x20/0xc0 [ 23.857887] ? __pfx_kthread+0x10/0x10 [ 23.857907] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.857928] ? calculate_sigpending+0x7b/0xa0 [ 23.857964] ? __pfx_kthread+0x10/0x10 [ 23.857985] ret_from_fork+0x116/0x1d0 [ 23.858004] ? __pfx_kthread+0x10/0x10 [ 23.858025] ret_from_fork_asm+0x1a/0x30 [ 23.858060] </TASK> [ 23.858071] [ 23.868305] Allocated by task 205: [ 23.868794] kasan_save_stack+0x45/0x70 [ 23.869035] kasan_save_track+0x18/0x40 [ 23.869311] kasan_save_alloc_info+0x3b/0x50 [ 23.869525] __kasan_krealloc+0x190/0x1f0 [ 23.869727] krealloc_noprof+0xf3/0x340 [ 23.869932] krealloc_more_oob_helper+0x1a9/0x930 [ 23.870227] krealloc_more_oob+0x1c/0x30 [ 23.870429] kunit_try_run_case+0x1a5/0x480 [ 23.870740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.871056] kthread+0x337/0x6f0 [ 23.871219] ret_from_fork+0x116/0x1d0 [ 23.871464] ret_from_fork_asm+0x1a/0x30 [ 23.871638] [ 23.871726] The buggy address belongs to the object at ffff888103d99600 [ 23.871726] which belongs to the cache kmalloc-256 of size 256 [ 23.872323] The buggy address is located 5 bytes to the right of [ 23.872323] allocated 235-byte region [ffff888103d99600, ffff888103d996eb) [ 23.872735] [ 23.872800] The buggy address belongs to the physical page: [ 23.873201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d98 [ 23.873566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.874353] flags: 0x200000000000040(head|node=0|zone=2) [ 23.874644] page_type: f5(slab) [ 23.874898] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.875344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.875614] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.875924] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.876259] head: 0200000000000001 ffffea00040f6601 00000000ffffffff 00000000ffffffff [ 23.876614] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.877089] page dumped because: kasan: bad access detected [ 23.877414] [ 23.877521] Memory state around the buggy address: [ 23.877688] ffff888103d99580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.877917] ffff888103d99600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.878356] >ffff888103d99680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.878722] ^ [ 23.879001] ffff888103d99700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.879616] ffff888103d99780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.880122] ================================================================== [ 24.004347] ================================================================== [ 24.005588] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.005911] Write of size 1 at addr ffff88810587a0eb by task kunit_try_catch/209 [ 24.006683] [ 24.006862] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.006919] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.006933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.006957] Call Trace: [ 24.006971] <TASK> [ 24.006991] dump_stack_lvl+0x73/0xb0 [ 24.007026] print_report+0xd1/0x610 [ 24.007049] ? __virt_addr_valid+0x1db/0x2d0 [ 24.007074] ? krealloc_more_oob_helper+0x821/0x930 [ 24.007096] ? kasan_addr_to_slab+0x11/0xa0 [ 24.007116] ? krealloc_more_oob_helper+0x821/0x930 [ 24.007138] kasan_report+0x141/0x180 [ 24.007159] ? krealloc_more_oob_helper+0x821/0x930 [ 24.007185] __asan_report_store1_noabort+0x1b/0x30 [ 24.007209] krealloc_more_oob_helper+0x821/0x930 [ 24.007230] ? __schedule+0x10cc/0x2b60 [ 24.007253] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.007275] ? finish_task_switch.isra.0+0x153/0x700 [ 24.007298] ? __switch_to+0x47/0xf80 [ 24.007325] ? __schedule+0x10cc/0x2b60 [ 24.007346] ? __pfx_read_tsc+0x10/0x10 [ 24.007370] krealloc_large_more_oob+0x1c/0x30 [ 24.007392] kunit_try_run_case+0x1a5/0x480 [ 24.007416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.007438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.007460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.007483] ? __kthread_parkme+0x82/0x180 [ 24.007503] ? preempt_count_sub+0x50/0x80 [ 24.007525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.007546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.007570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.007594] kthread+0x337/0x6f0 [ 24.007613] ? trace_preempt_on+0x20/0xc0 [ 24.007639] ? __pfx_kthread+0x10/0x10 [ 24.007670] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.007692] ? calculate_sigpending+0x7b/0xa0 [ 24.007771] ? __pfx_kthread+0x10/0x10 [ 24.007792] ret_from_fork+0x116/0x1d0 [ 24.007811] ? __pfx_kthread+0x10/0x10 [ 24.007931] ret_from_fork_asm+0x1a/0x30 [ 24.007966] </TASK> [ 24.007977] [ 24.023884] The buggy address belongs to the physical page: [ 24.024434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 24.025211] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.025981] flags: 0x200000000000040(head|node=0|zone=2) [ 24.026497] page_type: f8(unknown) [ 24.026824] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.027623] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.028316] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.028556] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.028822] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 24.029471] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.030197] page dumped because: kasan: bad access detected [ 24.030734] [ 24.030904] Memory state around the buggy address: [ 24.031375] ffff888105879f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.031999] ffff88810587a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.032567] >ffff88810587a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.033520] ^ [ 24.033754] ffff88810587a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.034508] ffff88810587a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.035867] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 28.362280] ================================================================== [ 28.363632] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 28.364099] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.364346] [ 28.364548] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.364621] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.364637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.364674] Call Trace: [ 28.364689] <TASK> [ 28.364714] dump_stack_lvl+0x73/0xb0 [ 28.364759] print_report+0xd1/0x610 [ 28.364787] ? __virt_addr_valid+0x1db/0x2d0 [ 28.364824] ? _copy_from_user+0x32/0x90 [ 28.364858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.364885] ? _copy_from_user+0x32/0x90 [ 28.364908] kasan_report+0x141/0x180 [ 28.364931] ? _copy_from_user+0x32/0x90 [ 28.364958] kasan_check_range+0x10c/0x1c0 [ 28.364982] __kasan_check_write+0x18/0x20 [ 28.365015] _copy_from_user+0x32/0x90 [ 28.365039] copy_user_test_oob+0x2be/0x10f0 [ 28.365078] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.365102] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.365134] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.365172] kunit_try_run_case+0x1a5/0x480 [ 28.365195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.365217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.365242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.365268] ? __kthread_parkme+0x82/0x180 [ 28.365291] ? preempt_count_sub+0x50/0x80 [ 28.365316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.365339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.365365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.365392] kthread+0x337/0x6f0 [ 28.365413] ? trace_preempt_on+0x20/0xc0 [ 28.365440] ? __pfx_kthread+0x10/0x10 [ 28.365462] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.365485] ? calculate_sigpending+0x7b/0xa0 [ 28.365511] ? __pfx_kthread+0x10/0x10 [ 28.365534] ret_from_fork+0x116/0x1d0 [ 28.365556] ? __pfx_kthread+0x10/0x10 [ 28.365578] ret_from_fork_asm+0x1a/0x30 [ 28.365611] </TASK> [ 28.365625] [ 28.377550] Allocated by task 334: [ 28.377763] kasan_save_stack+0x45/0x70 [ 28.377967] kasan_save_track+0x18/0x40 [ 28.378141] kasan_save_alloc_info+0x3b/0x50 [ 28.378332] __kasan_kmalloc+0xb7/0xc0 [ 28.378502] __kmalloc_noprof+0x1c9/0x500 [ 28.379133] kunit_kmalloc_array+0x25/0x60 [ 28.379437] copy_user_test_oob+0xab/0x10f0 [ 28.379637] kunit_try_run_case+0x1a5/0x480 [ 28.379998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.380338] kthread+0x337/0x6f0 [ 28.380477] ret_from_fork+0x116/0x1d0 [ 28.380854] ret_from_fork_asm+0x1a/0x30 [ 28.381044] [ 28.381228] The buggy address belongs to the object at ffff888105919e00 [ 28.381228] which belongs to the cache kmalloc-128 of size 128 [ 28.382000] The buggy address is located 0 bytes inside of [ 28.382000] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.382632] [ 28.382741] The buggy address belongs to the physical page: [ 28.383225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.383647] flags: 0x200000000000000(node=0|zone=2) [ 28.383917] page_type: f5(slab) [ 28.384081] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.384362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.384688] page dumped because: kasan: bad access detected [ 28.385201] [ 28.385294] Memory state around the buggy address: [ 28.385454] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.386123] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.386486] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.386925] ^ [ 28.387178] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.387578] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.387986] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 28.290834] ================================================================== [ 28.292803] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 28.294016] Read of size 8 at addr ffff888105919d78 by task kunit_try_catch/330 [ 28.294670] [ 28.294903] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.294967] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.294992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.295020] Call Trace: [ 28.295040] <TASK> [ 28.295063] dump_stack_lvl+0x73/0xb0 [ 28.295107] print_report+0xd1/0x610 [ 28.295135] ? __virt_addr_valid+0x1db/0x2d0 [ 28.295163] ? copy_to_kernel_nofault+0x225/0x260 [ 28.295188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.295215] ? copy_to_kernel_nofault+0x225/0x260 [ 28.295239] kasan_report+0x141/0x180 [ 28.295262] ? copy_to_kernel_nofault+0x225/0x260 [ 28.295290] __asan_report_load8_noabort+0x18/0x20 [ 28.295315] copy_to_kernel_nofault+0x225/0x260 [ 28.295340] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 28.295364] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 28.295391] ? finish_task_switch.isra.0+0x153/0x700 [ 28.295416] ? __schedule+0x10cc/0x2b60 [ 28.295440] ? trace_hardirqs_on+0x37/0xe0 [ 28.295472] ? __pfx_read_tsc+0x10/0x10 [ 28.295496] ? ktime_get_ts64+0x86/0x230 [ 28.295524] kunit_try_run_case+0x1a5/0x480 [ 28.295550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.295572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.295596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.295620] ? __kthread_parkme+0x82/0x180 [ 28.295642] ? preempt_count_sub+0x50/0x80 [ 28.295677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.295699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.295725] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.295751] kthread+0x337/0x6f0 [ 28.295772] ? trace_preempt_on+0x20/0xc0 [ 28.295797] ? __pfx_kthread+0x10/0x10 [ 28.295819] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.295880] ? calculate_sigpending+0x7b/0xa0 [ 28.295906] ? __pfx_kthread+0x10/0x10 [ 28.295929] ret_from_fork+0x116/0x1d0 [ 28.295951] ? __pfx_kthread+0x10/0x10 [ 28.295972] ret_from_fork_asm+0x1a/0x30 [ 28.296006] </TASK> [ 28.296020] [ 28.310054] Allocated by task 330: [ 28.310492] kasan_save_stack+0x45/0x70 [ 28.310840] kasan_save_track+0x18/0x40 [ 28.310972] kasan_save_alloc_info+0x3b/0x50 [ 28.311129] __kasan_kmalloc+0xb7/0xc0 [ 28.311256] __kmalloc_cache_noprof+0x189/0x420 [ 28.311402] copy_to_kernel_nofault_oob+0x12f/0x560 [ 28.311588] kunit_try_run_case+0x1a5/0x480 [ 28.311918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.312411] kthread+0x337/0x6f0 [ 28.312805] ret_from_fork+0x116/0x1d0 [ 28.313215] ret_from_fork_asm+0x1a/0x30 [ 28.313731] [ 28.313901] The buggy address belongs to the object at ffff888105919d00 [ 28.313901] which belongs to the cache kmalloc-128 of size 128 [ 28.315113] The buggy address is located 0 bytes to the right of [ 28.315113] allocated 120-byte region [ffff888105919d00, ffff888105919d78) [ 28.316282] [ 28.316453] The buggy address belongs to the physical page: [ 28.317013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.317440] flags: 0x200000000000000(node=0|zone=2) [ 28.317603] page_type: f5(slab) [ 28.317748] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.318317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.319089] page dumped because: kasan: bad access detected [ 28.319675] [ 28.319854] Memory state around the buggy address: [ 28.320117] ffff888105919c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.320702] ffff888105919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.321416] >ffff888105919d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.321724] ^ [ 28.321942] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.322153] ffff888105919e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.322355] ================================================================== [ 28.323492] ================================================================== [ 28.323787] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 28.324117] Write of size 8 at addr ffff888105919d78 by task kunit_try_catch/330 [ 28.324419] [ 28.324515] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.324571] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.324587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.324614] Call Trace: [ 28.324629] <TASK> [ 28.324650] dump_stack_lvl+0x73/0xb0 [ 28.324694] print_report+0xd1/0x610 [ 28.324719] ? __virt_addr_valid+0x1db/0x2d0 [ 28.324743] ? copy_to_kernel_nofault+0x99/0x260 [ 28.324766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.324793] ? copy_to_kernel_nofault+0x99/0x260 [ 28.324817] kasan_report+0x141/0x180 [ 28.324840] ? copy_to_kernel_nofault+0x99/0x260 [ 28.324868] kasan_check_range+0x10c/0x1c0 [ 28.324893] __kasan_check_write+0x18/0x20 [ 28.324916] copy_to_kernel_nofault+0x99/0x260 [ 28.324941] copy_to_kernel_nofault_oob+0x288/0x560 [ 28.324979] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 28.325003] ? finish_task_switch.isra.0+0x153/0x700 [ 28.325027] ? __schedule+0x10cc/0x2b60 [ 28.325051] ? trace_hardirqs_on+0x37/0xe0 [ 28.325082] ? __pfx_read_tsc+0x10/0x10 [ 28.325105] ? ktime_get_ts64+0x86/0x230 [ 28.325130] kunit_try_run_case+0x1a5/0x480 [ 28.325154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.325175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.325199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.325223] ? __kthread_parkme+0x82/0x180 [ 28.325245] ? preempt_count_sub+0x50/0x80 [ 28.325269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.325293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.325319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.325346] kthread+0x337/0x6f0 [ 28.325367] ? trace_preempt_on+0x20/0xc0 [ 28.325390] ? __pfx_kthread+0x10/0x10 [ 28.325411] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.325434] ? calculate_sigpending+0x7b/0xa0 [ 28.325461] ? __pfx_kthread+0x10/0x10 [ 28.325483] ret_from_fork+0x116/0x1d0 [ 28.325503] ? __pfx_kthread+0x10/0x10 [ 28.325525] ret_from_fork_asm+0x1a/0x30 [ 28.325558] </TASK> [ 28.325569] [ 28.333519] Allocated by task 330: [ 28.333708] kasan_save_stack+0x45/0x70 [ 28.333908] kasan_save_track+0x18/0x40 [ 28.334196] kasan_save_alloc_info+0x3b/0x50 [ 28.334373] __kasan_kmalloc+0xb7/0xc0 [ 28.334500] __kmalloc_cache_noprof+0x189/0x420 [ 28.334662] copy_to_kernel_nofault_oob+0x12f/0x560 [ 28.335081] kunit_try_run_case+0x1a5/0x480 [ 28.335268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.335488] kthread+0x337/0x6f0 [ 28.335669] ret_from_fork+0x116/0x1d0 [ 28.335889] ret_from_fork_asm+0x1a/0x30 [ 28.336057] [ 28.336156] The buggy address belongs to the object at ffff888105919d00 [ 28.336156] which belongs to the cache kmalloc-128 of size 128 [ 28.336535] The buggy address is located 0 bytes to the right of [ 28.336535] allocated 120-byte region [ffff888105919d00, ffff888105919d78) [ 28.337239] [ 28.337308] The buggy address belongs to the physical page: [ 28.337715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.338088] flags: 0x200000000000000(node=0|zone=2) [ 28.338409] page_type: f5(slab) [ 28.338579] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.338817] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.339036] page dumped because: kasan: bad access detected [ 28.339202] [ 28.339264] Memory state around the buggy address: [ 28.339414] ffff888105919c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.339707] ffff888105919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.340025] >ffff888105919d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.340334] ^ [ 28.340644] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.341003] ffff888105919e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.341370] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 27.787822] ================================================================== [ 27.788078] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 27.788750] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.789476] [ 27.789647] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.789813] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.790034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.790072] Call Trace: [ 27.790094] <TASK> [ 27.790116] dump_stack_lvl+0x73/0xb0 [ 27.790155] print_report+0xd1/0x610 [ 27.790181] ? __virt_addr_valid+0x1db/0x2d0 [ 27.790207] ? kasan_atomics_helper+0x1818/0x5450 [ 27.790230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.790257] ? kasan_atomics_helper+0x1818/0x5450 [ 27.790279] kasan_report+0x141/0x180 [ 27.790302] ? kasan_atomics_helper+0x1818/0x5450 [ 27.790328] kasan_check_range+0x10c/0x1c0 [ 27.790352] __kasan_check_write+0x18/0x20 [ 27.790376] kasan_atomics_helper+0x1818/0x5450 [ 27.790399] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.790422] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.790446] ? pick_task_fair+0xce/0x340 [ 27.790472] ? kasan_atomics+0x152/0x310 [ 27.790499] kasan_atomics+0x1dc/0x310 [ 27.790522] ? __pfx_kasan_atomics+0x10/0x10 [ 27.790547] ? __pfx_read_tsc+0x10/0x10 [ 27.790570] ? ktime_get_ts64+0x86/0x230 [ 27.790594] kunit_try_run_case+0x1a5/0x480 [ 27.790619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.790640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.790677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.790702] ? __kthread_parkme+0x82/0x180 [ 27.790725] ? preempt_count_sub+0x50/0x80 [ 27.790761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.790783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.790810] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.790837] kthread+0x337/0x6f0 [ 27.790857] ? trace_preempt_on+0x20/0xc0 [ 27.790882] ? __pfx_kthread+0x10/0x10 [ 27.790903] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.790926] ? calculate_sigpending+0x7b/0xa0 [ 27.790952] ? __pfx_kthread+0x10/0x10 [ 27.790974] ret_from_fork+0x116/0x1d0 [ 27.790994] ? __pfx_kthread+0x10/0x10 [ 27.791015] ret_from_fork_asm+0x1a/0x30 [ 27.791048] </TASK> [ 27.791060] [ 27.802425] Allocated by task 314: [ 27.802907] kasan_save_stack+0x45/0x70 [ 27.803215] kasan_save_track+0x18/0x40 [ 27.803514] kasan_save_alloc_info+0x3b/0x50 [ 27.803807] __kasan_kmalloc+0xb7/0xc0 [ 27.803976] __kmalloc_cache_noprof+0x189/0x420 [ 27.804342] kasan_atomics+0x95/0x310 [ 27.804577] kunit_try_run_case+0x1a5/0x480 [ 27.804786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.805197] kthread+0x337/0x6f0 [ 27.805465] ret_from_fork+0x116/0x1d0 [ 27.805668] ret_from_fork_asm+0x1a/0x30 [ 27.806060] [ 27.806283] The buggy address belongs to the object at ffff888103eb9580 [ 27.806283] which belongs to the cache kmalloc-64 of size 64 [ 27.806878] The buggy address is located 0 bytes to the right of [ 27.806878] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.807369] [ 27.807466] The buggy address belongs to the physical page: [ 27.807880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.808414] flags: 0x200000000000000(node=0|zone=2) [ 27.808927] page_type: f5(slab) [ 27.809222] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.809597] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.810170] page dumped because: kasan: bad access detected [ 27.810545] [ 27.810620] Memory state around the buggy address: [ 27.810931] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.811420] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.811879] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.812291] ^ [ 27.812626] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.813162] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.813566] ================================================================== [ 27.561002] ================================================================== [ 27.561578] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 27.562001] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.562264] [ 27.562376] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.562446] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.562461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.562487] Call Trace: [ 27.562508] <TASK> [ 27.562538] dump_stack_lvl+0x73/0xb0 [ 27.562574] print_report+0xd1/0x610 [ 27.562599] ? __virt_addr_valid+0x1db/0x2d0 [ 27.562637] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.562669] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.562696] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.562727] kasan_report+0x141/0x180 [ 27.562750] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.562777] kasan_check_range+0x10c/0x1c0 [ 27.562825] __kasan_check_read+0x15/0x20 [ 27.562849] kasan_atomics_helper+0x13b5/0x5450 [ 27.562883] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.562914] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.562940] ? pick_task_fair+0xce/0x340 [ 27.562966] ? kasan_atomics+0x152/0x310 [ 27.563003] kasan_atomics+0x1dc/0x310 [ 27.563027] ? __pfx_kasan_atomics+0x10/0x10 [ 27.563051] ? __pfx_read_tsc+0x10/0x10 [ 27.563083] ? ktime_get_ts64+0x86/0x230 [ 27.563110] kunit_try_run_case+0x1a5/0x480 [ 27.563135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.563166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.563192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.563216] ? __kthread_parkme+0x82/0x180 [ 27.563248] ? preempt_count_sub+0x50/0x80 [ 27.563273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.563295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.563332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.563359] kthread+0x337/0x6f0 [ 27.563380] ? trace_preempt_on+0x20/0xc0 [ 27.563423] ? __pfx_kthread+0x10/0x10 [ 27.563446] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.563468] ? calculate_sigpending+0x7b/0xa0 [ 27.563504] ? __pfx_kthread+0x10/0x10 [ 27.563527] ret_from_fork+0x116/0x1d0 [ 27.563547] ? __pfx_kthread+0x10/0x10 [ 27.563568] ret_from_fork_asm+0x1a/0x30 [ 27.563607] </TASK> [ 27.563620] [ 27.575514] Allocated by task 314: [ 27.575731] kasan_save_stack+0x45/0x70 [ 27.576221] kasan_save_track+0x18/0x40 [ 27.576392] kasan_save_alloc_info+0x3b/0x50 [ 27.576582] __kasan_kmalloc+0xb7/0xc0 [ 27.576969] __kmalloc_cache_noprof+0x189/0x420 [ 27.577327] kasan_atomics+0x95/0x310 [ 27.577517] kunit_try_run_case+0x1a5/0x480 [ 27.577713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.577944] kthread+0x337/0x6f0 [ 27.578103] ret_from_fork+0x116/0x1d0 [ 27.578270] ret_from_fork_asm+0x1a/0x30 [ 27.578450] [ 27.578537] The buggy address belongs to the object at ffff888103eb9580 [ 27.578537] which belongs to the cache kmalloc-64 of size 64 [ 27.578921] The buggy address is located 0 bytes to the right of [ 27.578921] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.579707] [ 27.579882] The buggy address belongs to the physical page: [ 27.580133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.580402] flags: 0x200000000000000(node=0|zone=2) [ 27.580586] page_type: f5(slab) [ 27.580753] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.581199] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.581420] page dumped because: kasan: bad access detected [ 27.581583] [ 27.581855] Memory state around the buggy address: [ 27.582390] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.582925] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.583238] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.583522] ^ [ 27.583736] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.584378] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.584670] ================================================================== [ 28.110216] ================================================================== [ 28.110568] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 28.110924] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.111265] [ 28.111378] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.111432] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.111446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.111472] Call Trace: [ 28.111492] <TASK> [ 28.111512] dump_stack_lvl+0x73/0xb0 [ 28.111542] print_report+0xd1/0x610 [ 28.111565] ? __virt_addr_valid+0x1db/0x2d0 [ 28.111591] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.111612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.111639] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.111675] kasan_report+0x141/0x180 [ 28.111698] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.111724] __asan_report_load8_noabort+0x18/0x20 [ 28.111759] kasan_atomics_helper+0x4f98/0x5450 [ 28.111782] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.111804] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.111828] ? pick_task_fair+0xce/0x340 [ 28.111854] ? kasan_atomics+0x152/0x310 [ 28.111881] kasan_atomics+0x1dc/0x310 [ 28.111905] ? __pfx_kasan_atomics+0x10/0x10 [ 28.111930] ? __pfx_read_tsc+0x10/0x10 [ 28.111953] ? ktime_get_ts64+0x86/0x230 [ 28.111979] kunit_try_run_case+0x1a5/0x480 [ 28.112003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.112024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.112050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.112074] ? __kthread_parkme+0x82/0x180 [ 28.112097] ? preempt_count_sub+0x50/0x80 [ 28.112121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.112144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.112170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.112197] kthread+0x337/0x6f0 [ 28.112218] ? trace_preempt_on+0x20/0xc0 [ 28.112242] ? __pfx_kthread+0x10/0x10 [ 28.112264] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.112287] ? calculate_sigpending+0x7b/0xa0 [ 28.112313] ? __pfx_kthread+0x10/0x10 [ 28.112335] ret_from_fork+0x116/0x1d0 [ 28.112356] ? __pfx_kthread+0x10/0x10 [ 28.112377] ret_from_fork_asm+0x1a/0x30 [ 28.112409] </TASK> [ 28.112422] [ 28.119600] Allocated by task 314: [ 28.119859] kasan_save_stack+0x45/0x70 [ 28.120071] kasan_save_track+0x18/0x40 [ 28.120258] kasan_save_alloc_info+0x3b/0x50 [ 28.120462] __kasan_kmalloc+0xb7/0xc0 [ 28.120645] __kmalloc_cache_noprof+0x189/0x420 [ 28.120870] kasan_atomics+0x95/0x310 [ 28.121056] kunit_try_run_case+0x1a5/0x480 [ 28.121207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.121378] kthread+0x337/0x6f0 [ 28.121495] ret_from_fork+0x116/0x1d0 [ 28.121622] ret_from_fork_asm+0x1a/0x30 [ 28.121882] [ 28.121983] The buggy address belongs to the object at ffff888103eb9580 [ 28.121983] which belongs to the cache kmalloc-64 of size 64 [ 28.122507] The buggy address is located 0 bytes to the right of [ 28.122507] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.123053] [ 28.123146] The buggy address belongs to the physical page: [ 28.123314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.123549] flags: 0x200000000000000(node=0|zone=2) [ 28.123855] page_type: f5(slab) [ 28.124023] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.124370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.124717] page dumped because: kasan: bad access detected [ 28.124951] [ 28.125024] Memory state around the buggy address: [ 28.125228] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.125467] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.125754] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.126059] ^ [ 28.126273] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.126546] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.126870] ================================================================== [ 27.840611] ================================================================== [ 27.841081] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 27.841433] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.841787] [ 27.841907] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.841993] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.842008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.842051] Call Trace: [ 27.842072] <TASK> [ 27.842096] dump_stack_lvl+0x73/0xb0 [ 27.842130] print_report+0xd1/0x610 [ 27.842154] ? __virt_addr_valid+0x1db/0x2d0 [ 27.842179] ? kasan_atomics_helper+0x194a/0x5450 [ 27.842201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.842227] ? kasan_atomics_helper+0x194a/0x5450 [ 27.842250] kasan_report+0x141/0x180 [ 27.842273] ? kasan_atomics_helper+0x194a/0x5450 [ 27.842299] kasan_check_range+0x10c/0x1c0 [ 27.842324] __kasan_check_write+0x18/0x20 [ 27.842348] kasan_atomics_helper+0x194a/0x5450 [ 27.842371] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.842393] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.842418] ? pick_task_fair+0xce/0x340 [ 27.842444] ? kasan_atomics+0x152/0x310 [ 27.842471] kasan_atomics+0x1dc/0x310 [ 27.842495] ? __pfx_kasan_atomics+0x10/0x10 [ 27.842520] ? __pfx_read_tsc+0x10/0x10 [ 27.842543] ? ktime_get_ts64+0x86/0x230 [ 27.842569] kunit_try_run_case+0x1a5/0x480 [ 27.842593] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.842616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.842641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.842676] ? __kthread_parkme+0x82/0x180 [ 27.842699] ? preempt_count_sub+0x50/0x80 [ 27.842723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.842777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.842805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.842830] kthread+0x337/0x6f0 [ 27.842862] ? trace_preempt_on+0x20/0xc0 [ 27.842887] ? __pfx_kthread+0x10/0x10 [ 27.842909] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.842932] ? calculate_sigpending+0x7b/0xa0 [ 27.842957] ? __pfx_kthread+0x10/0x10 [ 27.842979] ret_from_fork+0x116/0x1d0 [ 27.842999] ? __pfx_kthread+0x10/0x10 [ 27.843021] ret_from_fork_asm+0x1a/0x30 [ 27.843054] </TASK> [ 27.843066] [ 27.851140] Allocated by task 314: [ 27.851335] kasan_save_stack+0x45/0x70 [ 27.851542] kasan_save_track+0x18/0x40 [ 27.851737] kasan_save_alloc_info+0x3b/0x50 [ 27.852078] __kasan_kmalloc+0xb7/0xc0 [ 27.852214] __kmalloc_cache_noprof+0x189/0x420 [ 27.852360] kasan_atomics+0x95/0x310 [ 27.852483] kunit_try_run_case+0x1a5/0x480 [ 27.852628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.853079] kthread+0x337/0x6f0 [ 27.853309] ret_from_fork+0x116/0x1d0 [ 27.853544] ret_from_fork_asm+0x1a/0x30 [ 27.854029] [ 27.854142] The buggy address belongs to the object at ffff888103eb9580 [ 27.854142] which belongs to the cache kmalloc-64 of size 64 [ 27.854815] The buggy address is located 0 bytes to the right of [ 27.854815] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.855166] [ 27.855235] The buggy address belongs to the physical page: [ 27.855484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.856162] flags: 0x200000000000000(node=0|zone=2) [ 27.856479] page_type: f5(slab) [ 27.856661] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.857165] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.857420] page dumped because: kasan: bad access detected [ 27.857648] [ 27.857821] Memory state around the buggy address: [ 27.858089] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.858372] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.858690] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.859049] ^ [ 27.859274] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.859600] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.859988] ================================================================== [ 28.089357] ================================================================== [ 28.089593] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 28.091650] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.092578] [ 28.092936] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.092998] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.093013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.093039] Call Trace: [ 28.093061] <TASK> [ 28.093082] dump_stack_lvl+0x73/0xb0 [ 28.093123] print_report+0xd1/0x610 [ 28.093147] ? __virt_addr_valid+0x1db/0x2d0 [ 28.093173] ? kasan_atomics_helper+0x2006/0x5450 [ 28.093196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.093222] ? kasan_atomics_helper+0x2006/0x5450 [ 28.093244] kasan_report+0x141/0x180 [ 28.093267] ? kasan_atomics_helper+0x2006/0x5450 [ 28.093292] kasan_check_range+0x10c/0x1c0 [ 28.093316] __kasan_check_write+0x18/0x20 [ 28.093340] kasan_atomics_helper+0x2006/0x5450 [ 28.093363] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.093385] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.093410] ? pick_task_fair+0xce/0x340 [ 28.093435] ? kasan_atomics+0x152/0x310 [ 28.093461] kasan_atomics+0x1dc/0x310 [ 28.093484] ? __pfx_kasan_atomics+0x10/0x10 [ 28.093508] ? __pfx_read_tsc+0x10/0x10 [ 28.093530] ? ktime_get_ts64+0x86/0x230 [ 28.093556] kunit_try_run_case+0x1a5/0x480 [ 28.093580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.093602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.093628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.093679] ? __kthread_parkme+0x82/0x180 [ 28.093705] ? preempt_count_sub+0x50/0x80 [ 28.093730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.093762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.093788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.093815] kthread+0x337/0x6f0 [ 28.093836] ? trace_preempt_on+0x20/0xc0 [ 28.093861] ? __pfx_kthread+0x10/0x10 [ 28.093882] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.093905] ? calculate_sigpending+0x7b/0xa0 [ 28.093930] ? __pfx_kthread+0x10/0x10 [ 28.093952] ret_from_fork+0x116/0x1d0 [ 28.093973] ? __pfx_kthread+0x10/0x10 [ 28.093994] ret_from_fork_asm+0x1a/0x30 [ 28.094027] </TASK> [ 28.094045] [ 28.102375] Allocated by task 314: [ 28.102521] kasan_save_stack+0x45/0x70 [ 28.102692] kasan_save_track+0x18/0x40 [ 28.102879] kasan_save_alloc_info+0x3b/0x50 [ 28.103089] __kasan_kmalloc+0xb7/0xc0 [ 28.103272] __kmalloc_cache_noprof+0x189/0x420 [ 28.103547] kasan_atomics+0x95/0x310 [ 28.103762] kunit_try_run_case+0x1a5/0x480 [ 28.103941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.104146] kthread+0x337/0x6f0 [ 28.104309] ret_from_fork+0x116/0x1d0 [ 28.104489] ret_from_fork_asm+0x1a/0x30 [ 28.104622] [ 28.104697] The buggy address belongs to the object at ffff888103eb9580 [ 28.104697] which belongs to the cache kmalloc-64 of size 64 [ 28.105179] The buggy address is located 0 bytes to the right of [ 28.105179] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.105730] [ 28.105801] The buggy address belongs to the physical page: [ 28.105967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.106206] flags: 0x200000000000000(node=0|zone=2) [ 28.106413] page_type: f5(slab) [ 28.106596] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.107218] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.107549] page dumped because: kasan: bad access detected [ 28.107844] [ 28.107913] Memory state around the buggy address: [ 28.108107] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.108316] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.108526] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.108746] ^ [ 28.108895] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.109166] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.109484] ================================================================== [ 28.169964] ================================================================== [ 28.170331] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 28.170648] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.170980] [ 28.171096] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.171150] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.171165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.171191] Call Trace: [ 28.171212] <TASK> [ 28.171234] dump_stack_lvl+0x73/0xb0 [ 28.171266] print_report+0xd1/0x610 [ 28.171289] ? __virt_addr_valid+0x1db/0x2d0 [ 28.171315] ? kasan_atomics_helper+0x218a/0x5450 [ 28.171336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.171362] ? kasan_atomics_helper+0x218a/0x5450 [ 28.171385] kasan_report+0x141/0x180 [ 28.171407] ? kasan_atomics_helper+0x218a/0x5450 [ 28.171433] kasan_check_range+0x10c/0x1c0 [ 28.171457] __kasan_check_write+0x18/0x20 [ 28.171480] kasan_atomics_helper+0x218a/0x5450 [ 28.171503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.171525] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.171549] ? pick_task_fair+0xce/0x340 [ 28.171575] ? kasan_atomics+0x152/0x310 [ 28.171602] kasan_atomics+0x1dc/0x310 [ 28.171625] ? __pfx_kasan_atomics+0x10/0x10 [ 28.171650] ? __pfx_read_tsc+0x10/0x10 [ 28.171693] ? ktime_get_ts64+0x86/0x230 [ 28.171718] kunit_try_run_case+0x1a5/0x480 [ 28.171742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.171763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.171789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.171814] ? __kthread_parkme+0x82/0x180 [ 28.171836] ? preempt_count_sub+0x50/0x80 [ 28.171861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.171889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.171918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.171946] kthread+0x337/0x6f0 [ 28.171968] ? trace_preempt_on+0x20/0xc0 [ 28.171994] ? __pfx_kthread+0x10/0x10 [ 28.172016] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.172039] ? calculate_sigpending+0x7b/0xa0 [ 28.172064] ? __pfx_kthread+0x10/0x10 [ 28.172088] ret_from_fork+0x116/0x1d0 [ 28.172109] ? __pfx_kthread+0x10/0x10 [ 28.172132] ret_from_fork_asm+0x1a/0x30 [ 28.172163] </TASK> [ 28.172176] [ 28.182598] Allocated by task 314: [ 28.182852] kasan_save_stack+0x45/0x70 [ 28.183297] kasan_save_track+0x18/0x40 [ 28.183486] kasan_save_alloc_info+0x3b/0x50 [ 28.183661] __kasan_kmalloc+0xb7/0xc0 [ 28.184024] __kmalloc_cache_noprof+0x189/0x420 [ 28.184246] kasan_atomics+0x95/0x310 [ 28.184557] kunit_try_run_case+0x1a5/0x480 [ 28.184807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.185198] kthread+0x337/0x6f0 [ 28.185439] ret_from_fork+0x116/0x1d0 [ 28.185642] ret_from_fork_asm+0x1a/0x30 [ 28.186018] [ 28.186105] The buggy address belongs to the object at ffff888103eb9580 [ 28.186105] which belongs to the cache kmalloc-64 of size 64 [ 28.186784] The buggy address is located 0 bytes to the right of [ 28.186784] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.187464] [ 28.187715] The buggy address belongs to the physical page: [ 28.187971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.188317] flags: 0x200000000000000(node=0|zone=2) [ 28.188708] page_type: f5(slab) [ 28.189019] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.189413] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.189766] page dumped because: kasan: bad access detected [ 28.190197] [ 28.190284] Memory state around the buggy address: [ 28.190669] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.191108] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.191413] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.191722] ^ [ 28.192118] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.192511] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.192988] ================================================================== [ 27.182822] ================================================================== [ 27.183358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 27.183674] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.183891] [ 27.184160] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.184219] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.184234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.184261] Call Trace: [ 27.184282] <TASK> [ 27.184303] dump_stack_lvl+0x73/0xb0 [ 27.184335] print_report+0xd1/0x610 [ 27.184359] ? __virt_addr_valid+0x1db/0x2d0 [ 27.184384] ? kasan_atomics_helper+0xac7/0x5450 [ 27.184406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.184434] ? kasan_atomics_helper+0xac7/0x5450 [ 27.184456] kasan_report+0x141/0x180 [ 27.184510] ? kasan_atomics_helper+0xac7/0x5450 [ 27.184537] kasan_check_range+0x10c/0x1c0 [ 27.184561] __kasan_check_write+0x18/0x20 [ 27.184584] kasan_atomics_helper+0xac7/0x5450 [ 27.184607] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.184630] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.184671] ? pick_task_fair+0xce/0x340 [ 27.184697] ? kasan_atomics+0x152/0x310 [ 27.184724] kasan_atomics+0x1dc/0x310 [ 27.184759] ? __pfx_kasan_atomics+0x10/0x10 [ 27.184784] ? __pfx_read_tsc+0x10/0x10 [ 27.184807] ? ktime_get_ts64+0x86/0x230 [ 27.184833] kunit_try_run_case+0x1a5/0x480 [ 27.184877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.184898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.184924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.184949] ? __kthread_parkme+0x82/0x180 [ 27.184972] ? preempt_count_sub+0x50/0x80 [ 27.184997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.185019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.185046] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.185072] kthread+0x337/0x6f0 [ 27.185093] ? trace_preempt_on+0x20/0xc0 [ 27.185133] ? __pfx_kthread+0x10/0x10 [ 27.185155] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.185177] ? calculate_sigpending+0x7b/0xa0 [ 27.185203] ? __pfx_kthread+0x10/0x10 [ 27.185225] ret_from_fork+0x116/0x1d0 [ 27.185245] ? __pfx_kthread+0x10/0x10 [ 27.185267] ret_from_fork_asm+0x1a/0x30 [ 27.185316] </TASK> [ 27.185329] [ 27.192933] Allocated by task 314: [ 27.193338] kasan_save_stack+0x45/0x70 [ 27.193549] kasan_save_track+0x18/0x40 [ 27.193737] kasan_save_alloc_info+0x3b/0x50 [ 27.193953] __kasan_kmalloc+0xb7/0xc0 [ 27.194179] __kmalloc_cache_noprof+0x189/0x420 [ 27.194328] kasan_atomics+0x95/0x310 [ 27.194725] kunit_try_run_case+0x1a5/0x480 [ 27.194902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.195068] kthread+0x337/0x6f0 [ 27.195183] ret_from_fork+0x116/0x1d0 [ 27.195309] ret_from_fork_asm+0x1a/0x30 [ 27.195440] [ 27.195503] The buggy address belongs to the object at ffff888103eb9580 [ 27.195503] which belongs to the cache kmalloc-64 of size 64 [ 27.195961] The buggy address is located 0 bytes to the right of [ 27.195961] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.196480] [ 27.196630] The buggy address belongs to the physical page: [ 27.197096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.197332] flags: 0x200000000000000(node=0|zone=2) [ 27.197490] page_type: f5(slab) [ 27.197608] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.198140] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.198592] page dumped because: kasan: bad access detected [ 27.199227] [ 27.199362] Memory state around the buggy address: [ 27.199678] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.200011] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.201219] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.201455] ^ [ 27.201613] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.202613] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.202961] ================================================================== [ 26.889104] ================================================================== [ 26.889805] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 26.891217] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.892267] [ 26.892380] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.892441] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.892458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.892485] Call Trace: [ 26.892505] <TASK> [ 26.892527] dump_stack_lvl+0x73/0xb0 [ 26.892572] print_report+0xd1/0x610 [ 26.892597] ? __virt_addr_valid+0x1db/0x2d0 [ 26.892622] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.892645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.892909] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.892987] kasan_report+0x141/0x180 [ 26.893014] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.893104] __asan_report_load4_noabort+0x18/0x20 [ 26.893129] kasan_atomics_helper+0x4b54/0x5450 [ 26.893153] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.893177] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.893202] ? pick_task_fair+0xce/0x340 [ 26.893231] ? kasan_atomics+0x152/0x310 [ 26.893259] kasan_atomics+0x1dc/0x310 [ 26.893283] ? __pfx_kasan_atomics+0x10/0x10 [ 26.893308] ? __pfx_read_tsc+0x10/0x10 [ 26.893331] ? ktime_get_ts64+0x86/0x230 [ 26.893357] kunit_try_run_case+0x1a5/0x480 [ 26.893382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.893403] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.893429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.893455] ? __kthread_parkme+0x82/0x180 [ 26.893477] ? preempt_count_sub+0x50/0x80 [ 26.893503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.893526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.893552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.893579] kthread+0x337/0x6f0 [ 26.893600] ? trace_preempt_on+0x20/0xc0 [ 26.893624] ? __pfx_kthread+0x10/0x10 [ 26.893647] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.893682] ? calculate_sigpending+0x7b/0xa0 [ 26.893708] ? __pfx_kthread+0x10/0x10 [ 26.893730] ret_from_fork+0x116/0x1d0 [ 26.893765] ? __pfx_kthread+0x10/0x10 [ 26.893788] ret_from_fork_asm+0x1a/0x30 [ 26.893855] </TASK> [ 26.893868] [ 26.908583] Allocated by task 314: [ 26.908946] kasan_save_stack+0x45/0x70 [ 26.909540] kasan_save_track+0x18/0x40 [ 26.909732] kasan_save_alloc_info+0x3b/0x50 [ 26.910076] __kasan_kmalloc+0xb7/0xc0 [ 26.910462] __kmalloc_cache_noprof+0x189/0x420 [ 26.910851] kasan_atomics+0x95/0x310 [ 26.911264] kunit_try_run_case+0x1a5/0x480 [ 26.911444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911999] kthread+0x337/0x6f0 [ 26.912335] ret_from_fork+0x116/0x1d0 [ 26.912603] ret_from_fork_asm+0x1a/0x30 [ 26.912821] [ 26.912932] The buggy address belongs to the object at ffff888103eb9580 [ 26.912932] which belongs to the cache kmalloc-64 of size 64 [ 26.913422] The buggy address is located 0 bytes to the right of [ 26.913422] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.914382] [ 26.914522] The buggy address belongs to the physical page: [ 26.914786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.915172] flags: 0x200000000000000(node=0|zone=2) [ 26.915457] page_type: f5(slab) [ 26.915668] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.916007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.916398] page dumped because: kasan: bad access detected [ 26.916615] [ 26.916739] Memory state around the buggy address: [ 26.916961] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.917601] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.917936] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.918211] ^ [ 26.918561] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.919065] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.919318] ================================================================== [ 28.054516] ================================================================== [ 28.054917] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 28.055367] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.055674] [ 28.055767] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.055823] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.055838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.055867] Call Trace: [ 28.055888] <TASK> [ 28.055909] dump_stack_lvl+0x73/0xb0 [ 28.055941] print_report+0xd1/0x610 [ 28.055965] ? __virt_addr_valid+0x1db/0x2d0 [ 28.055989] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.056011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.056038] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.056060] kasan_report+0x141/0x180 [ 28.056082] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.056108] kasan_check_range+0x10c/0x1c0 [ 28.056132] __kasan_check_write+0x18/0x20 [ 28.056156] kasan_atomics_helper+0x1f43/0x5450 [ 28.056179] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.056203] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.056228] ? pick_task_fair+0xce/0x340 [ 28.056254] ? kasan_atomics+0x152/0x310 [ 28.056280] kasan_atomics+0x1dc/0x310 [ 28.056303] ? __pfx_kasan_atomics+0x10/0x10 [ 28.056328] ? __pfx_read_tsc+0x10/0x10 [ 28.056350] ? ktime_get_ts64+0x86/0x230 [ 28.056376] kunit_try_run_case+0x1a5/0x480 [ 28.056403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.056454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.056479] ? __kthread_parkme+0x82/0x180 [ 28.056502] ? preempt_count_sub+0x50/0x80 [ 28.056527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.056581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.056607] kthread+0x337/0x6f0 [ 28.056628] ? trace_preempt_on+0x20/0xc0 [ 28.056664] ? __pfx_kthread+0x10/0x10 [ 28.056687] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.056710] ? calculate_sigpending+0x7b/0xa0 [ 28.056736] ? __pfx_kthread+0x10/0x10 [ 28.056774] ret_from_fork+0x116/0x1d0 [ 28.056794] ? __pfx_kthread+0x10/0x10 [ 28.056817] ret_from_fork_asm+0x1a/0x30 [ 28.056849] </TASK> [ 28.056862] [ 28.064086] Allocated by task 314: [ 28.064294] kasan_save_stack+0x45/0x70 [ 28.064503] kasan_save_track+0x18/0x40 [ 28.064701] kasan_save_alloc_info+0x3b/0x50 [ 28.064945] __kasan_kmalloc+0xb7/0xc0 [ 28.065137] __kmalloc_cache_noprof+0x189/0x420 [ 28.065313] kasan_atomics+0x95/0x310 [ 28.065441] kunit_try_run_case+0x1a5/0x480 [ 28.065581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.065825] kthread+0x337/0x6f0 [ 28.066000] ret_from_fork+0x116/0x1d0 [ 28.066191] ret_from_fork_asm+0x1a/0x30 [ 28.066387] [ 28.066473] The buggy address belongs to the object at ffff888103eb9580 [ 28.066473] which belongs to the cache kmalloc-64 of size 64 [ 28.066888] The buggy address is located 0 bytes to the right of [ 28.066888] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.067356] [ 28.067461] The buggy address belongs to the physical page: [ 28.067723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.068080] flags: 0x200000000000000(node=0|zone=2) [ 28.068391] page_type: f5(slab) [ 28.068532] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.068911] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.069208] page dumped because: kasan: bad access detected [ 28.069372] [ 28.069435] Memory state around the buggy address: [ 28.069747] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.070170] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.070379] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.070585] ^ [ 28.070858] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.071185] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.071492] ================================================================== [ 27.880171] ================================================================== [ 27.880526] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 27.881193] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.881526] [ 27.881647] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.881712] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.881727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.881752] Call Trace: [ 27.881773] <TASK> [ 27.881815] dump_stack_lvl+0x73/0xb0 [ 27.881864] print_report+0xd1/0x610 [ 27.881901] ? __virt_addr_valid+0x1db/0x2d0 [ 27.881940] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.881988] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.882028] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.882070] kasan_report+0x141/0x180 [ 27.882106] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.882159] kasan_check_range+0x10c/0x1c0 [ 27.882208] __kasan_check_write+0x18/0x20 [ 27.882232] kasan_atomics_helper+0x1a7f/0x5450 [ 27.882255] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.882278] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.882304] ? pick_task_fair+0xce/0x340 [ 27.882330] ? kasan_atomics+0x152/0x310 [ 27.882357] kasan_atomics+0x1dc/0x310 [ 27.882380] ? __pfx_kasan_atomics+0x10/0x10 [ 27.882405] ? __pfx_read_tsc+0x10/0x10 [ 27.882428] ? ktime_get_ts64+0x86/0x230 [ 27.882454] kunit_try_run_case+0x1a5/0x480 [ 27.882479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.882501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.882528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.882563] ? __kthread_parkme+0x82/0x180 [ 27.882586] ? preempt_count_sub+0x50/0x80 [ 27.882611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.882633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.882669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.882696] kthread+0x337/0x6f0 [ 27.882718] ? trace_preempt_on+0x20/0xc0 [ 27.882743] ? __pfx_kthread+0x10/0x10 [ 27.882776] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.882798] ? calculate_sigpending+0x7b/0xa0 [ 27.882824] ? __pfx_kthread+0x10/0x10 [ 27.882858] ret_from_fork+0x116/0x1d0 [ 27.882878] ? __pfx_kthread+0x10/0x10 [ 27.882899] ret_from_fork_asm+0x1a/0x30 [ 27.882931] </TASK> [ 27.882943] [ 27.890969] Allocated by task 314: [ 27.891116] kasan_save_stack+0x45/0x70 [ 27.891951] kasan_save_track+0x18/0x40 [ 27.893525] kasan_save_alloc_info+0x3b/0x50 [ 27.893725] __kasan_kmalloc+0xb7/0xc0 [ 27.893937] __kmalloc_cache_noprof+0x189/0x420 [ 27.894215] kasan_atomics+0x95/0x310 [ 27.894453] kunit_try_run_case+0x1a5/0x480 [ 27.894606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.894871] kthread+0x337/0x6f0 [ 27.895026] ret_from_fork+0x116/0x1d0 [ 27.895233] ret_from_fork_asm+0x1a/0x30 [ 27.895462] [ 27.895554] The buggy address belongs to the object at ffff888103eb9580 [ 27.895554] which belongs to the cache kmalloc-64 of size 64 [ 27.896096] The buggy address is located 0 bytes to the right of [ 27.896096] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.896448] [ 27.896533] The buggy address belongs to the physical page: [ 27.896795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.897382] flags: 0x200000000000000(node=0|zone=2) [ 27.897553] page_type: f5(slab) [ 27.897706] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.898135] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.898510] page dumped because: kasan: bad access detected [ 27.898765] [ 27.898831] Memory state around the buggy address: [ 27.900243] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.900508] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.901541] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.901850] ^ [ 27.902007] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.902582] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.903125] ================================================================== [ 27.963106] ================================================================== [ 27.963479] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 27.963874] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.964208] [ 27.964323] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.964378] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.964393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.964418] Call Trace: [ 27.964438] <TASK> [ 27.964459] dump_stack_lvl+0x73/0xb0 [ 27.964490] print_report+0xd1/0x610 [ 27.964514] ? __virt_addr_valid+0x1db/0x2d0 [ 27.964539] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.964561] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.964588] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.964610] kasan_report+0x141/0x180 [ 27.964634] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.964671] kasan_check_range+0x10c/0x1c0 [ 27.964695] __kasan_check_write+0x18/0x20 [ 27.964719] kasan_atomics_helper+0x1ce1/0x5450 [ 27.964763] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.964785] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.964811] ? pick_task_fair+0xce/0x340 [ 27.964837] ? kasan_atomics+0x152/0x310 [ 27.964864] kasan_atomics+0x1dc/0x310 [ 27.964888] ? __pfx_kasan_atomics+0x10/0x10 [ 27.964912] ? __pfx_read_tsc+0x10/0x10 [ 27.964935] ? ktime_get_ts64+0x86/0x230 [ 27.964961] kunit_try_run_case+0x1a5/0x480 [ 27.964985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.965008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.965033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.965059] ? __kthread_parkme+0x82/0x180 [ 27.965081] ? preempt_count_sub+0x50/0x80 [ 27.965106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.965129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.965155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.965182] kthread+0x337/0x6f0 [ 27.965203] ? trace_preempt_on+0x20/0xc0 [ 27.965228] ? __pfx_kthread+0x10/0x10 [ 27.965249] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.965274] ? calculate_sigpending+0x7b/0xa0 [ 27.965299] ? __pfx_kthread+0x10/0x10 [ 27.965322] ret_from_fork+0x116/0x1d0 [ 27.965343] ? __pfx_kthread+0x10/0x10 [ 27.965364] ret_from_fork_asm+0x1a/0x30 [ 27.965396] </TASK> [ 27.965409] [ 27.972748] Allocated by task 314: [ 27.972900] kasan_save_stack+0x45/0x70 [ 27.973104] kasan_save_track+0x18/0x40 [ 27.973298] kasan_save_alloc_info+0x3b/0x50 [ 27.973471] __kasan_kmalloc+0xb7/0xc0 [ 27.973631] __kmalloc_cache_noprof+0x189/0x420 [ 27.973866] kasan_atomics+0x95/0x310 [ 27.974029] kunit_try_run_case+0x1a5/0x480 [ 27.974203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.974406] kthread+0x337/0x6f0 [ 27.974575] ret_from_fork+0x116/0x1d0 [ 27.974757] ret_from_fork_asm+0x1a/0x30 [ 27.974951] [ 27.975027] The buggy address belongs to the object at ffff888103eb9580 [ 27.975027] which belongs to the cache kmalloc-64 of size 64 [ 27.975494] The buggy address is located 0 bytes to the right of [ 27.975494] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.976013] [ 27.976092] The buggy address belongs to the physical page: [ 27.976316] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.976551] flags: 0x200000000000000(node=0|zone=2) [ 27.976719] page_type: f5(slab) [ 27.976855] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.977083] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.977322] page dumped because: kasan: bad access detected [ 27.977564] [ 27.977660] Memory state around the buggy address: [ 27.977897] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.978219] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.978545] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.978899] ^ [ 27.979119] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.979427] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.979683] ================================================================== [ 28.127538] ================================================================== [ 28.127864] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 28.128205] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.128516] [ 28.128625] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.128689] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.128703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.128729] Call Trace: [ 28.128749] <TASK> [ 28.128768] dump_stack_lvl+0x73/0xb0 [ 28.128801] print_report+0xd1/0x610 [ 28.128826] ? __virt_addr_valid+0x1db/0x2d0 [ 28.128851] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.128872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.128898] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.128921] kasan_report+0x141/0x180 [ 28.128944] ? kasan_atomics_helper+0x20c8/0x5450 [ 28.128970] kasan_check_range+0x10c/0x1c0 [ 28.128995] __kasan_check_write+0x18/0x20 [ 28.129019] kasan_atomics_helper+0x20c8/0x5450 [ 28.129042] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.129065] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.129089] ? pick_task_fair+0xce/0x340 [ 28.129115] ? kasan_atomics+0x152/0x310 [ 28.129142] kasan_atomics+0x1dc/0x310 [ 28.129165] ? __pfx_kasan_atomics+0x10/0x10 [ 28.129190] ? __pfx_read_tsc+0x10/0x10 [ 28.129213] ? ktime_get_ts64+0x86/0x230 [ 28.129237] kunit_try_run_case+0x1a5/0x480 [ 28.129261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.129283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.129307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.129332] ? __kthread_parkme+0x82/0x180 [ 28.129354] ? preempt_count_sub+0x50/0x80 [ 28.129379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.129402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.129428] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.129455] kthread+0x337/0x6f0 [ 28.129476] ? trace_preempt_on+0x20/0xc0 [ 28.129500] ? __pfx_kthread+0x10/0x10 [ 28.129522] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.129545] ? calculate_sigpending+0x7b/0xa0 [ 28.129570] ? __pfx_kthread+0x10/0x10 [ 28.129592] ret_from_fork+0x116/0x1d0 [ 28.129612] ? __pfx_kthread+0x10/0x10 [ 28.129634] ret_from_fork_asm+0x1a/0x30 [ 28.129678] </TASK> [ 28.129689] [ 28.136611] Allocated by task 314: [ 28.136895] kasan_save_stack+0x45/0x70 [ 28.137101] kasan_save_track+0x18/0x40 [ 28.137285] kasan_save_alloc_info+0x3b/0x50 [ 28.137494] __kasan_kmalloc+0xb7/0xc0 [ 28.137685] __kmalloc_cache_noprof+0x189/0x420 [ 28.138101] kasan_atomics+0x95/0x310 [ 28.138288] kunit_try_run_case+0x1a5/0x480 [ 28.138489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.138698] kthread+0x337/0x6f0 [ 28.138955] ret_from_fork+0x116/0x1d0 [ 28.139119] ret_from_fork_asm+0x1a/0x30 [ 28.139285] [ 28.139365] The buggy address belongs to the object at ffff888103eb9580 [ 28.139365] which belongs to the cache kmalloc-64 of size 64 [ 28.139894] The buggy address is located 0 bytes to the right of [ 28.139894] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.140384] [ 28.140480] The buggy address belongs to the physical page: [ 28.140669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.141082] flags: 0x200000000000000(node=0|zone=2) [ 28.141292] page_type: f5(slab) [ 28.141434] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.141768] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.142053] page dumped because: kasan: bad access detected [ 28.142266] [ 28.142330] Memory state around the buggy address: [ 28.142532] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.142864] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.143130] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.143386] ^ [ 28.143594] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.143888] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.144164] ================================================================== [ 27.707931] ================================================================== [ 27.708217] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 27.708574] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.708977] [ 27.709085] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.709152] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.709167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.709204] Call Trace: [ 27.709225] <TASK> [ 27.709247] dump_stack_lvl+0x73/0xb0 [ 27.709282] print_report+0xd1/0x610 [ 27.709315] ? __virt_addr_valid+0x1db/0x2d0 [ 27.709340] ? kasan_atomics_helper+0x164f/0x5450 [ 27.709374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.709401] ? kasan_atomics_helper+0x164f/0x5450 [ 27.709424] kasan_report+0x141/0x180 [ 27.709456] ? kasan_atomics_helper+0x164f/0x5450 [ 27.709482] kasan_check_range+0x10c/0x1c0 [ 27.709507] __kasan_check_write+0x18/0x20 [ 27.709541] kasan_atomics_helper+0x164f/0x5450 [ 27.709565] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.709587] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.709612] ? pick_task_fair+0xce/0x340 [ 27.709637] ? kasan_atomics+0x152/0x310 [ 27.709672] kasan_atomics+0x1dc/0x310 [ 27.709696] ? __pfx_kasan_atomics+0x10/0x10 [ 27.709731] ? __pfx_read_tsc+0x10/0x10 [ 27.709754] ? ktime_get_ts64+0x86/0x230 [ 27.709780] kunit_try_run_case+0x1a5/0x480 [ 27.709815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.709852] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.709877] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.709903] ? __kthread_parkme+0x82/0x180 [ 27.709926] ? preempt_count_sub+0x50/0x80 [ 27.709960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.709982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.710018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.710051] kthread+0x337/0x6f0 [ 27.710072] ? trace_preempt_on+0x20/0xc0 [ 27.710097] ? __pfx_kthread+0x10/0x10 [ 27.710120] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.710142] ? calculate_sigpending+0x7b/0xa0 [ 27.710177] ? __pfx_kthread+0x10/0x10 [ 27.710200] ret_from_fork+0x116/0x1d0 [ 27.710219] ? __pfx_kthread+0x10/0x10 [ 27.710252] ret_from_fork_asm+0x1a/0x30 [ 27.710285] </TASK> [ 27.710298] [ 27.721519] Allocated by task 314: [ 27.722109] kasan_save_stack+0x45/0x70 [ 27.722318] kasan_save_track+0x18/0x40 [ 27.722456] kasan_save_alloc_info+0x3b/0x50 [ 27.722602] __kasan_kmalloc+0xb7/0xc0 [ 27.723012] __kmalloc_cache_noprof+0x189/0x420 [ 27.723436] kasan_atomics+0x95/0x310 [ 27.723818] kunit_try_run_case+0x1a5/0x480 [ 27.724214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.724668] kthread+0x337/0x6f0 [ 27.724996] ret_from_fork+0x116/0x1d0 [ 27.725292] ret_from_fork_asm+0x1a/0x30 [ 27.725431] [ 27.725498] The buggy address belongs to the object at ffff888103eb9580 [ 27.725498] which belongs to the cache kmalloc-64 of size 64 [ 27.726241] The buggy address is located 0 bytes to the right of [ 27.726241] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.727355] [ 27.727521] The buggy address belongs to the physical page: [ 27.727938] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.728241] flags: 0x200000000000000(node=0|zone=2) [ 27.728405] page_type: f5(slab) [ 27.728525] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.728795] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.729435] page dumped because: kasan: bad access detected [ 27.729944] [ 27.730122] Memory state around the buggy address: [ 27.730549] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.730992] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.731205] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.731412] ^ [ 27.731562] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.731860] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.732210] ================================================================== [ 26.919921] ================================================================== [ 26.920257] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 26.920665] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.921000] [ 26.921418] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.921497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.921513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.921553] Call Trace: [ 26.921588] <TASK> [ 26.921611] dump_stack_lvl+0x73/0xb0 [ 26.921644] print_report+0xd1/0x610 [ 26.921681] ? __virt_addr_valid+0x1db/0x2d0 [ 26.921707] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.921729] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.921755] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.921777] kasan_report+0x141/0x180 [ 26.921800] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.921826] kasan_check_range+0x10c/0x1c0 [ 26.921865] __kasan_check_write+0x18/0x20 [ 26.921889] kasan_atomics_helper+0x4a0/0x5450 [ 26.921913] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.921936] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.922020] ? pick_task_fair+0xce/0x340 [ 26.922053] ? kasan_atomics+0x152/0x310 [ 26.922081] kasan_atomics+0x1dc/0x310 [ 26.922104] ? __pfx_kasan_atomics+0x10/0x10 [ 26.922130] ? __pfx_read_tsc+0x10/0x10 [ 26.922152] ? ktime_get_ts64+0x86/0x230 [ 26.922178] kunit_try_run_case+0x1a5/0x480 [ 26.922202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.922224] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.922249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.922275] ? __kthread_parkme+0x82/0x180 [ 26.922297] ? preempt_count_sub+0x50/0x80 [ 26.922323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.922346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.922376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.922402] kthread+0x337/0x6f0 [ 26.922424] ? trace_preempt_on+0x20/0xc0 [ 26.922448] ? __pfx_kthread+0x10/0x10 [ 26.922470] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.922494] ? calculate_sigpending+0x7b/0xa0 [ 26.922520] ? __pfx_kthread+0x10/0x10 [ 26.922543] ret_from_fork+0x116/0x1d0 [ 26.922564] ? __pfx_kthread+0x10/0x10 [ 26.922586] ret_from_fork_asm+0x1a/0x30 [ 26.922619] </TASK> [ 26.922632] [ 26.933795] Allocated by task 314: [ 26.934049] kasan_save_stack+0x45/0x70 [ 26.934335] kasan_save_track+0x18/0x40 [ 26.934521] kasan_save_alloc_info+0x3b/0x50 [ 26.934771] __kasan_kmalloc+0xb7/0xc0 [ 26.934906] __kmalloc_cache_noprof+0x189/0x420 [ 26.935257] kasan_atomics+0x95/0x310 [ 26.935461] kunit_try_run_case+0x1a5/0x480 [ 26.935624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.935801] kthread+0x337/0x6f0 [ 26.936042] ret_from_fork+0x116/0x1d0 [ 26.936281] ret_from_fork_asm+0x1a/0x30 [ 26.936428] [ 26.936539] The buggy address belongs to the object at ffff888103eb9580 [ 26.936539] which belongs to the cache kmalloc-64 of size 64 [ 26.937109] The buggy address is located 0 bytes to the right of [ 26.937109] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.937556] [ 26.937651] The buggy address belongs to the physical page: [ 26.938298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.938692] flags: 0x200000000000000(node=0|zone=2) [ 26.938854] page_type: f5(slab) [ 26.939144] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.939507] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.939875] page dumped because: kasan: bad access detected [ 26.940219] [ 26.940318] Memory state around the buggy address: [ 26.940480] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.940742] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.941079] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.941432] ^ [ 26.941626] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.942113] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.942685] ================================================================== [ 27.163681] ================================================================== [ 27.164178] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 27.164436] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.164859] [ 27.164951] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.165008] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.165023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.165049] Call Trace: [ 27.165070] <TASK> [ 27.165092] dump_stack_lvl+0x73/0xb0 [ 27.165123] print_report+0xd1/0x610 [ 27.165148] ? __virt_addr_valid+0x1db/0x2d0 [ 27.165173] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.165194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.165221] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.165248] kasan_report+0x141/0x180 [ 27.165273] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.165300] kasan_check_range+0x10c/0x1c0 [ 27.165326] __kasan_check_write+0x18/0x20 [ 27.165362] kasan_atomics_helper+0xa2b/0x5450 [ 27.165386] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.165408] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.165458] ? pick_task_fair+0xce/0x340 [ 27.165487] ? kasan_atomics+0x152/0x310 [ 27.165515] kasan_atomics+0x1dc/0x310 [ 27.165540] ? __pfx_kasan_atomics+0x10/0x10 [ 27.165565] ? __pfx_read_tsc+0x10/0x10 [ 27.165587] ? ktime_get_ts64+0x86/0x230 [ 27.165613] kunit_try_run_case+0x1a5/0x480 [ 27.165638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.165671] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.165697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.165722] ? __kthread_parkme+0x82/0x180 [ 27.165754] ? preempt_count_sub+0x50/0x80 [ 27.165799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.165823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.165849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.165876] kthread+0x337/0x6f0 [ 27.165897] ? trace_preempt_on+0x20/0xc0 [ 27.165922] ? __pfx_kthread+0x10/0x10 [ 27.165963] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.165986] ? calculate_sigpending+0x7b/0xa0 [ 27.166010] ? __pfx_kthread+0x10/0x10 [ 27.166033] ret_from_fork+0x116/0x1d0 [ 27.166079] ? __pfx_kthread+0x10/0x10 [ 27.166100] ret_from_fork_asm+0x1a/0x30 [ 27.166132] </TASK> [ 27.166145] [ 27.174231] Allocated by task 314: [ 27.174381] kasan_save_stack+0x45/0x70 [ 27.174613] kasan_save_track+0x18/0x40 [ 27.174908] kasan_save_alloc_info+0x3b/0x50 [ 27.175149] __kasan_kmalloc+0xb7/0xc0 [ 27.175335] __kmalloc_cache_noprof+0x189/0x420 [ 27.175497] kasan_atomics+0x95/0x310 [ 27.175619] kunit_try_run_case+0x1a5/0x480 [ 27.175921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.176203] kthread+0x337/0x6f0 [ 27.176345] ret_from_fork+0x116/0x1d0 [ 27.176474] ret_from_fork_asm+0x1a/0x30 [ 27.176604] [ 27.176689] The buggy address belongs to the object at ffff888103eb9580 [ 27.176689] which belongs to the cache kmalloc-64 of size 64 [ 27.177643] The buggy address is located 0 bytes to the right of [ 27.177643] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.178160] [ 27.178297] The buggy address belongs to the physical page: [ 27.178458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.178751] flags: 0x200000000000000(node=0|zone=2) [ 27.179109] page_type: f5(slab) [ 27.179457] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.179711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.179947] page dumped because: kasan: bad access detected [ 27.180282] [ 27.180453] Memory state around the buggy address: [ 27.180740] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.180950] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.181164] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.181366] ^ [ 27.181511] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.181816] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.182284] ================================================================== [ 27.309065] ================================================================== [ 27.309595] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 27.310063] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.310617] [ 27.310765] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.310834] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.310848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.310875] Call Trace: [ 27.310900] <TASK> [ 27.310919] dump_stack_lvl+0x73/0xb0 [ 27.310956] print_report+0xd1/0x610 [ 27.310979] ? __virt_addr_valid+0x1db/0x2d0 [ 27.311014] ? kasan_atomics_helper+0xde0/0x5450 [ 27.311035] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.311073] ? kasan_atomics_helper+0xde0/0x5450 [ 27.311096] kasan_report+0x141/0x180 [ 27.311118] ? kasan_atomics_helper+0xde0/0x5450 [ 27.311144] kasan_check_range+0x10c/0x1c0 [ 27.311168] __kasan_check_write+0x18/0x20 [ 27.311192] kasan_atomics_helper+0xde0/0x5450 [ 27.311216] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.311238] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.311263] ? pick_task_fair+0xce/0x340 [ 27.311289] ? kasan_atomics+0x152/0x310 [ 27.311315] kasan_atomics+0x1dc/0x310 [ 27.311338] ? __pfx_kasan_atomics+0x10/0x10 [ 27.311363] ? __pfx_read_tsc+0x10/0x10 [ 27.311385] ? ktime_get_ts64+0x86/0x230 [ 27.311410] kunit_try_run_case+0x1a5/0x480 [ 27.311434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.311455] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.311481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.311505] ? __kthread_parkme+0x82/0x180 [ 27.311527] ? preempt_count_sub+0x50/0x80 [ 27.311552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.311575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.311600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.311626] kthread+0x337/0x6f0 [ 27.311647] ? trace_preempt_on+0x20/0xc0 [ 27.311680] ? __pfx_kthread+0x10/0x10 [ 27.311702] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.311734] ? calculate_sigpending+0x7b/0xa0 [ 27.311771] ? __pfx_kthread+0x10/0x10 [ 27.311794] ret_from_fork+0x116/0x1d0 [ 27.311824] ? __pfx_kthread+0x10/0x10 [ 27.311846] ret_from_fork_asm+0x1a/0x30 [ 27.311877] </TASK> [ 27.311889] [ 27.322365] Allocated by task 314: [ 27.322695] kasan_save_stack+0x45/0x70 [ 27.322904] kasan_save_track+0x18/0x40 [ 27.323210] kasan_save_alloc_info+0x3b/0x50 [ 27.323421] __kasan_kmalloc+0xb7/0xc0 [ 27.323710] __kmalloc_cache_noprof+0x189/0x420 [ 27.323945] kasan_atomics+0x95/0x310 [ 27.324244] kunit_try_run_case+0x1a5/0x480 [ 27.324532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.324739] kthread+0x337/0x6f0 [ 27.325141] ret_from_fork+0x116/0x1d0 [ 27.325331] ret_from_fork_asm+0x1a/0x30 [ 27.325680] [ 27.325808] The buggy address belongs to the object at ffff888103eb9580 [ 27.325808] which belongs to the cache kmalloc-64 of size 64 [ 27.326469] The buggy address is located 0 bytes to the right of [ 27.326469] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.326971] [ 27.327263] The buggy address belongs to the physical page: [ 27.327563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.327938] flags: 0x200000000000000(node=0|zone=2) [ 27.328310] page_type: f5(slab) [ 27.328661] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.329029] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.329398] page dumped because: kasan: bad access detected [ 27.329646] [ 27.329891] Memory state around the buggy address: [ 27.330170] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.330482] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.330889] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.331293] ^ [ 27.331461] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.331947] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.332246] ================================================================== [ 27.437416] ================================================================== [ 27.437823] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 27.438214] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.438529] [ 27.438661] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.438717] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.438756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.438782] Call Trace: [ 27.438803] <TASK> [ 27.438837] dump_stack_lvl+0x73/0xb0 [ 27.438869] print_report+0xd1/0x610 [ 27.438903] ? __virt_addr_valid+0x1db/0x2d0 [ 27.438937] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.438959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.438996] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.439019] kasan_report+0x141/0x180 [ 27.439041] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.439068] __asan_report_load4_noabort+0x18/0x20 [ 27.439093] kasan_atomics_helper+0x4a1c/0x5450 [ 27.439116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.439139] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.439164] ? pick_task_fair+0xce/0x340 [ 27.439191] ? kasan_atomics+0x152/0x310 [ 27.439226] kasan_atomics+0x1dc/0x310 [ 27.439249] ? __pfx_kasan_atomics+0x10/0x10 [ 27.439285] ? __pfx_read_tsc+0x10/0x10 [ 27.439308] ? ktime_get_ts64+0x86/0x230 [ 27.439334] kunit_try_run_case+0x1a5/0x480 [ 27.439359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.439390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.439417] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.439452] ? __kthread_parkme+0x82/0x180 [ 27.439475] ? preempt_count_sub+0x50/0x80 [ 27.439500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.439523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.439550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.439578] kthread+0x337/0x6f0 [ 27.439599] ? trace_preempt_on+0x20/0xc0 [ 27.439623] ? __pfx_kthread+0x10/0x10 [ 27.439645] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.439675] ? calculate_sigpending+0x7b/0xa0 [ 27.439701] ? __pfx_kthread+0x10/0x10 [ 27.439741] ret_from_fork+0x116/0x1d0 [ 27.439762] ? __pfx_kthread+0x10/0x10 [ 27.439784] ret_from_fork_asm+0x1a/0x30 [ 27.439825] </TASK> [ 27.439838] [ 27.447242] Allocated by task 314: [ 27.447437] kasan_save_stack+0x45/0x70 [ 27.447591] kasan_save_track+0x18/0x40 [ 27.447745] kasan_save_alloc_info+0x3b/0x50 [ 27.447890] __kasan_kmalloc+0xb7/0xc0 [ 27.448104] __kmalloc_cache_noprof+0x189/0x420 [ 27.448324] kasan_atomics+0x95/0x310 [ 27.448504] kunit_try_run_case+0x1a5/0x480 [ 27.448713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.448979] kthread+0x337/0x6f0 [ 27.449144] ret_from_fork+0x116/0x1d0 [ 27.449290] ret_from_fork_asm+0x1a/0x30 [ 27.449424] [ 27.449490] The buggy address belongs to the object at ffff888103eb9580 [ 27.449490] which belongs to the cache kmalloc-64 of size 64 [ 27.450050] The buggy address is located 0 bytes to the right of [ 27.450050] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.450510] [ 27.450580] The buggy address belongs to the physical page: [ 27.450781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.451033] flags: 0x200000000000000(node=0|zone=2) [ 27.451262] page_type: f5(slab) [ 27.451450] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.451824] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.452127] page dumped because: kasan: bad access detected [ 27.452291] [ 27.452353] Memory state around the buggy address: [ 27.452502] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.452777] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.453093] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.453432] ^ [ 27.453691] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.454062] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.454373] ================================================================== [ 27.586199] ================================================================== [ 27.586484] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 27.586901] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.587244] [ 27.587377] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.587434] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.587451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.587477] Call Trace: [ 27.587499] <TASK> [ 27.587522] dump_stack_lvl+0x73/0xb0 [ 27.587556] print_report+0xd1/0x610 [ 27.587580] ? __virt_addr_valid+0x1db/0x2d0 [ 27.587606] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.587639] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.587682] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.587705] kasan_report+0x141/0x180 [ 27.587728] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.587755] __asan_report_load8_noabort+0x18/0x20 [ 27.587781] kasan_atomics_helper+0x4eae/0x5450 [ 27.587804] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.587827] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.587861] ? pick_task_fair+0xce/0x340 [ 27.587906] ? kasan_atomics+0x152/0x310 [ 27.587943] kasan_atomics+0x1dc/0x310 [ 27.587968] ? __pfx_kasan_atomics+0x10/0x10 [ 27.587992] ? __pfx_read_tsc+0x10/0x10 [ 27.588015] ? ktime_get_ts64+0x86/0x230 [ 27.588040] kunit_try_run_case+0x1a5/0x480 [ 27.588065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.588086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.588121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.588146] ? __kthread_parkme+0x82/0x180 [ 27.588179] ? preempt_count_sub+0x50/0x80 [ 27.588204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.588228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.588254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.588280] kthread+0x337/0x6f0 [ 27.588301] ? trace_preempt_on+0x20/0xc0 [ 27.588335] ? __pfx_kthread+0x10/0x10 [ 27.588357] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.588380] ? calculate_sigpending+0x7b/0xa0 [ 27.588416] ? __pfx_kthread+0x10/0x10 [ 27.588438] ret_from_fork+0x116/0x1d0 [ 27.588458] ? __pfx_kthread+0x10/0x10 [ 27.588480] ret_from_fork_asm+0x1a/0x30 [ 27.588512] </TASK> [ 27.588526] [ 27.597705] Allocated by task 314: [ 27.597896] kasan_save_stack+0x45/0x70 [ 27.598104] kasan_save_track+0x18/0x40 [ 27.598286] kasan_save_alloc_info+0x3b/0x50 [ 27.598476] __kasan_kmalloc+0xb7/0xc0 [ 27.598645] __kmalloc_cache_noprof+0x189/0x420 [ 27.598809] kasan_atomics+0x95/0x310 [ 27.598939] kunit_try_run_case+0x1a5/0x480 [ 27.599121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.599412] kthread+0x337/0x6f0 [ 27.599586] ret_from_fork+0x116/0x1d0 [ 27.599868] ret_from_fork_asm+0x1a/0x30 [ 27.600042] [ 27.600107] The buggy address belongs to the object at ffff888103eb9580 [ 27.600107] which belongs to the cache kmalloc-64 of size 64 [ 27.600450] The buggy address is located 0 bytes to the right of [ 27.600450] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.601054] [ 27.601156] The buggy address belongs to the physical page: [ 27.601557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.602050] flags: 0x200000000000000(node=0|zone=2) [ 27.602850] page_type: f5(slab) [ 27.603038] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.603549] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.603995] page dumped because: kasan: bad access detected [ 27.604340] [ 27.604439] Memory state around the buggy address: [ 27.604995] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.605364] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.605771] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.606344] ^ [ 27.606695] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.607222] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.607627] ================================================================== [ 28.028197] ================================================================== [ 28.028522] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 28.029144] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.029461] [ 28.029570] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.029626] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.029641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.029678] Call Trace: [ 28.029700] <TASK> [ 28.029722] dump_stack_lvl+0x73/0xb0 [ 28.029972] print_report+0xd1/0x610 [ 28.030000] ? __virt_addr_valid+0x1db/0x2d0 [ 28.030026] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.030054] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.030249] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.030284] kasan_report+0x141/0x180 [ 28.030309] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.030336] kasan_check_range+0x10c/0x1c0 [ 28.030360] __kasan_check_write+0x18/0x20 [ 28.030384] kasan_atomics_helper+0x1eaa/0x5450 [ 28.030407] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.030430] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.030454] ? pick_task_fair+0xce/0x340 [ 28.030481] ? kasan_atomics+0x152/0x310 [ 28.030508] kasan_atomics+0x1dc/0x310 [ 28.030531] ? __pfx_kasan_atomics+0x10/0x10 [ 28.030556] ? __pfx_read_tsc+0x10/0x10 [ 28.030578] ? ktime_get_ts64+0x86/0x230 [ 28.030604] kunit_try_run_case+0x1a5/0x480 [ 28.030628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.030649] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.030688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.030713] ? __kthread_parkme+0x82/0x180 [ 28.030735] ? preempt_count_sub+0x50/0x80 [ 28.030772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.030795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.030822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.030849] kthread+0x337/0x6f0 [ 28.030870] ? trace_preempt_on+0x20/0xc0 [ 28.030895] ? __pfx_kthread+0x10/0x10 [ 28.030917] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.030941] ? calculate_sigpending+0x7b/0xa0 [ 28.030966] ? __pfx_kthread+0x10/0x10 [ 28.030989] ret_from_fork+0x116/0x1d0 [ 28.031009] ? __pfx_kthread+0x10/0x10 [ 28.031031] ret_from_fork_asm+0x1a/0x30 [ 28.031063] </TASK> [ 28.031077] [ 28.042153] Allocated by task 314: [ 28.042445] kasan_save_stack+0x45/0x70 [ 28.042824] kasan_save_track+0x18/0x40 [ 28.043013] kasan_save_alloc_info+0x3b/0x50 [ 28.043206] __kasan_kmalloc+0xb7/0xc0 [ 28.043374] __kmalloc_cache_noprof+0x189/0x420 [ 28.043570] kasan_atomics+0x95/0x310 [ 28.043747] kunit_try_run_case+0x1a5/0x480 [ 28.043934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.044164] kthread+0x337/0x6f0 [ 28.044314] ret_from_fork+0x116/0x1d0 [ 28.044483] ret_from_fork_asm+0x1a/0x30 [ 28.044650] [ 28.045186] The buggy address belongs to the object at ffff888103eb9580 [ 28.045186] which belongs to the cache kmalloc-64 of size 64 [ 28.045966] The buggy address is located 0 bytes to the right of [ 28.045966] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.046931] [ 28.047036] The buggy address belongs to the physical page: [ 28.047440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.048108] flags: 0x200000000000000(node=0|zone=2) [ 28.048461] page_type: f5(slab) [ 28.048752] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.049235] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.049544] page dumped because: kasan: bad access detected [ 28.049958] [ 28.050222] Memory state around the buggy address: [ 28.050485] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.051198] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.051568] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.052017] ^ [ 28.052225] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.052507] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.053149] ================================================================== [ 28.072119] ================================================================== [ 28.072428] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 28.072824] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.073172] [ 28.073277] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.073332] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.073347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.073373] Call Trace: [ 28.073392] <TASK> [ 28.073414] dump_stack_lvl+0x73/0xb0 [ 28.073445] print_report+0xd1/0x610 [ 28.073469] ? __virt_addr_valid+0x1db/0x2d0 [ 28.073493] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.073515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.073541] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.073563] kasan_report+0x141/0x180 [ 28.073586] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.073613] __asan_report_load8_noabort+0x18/0x20 [ 28.073637] kasan_atomics_helper+0x4f71/0x5450 [ 28.073672] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.073695] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.073719] ? pick_task_fair+0xce/0x340 [ 28.073745] ? kasan_atomics+0x152/0x310 [ 28.073772] kasan_atomics+0x1dc/0x310 [ 28.073795] ? __pfx_kasan_atomics+0x10/0x10 [ 28.073819] ? __pfx_read_tsc+0x10/0x10 [ 28.073842] ? ktime_get_ts64+0x86/0x230 [ 28.073868] kunit_try_run_case+0x1a5/0x480 [ 28.073892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.073914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.073939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.073964] ? __kthread_parkme+0x82/0x180 [ 28.073987] ? preempt_count_sub+0x50/0x80 [ 28.074025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.074053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.074079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.074106] kthread+0x337/0x6f0 [ 28.074126] ? trace_preempt_on+0x20/0xc0 [ 28.074151] ? __pfx_kthread+0x10/0x10 [ 28.074173] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.074195] ? calculate_sigpending+0x7b/0xa0 [ 28.074221] ? __pfx_kthread+0x10/0x10 [ 28.074244] ret_from_fork+0x116/0x1d0 [ 28.074264] ? __pfx_kthread+0x10/0x10 [ 28.074286] ret_from_fork_asm+0x1a/0x30 [ 28.074318] </TASK> [ 28.074329] [ 28.081546] Allocated by task 314: [ 28.081702] kasan_save_stack+0x45/0x70 [ 28.081910] kasan_save_track+0x18/0x40 [ 28.082103] kasan_save_alloc_info+0x3b/0x50 [ 28.082311] __kasan_kmalloc+0xb7/0xc0 [ 28.082496] __kmalloc_cache_noprof+0x189/0x420 [ 28.082724] kasan_atomics+0x95/0x310 [ 28.082918] kunit_try_run_case+0x1a5/0x480 [ 28.083121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.083375] kthread+0x337/0x6f0 [ 28.083542] ret_from_fork+0x116/0x1d0 [ 28.083733] ret_from_fork_asm+0x1a/0x30 [ 28.083921] [ 28.084001] The buggy address belongs to the object at ffff888103eb9580 [ 28.084001] which belongs to the cache kmalloc-64 of size 64 [ 28.084385] The buggy address is located 0 bytes to the right of [ 28.084385] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.084770] [ 28.084877] The buggy address belongs to the physical page: [ 28.085120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.085465] flags: 0x200000000000000(node=0|zone=2) [ 28.085706] page_type: f5(slab) [ 28.085891] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.086205] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.086452] page dumped because: kasan: bad access detected [ 28.086617] [ 28.086705] Memory state around the buggy address: [ 28.087101] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.087418] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.087696] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.088014] ^ [ 28.088212] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.088494] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.088804] ================================================================== [ 27.333173] ================================================================== [ 27.333745] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 27.334192] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.334425] [ 27.334513] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.334567] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.334582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.334607] Call Trace: [ 27.334628] <TASK> [ 27.334648] dump_stack_lvl+0x73/0xb0 [ 27.334694] print_report+0xd1/0x610 [ 27.334718] ? __virt_addr_valid+0x1db/0x2d0 [ 27.334743] ? kasan_atomics_helper+0xe78/0x5450 [ 27.334765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.334791] ? kasan_atomics_helper+0xe78/0x5450 [ 27.334812] kasan_report+0x141/0x180 [ 27.334835] ? kasan_atomics_helper+0xe78/0x5450 [ 27.335059] kasan_check_range+0x10c/0x1c0 [ 27.335095] __kasan_check_write+0x18/0x20 [ 27.335120] kasan_atomics_helper+0xe78/0x5450 [ 27.335143] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.335278] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.335306] ? pick_task_fair+0xce/0x340 [ 27.335333] ? kasan_atomics+0x152/0x310 [ 27.335359] kasan_atomics+0x1dc/0x310 [ 27.335382] ? __pfx_kasan_atomics+0x10/0x10 [ 27.335407] ? __pfx_read_tsc+0x10/0x10 [ 27.335429] ? ktime_get_ts64+0x86/0x230 [ 27.335455] kunit_try_run_case+0x1a5/0x480 [ 27.335478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.335525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.335549] ? __kthread_parkme+0x82/0x180 [ 27.335571] ? preempt_count_sub+0x50/0x80 [ 27.335596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.335644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.335679] kthread+0x337/0x6f0 [ 27.335701] ? trace_preempt_on+0x20/0xc0 [ 27.335725] ? __pfx_kthread+0x10/0x10 [ 27.335755] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.335777] ? calculate_sigpending+0x7b/0xa0 [ 27.335803] ? __pfx_kthread+0x10/0x10 [ 27.335825] ret_from_fork+0x116/0x1d0 [ 27.335845] ? __pfx_kthread+0x10/0x10 [ 27.335866] ret_from_fork_asm+0x1a/0x30 [ 27.335898] </TASK> [ 27.335910] [ 27.346577] Allocated by task 314: [ 27.347045] kasan_save_stack+0x45/0x70 [ 27.347259] kasan_save_track+0x18/0x40 [ 27.347434] kasan_save_alloc_info+0x3b/0x50 [ 27.347624] __kasan_kmalloc+0xb7/0xc0 [ 27.347806] __kmalloc_cache_noprof+0x189/0x420 [ 27.348260] kasan_atomics+0x95/0x310 [ 27.348399] kunit_try_run_case+0x1a5/0x480 [ 27.348721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.349143] kthread+0x337/0x6f0 [ 27.349276] ret_from_fork+0x116/0x1d0 [ 27.349608] ret_from_fork_asm+0x1a/0x30 [ 27.349820] [ 27.350073] The buggy address belongs to the object at ffff888103eb9580 [ 27.350073] which belongs to the cache kmalloc-64 of size 64 [ 27.350613] The buggy address is located 0 bytes to the right of [ 27.350613] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.351439] [ 27.351535] The buggy address belongs to the physical page: [ 27.351769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.352333] flags: 0x200000000000000(node=0|zone=2) [ 27.352648] page_type: f5(slab) [ 27.352848] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.353261] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.353650] page dumped because: kasan: bad access detected [ 27.354050] [ 27.354132] Memory state around the buggy address: [ 27.354333] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.354642] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.355165] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.355467] ^ [ 27.355818] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.356218] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.356514] ================================================================== [ 27.814779] ================================================================== [ 27.815217] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 27.815600] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.816307] [ 27.816437] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.816724] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.816755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.816783] Call Trace: [ 27.816815] <TASK> [ 27.816837] dump_stack_lvl+0x73/0xb0 [ 27.816872] print_report+0xd1/0x610 [ 27.816896] ? __virt_addr_valid+0x1db/0x2d0 [ 27.816922] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.816946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.816973] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.816996] kasan_report+0x141/0x180 [ 27.817019] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.817046] kasan_check_range+0x10c/0x1c0 [ 27.817070] __kasan_check_write+0x18/0x20 [ 27.817093] kasan_atomics_helper+0x18b1/0x5450 [ 27.817116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.817139] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.817164] ? pick_task_fair+0xce/0x340 [ 27.817190] ? kasan_atomics+0x152/0x310 [ 27.817216] kasan_atomics+0x1dc/0x310 [ 27.817239] ? __pfx_kasan_atomics+0x10/0x10 [ 27.817264] ? __pfx_read_tsc+0x10/0x10 [ 27.817287] ? ktime_get_ts64+0x86/0x230 [ 27.817313] kunit_try_run_case+0x1a5/0x480 [ 27.817336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.817357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.817382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.817406] ? __kthread_parkme+0x82/0x180 [ 27.817429] ? preempt_count_sub+0x50/0x80 [ 27.817454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.817476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.817503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.817529] kthread+0x337/0x6f0 [ 27.817550] ? trace_preempt_on+0x20/0xc0 [ 27.817574] ? __pfx_kthread+0x10/0x10 [ 27.817597] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.817619] ? calculate_sigpending+0x7b/0xa0 [ 27.817644] ? __pfx_kthread+0x10/0x10 [ 27.817680] ret_from_fork+0x116/0x1d0 [ 27.817700] ? __pfx_kthread+0x10/0x10 [ 27.817722] ret_from_fork_asm+0x1a/0x30 [ 27.817762] </TASK> [ 27.817775] [ 27.829408] Allocated by task 314: [ 27.829626] kasan_save_stack+0x45/0x70 [ 27.830158] kasan_save_track+0x18/0x40 [ 27.830320] kasan_save_alloc_info+0x3b/0x50 [ 27.830739] __kasan_kmalloc+0xb7/0xc0 [ 27.831124] __kmalloc_cache_noprof+0x189/0x420 [ 27.831419] kasan_atomics+0x95/0x310 [ 27.831581] kunit_try_run_case+0x1a5/0x480 [ 27.832006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.832349] kthread+0x337/0x6f0 [ 27.832615] ret_from_fork+0x116/0x1d0 [ 27.832980] ret_from_fork_asm+0x1a/0x30 [ 27.833265] [ 27.833368] The buggy address belongs to the object at ffff888103eb9580 [ 27.833368] which belongs to the cache kmalloc-64 of size 64 [ 27.834136] The buggy address is located 0 bytes to the right of [ 27.834136] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.834812] [ 27.835077] The buggy address belongs to the physical page: [ 27.835413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.835875] flags: 0x200000000000000(node=0|zone=2) [ 27.836195] page_type: f5(slab) [ 27.836378] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.836910] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.837342] page dumped because: kasan: bad access detected [ 27.837589] [ 27.837675] Memory state around the buggy address: [ 27.837930] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.838190] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.838511] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.838829] ^ [ 27.839099] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.839402] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.839752] ================================================================== [ 28.241197] ================================================================== [ 28.241470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 28.241789] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.242945] [ 28.243155] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.243215] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.243230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.243348] Call Trace: [ 28.243369] <TASK> [ 28.243390] dump_stack_lvl+0x73/0xb0 [ 28.243428] print_report+0xd1/0x610 [ 28.243452] ? __virt_addr_valid+0x1db/0x2d0 [ 28.243477] ? kasan_atomics_helper+0x5115/0x5450 [ 28.243498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.243525] ? kasan_atomics_helper+0x5115/0x5450 [ 28.243548] kasan_report+0x141/0x180 [ 28.243570] ? kasan_atomics_helper+0x5115/0x5450 [ 28.243595] __asan_report_load8_noabort+0x18/0x20 [ 28.243620] kasan_atomics_helper+0x5115/0x5450 [ 28.243644] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.243681] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.243705] ? pick_task_fair+0xce/0x340 [ 28.243733] ? kasan_atomics+0x152/0x310 [ 28.243771] kasan_atomics+0x1dc/0x310 [ 28.243795] ? __pfx_kasan_atomics+0x10/0x10 [ 28.243819] ? __pfx_read_tsc+0x10/0x10 [ 28.243842] ? ktime_get_ts64+0x86/0x230 [ 28.243867] kunit_try_run_case+0x1a5/0x480 [ 28.243891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.243913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.243939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.243964] ? __kthread_parkme+0x82/0x180 [ 28.243987] ? preempt_count_sub+0x50/0x80 [ 28.244012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.244034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.244060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.244086] kthread+0x337/0x6f0 [ 28.244108] ? trace_preempt_on+0x20/0xc0 [ 28.244132] ? __pfx_kthread+0x10/0x10 [ 28.244154] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.244177] ? calculate_sigpending+0x7b/0xa0 [ 28.244202] ? __pfx_kthread+0x10/0x10 [ 28.244226] ret_from_fork+0x116/0x1d0 [ 28.244246] ? __pfx_kthread+0x10/0x10 [ 28.244267] ret_from_fork_asm+0x1a/0x30 [ 28.244300] </TASK> [ 28.244312] [ 28.254649] Allocated by task 314: [ 28.254827] kasan_save_stack+0x45/0x70 [ 28.255041] kasan_save_track+0x18/0x40 [ 28.255214] kasan_save_alloc_info+0x3b/0x50 [ 28.255399] __kasan_kmalloc+0xb7/0xc0 [ 28.255562] __kmalloc_cache_noprof+0x189/0x420 [ 28.256166] kasan_atomics+0x95/0x310 [ 28.256346] kunit_try_run_case+0x1a5/0x480 [ 28.256681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.256993] kthread+0x337/0x6f0 [ 28.257300] ret_from_fork+0x116/0x1d0 [ 28.257560] ret_from_fork_asm+0x1a/0x30 [ 28.257742] [ 28.258026] The buggy address belongs to the object at ffff888103eb9580 [ 28.258026] which belongs to the cache kmalloc-64 of size 64 [ 28.258570] The buggy address is located 0 bytes to the right of [ 28.258570] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.259390] [ 28.259497] The buggy address belongs to the physical page: [ 28.259940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.260374] flags: 0x200000000000000(node=0|zone=2) [ 28.260606] page_type: f5(slab) [ 28.260771] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.261328] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.261734] page dumped because: kasan: bad access detected [ 28.261992] [ 28.262232] Memory state around the buggy address: [ 28.262433] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.262950] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.263303] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.263620] ^ [ 28.264027] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.264404] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.264818] ================================================================== [ 27.636480] ================================================================== [ 27.637295] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 27.639018] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.640020] [ 27.640848] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.640918] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.640934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.640960] Call Trace: [ 27.640983] <TASK> [ 27.641005] dump_stack_lvl+0x73/0xb0 [ 27.641048] print_report+0xd1/0x610 [ 27.641073] ? __virt_addr_valid+0x1db/0x2d0 [ 27.641098] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.641119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.641146] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.641168] kasan_report+0x141/0x180 [ 27.641191] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.641217] __asan_report_store8_noabort+0x1b/0x30 [ 27.641241] kasan_atomics_helper+0x50d4/0x5450 [ 27.641265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.641287] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.641311] ? pick_task_fair+0xce/0x340 [ 27.641337] ? kasan_atomics+0x152/0x310 [ 27.641364] kasan_atomics+0x1dc/0x310 [ 27.641386] ? __pfx_kasan_atomics+0x10/0x10 [ 27.641410] ? __pfx_read_tsc+0x10/0x10 [ 27.641433] ? ktime_get_ts64+0x86/0x230 [ 27.641459] kunit_try_run_case+0x1a5/0x480 [ 27.641483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.641505] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.641531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.641556] ? __kthread_parkme+0x82/0x180 [ 27.641579] ? preempt_count_sub+0x50/0x80 [ 27.641604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.641626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.641666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.641692] kthread+0x337/0x6f0 [ 27.641714] ? trace_preempt_on+0x20/0xc0 [ 27.641755] ? __pfx_kthread+0x10/0x10 [ 27.641777] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.641800] ? calculate_sigpending+0x7b/0xa0 [ 27.641825] ? __pfx_kthread+0x10/0x10 [ 27.641848] ret_from_fork+0x116/0x1d0 [ 27.641868] ? __pfx_kthread+0x10/0x10 [ 27.641890] ret_from_fork_asm+0x1a/0x30 [ 27.641923] </TASK> [ 27.641936] [ 27.652280] Allocated by task 314: [ 27.652664] kasan_save_stack+0x45/0x70 [ 27.652886] kasan_save_track+0x18/0x40 [ 27.653069] kasan_save_alloc_info+0x3b/0x50 [ 27.653274] __kasan_kmalloc+0xb7/0xc0 [ 27.653459] __kmalloc_cache_noprof+0x189/0x420 [ 27.653648] kasan_atomics+0x95/0x310 [ 27.653877] kunit_try_run_case+0x1a5/0x480 [ 27.654489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.654806] kthread+0x337/0x6f0 [ 27.655005] ret_from_fork+0x116/0x1d0 [ 27.655307] ret_from_fork_asm+0x1a/0x30 [ 27.655600] [ 27.655696] The buggy address belongs to the object at ffff888103eb9580 [ 27.655696] which belongs to the cache kmalloc-64 of size 64 [ 27.656530] The buggy address is located 0 bytes to the right of [ 27.656530] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.657254] [ 27.657372] The buggy address belongs to the physical page: [ 27.657788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.658221] flags: 0x200000000000000(node=0|zone=2) [ 27.658512] page_type: f5(slab) [ 27.658720] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.659110] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.659520] page dumped because: kasan: bad access detected [ 27.659734] [ 27.659884] Memory state around the buggy address: [ 27.660099] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.660574] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.661006] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.661383] ^ [ 27.661568] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.661964] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.662301] ================================================================== [ 27.102539] ================================================================== [ 27.103290] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 27.103692] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.104350] [ 27.104552] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.104610] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.104626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.104663] Call Trace: [ 27.104695] <TASK> [ 27.104716] dump_stack_lvl+0x73/0xb0 [ 27.104750] print_report+0xd1/0x610 [ 27.104786] ? __virt_addr_valid+0x1db/0x2d0 [ 27.104821] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.104842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.104868] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.104899] kasan_report+0x141/0x180 [ 27.104922] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.104948] kasan_check_range+0x10c/0x1c0 [ 27.104982] __kasan_check_write+0x18/0x20 [ 27.105257] kasan_atomics_helper+0x8f9/0x5450 [ 27.105282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.105307] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.105332] ? pick_task_fair+0xce/0x340 [ 27.105360] ? kasan_atomics+0x152/0x310 [ 27.105387] kasan_atomics+0x1dc/0x310 [ 27.105410] ? __pfx_kasan_atomics+0x10/0x10 [ 27.105435] ? __pfx_read_tsc+0x10/0x10 [ 27.105457] ? ktime_get_ts64+0x86/0x230 [ 27.105483] kunit_try_run_case+0x1a5/0x480 [ 27.105507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.105529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.105554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.105579] ? __kthread_parkme+0x82/0x180 [ 27.105602] ? preempt_count_sub+0x50/0x80 [ 27.105627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.105650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.105693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.105720] kthread+0x337/0x6f0 [ 27.105741] ? trace_preempt_on+0x20/0xc0 [ 27.105766] ? __pfx_kthread+0x10/0x10 [ 27.105788] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.105811] ? calculate_sigpending+0x7b/0xa0 [ 27.105837] ? __pfx_kthread+0x10/0x10 [ 27.105860] ret_from_fork+0x116/0x1d0 [ 27.105881] ? __pfx_kthread+0x10/0x10 [ 27.105902] ret_from_fork_asm+0x1a/0x30 [ 27.105936] </TASK> [ 27.105948] [ 27.117031] Allocated by task 314: [ 27.118580] kasan_save_stack+0x45/0x70 [ 27.119287] kasan_save_track+0x18/0x40 [ 27.119905] kasan_save_alloc_info+0x3b/0x50 [ 27.120481] __kasan_kmalloc+0xb7/0xc0 [ 27.120628] __kmalloc_cache_noprof+0x189/0x420 [ 27.121535] kasan_atomics+0x95/0x310 [ 27.122411] kunit_try_run_case+0x1a5/0x480 [ 27.123033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.123404] kthread+0x337/0x6f0 [ 27.123691] ret_from_fork+0x116/0x1d0 [ 27.124151] ret_from_fork_asm+0x1a/0x30 [ 27.124595] [ 27.124713] The buggy address belongs to the object at ffff888103eb9580 [ 27.124713] which belongs to the cache kmalloc-64 of size 64 [ 27.125098] The buggy address is located 0 bytes to the right of [ 27.125098] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.125469] [ 27.125538] The buggy address belongs to the physical page: [ 27.125818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.126982] flags: 0x200000000000000(node=0|zone=2) [ 27.127424] page_type: f5(slab) [ 27.127731] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.128438] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.129306] page dumped because: kasan: bad access detected [ 27.129862] [ 27.130023] Memory state around the buggy address: [ 27.130500] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.131220] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.131866] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.132495] ^ [ 27.132946] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.133607] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.134152] ================================================================== [ 26.835906] ================================================================== [ 26.836229] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 26.836910] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.837382] [ 26.837640] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.837713] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.837729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.837757] Call Trace: [ 26.837778] <TASK> [ 26.837801] dump_stack_lvl+0x73/0xb0 [ 26.837834] print_report+0xd1/0x610 [ 26.837858] ? __virt_addr_valid+0x1db/0x2d0 [ 26.837885] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.837907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.837933] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.838080] kasan_report+0x141/0x180 [ 26.838104] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.838131] __asan_report_store4_noabort+0x1b/0x30 [ 26.838157] kasan_atomics_helper+0x4b6e/0x5450 [ 26.838180] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.838203] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.838227] ? pick_task_fair+0xce/0x340 [ 26.838254] ? kasan_atomics+0x152/0x310 [ 26.838281] kasan_atomics+0x1dc/0x310 [ 26.838305] ? __pfx_kasan_atomics+0x10/0x10 [ 26.838329] ? __pfx_read_tsc+0x10/0x10 [ 26.838352] ? ktime_get_ts64+0x86/0x230 [ 26.838378] kunit_try_run_case+0x1a5/0x480 [ 26.838402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.838424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.838451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.838476] ? __kthread_parkme+0x82/0x180 [ 26.838499] ? preempt_count_sub+0x50/0x80 [ 26.838524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.838547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.838574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.838602] kthread+0x337/0x6f0 [ 26.838624] ? trace_preempt_on+0x20/0xc0 [ 26.838648] ? __pfx_kthread+0x10/0x10 [ 26.838681] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.838704] ? calculate_sigpending+0x7b/0xa0 [ 26.838729] ? __pfx_kthread+0x10/0x10 [ 26.838761] ret_from_fork+0x116/0x1d0 [ 26.838782] ? __pfx_kthread+0x10/0x10 [ 26.838804] ret_from_fork_asm+0x1a/0x30 [ 26.838837] </TASK> [ 26.838849] [ 26.849946] Allocated by task 314: [ 26.850181] kasan_save_stack+0x45/0x70 [ 26.850379] kasan_save_track+0x18/0x40 [ 26.850567] kasan_save_alloc_info+0x3b/0x50 [ 26.851478] __kasan_kmalloc+0xb7/0xc0 [ 26.851642] __kmalloc_cache_noprof+0x189/0x420 [ 26.852366] kasan_atomics+0x95/0x310 [ 26.852720] kunit_try_run_case+0x1a5/0x480 [ 26.853718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.854217] kthread+0x337/0x6f0 [ 26.854356] ret_from_fork+0x116/0x1d0 [ 26.854488] ret_from_fork_asm+0x1a/0x30 [ 26.854625] [ 26.855228] The buggy address belongs to the object at ffff888103eb9580 [ 26.855228] which belongs to the cache kmalloc-64 of size 64 [ 26.857080] The buggy address is located 0 bytes to the right of [ 26.857080] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.858093] [ 26.858215] The buggy address belongs to the physical page: [ 26.858451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.859410] flags: 0x200000000000000(node=0|zone=2) [ 26.859609] page_type: f5(slab) [ 26.860040] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.860475] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.860874] page dumped because: kasan: bad access detected [ 26.861133] [ 26.861428] Memory state around the buggy address: [ 26.861648] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.862237] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.862514] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.863104] ^ [ 26.863323] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.863606] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.863941] ================================================================== [ 26.810678] ================================================================== [ 26.811276] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 26.811613] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.812089] [ 26.812190] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.812247] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.812262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.812289] Call Trace: [ 26.812310] <TASK> [ 26.812332] dump_stack_lvl+0x73/0xb0 [ 26.812547] print_report+0xd1/0x610 [ 26.812577] ? __virt_addr_valid+0x1db/0x2d0 [ 26.812603] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.812625] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.812652] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.812686] kasan_report+0x141/0x180 [ 26.812708] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.812735] __asan_report_load4_noabort+0x18/0x20 [ 26.812772] kasan_atomics_helper+0x4b88/0x5450 [ 26.812794] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.812817] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.812842] ? pick_task_fair+0xce/0x340 [ 26.812868] ? kasan_atomics+0x152/0x310 [ 26.812895] kasan_atomics+0x1dc/0x310 [ 26.812918] ? __pfx_kasan_atomics+0x10/0x10 [ 26.812943] ? __pfx_read_tsc+0x10/0x10 [ 26.812974] ? ktime_get_ts64+0x86/0x230 [ 26.813000] kunit_try_run_case+0x1a5/0x480 [ 26.813024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.813046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.813073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.813098] ? __kthread_parkme+0x82/0x180 [ 26.813120] ? preempt_count_sub+0x50/0x80 [ 26.813145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.813169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.813195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.813221] kthread+0x337/0x6f0 [ 26.813242] ? trace_preempt_on+0x20/0xc0 [ 26.813267] ? __pfx_kthread+0x10/0x10 [ 26.813289] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.813312] ? calculate_sigpending+0x7b/0xa0 [ 26.813338] ? __pfx_kthread+0x10/0x10 [ 26.813360] ret_from_fork+0x116/0x1d0 [ 26.813380] ? __pfx_kthread+0x10/0x10 [ 26.813402] ret_from_fork_asm+0x1a/0x30 [ 26.813434] </TASK> [ 26.813446] [ 26.824206] Allocated by task 314: [ 26.824386] kasan_save_stack+0x45/0x70 [ 26.824599] kasan_save_track+0x18/0x40 [ 26.825120] kasan_save_alloc_info+0x3b/0x50 [ 26.825390] __kasan_kmalloc+0xb7/0xc0 [ 26.825571] __kmalloc_cache_noprof+0x189/0x420 [ 26.825928] kasan_atomics+0x95/0x310 [ 26.826309] kunit_try_run_case+0x1a5/0x480 [ 26.826521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.826792] kthread+0x337/0x6f0 [ 26.826946] ret_from_fork+0x116/0x1d0 [ 26.827517] ret_from_fork_asm+0x1a/0x30 [ 26.827692] [ 26.827879] The buggy address belongs to the object at ffff888103eb9580 [ 26.827879] which belongs to the cache kmalloc-64 of size 64 [ 26.828630] The buggy address is located 0 bytes to the right of [ 26.828630] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.829468] [ 26.829579] The buggy address belongs to the physical page: [ 26.830091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.830403] flags: 0x200000000000000(node=0|zone=2) [ 26.830748] page_type: f5(slab) [ 26.830908] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.831716] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.831983] page dumped because: kasan: bad access detected [ 26.832318] [ 26.832394] Memory state around the buggy address: [ 26.832616] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.832963] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.833262] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.833550] ^ [ 26.834317] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.834578] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835175] ================================================================== [ 27.946273] ================================================================== [ 27.946586] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 27.946972] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.947236] [ 27.947323] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.947377] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.947392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.947418] Call Trace: [ 27.947439] <TASK> [ 27.947461] dump_stack_lvl+0x73/0xb0 [ 27.947492] print_report+0xd1/0x610 [ 27.947516] ? __virt_addr_valid+0x1db/0x2d0 [ 27.947541] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.947563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.947589] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.947611] kasan_report+0x141/0x180 [ 27.947634] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.947670] __asan_report_load8_noabort+0x18/0x20 [ 27.947695] kasan_atomics_helper+0x4f30/0x5450 [ 27.947717] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.947762] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.947786] ? pick_task_fair+0xce/0x340 [ 27.947812] ? kasan_atomics+0x152/0x310 [ 27.947839] kasan_atomics+0x1dc/0x310 [ 27.947862] ? __pfx_kasan_atomics+0x10/0x10 [ 27.947887] ? __pfx_read_tsc+0x10/0x10 [ 27.947909] ? ktime_get_ts64+0x86/0x230 [ 27.947935] kunit_try_run_case+0x1a5/0x480 [ 27.947960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.947982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.948008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.948032] ? __kthread_parkme+0x82/0x180 [ 27.948055] ? preempt_count_sub+0x50/0x80 [ 27.948079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.948102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.948129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.948155] kthread+0x337/0x6f0 [ 27.948176] ? trace_preempt_on+0x20/0xc0 [ 27.948201] ? __pfx_kthread+0x10/0x10 [ 27.948223] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.948246] ? calculate_sigpending+0x7b/0xa0 [ 27.948270] ? __pfx_kthread+0x10/0x10 [ 27.948293] ret_from_fork+0x116/0x1d0 [ 27.948312] ? __pfx_kthread+0x10/0x10 [ 27.948333] ret_from_fork_asm+0x1a/0x30 [ 27.948366] </TASK> [ 27.948378] [ 27.955349] Allocated by task 314: [ 27.955540] kasan_save_stack+0x45/0x70 [ 27.955785] kasan_save_track+0x18/0x40 [ 27.955947] kasan_save_alloc_info+0x3b/0x50 [ 27.956154] __kasan_kmalloc+0xb7/0xc0 [ 27.956322] __kmalloc_cache_noprof+0x189/0x420 [ 27.956517] kasan_atomics+0x95/0x310 [ 27.956683] kunit_try_run_case+0x1a5/0x480 [ 27.956882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.957123] kthread+0x337/0x6f0 [ 27.957261] ret_from_fork+0x116/0x1d0 [ 27.957439] ret_from_fork_asm+0x1a/0x30 [ 27.957599] [ 27.957701] The buggy address belongs to the object at ffff888103eb9580 [ 27.957701] which belongs to the cache kmalloc-64 of size 64 [ 27.958188] The buggy address is located 0 bytes to the right of [ 27.958188] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.958552] [ 27.958619] The buggy address belongs to the physical page: [ 27.958818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.959055] flags: 0x200000000000000(node=0|zone=2) [ 27.959215] page_type: f5(slab) [ 27.959334] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.959559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.959897] page dumped because: kasan: bad access detected [ 27.960142] [ 27.960229] Memory state around the buggy address: [ 27.960445] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.960788] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.961104] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.961409] ^ [ 27.961630] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.961973] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.962230] ================================================================== [ 27.400744] ================================================================== [ 27.401157] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 27.401574] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.401893] [ 27.402017] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.402079] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.402094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.402131] Call Trace: [ 27.402153] <TASK> [ 27.402176] dump_stack_lvl+0x73/0xb0 [ 27.402222] print_report+0xd1/0x610 [ 27.402246] ? __virt_addr_valid+0x1db/0x2d0 [ 27.402271] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.402292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.402319] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.402342] kasan_report+0x141/0x180 [ 27.402365] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.402392] __asan_report_load4_noabort+0x18/0x20 [ 27.402417] kasan_atomics_helper+0x4a36/0x5450 [ 27.402440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.402463] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.402488] ? pick_task_fair+0xce/0x340 [ 27.402514] ? kasan_atomics+0x152/0x310 [ 27.402550] kasan_atomics+0x1dc/0x310 [ 27.402573] ? __pfx_kasan_atomics+0x10/0x10 [ 27.402598] ? __pfx_read_tsc+0x10/0x10 [ 27.402631] ? ktime_get_ts64+0x86/0x230 [ 27.402666] kunit_try_run_case+0x1a5/0x480 [ 27.402691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.402711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.402757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.402782] ? __kthread_parkme+0x82/0x180 [ 27.402805] ? preempt_count_sub+0x50/0x80 [ 27.402830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.402853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.402879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.402906] kthread+0x337/0x6f0 [ 27.402927] ? trace_preempt_on+0x20/0xc0 [ 27.402951] ? __pfx_kthread+0x10/0x10 [ 27.402973] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.402995] ? calculate_sigpending+0x7b/0xa0 [ 27.403021] ? __pfx_kthread+0x10/0x10 [ 27.403043] ret_from_fork+0x116/0x1d0 [ 27.403064] ? __pfx_kthread+0x10/0x10 [ 27.403088] ret_from_fork_asm+0x1a/0x30 [ 27.403120] </TASK> [ 27.403132] [ 27.410452] Allocated by task 314: [ 27.410613] kasan_save_stack+0x45/0x70 [ 27.410884] kasan_save_track+0x18/0x40 [ 27.411077] kasan_save_alloc_info+0x3b/0x50 [ 27.411327] __kasan_kmalloc+0xb7/0xc0 [ 27.411548] __kmalloc_cache_noprof+0x189/0x420 [ 27.411814] kasan_atomics+0x95/0x310 [ 27.412012] kunit_try_run_case+0x1a5/0x480 [ 27.412238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.412489] kthread+0x337/0x6f0 [ 27.412672] ret_from_fork+0x116/0x1d0 [ 27.412826] ret_from_fork_asm+0x1a/0x30 [ 27.412982] [ 27.413073] The buggy address belongs to the object at ffff888103eb9580 [ 27.413073] which belongs to the cache kmalloc-64 of size 64 [ 27.413619] The buggy address is located 0 bytes to the right of [ 27.413619] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.414150] [ 27.414223] The buggy address belongs to the physical page: [ 27.414487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.414847] flags: 0x200000000000000(node=0|zone=2) [ 27.415080] page_type: f5(slab) [ 27.415268] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.415592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.415919] page dumped because: kasan: bad access detected [ 27.416168] [ 27.416232] Memory state around the buggy address: [ 27.416384] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.416689] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.417060] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.417299] ^ [ 27.417544] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.417880] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.418153] ================================================================== [ 27.053636] ================================================================== [ 27.054253] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 27.054605] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.054983] [ 27.055187] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.055258] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.055272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.055298] Call Trace: [ 27.055319] <TASK> [ 27.055352] dump_stack_lvl+0x73/0xb0 [ 27.055385] print_report+0xd1/0x610 [ 27.055409] ? __virt_addr_valid+0x1db/0x2d0 [ 27.055444] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.055465] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.055495] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.055529] kasan_report+0x141/0x180 [ 27.055552] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.055579] kasan_check_range+0x10c/0x1c0 [ 27.055603] __kasan_check_write+0x18/0x20 [ 27.055628] kasan_atomics_helper+0x7c7/0x5450 [ 27.055651] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.055685] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.055709] ? pick_task_fair+0xce/0x340 [ 27.055739] ? kasan_atomics+0x152/0x310 [ 27.055767] kasan_atomics+0x1dc/0x310 [ 27.055792] ? __pfx_kasan_atomics+0x10/0x10 [ 27.055817] ? __pfx_read_tsc+0x10/0x10 [ 27.055840] ? ktime_get_ts64+0x86/0x230 [ 27.055868] kunit_try_run_case+0x1a5/0x480 [ 27.055894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.055915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.055942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.055967] ? __kthread_parkme+0x82/0x180 [ 27.055990] ? preempt_count_sub+0x50/0x80 [ 27.056016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.056049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.056076] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.056103] kthread+0x337/0x6f0 [ 27.056135] ? trace_preempt_on+0x20/0xc0 [ 27.056160] ? __pfx_kthread+0x10/0x10 [ 27.056182] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.056205] ? calculate_sigpending+0x7b/0xa0 [ 27.056230] ? __pfx_kthread+0x10/0x10 [ 27.056253] ret_from_fork+0x116/0x1d0 [ 27.056273] ? __pfx_kthread+0x10/0x10 [ 27.056295] ret_from_fork_asm+0x1a/0x30 [ 27.056327] </TASK> [ 27.056524] [ 27.064897] Allocated by task 314: [ 27.065115] kasan_save_stack+0x45/0x70 [ 27.065332] kasan_save_track+0x18/0x40 [ 27.065520] kasan_save_alloc_info+0x3b/0x50 [ 27.066096] __kasan_kmalloc+0xb7/0xc0 [ 27.066319] __kmalloc_cache_noprof+0x189/0x420 [ 27.066481] kasan_atomics+0x95/0x310 [ 27.066693] kunit_try_run_case+0x1a5/0x480 [ 27.066897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.067115] kthread+0x337/0x6f0 [ 27.067336] ret_from_fork+0x116/0x1d0 [ 27.067570] ret_from_fork_asm+0x1a/0x30 [ 27.067719] [ 27.067906] The buggy address belongs to the object at ffff888103eb9580 [ 27.067906] which belongs to the cache kmalloc-64 of size 64 [ 27.068413] The buggy address is located 0 bytes to the right of [ 27.068413] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.068882] [ 27.068979] The buggy address belongs to the physical page: [ 27.069257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.070044] flags: 0x200000000000000(node=0|zone=2) [ 27.070347] page_type: f5(slab) [ 27.070523] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.070771] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.071305] page dumped because: kasan: bad access detected [ 27.071635] [ 27.071736] Memory state around the buggy address: [ 27.071936] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.072162] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.072544] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.072928] ^ [ 27.073337] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.073688] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.074201] ================================================================== [ 26.865756] ================================================================== [ 26.866261] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 26.866510] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.866992] [ 26.867265] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.867322] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.867337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.867363] Call Trace: [ 26.867384] <TASK> [ 26.867408] dump_stack_lvl+0x73/0xb0 [ 26.867443] print_report+0xd1/0x610 [ 26.867467] ? __virt_addr_valid+0x1db/0x2d0 [ 26.867505] ? kasan_atomics_helper+0x3df/0x5450 [ 26.867528] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.867554] ? kasan_atomics_helper+0x3df/0x5450 [ 26.867588] kasan_report+0x141/0x180 [ 26.867610] ? kasan_atomics_helper+0x3df/0x5450 [ 26.867637] kasan_check_range+0x10c/0x1c0 [ 26.867671] __kasan_check_read+0x15/0x20 [ 26.867695] kasan_atomics_helper+0x3df/0x5450 [ 26.867717] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.867759] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.867783] ? pick_task_fair+0xce/0x340 [ 26.867809] ? kasan_atomics+0x152/0x310 [ 26.867836] kasan_atomics+0x1dc/0x310 [ 26.867860] ? __pfx_kasan_atomics+0x10/0x10 [ 26.867885] ? __pfx_read_tsc+0x10/0x10 [ 26.867908] ? ktime_get_ts64+0x86/0x230 [ 26.867959] kunit_try_run_case+0x1a5/0x480 [ 26.867985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.868008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.868035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.868061] ? __kthread_parkme+0x82/0x180 [ 26.868084] ? preempt_count_sub+0x50/0x80 [ 26.868110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.868133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.868160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.868186] kthread+0x337/0x6f0 [ 26.868207] ? trace_preempt_on+0x20/0xc0 [ 26.868232] ? __pfx_kthread+0x10/0x10 [ 26.868254] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.868277] ? calculate_sigpending+0x7b/0xa0 [ 26.868302] ? __pfx_kthread+0x10/0x10 [ 26.868326] ret_from_fork+0x116/0x1d0 [ 26.868347] ? __pfx_kthread+0x10/0x10 [ 26.868369] ret_from_fork_asm+0x1a/0x30 [ 26.868401] </TASK> [ 26.868414] [ 26.877992] Allocated by task 314: [ 26.878221] kasan_save_stack+0x45/0x70 [ 26.878440] kasan_save_track+0x18/0x40 [ 26.878626] kasan_save_alloc_info+0x3b/0x50 [ 26.878867] __kasan_kmalloc+0xb7/0xc0 [ 26.879125] __kmalloc_cache_noprof+0x189/0x420 [ 26.879299] kasan_atomics+0x95/0x310 [ 26.879477] kunit_try_run_case+0x1a5/0x480 [ 26.879689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.879913] kthread+0x337/0x6f0 [ 26.880051] ret_from_fork+0x116/0x1d0 [ 26.880227] ret_from_fork_asm+0x1a/0x30 [ 26.880400] [ 26.880477] The buggy address belongs to the object at ffff888103eb9580 [ 26.880477] which belongs to the cache kmalloc-64 of size 64 [ 26.880970] The buggy address is located 0 bytes to the right of [ 26.880970] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.881777] [ 26.881881] The buggy address belongs to the physical page: [ 26.882175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.882521] flags: 0x200000000000000(node=0|zone=2) [ 26.882798] page_type: f5(slab) [ 26.882923] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.883307] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.883594] page dumped because: kasan: bad access detected [ 26.883861] [ 26.884021] Memory state around the buggy address: [ 26.884228] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.884513] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.884733] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.885192] ^ [ 26.885427] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.885759] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.886172] ================================================================== [ 27.266172] ================================================================== [ 27.267090] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 27.267416] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.267743] [ 27.267868] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.267933] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.267959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.267986] Call Trace: [ 27.268006] <TASK> [ 27.268027] dump_stack_lvl+0x73/0xb0 [ 27.268061] print_report+0xd1/0x610 [ 27.268085] ? __virt_addr_valid+0x1db/0x2d0 [ 27.268131] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.268232] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.268268] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.268290] kasan_report+0x141/0x180 [ 27.268315] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.268352] __asan_report_load4_noabort+0x18/0x20 [ 27.268386] kasan_atomics_helper+0x4a84/0x5450 [ 27.268409] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.268432] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.268466] ? pick_task_fair+0xce/0x340 [ 27.268493] ? kasan_atomics+0x152/0x310 [ 27.268520] kasan_atomics+0x1dc/0x310 [ 27.268543] ? __pfx_kasan_atomics+0x10/0x10 [ 27.268567] ? __pfx_read_tsc+0x10/0x10 [ 27.268590] ? ktime_get_ts64+0x86/0x230 [ 27.268616] kunit_try_run_case+0x1a5/0x480 [ 27.268640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.268671] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.268698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.268722] ? __kthread_parkme+0x82/0x180 [ 27.268745] ? preempt_count_sub+0x50/0x80 [ 27.268780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.268803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.268830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.268856] kthread+0x337/0x6f0 [ 27.268879] ? trace_preempt_on+0x20/0xc0 [ 27.268905] ? __pfx_kthread+0x10/0x10 [ 27.268927] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.268962] ? calculate_sigpending+0x7b/0xa0 [ 27.268987] ? __pfx_kthread+0x10/0x10 [ 27.269010] ret_from_fork+0x116/0x1d0 [ 27.269030] ? __pfx_kthread+0x10/0x10 [ 27.269052] ret_from_fork_asm+0x1a/0x30 [ 27.269084] </TASK> [ 27.269098] [ 27.278364] Allocated by task 314: [ 27.278602] kasan_save_stack+0x45/0x70 [ 27.278853] kasan_save_track+0x18/0x40 [ 27.278983] kasan_save_alloc_info+0x3b/0x50 [ 27.279126] __kasan_kmalloc+0xb7/0xc0 [ 27.279280] __kmalloc_cache_noprof+0x189/0x420 [ 27.279496] kasan_atomics+0x95/0x310 [ 27.279769] kunit_try_run_case+0x1a5/0x480 [ 27.279990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.280165] kthread+0x337/0x6f0 [ 27.280283] ret_from_fork+0x116/0x1d0 [ 27.280468] ret_from_fork_asm+0x1a/0x30 [ 27.280671] [ 27.281197] The buggy address belongs to the object at ffff888103eb9580 [ 27.281197] which belongs to the cache kmalloc-64 of size 64 [ 27.281760] The buggy address is located 0 bytes to the right of [ 27.281760] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.282382] [ 27.282493] The buggy address belongs to the physical page: [ 27.282722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.283133] flags: 0x200000000000000(node=0|zone=2) [ 27.283367] page_type: f5(slab) [ 27.283557] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.283905] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.284512] page dumped because: kasan: bad access detected [ 27.284867] [ 27.284945] Memory state around the buggy address: [ 27.285214] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.285540] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.285868] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.286210] ^ [ 27.286359] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.286676] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.286993] ================================================================== [ 27.287499] ================================================================== [ 27.287936] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 27.288630] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.289005] [ 27.289193] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.289252] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.289278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.289304] Call Trace: [ 27.289325] <TASK> [ 27.289358] dump_stack_lvl+0x73/0xb0 [ 27.289394] print_report+0xd1/0x610 [ 27.289419] ? __virt_addr_valid+0x1db/0x2d0 [ 27.289444] ? kasan_atomics_helper+0xd47/0x5450 [ 27.289466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.289492] ? kasan_atomics_helper+0xd47/0x5450 [ 27.289513] kasan_report+0x141/0x180 [ 27.289537] ? kasan_atomics_helper+0xd47/0x5450 [ 27.289563] kasan_check_range+0x10c/0x1c0 [ 27.289587] __kasan_check_write+0x18/0x20 [ 27.289619] kasan_atomics_helper+0xd47/0x5450 [ 27.289642] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.289680] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.289705] ? pick_task_fair+0xce/0x340 [ 27.289732] ? kasan_atomics+0x152/0x310 [ 27.289759] kasan_atomics+0x1dc/0x310 [ 27.289782] ? __pfx_kasan_atomics+0x10/0x10 [ 27.289806] ? __pfx_read_tsc+0x10/0x10 [ 27.289828] ? ktime_get_ts64+0x86/0x230 [ 27.289854] kunit_try_run_case+0x1a5/0x480 [ 27.289890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.289911] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.289937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.290015] ? __kthread_parkme+0x82/0x180 [ 27.290045] ? preempt_count_sub+0x50/0x80 [ 27.290070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.290094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.290132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.290158] kthread+0x337/0x6f0 [ 27.290191] ? trace_preempt_on+0x20/0xc0 [ 27.290225] ? __pfx_kthread+0x10/0x10 [ 27.290247] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.290281] ? calculate_sigpending+0x7b/0xa0 [ 27.290307] ? __pfx_kthread+0x10/0x10 [ 27.290330] ret_from_fork+0x116/0x1d0 [ 27.290350] ? __pfx_kthread+0x10/0x10 [ 27.290372] ret_from_fork_asm+0x1a/0x30 [ 27.290403] </TASK> [ 27.290416] [ 27.299140] Allocated by task 314: [ 27.299346] kasan_save_stack+0x45/0x70 [ 27.299558] kasan_save_track+0x18/0x40 [ 27.299850] kasan_save_alloc_info+0x3b/0x50 [ 27.300280] __kasan_kmalloc+0xb7/0xc0 [ 27.300509] __kmalloc_cache_noprof+0x189/0x420 [ 27.300715] kasan_atomics+0x95/0x310 [ 27.300888] kunit_try_run_case+0x1a5/0x480 [ 27.301291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.301524] kthread+0x337/0x6f0 [ 27.301726] ret_from_fork+0x116/0x1d0 [ 27.301879] ret_from_fork_asm+0x1a/0x30 [ 27.302177] [ 27.302247] The buggy address belongs to the object at ffff888103eb9580 [ 27.302247] which belongs to the cache kmalloc-64 of size 64 [ 27.302583] The buggy address is located 0 bytes to the right of [ 27.302583] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.303276] [ 27.303369] The buggy address belongs to the physical page: [ 27.303828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.304389] flags: 0x200000000000000(node=0|zone=2) [ 27.304559] page_type: f5(slab) [ 27.304745] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.305351] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.305573] page dumped because: kasan: bad access detected [ 27.305797] [ 27.305886] Memory state around the buggy address: [ 27.306141] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.306552] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.306991] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.307241] ^ [ 27.307389] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.307707] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.308428] ================================================================== [ 27.473113] ================================================================== [ 27.473662] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 27.474013] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.474335] [ 27.474454] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.474521] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.474536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.474562] Call Trace: [ 27.474582] <TASK> [ 27.474603] dump_stack_lvl+0x73/0xb0 [ 27.474635] print_report+0xd1/0x610 [ 27.474668] ? __virt_addr_valid+0x1db/0x2d0 [ 27.474693] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.474715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.474763] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.474785] kasan_report+0x141/0x180 [ 27.474808] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.474844] __asan_report_load4_noabort+0x18/0x20 [ 27.474870] kasan_atomics_helper+0x4a02/0x5450 [ 27.474894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.474928] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.474953] ? pick_task_fair+0xce/0x340 [ 27.474980] ? kasan_atomics+0x152/0x310 [ 27.475016] kasan_atomics+0x1dc/0x310 [ 27.475040] ? __pfx_kasan_atomics+0x10/0x10 [ 27.475065] ? __pfx_read_tsc+0x10/0x10 [ 27.475098] ? ktime_get_ts64+0x86/0x230 [ 27.475124] kunit_try_run_case+0x1a5/0x480 [ 27.475150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.475184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.475212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.475237] ? __kthread_parkme+0x82/0x180 [ 27.475271] ? preempt_count_sub+0x50/0x80 [ 27.475298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.475330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.475356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.475383] kthread+0x337/0x6f0 [ 27.475415] ? trace_preempt_on+0x20/0xc0 [ 27.475440] ? __pfx_kthread+0x10/0x10 [ 27.475462] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.475494] ? calculate_sigpending+0x7b/0xa0 [ 27.475520] ? __pfx_kthread+0x10/0x10 [ 27.475542] ret_from_fork+0x116/0x1d0 [ 27.475574] ? __pfx_kthread+0x10/0x10 [ 27.475596] ret_from_fork_asm+0x1a/0x30 [ 27.475628] </TASK> [ 27.475640] [ 27.484864] Allocated by task 314: [ 27.485068] kasan_save_stack+0x45/0x70 [ 27.485290] kasan_save_track+0x18/0x40 [ 27.485464] kasan_save_alloc_info+0x3b/0x50 [ 27.485636] __kasan_kmalloc+0xb7/0xc0 [ 27.485858] __kmalloc_cache_noprof+0x189/0x420 [ 27.486030] kasan_atomics+0x95/0x310 [ 27.486213] kunit_try_run_case+0x1a5/0x480 [ 27.486419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.486601] kthread+0x337/0x6f0 [ 27.486746] ret_from_fork+0x116/0x1d0 [ 27.486877] ret_from_fork_asm+0x1a/0x30 [ 27.487011] [ 27.487076] The buggy address belongs to the object at ffff888103eb9580 [ 27.487076] which belongs to the cache kmalloc-64 of size 64 [ 27.487595] The buggy address is located 0 bytes to the right of [ 27.487595] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.488169] [ 27.488269] The buggy address belongs to the physical page: [ 27.488457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.488703] flags: 0x200000000000000(node=0|zone=2) [ 27.488884] page_type: f5(slab) [ 27.489056] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.489406] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.489767] page dumped because: kasan: bad access detected [ 27.490015] [ 27.490113] Memory state around the buggy address: [ 27.490306] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.490571] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.490879] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.491169] ^ [ 27.491355] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.491564] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.491908] ================================================================== [ 27.234463] ================================================================== [ 27.234773] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 27.235068] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.236228] [ 27.236577] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.236650] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.236674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.236700] Call Trace: [ 27.236722] <TASK> [ 27.236744] dump_stack_lvl+0x73/0xb0 [ 27.236779] print_report+0xd1/0x610 [ 27.236804] ? __virt_addr_valid+0x1db/0x2d0 [ 27.236829] ? kasan_atomics_helper+0xc70/0x5450 [ 27.236851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.236877] ? kasan_atomics_helper+0xc70/0x5450 [ 27.236899] kasan_report+0x141/0x180 [ 27.236922] ? kasan_atomics_helper+0xc70/0x5450 [ 27.236958] kasan_check_range+0x10c/0x1c0 [ 27.236982] __kasan_check_write+0x18/0x20 [ 27.237006] kasan_atomics_helper+0xc70/0x5450 [ 27.237029] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.237052] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.237077] ? pick_task_fair+0xce/0x340 [ 27.237103] ? kasan_atomics+0x152/0x310 [ 27.237130] kasan_atomics+0x1dc/0x310 [ 27.237153] ? __pfx_kasan_atomics+0x10/0x10 [ 27.237178] ? __pfx_read_tsc+0x10/0x10 [ 27.237201] ? ktime_get_ts64+0x86/0x230 [ 27.237227] kunit_try_run_case+0x1a5/0x480 [ 27.237251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.237298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.237323] ? __kthread_parkme+0x82/0x180 [ 27.237345] ? preempt_count_sub+0x50/0x80 [ 27.237370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.237420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.237446] kthread+0x337/0x6f0 [ 27.237467] ? trace_preempt_on+0x20/0xc0 [ 27.237492] ? __pfx_kthread+0x10/0x10 [ 27.237514] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.237537] ? calculate_sigpending+0x7b/0xa0 [ 27.237562] ? __pfx_kthread+0x10/0x10 [ 27.237585] ret_from_fork+0x116/0x1d0 [ 27.237606] ? __pfx_kthread+0x10/0x10 [ 27.237627] ret_from_fork_asm+0x1a/0x30 [ 27.237669] </TASK> [ 27.237682] [ 27.253480] Allocated by task 314: [ 27.253853] kasan_save_stack+0x45/0x70 [ 27.254249] kasan_save_track+0x18/0x40 [ 27.254399] kasan_save_alloc_info+0x3b/0x50 [ 27.254853] __kasan_kmalloc+0xb7/0xc0 [ 27.255435] __kmalloc_cache_noprof+0x189/0x420 [ 27.255683] kasan_atomics+0x95/0x310 [ 27.255856] kunit_try_run_case+0x1a5/0x480 [ 27.256211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.256460] kthread+0x337/0x6f0 [ 27.256868] ret_from_fork+0x116/0x1d0 [ 27.257250] ret_from_fork_asm+0x1a/0x30 [ 27.257433] [ 27.257523] The buggy address belongs to the object at ffff888103eb9580 [ 27.257523] which belongs to the cache kmalloc-64 of size 64 [ 27.258389] The buggy address is located 0 bytes to the right of [ 27.258389] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.259137] [ 27.259389] The buggy address belongs to the physical page: [ 27.259557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.260037] flags: 0x200000000000000(node=0|zone=2) [ 27.260290] page_type: f5(slab) [ 27.260419] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.261176] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.261589] page dumped because: kasan: bad access detected [ 27.262023] [ 27.262101] Memory state around the buggy address: [ 27.262539] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.263024] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.263680] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.264102] ^ [ 27.264556] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.265036] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.265352] ================================================================== [ 27.609022] ================================================================== [ 27.609343] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 27.609864] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.610445] [ 27.610694] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.610755] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.610770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.610796] Call Trace: [ 27.610914] <TASK> [ 27.610956] dump_stack_lvl+0x73/0xb0 [ 27.610993] print_report+0xd1/0x610 [ 27.611018] ? __virt_addr_valid+0x1db/0x2d0 [ 27.611042] ? kasan_atomics_helper+0x1467/0x5450 [ 27.611065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.611092] ? kasan_atomics_helper+0x1467/0x5450 [ 27.611114] kasan_report+0x141/0x180 [ 27.611136] ? kasan_atomics_helper+0x1467/0x5450 [ 27.611162] kasan_check_range+0x10c/0x1c0 [ 27.611186] __kasan_check_write+0x18/0x20 [ 27.611209] kasan_atomics_helper+0x1467/0x5450 [ 27.611232] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.611255] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.611279] ? pick_task_fair+0xce/0x340 [ 27.611305] ? kasan_atomics+0x152/0x310 [ 27.611330] kasan_atomics+0x1dc/0x310 [ 27.611354] ? __pfx_kasan_atomics+0x10/0x10 [ 27.611378] ? __pfx_read_tsc+0x10/0x10 [ 27.611400] ? ktime_get_ts64+0x86/0x230 [ 27.611426] kunit_try_run_case+0x1a5/0x480 [ 27.611449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.611471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.611497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.611521] ? __kthread_parkme+0x82/0x180 [ 27.611543] ? preempt_count_sub+0x50/0x80 [ 27.611568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.611591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.611616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.611643] kthread+0x337/0x6f0 [ 27.611674] ? trace_preempt_on+0x20/0xc0 [ 27.611698] ? __pfx_kthread+0x10/0x10 [ 27.611719] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.611751] ? calculate_sigpending+0x7b/0xa0 [ 27.611776] ? __pfx_kthread+0x10/0x10 [ 27.611799] ret_from_fork+0x116/0x1d0 [ 27.611819] ? __pfx_kthread+0x10/0x10 [ 27.611841] ret_from_fork_asm+0x1a/0x30 [ 27.611873] </TASK> [ 27.611886] [ 27.623521] Allocated by task 314: [ 27.623744] kasan_save_stack+0x45/0x70 [ 27.624161] kasan_save_track+0x18/0x40 [ 27.624489] kasan_save_alloc_info+0x3b/0x50 [ 27.624710] __kasan_kmalloc+0xb7/0xc0 [ 27.624995] __kmalloc_cache_noprof+0x189/0x420 [ 27.625364] kasan_atomics+0x95/0x310 [ 27.625681] kunit_try_run_case+0x1a5/0x480 [ 27.626033] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.626366] kthread+0x337/0x6f0 [ 27.626502] ret_from_fork+0x116/0x1d0 [ 27.626882] ret_from_fork_asm+0x1a/0x30 [ 27.627195] [ 27.627416] The buggy address belongs to the object at ffff888103eb9580 [ 27.627416] which belongs to the cache kmalloc-64 of size 64 [ 27.628013] The buggy address is located 0 bytes to the right of [ 27.628013] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.628768] [ 27.628910] The buggy address belongs to the physical page: [ 27.629144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.629534] flags: 0x200000000000000(node=0|zone=2) [ 27.629750] page_type: f5(slab) [ 27.629902] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.630138] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.631074] page dumped because: kasan: bad access detected [ 27.631568] [ 27.631646] Memory state around the buggy address: [ 27.632905] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.633290] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.633514] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.633742] ^ [ 27.633896] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.634118] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.634325] ================================================================== [ 28.193772] ================================================================== [ 28.194552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 28.194954] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.195404] [ 28.195559] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.195630] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.195672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.195698] Call Trace: [ 28.195718] <TASK> [ 28.195742] dump_stack_lvl+0x73/0xb0 [ 28.195775] print_report+0xd1/0x610 [ 28.195801] ? __virt_addr_valid+0x1db/0x2d0 [ 28.195826] ? kasan_atomics_helper+0x4fa5/0x5450 [ 28.195848] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.195875] ? kasan_atomics_helper+0x4fa5/0x5450 [ 28.195896] kasan_report+0x141/0x180 [ 28.195920] ? kasan_atomics_helper+0x4fa5/0x5450 [ 28.195945] __asan_report_load8_noabort+0x18/0x20 [ 28.195969] kasan_atomics_helper+0x4fa5/0x5450 [ 28.195992] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.196015] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.196038] ? pick_task_fair+0xce/0x340 [ 28.196065] ? kasan_atomics+0x152/0x310 [ 28.196091] kasan_atomics+0x1dc/0x310 [ 28.196115] ? __pfx_kasan_atomics+0x10/0x10 [ 28.196139] ? __pfx_read_tsc+0x10/0x10 [ 28.196162] ? ktime_get_ts64+0x86/0x230 [ 28.196188] kunit_try_run_case+0x1a5/0x480 [ 28.196211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.196232] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.196258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.196282] ? __kthread_parkme+0x82/0x180 [ 28.196304] ? preempt_count_sub+0x50/0x80 [ 28.196329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.196352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.196379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.196405] kthread+0x337/0x6f0 [ 28.196426] ? trace_preempt_on+0x20/0xc0 [ 28.196451] ? __pfx_kthread+0x10/0x10 [ 28.196474] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.196497] ? calculate_sigpending+0x7b/0xa0 [ 28.196522] ? __pfx_kthread+0x10/0x10 [ 28.196545] ret_from_fork+0x116/0x1d0 [ 28.196565] ? __pfx_kthread+0x10/0x10 [ 28.196587] ret_from_fork_asm+0x1a/0x30 [ 28.196619] </TASK> [ 28.196632] [ 28.206352] Allocated by task 314: [ 28.206697] kasan_save_stack+0x45/0x70 [ 28.206942] kasan_save_track+0x18/0x40 [ 28.207223] kasan_save_alloc_info+0x3b/0x50 [ 28.207412] __kasan_kmalloc+0xb7/0xc0 [ 28.207737] __kmalloc_cache_noprof+0x189/0x420 [ 28.208068] kasan_atomics+0x95/0x310 [ 28.208325] kunit_try_run_case+0x1a5/0x480 [ 28.208489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.208891] kthread+0x337/0x6f0 [ 28.209068] ret_from_fork+0x116/0x1d0 [ 28.209244] ret_from_fork_asm+0x1a/0x30 [ 28.209427] [ 28.209504] The buggy address belongs to the object at ffff888103eb9580 [ 28.209504] which belongs to the cache kmalloc-64 of size 64 [ 28.210350] The buggy address is located 0 bytes to the right of [ 28.210350] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.211091] [ 28.211339] The buggy address belongs to the physical page: [ 28.211637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.212115] flags: 0x200000000000000(node=0|zone=2) [ 28.212415] page_type: f5(slab) [ 28.212547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.213251] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.213630] page dumped because: kasan: bad access detected [ 28.214004] [ 28.214102] Memory state around the buggy address: [ 28.214274] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.214607] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.215199] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.215550] ^ [ 28.215743] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.216327] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.216705] ================================================================== [ 27.031929] ================================================================== [ 27.032395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 27.032781] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.033203] [ 27.033323] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.033380] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.033396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.033422] Call Trace: [ 27.033444] <TASK> [ 27.033467] dump_stack_lvl+0x73/0xb0 [ 27.033501] print_report+0xd1/0x610 [ 27.033525] ? __virt_addr_valid+0x1db/0x2d0 [ 27.033563] ? kasan_atomics_helper+0x72f/0x5450 [ 27.033584] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.033611] ? kasan_atomics_helper+0x72f/0x5450 [ 27.033644] kasan_report+0x141/0x180 [ 27.033680] ? kasan_atomics_helper+0x72f/0x5450 [ 27.033708] kasan_check_range+0x10c/0x1c0 [ 27.033731] __kasan_check_write+0x18/0x20 [ 27.033755] kasan_atomics_helper+0x72f/0x5450 [ 27.033778] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.033801] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.033825] ? pick_task_fair+0xce/0x340 [ 27.033861] ? kasan_atomics+0x152/0x310 [ 27.033888] kasan_atomics+0x1dc/0x310 [ 27.033911] ? __pfx_kasan_atomics+0x10/0x10 [ 27.033936] ? __pfx_read_tsc+0x10/0x10 [ 27.033976] ? ktime_get_ts64+0x86/0x230 [ 27.034002] kunit_try_run_case+0x1a5/0x480 [ 27.034027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.034175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.034200] ? __kthread_parkme+0x82/0x180 [ 27.034256] ? preempt_count_sub+0x50/0x80 [ 27.034282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.034317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.034344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.034371] kthread+0x337/0x6f0 [ 27.034401] ? trace_preempt_on+0x20/0xc0 [ 27.034426] ? __pfx_kthread+0x10/0x10 [ 27.034449] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.034482] ? calculate_sigpending+0x7b/0xa0 [ 27.034508] ? __pfx_kthread+0x10/0x10 [ 27.034531] ret_from_fork+0x116/0x1d0 [ 27.034560] ? __pfx_kthread+0x10/0x10 [ 27.034582] ret_from_fork_asm+0x1a/0x30 [ 27.034614] </TASK> [ 27.034637] [ 27.043829] Allocated by task 314: [ 27.044091] kasan_save_stack+0x45/0x70 [ 27.044336] kasan_save_track+0x18/0x40 [ 27.044496] kasan_save_alloc_info+0x3b/0x50 [ 27.044727] __kasan_kmalloc+0xb7/0xc0 [ 27.044917] __kmalloc_cache_noprof+0x189/0x420 [ 27.045132] kasan_atomics+0x95/0x310 [ 27.045409] kunit_try_run_case+0x1a5/0x480 [ 27.045629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.045913] kthread+0x337/0x6f0 [ 27.046152] ret_from_fork+0x116/0x1d0 [ 27.046301] ret_from_fork_asm+0x1a/0x30 [ 27.046440] [ 27.046508] The buggy address belongs to the object at ffff888103eb9580 [ 27.046508] which belongs to the cache kmalloc-64 of size 64 [ 27.047044] The buggy address is located 0 bytes to the right of [ 27.047044] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.047614] [ 27.047696] The buggy address belongs to the physical page: [ 27.048092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.048847] flags: 0x200000000000000(node=0|zone=2) [ 27.049095] page_type: f5(slab) [ 27.049219] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.049869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.050232] page dumped because: kasan: bad access detected [ 27.050499] [ 27.050605] Memory state around the buggy address: [ 27.050859] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.051249] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.051548] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.051923] ^ [ 27.052158] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.052687] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.053136] ================================================================== [ 26.767636] ================================================================== [ 26.768392] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 26.768733] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.769027] [ 26.769152] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.769208] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.769222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.769248] Call Trace: [ 26.769261] <TASK> [ 26.769282] dump_stack_lvl+0x73/0xb0 [ 26.769317] print_report+0xd1/0x610 [ 26.769340] ? __virt_addr_valid+0x1db/0x2d0 [ 26.769365] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.769386] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.769411] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.769433] kasan_report+0x141/0x180 [ 26.769454] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.769479] __asan_report_load4_noabort+0x18/0x20 [ 26.769503] kasan_atomics_helper+0x4bbc/0x5450 [ 26.769524] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.769546] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.769570] ? pick_task_fair+0xce/0x340 [ 26.769596] ? kasan_atomics+0x152/0x310 [ 26.769621] kasan_atomics+0x1dc/0x310 [ 26.769643] ? __pfx_kasan_atomics+0x10/0x10 [ 26.769677] ? __pfx_read_tsc+0x10/0x10 [ 26.769700] ? ktime_get_ts64+0x86/0x230 [ 26.769727] kunit_try_run_case+0x1a5/0x480 [ 26.769845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.769867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.769892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.769916] ? __kthread_parkme+0x82/0x180 [ 26.769938] ? preempt_count_sub+0x50/0x80 [ 26.769962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.769984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.770009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.770034] kthread+0x337/0x6f0 [ 26.770061] ? trace_preempt_on+0x20/0xc0 [ 26.770085] ? __pfx_kthread+0x10/0x10 [ 26.770106] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.770127] ? calculate_sigpending+0x7b/0xa0 [ 26.770152] ? __pfx_kthread+0x10/0x10 [ 26.770174] ret_from_fork+0x116/0x1d0 [ 26.770193] ? __pfx_kthread+0x10/0x10 [ 26.770213] ret_from_fork_asm+0x1a/0x30 [ 26.770244] </TASK> [ 26.770256] [ 26.778272] Allocated by task 314: [ 26.778460] kasan_save_stack+0x45/0x70 [ 26.778645] kasan_save_track+0x18/0x40 [ 26.778844] kasan_save_alloc_info+0x3b/0x50 [ 26.779129] __kasan_kmalloc+0xb7/0xc0 [ 26.779294] __kmalloc_cache_noprof+0x189/0x420 [ 26.779482] kasan_atomics+0x95/0x310 [ 26.779649] kunit_try_run_case+0x1a5/0x480 [ 26.779947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.780244] kthread+0x337/0x6f0 [ 26.780388] ret_from_fork+0x116/0x1d0 [ 26.780571] ret_from_fork_asm+0x1a/0x30 [ 26.780753] [ 26.780830] The buggy address belongs to the object at ffff888103eb9580 [ 26.780830] which belongs to the cache kmalloc-64 of size 64 [ 26.781405] The buggy address is located 0 bytes to the right of [ 26.781405] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.782004] [ 26.782168] The buggy address belongs to the physical page: [ 26.782436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.782790] flags: 0x200000000000000(node=0|zone=2) [ 26.783076] page_type: f5(slab) [ 26.783209] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.783436] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.783813] page dumped because: kasan: bad access detected [ 26.784172] [ 26.784262] Memory state around the buggy address: [ 26.784460] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.784844] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.785301] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.785620] ^ [ 26.785911] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.786223] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.786507] ================================================================== [ 27.134940] ================================================================== [ 27.135188] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 27.135428] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.135649] [ 27.135764] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.135822] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.135837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.135863] Call Trace: [ 27.135884] <TASK> [ 27.135907] dump_stack_lvl+0x73/0xb0 [ 27.135939] print_report+0xd1/0x610 [ 27.135963] ? __virt_addr_valid+0x1db/0x2d0 [ 27.135988] ? kasan_atomics_helper+0x992/0x5450 [ 27.136009] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.136036] ? kasan_atomics_helper+0x992/0x5450 [ 27.136058] kasan_report+0x141/0x180 [ 27.136095] ? kasan_atomics_helper+0x992/0x5450 [ 27.136121] kasan_check_range+0x10c/0x1c0 [ 27.136146] __kasan_check_write+0x18/0x20 [ 27.136170] kasan_atomics_helper+0x992/0x5450 [ 27.136192] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.136215] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.136239] ? pick_task_fair+0xce/0x340 [ 27.136266] ? kasan_atomics+0x152/0x310 [ 27.136293] kasan_atomics+0x1dc/0x310 [ 27.136316] ? __pfx_kasan_atomics+0x10/0x10 [ 27.136340] ? __pfx_read_tsc+0x10/0x10 [ 27.136363] ? ktime_get_ts64+0x86/0x230 [ 27.136388] kunit_try_run_case+0x1a5/0x480 [ 27.136412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.136433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.136459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.136483] ? __kthread_parkme+0x82/0x180 [ 27.136506] ? preempt_count_sub+0x50/0x80 [ 27.136531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.136555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.136582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.136608] kthread+0x337/0x6f0 [ 27.136629] ? trace_preempt_on+0x20/0xc0 [ 27.136663] ? __pfx_kthread+0x10/0x10 [ 27.136685] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.136708] ? calculate_sigpending+0x7b/0xa0 [ 27.136733] ? __pfx_kthread+0x10/0x10 [ 27.136755] ret_from_fork+0x116/0x1d0 [ 27.136776] ? __pfx_kthread+0x10/0x10 [ 27.136796] ret_from_fork_asm+0x1a/0x30 [ 27.136830] </TASK> [ 27.136843] [ 27.154669] Allocated by task 314: [ 27.155099] kasan_save_stack+0x45/0x70 [ 27.155539] kasan_save_track+0x18/0x40 [ 27.155959] kasan_save_alloc_info+0x3b/0x50 [ 27.156159] __kasan_kmalloc+0xb7/0xc0 [ 27.156282] __kmalloc_cache_noprof+0x189/0x420 [ 27.156429] kasan_atomics+0x95/0x310 [ 27.156551] kunit_try_run_case+0x1a5/0x480 [ 27.156712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.156878] kthread+0x337/0x6f0 [ 27.157217] ret_from_fork+0x116/0x1d0 [ 27.157399] ret_from_fork_asm+0x1a/0x30 [ 27.157535] [ 27.157625] The buggy address belongs to the object at ffff888103eb9580 [ 27.157625] which belongs to the cache kmalloc-64 of size 64 [ 27.158266] The buggy address is located 0 bytes to the right of [ 27.158266] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.158914] [ 27.158985] The buggy address belongs to the physical page: [ 27.159145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.159804] flags: 0x200000000000000(node=0|zone=2) [ 27.159979] page_type: f5(slab) [ 27.160098] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.160419] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.160695] page dumped because: kasan: bad access detected [ 27.160952] [ 27.161043] Memory state around the buggy address: [ 27.161268] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.161585] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.161801] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.162300] ^ [ 27.162614] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.162883] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.163089] ================================================================== [ 27.492592] ================================================================== [ 27.493188] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 27.493521] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.493835] [ 27.493948] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.494004] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.494018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.494049] Call Trace: [ 27.494069] <TASK> [ 27.494091] dump_stack_lvl+0x73/0xb0 [ 27.494122] print_report+0xd1/0x610 [ 27.494147] ? __virt_addr_valid+0x1db/0x2d0 [ 27.494173] ? kasan_atomics_helper+0x1217/0x5450 [ 27.494195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.494222] ? kasan_atomics_helper+0x1217/0x5450 [ 27.494244] kasan_report+0x141/0x180 [ 27.494267] ? kasan_atomics_helper+0x1217/0x5450 [ 27.494293] kasan_check_range+0x10c/0x1c0 [ 27.494317] __kasan_check_write+0x18/0x20 [ 27.494341] kasan_atomics_helper+0x1217/0x5450 [ 27.494365] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.494388] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.494412] ? pick_task_fair+0xce/0x340 [ 27.494439] ? kasan_atomics+0x152/0x310 [ 27.494465] kasan_atomics+0x1dc/0x310 [ 27.494490] ? __pfx_kasan_atomics+0x10/0x10 [ 27.494514] ? __pfx_read_tsc+0x10/0x10 [ 27.494538] ? ktime_get_ts64+0x86/0x230 [ 27.494563] kunit_try_run_case+0x1a5/0x480 [ 27.494588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.494609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.494635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.494670] ? __kthread_parkme+0x82/0x180 [ 27.494693] ? preempt_count_sub+0x50/0x80 [ 27.494718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.494762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.494789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.494816] kthread+0x337/0x6f0 [ 27.494838] ? trace_preempt_on+0x20/0xc0 [ 27.494863] ? __pfx_kthread+0x10/0x10 [ 27.494884] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.494907] ? calculate_sigpending+0x7b/0xa0 [ 27.494932] ? __pfx_kthread+0x10/0x10 [ 27.494955] ret_from_fork+0x116/0x1d0 [ 27.494975] ? __pfx_kthread+0x10/0x10 [ 27.494997] ret_from_fork_asm+0x1a/0x30 [ 27.495030] </TASK> [ 27.495042] [ 27.502077] Allocated by task 314: [ 27.502277] kasan_save_stack+0x45/0x70 [ 27.502486] kasan_save_track+0x18/0x40 [ 27.502679] kasan_save_alloc_info+0x3b/0x50 [ 27.502910] __kasan_kmalloc+0xb7/0xc0 [ 27.503097] __kmalloc_cache_noprof+0x189/0x420 [ 27.503289] kasan_atomics+0x95/0x310 [ 27.503416] kunit_try_run_case+0x1a5/0x480 [ 27.503555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.503766] kthread+0x337/0x6f0 [ 27.503937] ret_from_fork+0x116/0x1d0 [ 27.504121] ret_from_fork_asm+0x1a/0x30 [ 27.504314] [ 27.504407] The buggy address belongs to the object at ffff888103eb9580 [ 27.504407] which belongs to the cache kmalloc-64 of size 64 [ 27.504936] The buggy address is located 0 bytes to the right of [ 27.504936] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.505392] [ 27.505462] The buggy address belongs to the physical page: [ 27.505628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.505976] flags: 0x200000000000000(node=0|zone=2) [ 27.506200] page_type: f5(slab) [ 27.506360] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.506667] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.506976] page dumped because: kasan: bad access detected [ 27.507158] [ 27.507222] Memory state around the buggy address: [ 27.507371] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.507579] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.507894] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.508206] ^ [ 27.508426] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.509182] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.509511] ================================================================== [ 27.928215] ================================================================== [ 27.928451] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 27.928990] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.929320] [ 27.929434] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.929490] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.929505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.929532] Call Trace: [ 27.929553] <TASK> [ 27.929574] dump_stack_lvl+0x73/0xb0 [ 27.929608] print_report+0xd1/0x610 [ 27.929631] ? __virt_addr_valid+0x1db/0x2d0 [ 27.929666] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.929690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.929716] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.929761] kasan_report+0x141/0x180 [ 27.929785] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.929811] kasan_check_range+0x10c/0x1c0 [ 27.929836] __kasan_check_write+0x18/0x20 [ 27.929859] kasan_atomics_helper+0x1c18/0x5450 [ 27.929883] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.929905] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.929930] ? pick_task_fair+0xce/0x340 [ 27.929957] ? kasan_atomics+0x152/0x310 [ 27.929983] kasan_atomics+0x1dc/0x310 [ 27.930006] ? __pfx_kasan_atomics+0x10/0x10 [ 27.930031] ? __pfx_read_tsc+0x10/0x10 [ 27.930059] ? ktime_get_ts64+0x86/0x230 [ 27.930085] kunit_try_run_case+0x1a5/0x480 [ 27.930108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.930130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.930156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.930181] ? __kthread_parkme+0x82/0x180 [ 27.930204] ? preempt_count_sub+0x50/0x80 [ 27.930229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.930251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.930278] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.930305] kthread+0x337/0x6f0 [ 27.930325] ? trace_preempt_on+0x20/0xc0 [ 27.930349] ? __pfx_kthread+0x10/0x10 [ 27.930371] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.930393] ? calculate_sigpending+0x7b/0xa0 [ 27.930418] ? __pfx_kthread+0x10/0x10 [ 27.930441] ret_from_fork+0x116/0x1d0 [ 27.930460] ? __pfx_kthread+0x10/0x10 [ 27.930482] ret_from_fork_asm+0x1a/0x30 [ 27.930514] </TASK> [ 27.930526] [ 27.938307] Allocated by task 314: [ 27.938475] kasan_save_stack+0x45/0x70 [ 27.938695] kasan_save_track+0x18/0x40 [ 27.938878] kasan_save_alloc_info+0x3b/0x50 [ 27.939087] __kasan_kmalloc+0xb7/0xc0 [ 27.939255] __kmalloc_cache_noprof+0x189/0x420 [ 27.939431] kasan_atomics+0x95/0x310 [ 27.939608] kunit_try_run_case+0x1a5/0x480 [ 27.939834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.940032] kthread+0x337/0x6f0 [ 27.940196] ret_from_fork+0x116/0x1d0 [ 27.940357] ret_from_fork_asm+0x1a/0x30 [ 27.940544] [ 27.940635] The buggy address belongs to the object at ffff888103eb9580 [ 27.940635] which belongs to the cache kmalloc-64 of size 64 [ 27.941016] The buggy address is located 0 bytes to the right of [ 27.941016] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.941549] [ 27.941646] The buggy address belongs to the physical page: [ 27.941923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.942253] flags: 0x200000000000000(node=0|zone=2) [ 27.942413] page_type: f5(slab) [ 27.942532] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.942869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.943204] page dumped because: kasan: bad access detected [ 27.943450] [ 27.943538] Memory state around the buggy address: [ 27.943788] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.944111] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.944400] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.944691] ^ [ 27.944898] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.945128] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.945438] ================================================================== [ 26.787184] ================================================================== [ 26.787798] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 26.788536] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.788954] [ 26.789067] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.789120] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.789135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.789161] Call Trace: [ 26.789176] <TASK> [ 26.789196] dump_stack_lvl+0x73/0xb0 [ 26.789229] print_report+0xd1/0x610 [ 26.789253] ? __virt_addr_valid+0x1db/0x2d0 [ 26.789279] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.789302] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.789329] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.789351] kasan_report+0x141/0x180 [ 26.789374] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.789400] __asan_report_store4_noabort+0x1b/0x30 [ 26.789425] kasan_atomics_helper+0x4ba2/0x5450 [ 26.789448] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.789471] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.789496] ? pick_task_fair+0xce/0x340 [ 26.789521] ? kasan_atomics+0x152/0x310 [ 26.789548] kasan_atomics+0x1dc/0x310 [ 26.789572] ? __pfx_kasan_atomics+0x10/0x10 [ 26.789597] ? __pfx_read_tsc+0x10/0x10 [ 26.789619] ? ktime_get_ts64+0x86/0x230 [ 26.789645] kunit_try_run_case+0x1a5/0x480 [ 26.789679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.789701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.789727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.789752] ? __kthread_parkme+0x82/0x180 [ 26.789775] ? preempt_count_sub+0x50/0x80 [ 26.789800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.789824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.789850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.789876] kthread+0x337/0x6f0 [ 26.789897] ? trace_preempt_on+0x20/0xc0 [ 26.789922] ? __pfx_kthread+0x10/0x10 [ 26.789965] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.789988] ? calculate_sigpending+0x7b/0xa0 [ 26.790014] ? __pfx_kthread+0x10/0x10 [ 26.790036] ret_from_fork+0x116/0x1d0 [ 26.790065] ? __pfx_kthread+0x10/0x10 [ 26.790086] ret_from_fork_asm+0x1a/0x30 [ 26.790118] </TASK> [ 26.790131] [ 26.798465] Allocated by task 314: [ 26.798621] kasan_save_stack+0x45/0x70 [ 26.798791] kasan_save_track+0x18/0x40 [ 26.798924] kasan_save_alloc_info+0x3b/0x50 [ 26.799068] __kasan_kmalloc+0xb7/0xc0 [ 26.799252] __kmalloc_cache_noprof+0x189/0x420 [ 26.799543] kasan_atomics+0x95/0x310 [ 26.799743] kunit_try_run_case+0x1a5/0x480 [ 26.799945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.800193] kthread+0x337/0x6f0 [ 26.800357] ret_from_fork+0x116/0x1d0 [ 26.800505] ret_from_fork_asm+0x1a/0x30 [ 26.800641] [ 26.800717] The buggy address belongs to the object at ffff888103eb9580 [ 26.800717] which belongs to the cache kmalloc-64 of size 64 [ 26.801065] The buggy address is located 0 bytes to the right of [ 26.801065] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.802148] [ 26.802258] The buggy address belongs to the physical page: [ 26.802795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.804568] flags: 0x200000000000000(node=0|zone=2) [ 26.804894] page_type: f5(slab) [ 26.805394] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.805756] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.806163] page dumped because: kasan: bad access detected [ 26.806345] [ 26.806437] Memory state around the buggy address: [ 26.806672] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.807599] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.807924] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.808472] ^ [ 26.808726] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.809507] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.809818] ================================================================== [ 27.760759] ================================================================== [ 27.761120] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 27.762092] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.762747] [ 27.762875] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.762933] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.762948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.762975] Call Trace: [ 27.762997] <TASK> [ 27.763019] dump_stack_lvl+0x73/0xb0 [ 27.763057] print_report+0xd1/0x610 [ 27.763093] ? __virt_addr_valid+0x1db/0x2d0 [ 27.763120] ? kasan_atomics_helper+0x177f/0x5450 [ 27.763142] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.763327] ? kasan_atomics_helper+0x177f/0x5450 [ 27.763358] kasan_report+0x141/0x180 [ 27.763506] ? kasan_atomics_helper+0x177f/0x5450 [ 27.763535] kasan_check_range+0x10c/0x1c0 [ 27.763563] __kasan_check_write+0x18/0x20 [ 27.763589] kasan_atomics_helper+0x177f/0x5450 [ 27.763612] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.763635] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.763673] ? pick_task_fair+0xce/0x340 [ 27.763700] ? kasan_atomics+0x152/0x310 [ 27.763726] kasan_atomics+0x1dc/0x310 [ 27.763757] ? __pfx_kasan_atomics+0x10/0x10 [ 27.763782] ? __pfx_read_tsc+0x10/0x10 [ 27.763804] ? ktime_get_ts64+0x86/0x230 [ 27.763829] kunit_try_run_case+0x1a5/0x480 [ 27.763854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.763875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.763900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.763925] ? __kthread_parkme+0x82/0x180 [ 27.763948] ? preempt_count_sub+0x50/0x80 [ 27.763972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.763994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.764020] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.764046] kthread+0x337/0x6f0 [ 27.764067] ? trace_preempt_on+0x20/0xc0 [ 27.764092] ? __pfx_kthread+0x10/0x10 [ 27.764113] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.764136] ? calculate_sigpending+0x7b/0xa0 [ 27.764161] ? __pfx_kthread+0x10/0x10 [ 27.764183] ret_from_fork+0x116/0x1d0 [ 27.764203] ? __pfx_kthread+0x10/0x10 [ 27.764224] ret_from_fork_asm+0x1a/0x30 [ 27.764257] </TASK> [ 27.764271] [ 27.775578] Allocated by task 314: [ 27.776000] kasan_save_stack+0x45/0x70 [ 27.776226] kasan_save_track+0x18/0x40 [ 27.776380] kasan_save_alloc_info+0x3b/0x50 [ 27.776837] __kasan_kmalloc+0xb7/0xc0 [ 27.777185] __kmalloc_cache_noprof+0x189/0x420 [ 27.777510] kasan_atomics+0x95/0x310 [ 27.777854] kunit_try_run_case+0x1a5/0x480 [ 27.778027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.778434] kthread+0x337/0x6f0 [ 27.778709] ret_from_fork+0x116/0x1d0 [ 27.779140] ret_from_fork_asm+0x1a/0x30 [ 27.779445] [ 27.779544] The buggy address belongs to the object at ffff888103eb9580 [ 27.779544] which belongs to the cache kmalloc-64 of size 64 [ 27.780455] The buggy address is located 0 bytes to the right of [ 27.780455] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.781263] [ 27.781365] The buggy address belongs to the physical page: [ 27.781705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.782314] flags: 0x200000000000000(node=0|zone=2) [ 27.782638] page_type: f5(slab) [ 27.782941] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.783390] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.783878] page dumped because: kasan: bad access detected [ 27.784246] [ 27.784348] Memory state around the buggy address: [ 27.784742] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.785092] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.785515] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.785888] ^ [ 27.786264] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.786687] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.787094] ================================================================== [ 26.987504] ================================================================== [ 26.988091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 26.988435] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.988754] [ 26.988942] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.989000] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.989015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.989095] Call Trace: [ 26.989129] <TASK> [ 26.989151] dump_stack_lvl+0x73/0xb0 [ 26.989186] print_report+0xd1/0x610 [ 26.989210] ? __virt_addr_valid+0x1db/0x2d0 [ 26.989245] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.989267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.989305] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.989327] kasan_report+0x141/0x180 [ 26.989349] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.989375] kasan_check_range+0x10c/0x1c0 [ 26.989408] __kasan_check_write+0x18/0x20 [ 26.989431] kasan_atomics_helper+0x5fe/0x5450 [ 26.989464] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.989487] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.989512] ? pick_task_fair+0xce/0x340 [ 26.989538] ? kasan_atomics+0x152/0x310 [ 26.989565] kasan_atomics+0x1dc/0x310 [ 26.989589] ? __pfx_kasan_atomics+0x10/0x10 [ 26.989613] ? __pfx_read_tsc+0x10/0x10 [ 26.989637] ? ktime_get_ts64+0x86/0x230 [ 26.989673] kunit_try_run_case+0x1a5/0x480 [ 26.989697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989720] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.989757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.989782] ? __kthread_parkme+0x82/0x180 [ 26.989806] ? preempt_count_sub+0x50/0x80 [ 26.989840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.989890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.989927] kthread+0x337/0x6f0 [ 26.990080] ? trace_preempt_on+0x20/0xc0 [ 26.990107] ? __pfx_kthread+0x10/0x10 [ 26.990143] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.990166] ? calculate_sigpending+0x7b/0xa0 [ 26.990192] ? __pfx_kthread+0x10/0x10 [ 26.990214] ret_from_fork+0x116/0x1d0 [ 26.990328] ? __pfx_kthread+0x10/0x10 [ 26.990351] ret_from_fork_asm+0x1a/0x30 [ 26.990472] </TASK> [ 26.990487] [ 26.999673] Allocated by task 314: [ 26.999931] kasan_save_stack+0x45/0x70 [ 27.000298] kasan_save_track+0x18/0x40 [ 27.000494] kasan_save_alloc_info+0x3b/0x50 [ 27.000644] __kasan_kmalloc+0xb7/0xc0 [ 27.000944] __kmalloc_cache_noprof+0x189/0x420 [ 27.001338] kasan_atomics+0x95/0x310 [ 27.001519] kunit_try_run_case+0x1a5/0x480 [ 27.001672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.001844] kthread+0x337/0x6f0 [ 27.002014] ret_from_fork+0x116/0x1d0 [ 27.002200] ret_from_fork_asm+0x1a/0x30 [ 27.002484] [ 27.002581] The buggy address belongs to the object at ffff888103eb9580 [ 27.002581] which belongs to the cache kmalloc-64 of size 64 [ 27.003525] The buggy address is located 0 bytes to the right of [ 27.003525] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.004217] [ 27.004323] The buggy address belongs to the physical page: [ 27.004567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.005035] flags: 0x200000000000000(node=0|zone=2) [ 27.005209] page_type: f5(slab) [ 27.005333] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.005711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.006125] page dumped because: kasan: bad access detected [ 27.006339] [ 27.006594] Memory state around the buggy address: [ 27.006772] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.007076] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.007786] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.008149] ^ [ 27.008356] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.008800] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.009160] ================================================================== [ 27.455339] ================================================================== [ 27.455770] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 27.456164] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.456466] [ 27.456582] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.456637] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.456668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.456701] Call Trace: [ 27.456722] <TASK> [ 27.456769] dump_stack_lvl+0x73/0xb0 [ 27.456801] print_report+0xd1/0x610 [ 27.456825] ? __virt_addr_valid+0x1db/0x2d0 [ 27.456850] ? kasan_atomics_helper+0x1148/0x5450 [ 27.456872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.456898] ? kasan_atomics_helper+0x1148/0x5450 [ 27.456920] kasan_report+0x141/0x180 [ 27.456944] ? kasan_atomics_helper+0x1148/0x5450 [ 27.456970] kasan_check_range+0x10c/0x1c0 [ 27.456995] __kasan_check_write+0x18/0x20 [ 27.457019] kasan_atomics_helper+0x1148/0x5450 [ 27.457043] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.457066] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.457101] ? pick_task_fair+0xce/0x340 [ 27.457128] ? kasan_atomics+0x152/0x310 [ 27.457154] kasan_atomics+0x1dc/0x310 [ 27.457188] ? __pfx_kasan_atomics+0x10/0x10 [ 27.457213] ? __pfx_read_tsc+0x10/0x10 [ 27.457236] ? ktime_get_ts64+0x86/0x230 [ 27.457262] kunit_try_run_case+0x1a5/0x480 [ 27.457286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.457333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.457358] ? __kthread_parkme+0x82/0x180 [ 27.457383] ? preempt_count_sub+0x50/0x80 [ 27.457407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.457456] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.457483] kthread+0x337/0x6f0 [ 27.457504] ? trace_preempt_on+0x20/0xc0 [ 27.457538] ? __pfx_kthread+0x10/0x10 [ 27.457560] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.457583] ? calculate_sigpending+0x7b/0xa0 [ 27.457621] ? __pfx_kthread+0x10/0x10 [ 27.457643] ret_from_fork+0x116/0x1d0 [ 27.457673] ? __pfx_kthread+0x10/0x10 [ 27.457695] ret_from_fork_asm+0x1a/0x30 [ 27.457743] </TASK> [ 27.457756] [ 27.465092] Allocated by task 314: [ 27.465234] kasan_save_stack+0x45/0x70 [ 27.465386] kasan_save_track+0x18/0x40 [ 27.465515] kasan_save_alloc_info+0x3b/0x50 [ 27.465764] __kasan_kmalloc+0xb7/0xc0 [ 27.465975] __kmalloc_cache_noprof+0x189/0x420 [ 27.466201] kasan_atomics+0x95/0x310 [ 27.466386] kunit_try_run_case+0x1a5/0x480 [ 27.466599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.466869] kthread+0x337/0x6f0 [ 27.467054] ret_from_fork+0x116/0x1d0 [ 27.467227] ret_from_fork_asm+0x1a/0x30 [ 27.467413] [ 27.467507] The buggy address belongs to the object at ffff888103eb9580 [ 27.467507] which belongs to the cache kmalloc-64 of size 64 [ 27.467908] The buggy address is located 0 bytes to the right of [ 27.467908] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.468270] [ 27.468340] The buggy address belongs to the physical page: [ 27.468611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.468992] flags: 0x200000000000000(node=0|zone=2) [ 27.469228] page_type: f5(slab) [ 27.469404] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.469775] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.470063] page dumped because: kasan: bad access detected [ 27.470318] [ 27.470386] Memory state around the buggy address: [ 27.470538] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.470782] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.471098] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.471439] ^ [ 27.471687] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.472035] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.472342] ================================================================== [ 27.684850] ================================================================== [ 27.685223] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 27.685500] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.685833] [ 27.685927] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.685982] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.685997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.686023] Call Trace: [ 27.686073] <TASK> [ 27.686095] dump_stack_lvl+0x73/0xb0 [ 27.686129] print_report+0xd1/0x610 [ 27.686153] ? __virt_addr_valid+0x1db/0x2d0 [ 27.686179] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.686211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.686238] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.686260] kasan_report+0x141/0x180 [ 27.686283] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.686328] kasan_check_range+0x10c/0x1c0 [ 27.686353] __kasan_check_write+0x18/0x20 [ 27.686378] kasan_atomics_helper+0x15b6/0x5450 [ 27.686401] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.686424] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.686449] ? pick_task_fair+0xce/0x340 [ 27.686493] ? kasan_atomics+0x152/0x310 [ 27.686520] kasan_atomics+0x1dc/0x310 [ 27.686544] ? __pfx_kasan_atomics+0x10/0x10 [ 27.686569] ? __pfx_read_tsc+0x10/0x10 [ 27.686592] ? ktime_get_ts64+0x86/0x230 [ 27.686618] kunit_try_run_case+0x1a5/0x480 [ 27.686669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.686692] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.686718] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.686742] ? __kthread_parkme+0x82/0x180 [ 27.686773] ? preempt_count_sub+0x50/0x80 [ 27.686799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.686839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.686866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.686892] kthread+0x337/0x6f0 [ 27.686914] ? trace_preempt_on+0x20/0xc0 [ 27.686939] ? __pfx_kthread+0x10/0x10 [ 27.686961] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.686984] ? calculate_sigpending+0x7b/0xa0 [ 27.687010] ? __pfx_kthread+0x10/0x10 [ 27.687034] ret_from_fork+0x116/0x1d0 [ 27.687054] ? __pfx_kthread+0x10/0x10 [ 27.687077] ret_from_fork_asm+0x1a/0x30 [ 27.687109] </TASK> [ 27.687140] [ 27.698505] Allocated by task 314: [ 27.698932] kasan_save_stack+0x45/0x70 [ 27.699329] kasan_save_track+0x18/0x40 [ 27.699697] kasan_save_alloc_info+0x3b/0x50 [ 27.700173] __kasan_kmalloc+0xb7/0xc0 [ 27.700520] __kmalloc_cache_noprof+0x189/0x420 [ 27.700874] kasan_atomics+0x95/0x310 [ 27.701008] kunit_try_run_case+0x1a5/0x480 [ 27.701150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.701321] kthread+0x337/0x6f0 [ 27.701444] ret_from_fork+0x116/0x1d0 [ 27.701576] ret_from_fork_asm+0x1a/0x30 [ 27.701729] [ 27.701798] The buggy address belongs to the object at ffff888103eb9580 [ 27.701798] which belongs to the cache kmalloc-64 of size 64 [ 27.702334] The buggy address is located 0 bytes to the right of [ 27.702334] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.702844] [ 27.702941] The buggy address belongs to the physical page: [ 27.703222] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.703562] flags: 0x200000000000000(node=0|zone=2) [ 27.703801] page_type: f5(slab) [ 27.703960] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.704263] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.704555] page dumped because: kasan: bad access detected [ 27.704835] [ 27.704915] Memory state around the buggy address: [ 27.705139] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.705371] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.705598] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.705935] ^ [ 27.706162] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.706453] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.706670] ================================================================== [ 27.980422] ================================================================== [ 27.980823] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 27.981206] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.981538] [ 27.981649] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.981712] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.981748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.981777] Call Trace: [ 27.981797] <TASK> [ 27.981819] dump_stack_lvl+0x73/0xb0 [ 27.981852] print_report+0xd1/0x610 [ 27.981876] ? __virt_addr_valid+0x1db/0x2d0 [ 27.981902] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.981925] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.981952] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.981974] kasan_report+0x141/0x180 [ 27.981998] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.982025] kasan_check_range+0x10c/0x1c0 [ 27.982059] __kasan_check_write+0x18/0x20 [ 27.982084] kasan_atomics_helper+0x1d7a/0x5450 [ 27.982108] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.982131] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.982156] ? pick_task_fair+0xce/0x340 [ 27.982182] ? kasan_atomics+0x152/0x310 [ 27.982209] kasan_atomics+0x1dc/0x310 [ 27.982232] ? __pfx_kasan_atomics+0x10/0x10 [ 27.982257] ? __pfx_read_tsc+0x10/0x10 [ 27.982280] ? ktime_get_ts64+0x86/0x230 [ 27.982306] kunit_try_run_case+0x1a5/0x480 [ 27.982330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.982352] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.982378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.982403] ? __kthread_parkme+0x82/0x180 [ 27.982426] ? preempt_count_sub+0x50/0x80 [ 27.982451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.982474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.982501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.982527] kthread+0x337/0x6f0 [ 27.982547] ? trace_preempt_on+0x20/0xc0 [ 27.982572] ? __pfx_kthread+0x10/0x10 [ 27.982594] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.982617] ? calculate_sigpending+0x7b/0xa0 [ 27.982642] ? __pfx_kthread+0x10/0x10 [ 27.982674] ret_from_fork+0x116/0x1d0 [ 27.982694] ? __pfx_kthread+0x10/0x10 [ 27.982716] ret_from_fork_asm+0x1a/0x30 [ 27.982769] </TASK> [ 27.982782] [ 27.989947] Allocated by task 314: [ 27.990148] kasan_save_stack+0x45/0x70 [ 27.990359] kasan_save_track+0x18/0x40 [ 27.990545] kasan_save_alloc_info+0x3b/0x50 [ 27.990790] __kasan_kmalloc+0xb7/0xc0 [ 27.990948] __kmalloc_cache_noprof+0x189/0x420 [ 27.991100] kasan_atomics+0x95/0x310 [ 27.991227] kunit_try_run_case+0x1a5/0x480 [ 27.991370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.991600] kthread+0x337/0x6f0 [ 27.991802] ret_from_fork+0x116/0x1d0 [ 27.991991] ret_from_fork_asm+0x1a/0x30 [ 27.992186] [ 27.992278] The buggy address belongs to the object at ffff888103eb9580 [ 27.992278] which belongs to the cache kmalloc-64 of size 64 [ 27.992826] The buggy address is located 0 bytes to the right of [ 27.992826] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.993186] [ 27.993254] The buggy address belongs to the physical page: [ 27.993420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.993665] flags: 0x200000000000000(node=0|zone=2) [ 27.993918] page_type: f5(slab) [ 27.994097] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.994441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.994830] page dumped because: kasan: bad access detected [ 27.995079] [ 27.995165] Memory state around the buggy address: [ 27.995376] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.995701] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.996045] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.996248] ^ [ 27.996393] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.996595] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.997912] ================================================================== [ 28.217636] ================================================================== [ 28.217960] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 28.218241] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.219010] [ 28.219144] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.219306] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.219325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.219351] Call Trace: [ 28.219373] <TASK> [ 28.219396] dump_stack_lvl+0x73/0xb0 [ 28.219430] print_report+0xd1/0x610 [ 28.219455] ? __virt_addr_valid+0x1db/0x2d0 [ 28.219481] ? kasan_atomics_helper+0x224c/0x5450 [ 28.219503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.219530] ? kasan_atomics_helper+0x224c/0x5450 [ 28.219552] kasan_report+0x141/0x180 [ 28.219575] ? kasan_atomics_helper+0x224c/0x5450 [ 28.219600] kasan_check_range+0x10c/0x1c0 [ 28.219624] __kasan_check_write+0x18/0x20 [ 28.219648] kasan_atomics_helper+0x224c/0x5450 [ 28.219687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.219709] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.219735] ? pick_task_fair+0xce/0x340 [ 28.219834] ? kasan_atomics+0x152/0x310 [ 28.219861] kasan_atomics+0x1dc/0x310 [ 28.219885] ? __pfx_kasan_atomics+0x10/0x10 [ 28.219909] ? __pfx_read_tsc+0x10/0x10 [ 28.219932] ? ktime_get_ts64+0x86/0x230 [ 28.219957] kunit_try_run_case+0x1a5/0x480 [ 28.219982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.220003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.220029] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.220053] ? __kthread_parkme+0x82/0x180 [ 28.220076] ? preempt_count_sub+0x50/0x80 [ 28.220101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.220124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.220151] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.220177] kthread+0x337/0x6f0 [ 28.220198] ? trace_preempt_on+0x20/0xc0 [ 28.220223] ? __pfx_kthread+0x10/0x10 [ 28.220245] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.220268] ? calculate_sigpending+0x7b/0xa0 [ 28.220293] ? __pfx_kthread+0x10/0x10 [ 28.220316] ret_from_fork+0x116/0x1d0 [ 28.220336] ? __pfx_kthread+0x10/0x10 [ 28.220357] ret_from_fork_asm+0x1a/0x30 [ 28.220389] </TASK> [ 28.220402] [ 28.230186] Allocated by task 314: [ 28.230530] kasan_save_stack+0x45/0x70 [ 28.230903] kasan_save_track+0x18/0x40 [ 28.231179] kasan_save_alloc_info+0x3b/0x50 [ 28.231349] __kasan_kmalloc+0xb7/0xc0 [ 28.231662] __kmalloc_cache_noprof+0x189/0x420 [ 28.232074] kasan_atomics+0x95/0x310 [ 28.232393] kunit_try_run_case+0x1a5/0x480 [ 28.232552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.232741] kthread+0x337/0x6f0 [ 28.232869] ret_from_fork+0x116/0x1d0 [ 28.232999] ret_from_fork_asm+0x1a/0x30 [ 28.233189] [ 28.233290] The buggy address belongs to the object at ffff888103eb9580 [ 28.233290] which belongs to the cache kmalloc-64 of size 64 [ 28.234303] The buggy address is located 0 bytes to the right of [ 28.234303] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.235074] [ 28.235264] The buggy address belongs to the physical page: [ 28.235618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.236100] flags: 0x200000000000000(node=0|zone=2) [ 28.236409] page_type: f5(slab) [ 28.236581] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.237125] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.237491] page dumped because: kasan: bad access detected [ 28.237815] [ 28.237913] Memory state around the buggy address: [ 28.238131] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.238671] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.239075] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.239469] ^ [ 28.239682] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.240111] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.240484] ================================================================== [ 27.203498] ================================================================== [ 27.203884] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 27.205282] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.205540] [ 27.205628] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.205697] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.205712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.205737] Call Trace: [ 27.206244] <TASK> [ 27.206269] dump_stack_lvl+0x73/0xb0 [ 27.206311] print_report+0xd1/0x610 [ 27.206337] ? __virt_addr_valid+0x1db/0x2d0 [ 27.206372] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.206395] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.206421] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.206443] kasan_report+0x141/0x180 [ 27.206466] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.206491] kasan_check_range+0x10c/0x1c0 [ 27.206516] __kasan_check_write+0x18/0x20 [ 27.206539] kasan_atomics_helper+0xb6a/0x5450 [ 27.206561] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.206585] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.206609] ? pick_task_fair+0xce/0x340 [ 27.206635] ? kasan_atomics+0x152/0x310 [ 27.206671] kasan_atomics+0x1dc/0x310 [ 27.206694] ? __pfx_kasan_atomics+0x10/0x10 [ 27.206719] ? __pfx_read_tsc+0x10/0x10 [ 27.206742] ? ktime_get_ts64+0x86/0x230 [ 27.206767] kunit_try_run_case+0x1a5/0x480 [ 27.206803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.206824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.206850] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.206874] ? __kthread_parkme+0x82/0x180 [ 27.206897] ? preempt_count_sub+0x50/0x80 [ 27.206922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.206944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.206973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.207000] kthread+0x337/0x6f0 [ 27.207021] ? trace_preempt_on+0x20/0xc0 [ 27.207045] ? __pfx_kthread+0x10/0x10 [ 27.207068] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.207090] ? calculate_sigpending+0x7b/0xa0 [ 27.207115] ? __pfx_kthread+0x10/0x10 [ 27.207138] ret_from_fork+0x116/0x1d0 [ 27.207158] ? __pfx_kthread+0x10/0x10 [ 27.207180] ret_from_fork_asm+0x1a/0x30 [ 27.207212] </TASK> [ 27.207225] [ 27.218938] Allocated by task 314: [ 27.219111] kasan_save_stack+0x45/0x70 [ 27.219272] kasan_save_track+0x18/0x40 [ 27.219404] kasan_save_alloc_info+0x3b/0x50 [ 27.219547] __kasan_kmalloc+0xb7/0xc0 [ 27.220057] __kmalloc_cache_noprof+0x189/0x420 [ 27.220603] kasan_atomics+0x95/0x310 [ 27.221214] kunit_try_run_case+0x1a5/0x480 [ 27.221569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.221775] kthread+0x337/0x6f0 [ 27.221898] ret_from_fork+0x116/0x1d0 [ 27.222035] ret_from_fork_asm+0x1a/0x30 [ 27.222699] [ 27.222903] The buggy address belongs to the object at ffff888103eb9580 [ 27.222903] which belongs to the cache kmalloc-64 of size 64 [ 27.224081] The buggy address is located 0 bytes to the right of [ 27.224081] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.225406] [ 27.225582] The buggy address belongs to the physical page: [ 27.226337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.226590] flags: 0x200000000000000(node=0|zone=2) [ 27.226778] page_type: f5(slab) [ 27.226911] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.227682] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.228455] page dumped because: kasan: bad access detected [ 27.229157] [ 27.229346] Memory state around the buggy address: [ 27.229983] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.230729] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.231444] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.231936] ^ [ 27.232393] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.232975] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.233550] ================================================================== [ 27.009650] ================================================================== [ 27.010006] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 27.010402] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.010905] [ 27.011288] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.011351] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.011366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.011392] Call Trace: [ 27.011412] <TASK> [ 27.011434] dump_stack_lvl+0x73/0xb0 [ 27.011472] print_report+0xd1/0x610 [ 27.011508] ? __virt_addr_valid+0x1db/0x2d0 [ 27.011534] ? kasan_atomics_helper+0x697/0x5450 [ 27.011567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.011593] ? kasan_atomics_helper+0x697/0x5450 [ 27.011616] kasan_report+0x141/0x180 [ 27.011640] ? kasan_atomics_helper+0x697/0x5450 [ 27.011685] kasan_check_range+0x10c/0x1c0 [ 27.011710] __kasan_check_write+0x18/0x20 [ 27.011733] kasan_atomics_helper+0x697/0x5450 [ 27.011768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.011792] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.011816] ? pick_task_fair+0xce/0x340 [ 27.011842] ? kasan_atomics+0x152/0x310 [ 27.011879] kasan_atomics+0x1dc/0x310 [ 27.011901] ? __pfx_kasan_atomics+0x10/0x10 [ 27.011926] ? __pfx_read_tsc+0x10/0x10 [ 27.012066] ? ktime_get_ts64+0x86/0x230 [ 27.012095] kunit_try_run_case+0x1a5/0x480 [ 27.012122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.012144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.012170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.012194] ? __kthread_parkme+0x82/0x180 [ 27.012217] ? preempt_count_sub+0x50/0x80 [ 27.012242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.012265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.012360] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.012392] kthread+0x337/0x6f0 [ 27.012427] ? trace_preempt_on+0x20/0xc0 [ 27.012453] ? __pfx_kthread+0x10/0x10 [ 27.012475] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.012498] ? calculate_sigpending+0x7b/0xa0 [ 27.012524] ? __pfx_kthread+0x10/0x10 [ 27.012548] ret_from_fork+0x116/0x1d0 [ 27.012569] ? __pfx_kthread+0x10/0x10 [ 27.012590] ret_from_fork_asm+0x1a/0x30 [ 27.012623] </TASK> [ 27.012637] [ 27.021739] Allocated by task 314: [ 27.022069] kasan_save_stack+0x45/0x70 [ 27.022237] kasan_save_track+0x18/0x40 [ 27.022414] kasan_save_alloc_info+0x3b/0x50 [ 27.022621] __kasan_kmalloc+0xb7/0xc0 [ 27.022875] __kmalloc_cache_noprof+0x189/0x420 [ 27.023320] kasan_atomics+0x95/0x310 [ 27.023511] kunit_try_run_case+0x1a5/0x480 [ 27.023849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.024283] kthread+0x337/0x6f0 [ 27.024467] ret_from_fork+0x116/0x1d0 [ 27.024678] ret_from_fork_asm+0x1a/0x30 [ 27.024927] [ 27.025040] The buggy address belongs to the object at ffff888103eb9580 [ 27.025040] which belongs to the cache kmalloc-64 of size 64 [ 27.025576] The buggy address is located 0 bytes to the right of [ 27.025576] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.026331] [ 27.026464] The buggy address belongs to the physical page: [ 27.026687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.027277] flags: 0x200000000000000(node=0|zone=2) [ 27.027563] page_type: f5(slab) [ 27.027719] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.028213] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.028573] page dumped because: kasan: bad access detected [ 27.028861] [ 27.028950] Memory state around the buggy address: [ 27.029208] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.029513] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.029746] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.029997] ^ [ 27.030222] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.030650] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.031279] ================================================================== [ 27.382703] ================================================================== [ 27.383046] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 27.383387] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.383707] [ 27.383828] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.383885] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.383900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.383926] Call Trace: [ 27.383947] <TASK> [ 27.383982] dump_stack_lvl+0x73/0xb0 [ 27.384016] print_report+0xd1/0x610 [ 27.384040] ? __virt_addr_valid+0x1db/0x2d0 [ 27.384080] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.384101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.384138] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.384161] kasan_report+0x141/0x180 [ 27.384183] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.384221] kasan_check_range+0x10c/0x1c0 [ 27.384246] __kasan_check_write+0x18/0x20 [ 27.384269] kasan_atomics_helper+0xfa9/0x5450 [ 27.384314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.384337] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.384372] ? pick_task_fair+0xce/0x340 [ 27.384399] ? kasan_atomics+0x152/0x310 [ 27.384426] kasan_atomics+0x1dc/0x310 [ 27.384449] ? __pfx_kasan_atomics+0x10/0x10 [ 27.384474] ? __pfx_read_tsc+0x10/0x10 [ 27.384498] ? ktime_get_ts64+0x86/0x230 [ 27.384523] kunit_try_run_case+0x1a5/0x480 [ 27.384548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.384569] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.384594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.384619] ? __kthread_parkme+0x82/0x180 [ 27.384641] ? preempt_count_sub+0x50/0x80 [ 27.384675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.384697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.384742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.384772] kthread+0x337/0x6f0 [ 27.384794] ? trace_preempt_on+0x20/0xc0 [ 27.384819] ? __pfx_kthread+0x10/0x10 [ 27.384841] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.384863] ? calculate_sigpending+0x7b/0xa0 [ 27.384889] ? __pfx_kthread+0x10/0x10 [ 27.384911] ret_from_fork+0x116/0x1d0 [ 27.384932] ? __pfx_kthread+0x10/0x10 [ 27.384953] ret_from_fork_asm+0x1a/0x30 [ 27.384984] </TASK> [ 27.384996] [ 27.392533] Allocated by task 314: [ 27.392788] kasan_save_stack+0x45/0x70 [ 27.393001] kasan_save_track+0x18/0x40 [ 27.393191] kasan_save_alloc_info+0x3b/0x50 [ 27.393396] __kasan_kmalloc+0xb7/0xc0 [ 27.393578] __kmalloc_cache_noprof+0x189/0x420 [ 27.393788] kasan_atomics+0x95/0x310 [ 27.393922] kunit_try_run_case+0x1a5/0x480 [ 27.394135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.394416] kthread+0x337/0x6f0 [ 27.394582] ret_from_fork+0x116/0x1d0 [ 27.394785] ret_from_fork_asm+0x1a/0x30 [ 27.394928] [ 27.394995] The buggy address belongs to the object at ffff888103eb9580 [ 27.394995] which belongs to the cache kmalloc-64 of size 64 [ 27.395404] The buggy address is located 0 bytes to the right of [ 27.395404] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.395995] [ 27.396092] The buggy address belongs to the physical page: [ 27.396330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.396567] flags: 0x200000000000000(node=0|zone=2) [ 27.396818] page_type: f5(slab) [ 27.396988] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.397347] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.397671] page dumped because: kasan: bad access detected [ 27.397893] [ 27.397961] Memory state around the buggy address: [ 27.398187] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.398508] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.398851] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.399126] ^ [ 27.399351] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.399640] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.399947] ================================================================== [ 27.527403] ================================================================== [ 27.527801] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 27.528079] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.528302] [ 27.528389] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.528445] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.528460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.528485] Call Trace: [ 27.528507] <TASK> [ 27.528527] dump_stack_lvl+0x73/0xb0 [ 27.528559] print_report+0xd1/0x610 [ 27.528583] ? __virt_addr_valid+0x1db/0x2d0 [ 27.528608] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.528630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.528677] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.528700] kasan_report+0x141/0x180 [ 27.528745] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.528773] kasan_check_range+0x10c/0x1c0 [ 27.528797] __kasan_check_write+0x18/0x20 [ 27.528821] kasan_atomics_helper+0x12e6/0x5450 [ 27.528845] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.528867] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.528892] ? pick_task_fair+0xce/0x340 [ 27.528919] ? kasan_atomics+0x152/0x310 [ 27.528946] kasan_atomics+0x1dc/0x310 [ 27.528969] ? __pfx_kasan_atomics+0x10/0x10 [ 27.528994] ? __pfx_read_tsc+0x10/0x10 [ 27.529017] ? ktime_get_ts64+0x86/0x230 [ 27.529044] kunit_try_run_case+0x1a5/0x480 [ 27.529069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.529090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.529116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.529141] ? __kthread_parkme+0x82/0x180 [ 27.529164] ? preempt_count_sub+0x50/0x80 [ 27.529188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.529211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.529237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.529263] kthread+0x337/0x6f0 [ 27.529285] ? trace_preempt_on+0x20/0xc0 [ 27.529311] ? __pfx_kthread+0x10/0x10 [ 27.529333] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.529356] ? calculate_sigpending+0x7b/0xa0 [ 27.529380] ? __pfx_kthread+0x10/0x10 [ 27.529402] ret_from_fork+0x116/0x1d0 [ 27.529423] ? __pfx_kthread+0x10/0x10 [ 27.529444] ret_from_fork_asm+0x1a/0x30 [ 27.529477] </TASK> [ 27.529490] [ 27.536646] Allocated by task 314: [ 27.536876] kasan_save_stack+0x45/0x70 [ 27.537087] kasan_save_track+0x18/0x40 [ 27.537275] kasan_save_alloc_info+0x3b/0x50 [ 27.537484] __kasan_kmalloc+0xb7/0xc0 [ 27.537651] __kmalloc_cache_noprof+0x189/0x420 [ 27.537883] kasan_atomics+0x95/0x310 [ 27.538063] kunit_try_run_case+0x1a5/0x480 [ 27.538258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.538463] kthread+0x337/0x6f0 [ 27.538635] ret_from_fork+0x116/0x1d0 [ 27.538819] ret_from_fork_asm+0x1a/0x30 [ 27.539018] [ 27.539092] The buggy address belongs to the object at ffff888103eb9580 [ 27.539092] which belongs to the cache kmalloc-64 of size 64 [ 27.539473] The buggy address is located 0 bytes to the right of [ 27.539473] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.540027] [ 27.540125] The buggy address belongs to the physical page: [ 27.540381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.540624] flags: 0x200000000000000(node=0|zone=2) [ 27.540892] page_type: f5(slab) [ 27.541063] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.541379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.541679] page dumped because: kasan: bad access detected [ 27.541869] [ 27.541935] Memory state around the buggy address: [ 27.542095] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.542306] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.542515] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.542838] ^ [ 27.543067] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543382] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543707] ================================================================== [ 27.663712] ================================================================== [ 27.664071] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 27.664589] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.665495] [ 27.665719] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.665788] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.665803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.665830] Call Trace: [ 27.665852] <TASK> [ 27.665874] dump_stack_lvl+0x73/0xb0 [ 27.665908] print_report+0xd1/0x610 [ 27.665934] ? __virt_addr_valid+0x1db/0x2d0 [ 27.665982] ? kasan_atomics_helper+0x151d/0x5450 [ 27.666006] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.666032] ? kasan_atomics_helper+0x151d/0x5450 [ 27.666062] kasan_report+0x141/0x180 [ 27.666085] ? kasan_atomics_helper+0x151d/0x5450 [ 27.666111] kasan_check_range+0x10c/0x1c0 [ 27.666135] __kasan_check_write+0x18/0x20 [ 27.666159] kasan_atomics_helper+0x151d/0x5450 [ 27.666182] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.666205] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.666229] ? pick_task_fair+0xce/0x340 [ 27.666255] ? kasan_atomics+0x152/0x310 [ 27.666282] kasan_atomics+0x1dc/0x310 [ 27.666305] ? __pfx_kasan_atomics+0x10/0x10 [ 27.666330] ? __pfx_read_tsc+0x10/0x10 [ 27.666353] ? ktime_get_ts64+0x86/0x230 [ 27.666379] kunit_try_run_case+0x1a5/0x480 [ 27.666404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.666425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.666450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.666475] ? __kthread_parkme+0x82/0x180 [ 27.666499] ? preempt_count_sub+0x50/0x80 [ 27.666524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.666547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.666577] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.666608] kthread+0x337/0x6f0 [ 27.666631] ? trace_preempt_on+0x20/0xc0 [ 27.666667] ? __pfx_kthread+0x10/0x10 [ 27.666690] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.666714] ? calculate_sigpending+0x7b/0xa0 [ 27.666740] ? __pfx_kthread+0x10/0x10 [ 27.666775] ret_from_fork+0x116/0x1d0 [ 27.666796] ? __pfx_kthread+0x10/0x10 [ 27.666820] ret_from_fork_asm+0x1a/0x30 [ 27.666853] </TASK> [ 27.666866] [ 27.675977] Allocated by task 314: [ 27.676135] kasan_save_stack+0x45/0x70 [ 27.676309] kasan_save_track+0x18/0x40 [ 27.676517] kasan_save_alloc_info+0x3b/0x50 [ 27.676740] __kasan_kmalloc+0xb7/0xc0 [ 27.676920] __kmalloc_cache_noprof+0x189/0x420 [ 27.677157] kasan_atomics+0x95/0x310 [ 27.677365] kunit_try_run_case+0x1a5/0x480 [ 27.677605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.677856] kthread+0x337/0x6f0 [ 27.678199] ret_from_fork+0x116/0x1d0 [ 27.678382] ret_from_fork_asm+0x1a/0x30 [ 27.678570] [ 27.678668] The buggy address belongs to the object at ffff888103eb9580 [ 27.678668] which belongs to the cache kmalloc-64 of size 64 [ 27.679150] The buggy address is located 0 bytes to the right of [ 27.679150] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.679988] [ 27.680095] The buggy address belongs to the physical page: [ 27.680325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.680629] flags: 0x200000000000000(node=0|zone=2) [ 27.680926] page_type: f5(slab) [ 27.681094] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.681421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.681698] page dumped because: kasan: bad access detected [ 27.681994] [ 27.682097] Memory state around the buggy address: [ 27.682320] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.682617] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.682934] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.683244] ^ [ 27.683457] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.683740] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.684107] ================================================================== [ 27.860597] ================================================================== [ 27.860953] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 27.861551] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.861923] [ 27.862049] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.862105] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.862120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.862146] Call Trace: [ 27.862166] <TASK> [ 27.862209] dump_stack_lvl+0x73/0xb0 [ 27.862256] print_report+0xd1/0x610 [ 27.862294] ? __virt_addr_valid+0x1db/0x2d0 [ 27.862331] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.862367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.862407] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.862456] kasan_report+0x141/0x180 [ 27.862493] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.862533] kasan_check_range+0x10c/0x1c0 [ 27.862571] __kasan_check_write+0x18/0x20 [ 27.862594] kasan_atomics_helper+0x19e3/0x5450 [ 27.862618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.862641] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.862677] ? pick_task_fair+0xce/0x340 [ 27.862703] ? kasan_atomics+0x152/0x310 [ 27.862730] kasan_atomics+0x1dc/0x310 [ 27.862753] ? __pfx_kasan_atomics+0x10/0x10 [ 27.862778] ? __pfx_read_tsc+0x10/0x10 [ 27.862800] ? ktime_get_ts64+0x86/0x230 [ 27.862826] kunit_try_run_case+0x1a5/0x480 [ 27.862849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.862882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.862917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.862953] ? __kthread_parkme+0x82/0x180 [ 27.862975] ? preempt_count_sub+0x50/0x80 [ 27.862999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.863022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.863048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.863074] kthread+0x337/0x6f0 [ 27.863095] ? trace_preempt_on+0x20/0xc0 [ 27.863119] ? __pfx_kthread+0x10/0x10 [ 27.863141] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.863164] ? calculate_sigpending+0x7b/0xa0 [ 27.863189] ? __pfx_kthread+0x10/0x10 [ 27.863211] ret_from_fork+0x116/0x1d0 [ 27.863232] ? __pfx_kthread+0x10/0x10 [ 27.863254] ret_from_fork_asm+0x1a/0x30 [ 27.863287] </TASK> [ 27.863299] [ 27.871280] Allocated by task 314: [ 27.871495] kasan_save_stack+0x45/0x70 [ 27.871737] kasan_save_track+0x18/0x40 [ 27.871944] kasan_save_alloc_info+0x3b/0x50 [ 27.872170] __kasan_kmalloc+0xb7/0xc0 [ 27.872349] __kmalloc_cache_noprof+0x189/0x420 [ 27.872574] kasan_atomics+0x95/0x310 [ 27.872820] kunit_try_run_case+0x1a5/0x480 [ 27.873026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.873333] kthread+0x337/0x6f0 [ 27.873543] ret_from_fork+0x116/0x1d0 [ 27.873735] ret_from_fork_asm+0x1a/0x30 [ 27.874010] [ 27.874095] The buggy address belongs to the object at ffff888103eb9580 [ 27.874095] which belongs to the cache kmalloc-64 of size 64 [ 27.874574] The buggy address is located 0 bytes to the right of [ 27.874574] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.875158] [ 27.875262] The buggy address belongs to the physical page: [ 27.875507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.875936] flags: 0x200000000000000(node=0|zone=2) [ 27.876194] page_type: f5(slab) [ 27.876351] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.876715] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.877048] page dumped because: kasan: bad access detected [ 27.877318] [ 27.877405] Memory state around the buggy address: [ 27.877630] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.878058] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.878397] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.878760] ^ [ 27.879060] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.879268] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.879467] ================================================================== [ 27.999586] ================================================================== [ 28.000808] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 28.001886] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.002294] [ 28.002403] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.002463] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.002478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.002504] Call Trace: [ 28.002526] <TASK> [ 28.002548] dump_stack_lvl+0x73/0xb0 [ 28.002586] print_report+0xd1/0x610 [ 28.002610] ? __virt_addr_valid+0x1db/0x2d0 [ 28.002635] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.002672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.002699] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.002722] kasan_report+0x141/0x180 [ 28.002899] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.002930] kasan_check_range+0x10c/0x1c0 [ 28.002956] __kasan_check_write+0x18/0x20 [ 28.002980] kasan_atomics_helper+0x1e12/0x5450 [ 28.003003] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.003071] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.003098] ? pick_task_fair+0xce/0x340 [ 28.003126] ? kasan_atomics+0x152/0x310 [ 28.003153] kasan_atomics+0x1dc/0x310 [ 28.003176] ? __pfx_kasan_atomics+0x10/0x10 [ 28.003200] ? __pfx_read_tsc+0x10/0x10 [ 28.003223] ? ktime_get_ts64+0x86/0x230 [ 28.003248] kunit_try_run_case+0x1a5/0x480 [ 28.003273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.003294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.003320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.003344] ? __kthread_parkme+0x82/0x180 [ 28.003367] ? preempt_count_sub+0x50/0x80 [ 28.003393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.003415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.003442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.003469] kthread+0x337/0x6f0 [ 28.003490] ? trace_preempt_on+0x20/0xc0 [ 28.003515] ? __pfx_kthread+0x10/0x10 [ 28.003537] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.003560] ? calculate_sigpending+0x7b/0xa0 [ 28.003585] ? __pfx_kthread+0x10/0x10 [ 28.003608] ret_from_fork+0x116/0x1d0 [ 28.003629] ? __pfx_kthread+0x10/0x10 [ 28.003661] ret_from_fork_asm+0x1a/0x30 [ 28.003693] </TASK> [ 28.003706] [ 28.015456] Allocated by task 314: [ 28.015663] kasan_save_stack+0x45/0x70 [ 28.016018] kasan_save_track+0x18/0x40 [ 28.016500] kasan_save_alloc_info+0x3b/0x50 [ 28.016827] __kasan_kmalloc+0xb7/0xc0 [ 28.017135] __kmalloc_cache_noprof+0x189/0x420 [ 28.017536] kasan_atomics+0x95/0x310 [ 28.017734] kunit_try_run_case+0x1a5/0x480 [ 28.018103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.018337] kthread+0x337/0x6f0 [ 28.018491] ret_from_fork+0x116/0x1d0 [ 28.018670] ret_from_fork_asm+0x1a/0x30 [ 28.019073] [ 28.019299] The buggy address belongs to the object at ffff888103eb9580 [ 28.019299] which belongs to the cache kmalloc-64 of size 64 [ 28.020176] The buggy address is located 0 bytes to the right of [ 28.020176] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.020942] [ 28.021041] The buggy address belongs to the physical page: [ 28.021273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.021593] flags: 0x200000000000000(node=0|zone=2) [ 28.022184] page_type: f5(slab) [ 28.022499] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.023007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.023510] page dumped because: kasan: bad access detected [ 28.023971] [ 28.024197] Memory state around the buggy address: [ 28.024421] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.024720] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.025005] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.025280] ^ [ 28.025480] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.026194] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.026535] ================================================================== [ 26.965116] ================================================================== [ 26.965466] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 26.965861] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.966208] [ 26.966352] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.966408] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.966423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.966449] Call Trace: [ 26.966472] <TASK> [ 26.966493] dump_stack_lvl+0x73/0xb0 [ 26.966526] print_report+0xd1/0x610 [ 26.966549] ? __virt_addr_valid+0x1db/0x2d0 [ 26.966704] ? kasan_atomics_helper+0x565/0x5450 [ 26.966725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.966775] ? kasan_atomics_helper+0x565/0x5450 [ 26.966806] kasan_report+0x141/0x180 [ 26.966830] ? kasan_atomics_helper+0x565/0x5450 [ 26.966857] kasan_check_range+0x10c/0x1c0 [ 26.966891] __kasan_check_write+0x18/0x20 [ 26.966915] kasan_atomics_helper+0x565/0x5450 [ 26.966938] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.967002] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.967026] ? pick_task_fair+0xce/0x340 [ 26.967077] ? kasan_atomics+0x152/0x310 [ 26.967104] kasan_atomics+0x1dc/0x310 [ 26.967129] ? __pfx_kasan_atomics+0x10/0x10 [ 26.967154] ? __pfx_read_tsc+0x10/0x10 [ 26.967177] ? ktime_get_ts64+0x86/0x230 [ 26.967203] kunit_try_run_case+0x1a5/0x480 [ 26.967228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967249] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.967285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.967310] ? __kthread_parkme+0x82/0x180 [ 26.967332] ? preempt_count_sub+0x50/0x80 [ 26.967368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.967418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.967453] kthread+0x337/0x6f0 [ 26.967475] ? trace_preempt_on+0x20/0xc0 [ 26.967499] ? __pfx_kthread+0x10/0x10 [ 26.967531] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.967555] ? calculate_sigpending+0x7b/0xa0 [ 26.967579] ? __pfx_kthread+0x10/0x10 [ 26.967602] ret_from_fork+0x116/0x1d0 [ 26.967630] ? __pfx_kthread+0x10/0x10 [ 26.967652] ret_from_fork_asm+0x1a/0x30 [ 26.967701] </TASK> [ 26.967714] [ 26.976940] Allocated by task 314: [ 26.977159] kasan_save_stack+0x45/0x70 [ 26.977540] kasan_save_track+0x18/0x40 [ 26.977715] kasan_save_alloc_info+0x3b/0x50 [ 26.977936] __kasan_kmalloc+0xb7/0xc0 [ 26.978124] __kmalloc_cache_noprof+0x189/0x420 [ 26.978676] kasan_atomics+0x95/0x310 [ 26.978905] kunit_try_run_case+0x1a5/0x480 [ 26.979189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.979451] kthread+0x337/0x6f0 [ 26.979631] ret_from_fork+0x116/0x1d0 [ 26.979868] ret_from_fork_asm+0x1a/0x30 [ 26.980189] [ 26.980299] The buggy address belongs to the object at ffff888103eb9580 [ 26.980299] which belongs to the cache kmalloc-64 of size 64 [ 26.980699] The buggy address is located 0 bytes to the right of [ 26.980699] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.981358] [ 26.981459] The buggy address belongs to the physical page: [ 26.981687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.982483] flags: 0x200000000000000(node=0|zone=2) [ 26.982736] page_type: f5(slab) [ 26.982886] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.983474] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.983915] page dumped because: kasan: bad access detected [ 26.984227] [ 26.984442] Memory state around the buggy address: [ 26.984619] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.984904] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.985250] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.985695] ^ [ 26.986060] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.986485] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.986914] ================================================================== [ 27.510096] ================================================================== [ 27.510402] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 27.510736] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.511014] [ 27.511101] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.511154] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.511168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.511193] Call Trace: [ 27.511214] <TASK> [ 27.511235] dump_stack_lvl+0x73/0xb0 [ 27.511265] print_report+0xd1/0x610 [ 27.511288] ? __virt_addr_valid+0x1db/0x2d0 [ 27.511313] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.511334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.511361] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.511383] kasan_report+0x141/0x180 [ 27.511406] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.511432] __asan_report_load4_noabort+0x18/0x20 [ 27.511456] kasan_atomics_helper+0x49e8/0x5450 [ 27.511479] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.511502] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.511527] ? pick_task_fair+0xce/0x340 [ 27.511554] ? kasan_atomics+0x152/0x310 [ 27.511581] kasan_atomics+0x1dc/0x310 [ 27.511604] ? __pfx_kasan_atomics+0x10/0x10 [ 27.511632] ? __pfx_read_tsc+0x10/0x10 [ 27.511867] ? ktime_get_ts64+0x86/0x230 [ 27.511903] kunit_try_run_case+0x1a5/0x480 [ 27.511930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.511952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.511979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.512004] ? __kthread_parkme+0x82/0x180 [ 27.512027] ? preempt_count_sub+0x50/0x80 [ 27.512053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.512076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.512103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.512130] kthread+0x337/0x6f0 [ 27.512150] ? trace_preempt_on+0x20/0xc0 [ 27.512175] ? __pfx_kthread+0x10/0x10 [ 27.512197] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.512220] ? calculate_sigpending+0x7b/0xa0 [ 27.512246] ? __pfx_kthread+0x10/0x10 [ 27.512269] ret_from_fork+0x116/0x1d0 [ 27.512290] ? __pfx_kthread+0x10/0x10 [ 27.512311] ret_from_fork_asm+0x1a/0x30 [ 27.512345] </TASK> [ 27.512357] [ 27.519424] Allocated by task 314: [ 27.519575] kasan_save_stack+0x45/0x70 [ 27.519780] kasan_save_track+0x18/0x40 [ 27.519947] kasan_save_alloc_info+0x3b/0x50 [ 27.520093] __kasan_kmalloc+0xb7/0xc0 [ 27.520269] __kmalloc_cache_noprof+0x189/0x420 [ 27.520487] kasan_atomics+0x95/0x310 [ 27.520680] kunit_try_run_case+0x1a5/0x480 [ 27.520887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.521078] kthread+0x337/0x6f0 [ 27.521198] ret_from_fork+0x116/0x1d0 [ 27.521380] ret_from_fork_asm+0x1a/0x30 [ 27.521558] [ 27.521644] The buggy address belongs to the object at ffff888103eb9580 [ 27.521644] which belongs to the cache kmalloc-64 of size 64 [ 27.522025] The buggy address is located 0 bytes to the right of [ 27.522025] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.522391] [ 27.522460] The buggy address belongs to the physical page: [ 27.522627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.522924] flags: 0x200000000000000(node=0|zone=2) [ 27.523157] page_type: f5(slab) [ 27.523324] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.523670] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.524014] page dumped because: kasan: bad access detected [ 27.524243] [ 27.524330] Memory state around the buggy address: [ 27.524548] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.524893] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.525160] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.525365] ^ [ 27.525516] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.525795] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.526121] ================================================================== [ 27.357359] ================================================================== [ 27.357705] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 27.358392] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.358847] [ 27.358946] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.359002] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.359017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.359308] Call Trace: [ 27.359332] <TASK> [ 27.359353] dump_stack_lvl+0x73/0xb0 [ 27.359390] print_report+0xd1/0x610 [ 27.359414] ? __virt_addr_valid+0x1db/0x2d0 [ 27.359439] ? kasan_atomics_helper+0xf10/0x5450 [ 27.359461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.359487] ? kasan_atomics_helper+0xf10/0x5450 [ 27.359510] kasan_report+0x141/0x180 [ 27.359533] ? kasan_atomics_helper+0xf10/0x5450 [ 27.359560] kasan_check_range+0x10c/0x1c0 [ 27.359583] __kasan_check_write+0x18/0x20 [ 27.359607] kasan_atomics_helper+0xf10/0x5450 [ 27.359630] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.359666] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.359691] ? pick_task_fair+0xce/0x340 [ 27.359717] ? kasan_atomics+0x152/0x310 [ 27.359743] kasan_atomics+0x1dc/0x310 [ 27.359766] ? __pfx_kasan_atomics+0x10/0x10 [ 27.359790] ? __pfx_read_tsc+0x10/0x10 [ 27.359813] ? ktime_get_ts64+0x86/0x230 [ 27.359838] kunit_try_run_case+0x1a5/0x480 [ 27.359862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.359884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.359910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.359934] ? __kthread_parkme+0x82/0x180 [ 27.359957] ? preempt_count_sub+0x50/0x80 [ 27.359981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.360004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.360029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.360055] kthread+0x337/0x6f0 [ 27.360076] ? trace_preempt_on+0x20/0xc0 [ 27.360101] ? __pfx_kthread+0x10/0x10 [ 27.360122] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.360145] ? calculate_sigpending+0x7b/0xa0 [ 27.360170] ? __pfx_kthread+0x10/0x10 [ 27.360193] ret_from_fork+0x116/0x1d0 [ 27.360213] ? __pfx_kthread+0x10/0x10 [ 27.360234] ret_from_fork_asm+0x1a/0x30 [ 27.360266] </TASK> [ 27.360279] [ 27.369649] Allocated by task 314: [ 27.370017] kasan_save_stack+0x45/0x70 [ 27.370291] kasan_save_track+0x18/0x40 [ 27.370421] kasan_save_alloc_info+0x3b/0x50 [ 27.370563] __kasan_kmalloc+0xb7/0xc0 [ 27.370698] __kmalloc_cache_noprof+0x189/0x420 [ 27.371210] kasan_atomics+0x95/0x310 [ 27.371401] kunit_try_run_case+0x1a5/0x480 [ 27.371603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.371817] kthread+0x337/0x6f0 [ 27.373395] ret_from_fork+0x116/0x1d0 [ 27.373549] ret_from_fork_asm+0x1a/0x30 [ 27.373705] [ 27.373782] The buggy address belongs to the object at ffff888103eb9580 [ 27.373782] which belongs to the cache kmalloc-64 of size 64 [ 27.374141] The buggy address is located 0 bytes to the right of [ 27.374141] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.374504] [ 27.374574] The buggy address belongs to the physical page: [ 27.374762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.375001] flags: 0x200000000000000(node=0|zone=2) [ 27.375164] page_type: f5(slab) [ 27.375289] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.375523] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.377931] page dumped because: kasan: bad access detected [ 27.378615] [ 27.379110] Memory state around the buggy address: [ 27.379770] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.380328] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.380574] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.380934] ^ [ 27.381176] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.381463] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.381796] ================================================================== [ 28.144755] ================================================================== [ 28.145083] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 28.145387] Read of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 28.145706] [ 28.145869] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.145923] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.145937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.145962] Call Trace: [ 28.145982] <TASK> [ 28.146001] dump_stack_lvl+0x73/0xb0 [ 28.146031] print_report+0xd1/0x610 [ 28.146060] ? __virt_addr_valid+0x1db/0x2d0 [ 28.146084] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.146105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.146132] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.146154] kasan_report+0x141/0x180 [ 28.146177] ? kasan_atomics_helper+0x4fb2/0x5450 [ 28.146203] __asan_report_load8_noabort+0x18/0x20 [ 28.146227] kasan_atomics_helper+0x4fb2/0x5450 [ 28.146252] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.146277] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.146302] ? pick_task_fair+0xce/0x340 [ 28.146327] ? kasan_atomics+0x152/0x310 [ 28.146355] kasan_atomics+0x1dc/0x310 [ 28.146380] ? __pfx_kasan_atomics+0x10/0x10 [ 28.146404] ? __pfx_read_tsc+0x10/0x10 [ 28.146427] ? ktime_get_ts64+0x86/0x230 [ 28.146453] kunit_try_run_case+0x1a5/0x480 [ 28.146477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.146498] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.146524] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.146549] ? __kthread_parkme+0x82/0x180 [ 28.146571] ? preempt_count_sub+0x50/0x80 [ 28.146596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.146618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.146644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.146681] kthread+0x337/0x6f0 [ 28.146702] ? trace_preempt_on+0x20/0xc0 [ 28.146726] ? __pfx_kthread+0x10/0x10 [ 28.146758] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.146781] ? calculate_sigpending+0x7b/0xa0 [ 28.146806] ? __pfx_kthread+0x10/0x10 [ 28.146828] ret_from_fork+0x116/0x1d0 [ 28.146849] ? __pfx_kthread+0x10/0x10 [ 28.146871] ret_from_fork_asm+0x1a/0x30 [ 28.146903] </TASK> [ 28.146915] [ 28.154119] Allocated by task 314: [ 28.154261] kasan_save_stack+0x45/0x70 [ 28.154408] kasan_save_track+0x18/0x40 [ 28.154557] kasan_save_alloc_info+0x3b/0x50 [ 28.154780] __kasan_kmalloc+0xb7/0xc0 [ 28.154971] __kmalloc_cache_noprof+0x189/0x420 [ 28.155185] kasan_atomics+0x95/0x310 [ 28.155818] kunit_try_run_case+0x1a5/0x480 [ 28.156057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.156470] kthread+0x337/0x6f0 [ 28.156645] ret_from_fork+0x116/0x1d0 [ 28.161818] ret_from_fork_asm+0x1a/0x30 [ 28.162081] [ 28.162182] The buggy address belongs to the object at ffff888103eb9580 [ 28.162182] which belongs to the cache kmalloc-64 of size 64 [ 28.162648] The buggy address is located 0 bytes to the right of [ 28.162648] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 28.164752] [ 28.165335] The buggy address belongs to the physical page: [ 28.165904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 28.166153] flags: 0x200000000000000(node=0|zone=2) [ 28.166315] page_type: f5(slab) [ 28.166433] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.166690] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.167069] page dumped because: kasan: bad access detected [ 28.167329] [ 28.167419] Memory state around the buggy address: [ 28.167645] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.167983] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.168275] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.168538] ^ [ 28.168753] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.169041] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.169322] ================================================================== [ 27.419351] ================================================================== [ 27.419623] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 27.420069] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.420409] [ 27.420521] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.420630] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.420646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.420680] Call Trace: [ 27.420701] <TASK> [ 27.420741] dump_stack_lvl+0x73/0xb0 [ 27.420776] print_report+0xd1/0x610 [ 27.420800] ? __virt_addr_valid+0x1db/0x2d0 [ 27.420827] ? kasan_atomics_helper+0x1079/0x5450 [ 27.420849] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.420877] ? kasan_atomics_helper+0x1079/0x5450 [ 27.420899] kasan_report+0x141/0x180 [ 27.420922] ? kasan_atomics_helper+0x1079/0x5450 [ 27.420948] kasan_check_range+0x10c/0x1c0 [ 27.420973] __kasan_check_write+0x18/0x20 [ 27.420998] kasan_atomics_helper+0x1079/0x5450 [ 27.421020] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.421043] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.421079] ? pick_task_fair+0xce/0x340 [ 27.421104] ? kasan_atomics+0x152/0x310 [ 27.421143] kasan_atomics+0x1dc/0x310 [ 27.421166] ? __pfx_kasan_atomics+0x10/0x10 [ 27.421191] ? __pfx_read_tsc+0x10/0x10 [ 27.421213] ? ktime_get_ts64+0x86/0x230 [ 27.421238] kunit_try_run_case+0x1a5/0x480 [ 27.421263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.421284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.421310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.421334] ? __kthread_parkme+0x82/0x180 [ 27.421356] ? preempt_count_sub+0x50/0x80 [ 27.421381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.421405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.421431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.421457] kthread+0x337/0x6f0 [ 27.421479] ? trace_preempt_on+0x20/0xc0 [ 27.421503] ? __pfx_kthread+0x10/0x10 [ 27.421525] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.421549] ? calculate_sigpending+0x7b/0xa0 [ 27.421574] ? __pfx_kthread+0x10/0x10 [ 27.421597] ret_from_fork+0x116/0x1d0 [ 27.421617] ? __pfx_kthread+0x10/0x10 [ 27.421639] ret_from_fork_asm+0x1a/0x30 [ 27.421691] </TASK> [ 27.421703] [ 27.429093] Allocated by task 314: [ 27.429293] kasan_save_stack+0x45/0x70 [ 27.429536] kasan_save_track+0x18/0x40 [ 27.429780] kasan_save_alloc_info+0x3b/0x50 [ 27.429991] __kasan_kmalloc+0xb7/0xc0 [ 27.430196] __kmalloc_cache_noprof+0x189/0x420 [ 27.430449] kasan_atomics+0x95/0x310 [ 27.430643] kunit_try_run_case+0x1a5/0x480 [ 27.430875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.431074] kthread+0x337/0x6f0 [ 27.431244] ret_from_fork+0x116/0x1d0 [ 27.431454] ret_from_fork_asm+0x1a/0x30 [ 27.431620] [ 27.431703] The buggy address belongs to the object at ffff888103eb9580 [ 27.431703] which belongs to the cache kmalloc-64 of size 64 [ 27.432213] The buggy address is located 0 bytes to the right of [ 27.432213] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.432668] [ 27.432767] The buggy address belongs to the physical page: [ 27.432937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.433179] flags: 0x200000000000000(node=0|zone=2) [ 27.433432] page_type: f5(slab) [ 27.433599] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.433970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.434311] page dumped because: kasan: bad access detected [ 27.434557] [ 27.434650] Memory state around the buggy address: [ 27.434913] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.435153] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.435362] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.435617] ^ [ 27.435888] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.436215] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.436552] ================================================================== [ 27.904398] ================================================================== [ 27.905130] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 27.905481] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.905854] [ 27.905959] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.906016] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.906030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.906066] Call Trace: [ 27.906087] <TASK> [ 27.906109] dump_stack_lvl+0x73/0xb0 [ 27.906141] print_report+0xd1/0x610 [ 27.906164] ? __virt_addr_valid+0x1db/0x2d0 [ 27.906189] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.906211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.906238] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.906260] kasan_report+0x141/0x180 [ 27.906283] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.906309] kasan_check_range+0x10c/0x1c0 [ 27.906333] __kasan_check_write+0x18/0x20 [ 27.906357] kasan_atomics_helper+0x1b22/0x5450 [ 27.906381] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.906405] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.906430] ? pick_task_fair+0xce/0x340 [ 27.906456] ? kasan_atomics+0x152/0x310 [ 27.906484] kasan_atomics+0x1dc/0x310 [ 27.906507] ? __pfx_kasan_atomics+0x10/0x10 [ 27.906532] ? __pfx_read_tsc+0x10/0x10 [ 27.906555] ? ktime_get_ts64+0x86/0x230 [ 27.906580] kunit_try_run_case+0x1a5/0x480 [ 27.906605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.906626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.906666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.906691] ? __kthread_parkme+0x82/0x180 [ 27.906715] ? preempt_count_sub+0x50/0x80 [ 27.906740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.906763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.906792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.906818] kthread+0x337/0x6f0 [ 27.906840] ? trace_preempt_on+0x20/0xc0 [ 27.906864] ? __pfx_kthread+0x10/0x10 [ 27.906885] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.906908] ? calculate_sigpending+0x7b/0xa0 [ 27.906934] ? __pfx_kthread+0x10/0x10 [ 27.906955] ret_from_fork+0x116/0x1d0 [ 27.906976] ? __pfx_kthread+0x10/0x10 [ 27.906996] ret_from_fork_asm+0x1a/0x30 [ 27.907029] </TASK> [ 27.907042] [ 27.916122] Allocated by task 314: [ 27.916289] kasan_save_stack+0x45/0x70 [ 27.916453] kasan_save_track+0x18/0x40 [ 27.916581] kasan_save_alloc_info+0x3b/0x50 [ 27.916955] __kasan_kmalloc+0xb7/0xc0 [ 27.917327] __kmalloc_cache_noprof+0x189/0x420 [ 27.917826] kasan_atomics+0x95/0x310 [ 27.918212] kunit_try_run_case+0x1a5/0x480 [ 27.918628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.919163] kthread+0x337/0x6f0 [ 27.919497] ret_from_fork+0x116/0x1d0 [ 27.919890] ret_from_fork_asm+0x1a/0x30 [ 27.920287] [ 27.920451] The buggy address belongs to the object at ffff888103eb9580 [ 27.920451] which belongs to the cache kmalloc-64 of size 64 [ 27.921118] The buggy address is located 0 bytes to the right of [ 27.921118] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.921473] [ 27.921542] The buggy address belongs to the physical page: [ 27.921878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.922575] flags: 0x200000000000000(node=0|zone=2) [ 27.923052] page_type: f5(slab) [ 27.923376] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.924071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.924719] page dumped because: kasan: bad access detected [ 27.925236] [ 27.925385] Memory state around the buggy address: [ 27.925791] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.926146] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.926721] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.927062] ^ [ 27.927213] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.927415] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.927615] ================================================================== [ 26.943314] ================================================================== [ 26.943623] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 26.944238] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 26.944560] [ 26.944682] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.944747] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.944762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.944798] Call Trace: [ 26.944820] <TASK> [ 26.944842] dump_stack_lvl+0x73/0xb0 [ 26.944875] print_report+0xd1/0x610 [ 26.944899] ? __virt_addr_valid+0x1db/0x2d0 [ 26.944925] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.944947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.944973] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.945043] kasan_report+0x141/0x180 [ 26.945069] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.945095] __asan_report_store4_noabort+0x1b/0x30 [ 26.945144] kasan_atomics_helper+0x4b3a/0x5450 [ 26.945168] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.945190] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.945215] ? pick_task_fair+0xce/0x340 [ 26.945242] ? kasan_atomics+0x152/0x310 [ 26.945269] kasan_atomics+0x1dc/0x310 [ 26.945293] ? __pfx_kasan_atomics+0x10/0x10 [ 26.945318] ? __pfx_read_tsc+0x10/0x10 [ 26.945350] ? ktime_get_ts64+0x86/0x230 [ 26.945376] kunit_try_run_case+0x1a5/0x480 [ 26.945400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.945433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.945459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.945484] ? __kthread_parkme+0x82/0x180 [ 26.945510] ? preempt_count_sub+0x50/0x80 [ 26.945535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.945558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.945585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.945611] kthread+0x337/0x6f0 [ 26.945632] ? trace_preempt_on+0x20/0xc0 [ 26.945667] ? __pfx_kthread+0x10/0x10 [ 26.945689] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.945712] ? calculate_sigpending+0x7b/0xa0 [ 26.945737] ? __pfx_kthread+0x10/0x10 [ 26.945760] ret_from_fork+0x116/0x1d0 [ 26.945790] ? __pfx_kthread+0x10/0x10 [ 26.945812] ret_from_fork_asm+0x1a/0x30 [ 26.945845] </TASK> [ 26.945867] [ 26.954868] Allocated by task 314: [ 26.955036] kasan_save_stack+0x45/0x70 [ 26.955401] kasan_save_track+0x18/0x40 [ 26.955753] kasan_save_alloc_info+0x3b/0x50 [ 26.956012] __kasan_kmalloc+0xb7/0xc0 [ 26.956213] __kmalloc_cache_noprof+0x189/0x420 [ 26.956762] kasan_atomics+0x95/0x310 [ 26.956948] kunit_try_run_case+0x1a5/0x480 [ 26.957220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.957450] kthread+0x337/0x6f0 [ 26.957643] ret_from_fork+0x116/0x1d0 [ 26.957840] ret_from_fork_asm+0x1a/0x30 [ 26.958071] [ 26.958141] The buggy address belongs to the object at ffff888103eb9580 [ 26.958141] which belongs to the cache kmalloc-64 of size 64 [ 26.958724] The buggy address is located 0 bytes to the right of [ 26.958724] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 26.959479] [ 26.959581] The buggy address belongs to the physical page: [ 26.959835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 26.960394] flags: 0x200000000000000(node=0|zone=2) [ 26.960576] page_type: f5(slab) [ 26.960781] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.961206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.961636] page dumped because: kasan: bad access detected [ 26.961934] [ 26.962102] Memory state around the buggy address: [ 26.962317] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.962565] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.962970] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.963326] ^ [ 26.963472] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.964023] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.964587] ================================================================== [ 27.544536] ================================================================== [ 27.544947] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 27.545299] Read of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.545622] [ 27.545754] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.545810] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.545824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.545851] Call Trace: [ 27.545872] <TASK> [ 27.545894] dump_stack_lvl+0x73/0xb0 [ 27.545926] print_report+0xd1/0x610 [ 27.545950] ? __virt_addr_valid+0x1db/0x2d0 [ 27.545976] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.545997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.546025] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.546054] kasan_report+0x141/0x180 [ 27.546077] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.546103] __asan_report_load4_noabort+0x18/0x20 [ 27.546128] kasan_atomics_helper+0x49ce/0x5450 [ 27.546152] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.546176] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.546201] ? pick_task_fair+0xce/0x340 [ 27.546227] ? kasan_atomics+0x152/0x310 [ 27.546253] kasan_atomics+0x1dc/0x310 [ 27.546277] ? __pfx_kasan_atomics+0x10/0x10 [ 27.546301] ? __pfx_read_tsc+0x10/0x10 [ 27.546325] ? ktime_get_ts64+0x86/0x230 [ 27.546351] kunit_try_run_case+0x1a5/0x480 [ 27.546376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.546397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.546423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.546448] ? __kthread_parkme+0x82/0x180 [ 27.546471] ? preempt_count_sub+0x50/0x80 [ 27.546496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.546519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.546547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.546573] kthread+0x337/0x6f0 [ 27.546594] ? trace_preempt_on+0x20/0xc0 [ 27.546620] ? __pfx_kthread+0x10/0x10 [ 27.546641] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.546674] ? calculate_sigpending+0x7b/0xa0 [ 27.546699] ? __pfx_kthread+0x10/0x10 [ 27.546722] ret_from_fork+0x116/0x1d0 [ 27.546762] ? __pfx_kthread+0x10/0x10 [ 27.546783] ret_from_fork_asm+0x1a/0x30 [ 27.546816] </TASK> [ 27.546828] [ 27.553906] Allocated by task 314: [ 27.554101] kasan_save_stack+0x45/0x70 [ 27.554287] kasan_save_track+0x18/0x40 [ 27.554453] kasan_save_alloc_info+0x3b/0x50 [ 27.554627] __kasan_kmalloc+0xb7/0xc0 [ 27.554843] __kmalloc_cache_noprof+0x189/0x420 [ 27.555037] kasan_atomics+0x95/0x310 [ 27.555218] kunit_try_run_case+0x1a5/0x480 [ 27.555393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.555608] kthread+0x337/0x6f0 [ 27.555789] ret_from_fork+0x116/0x1d0 [ 27.555951] ret_from_fork_asm+0x1a/0x30 [ 27.556136] [ 27.556209] The buggy address belongs to the object at ffff888103eb9580 [ 27.556209] which belongs to the cache kmalloc-64 of size 64 [ 27.556665] The buggy address is located 0 bytes to the right of [ 27.556665] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.557045] [ 27.557115] The buggy address belongs to the physical page: [ 27.557282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.557516] flags: 0x200000000000000(node=0|zone=2) [ 27.557684] page_type: f5(slab) [ 27.557827] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.558122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.558453] page dumped because: kasan: bad access detected [ 27.558703] [ 27.558814] Memory state around the buggy address: [ 27.559035] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.559348] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.559687] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.559897] ^ [ 27.560044] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.560246] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.560445] ================================================================== [ 27.074581] ================================================================== [ 27.075251] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 27.075598] Write of size 4 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.075973] [ 27.076087] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.076142] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.076157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.076183] Call Trace: [ 27.076257] <TASK> [ 27.076293] dump_stack_lvl+0x73/0xb0 [ 27.076328] print_report+0xd1/0x610 [ 27.076351] ? __virt_addr_valid+0x1db/0x2d0 [ 27.076386] ? kasan_atomics_helper+0x860/0x5450 [ 27.076408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.076446] ? kasan_atomics_helper+0x860/0x5450 [ 27.076467] kasan_report+0x141/0x180 [ 27.076491] ? kasan_atomics_helper+0x860/0x5450 [ 27.076516] kasan_check_range+0x10c/0x1c0 [ 27.076549] __kasan_check_write+0x18/0x20 [ 27.076574] kasan_atomics_helper+0x860/0x5450 [ 27.076606] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.076629] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.076665] ? pick_task_fair+0xce/0x340 [ 27.076691] ? kasan_atomics+0x152/0x310 [ 27.076726] kasan_atomics+0x1dc/0x310 [ 27.076759] ? __pfx_kasan_atomics+0x10/0x10 [ 27.076794] ? __pfx_read_tsc+0x10/0x10 [ 27.076817] ? ktime_get_ts64+0x86/0x230 [ 27.076842] kunit_try_run_case+0x1a5/0x480 [ 27.076867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.076889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.076915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.076939] ? __kthread_parkme+0x82/0x180 [ 27.077250] ? preempt_count_sub+0x50/0x80 [ 27.077275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.077299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.077328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.077354] kthread+0x337/0x6f0 [ 27.077376] ? trace_preempt_on+0x20/0xc0 [ 27.077415] ? __pfx_kthread+0x10/0x10 [ 27.077438] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.077461] ? calculate_sigpending+0x7b/0xa0 [ 27.077500] ? __pfx_kthread+0x10/0x10 [ 27.077523] ret_from_fork+0x116/0x1d0 [ 27.077544] ? __pfx_kthread+0x10/0x10 [ 27.077566] ret_from_fork_asm+0x1a/0x30 [ 27.077598] </TASK> [ 27.077612] [ 27.086864] Allocated by task 314: [ 27.087076] kasan_save_stack+0x45/0x70 [ 27.087331] kasan_save_track+0x18/0x40 [ 27.087474] kasan_save_alloc_info+0x3b/0x50 [ 27.087694] __kasan_kmalloc+0xb7/0xc0 [ 27.088076] __kmalloc_cache_noprof+0x189/0x420 [ 27.088303] kasan_atomics+0x95/0x310 [ 27.088494] kunit_try_run_case+0x1a5/0x480 [ 27.088770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.089451] kthread+0x337/0x6f0 [ 27.089757] ret_from_fork+0x116/0x1d0 [ 27.089951] ret_from_fork_asm+0x1a/0x30 [ 27.090093] [ 27.090160] The buggy address belongs to the object at ffff888103eb9580 [ 27.090160] which belongs to the cache kmalloc-64 of size 64 [ 27.091360] The buggy address is located 0 bytes to the right of [ 27.091360] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.092487] [ 27.092575] The buggy address belongs to the physical page: [ 27.092761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.093095] flags: 0x200000000000000(node=0|zone=2) [ 27.093871] page_type: f5(slab) [ 27.094224] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.094922] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.095627] page dumped because: kasan: bad access detected [ 27.096200] [ 27.096400] Memory state around the buggy address: [ 27.096929] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.097806] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.098504] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.099198] ^ [ 27.099630] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.100340] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.101414] ================================================================== [ 27.733063] ================================================================== [ 27.733438] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 27.733786] Write of size 8 at addr ffff888103eb95b0 by task kunit_try_catch/314 [ 27.734276] [ 27.734381] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 27.734437] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.734473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.734499] Call Trace: [ 27.734535] <TASK> [ 27.734569] dump_stack_lvl+0x73/0xb0 [ 27.734617] print_report+0xd1/0x610 [ 27.734641] ? __virt_addr_valid+0x1db/0x2d0 [ 27.734678] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.734701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.734741] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.734778] kasan_report+0x141/0x180 [ 27.734801] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.734945] kasan_check_range+0x10c/0x1c0 [ 27.734972] __kasan_check_write+0x18/0x20 [ 27.734996] kasan_atomics_helper+0x16e7/0x5450 [ 27.735019] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.735041] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.735067] ? pick_task_fair+0xce/0x340 [ 27.735093] ? kasan_atomics+0x152/0x310 [ 27.735119] kasan_atomics+0x1dc/0x310 [ 27.735143] ? __pfx_kasan_atomics+0x10/0x10 [ 27.735167] ? __pfx_read_tsc+0x10/0x10 [ 27.735191] ? ktime_get_ts64+0x86/0x230 [ 27.735216] kunit_try_run_case+0x1a5/0x480 [ 27.735240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.735286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.735311] ? __kthread_parkme+0x82/0x180 [ 27.735334] ? preempt_count_sub+0x50/0x80 [ 27.735358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.735381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.735407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.735433] kthread+0x337/0x6f0 [ 27.735454] ? trace_preempt_on+0x20/0xc0 [ 27.735479] ? __pfx_kthread+0x10/0x10 [ 27.735500] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.735523] ? calculate_sigpending+0x7b/0xa0 [ 27.735548] ? __pfx_kthread+0x10/0x10 [ 27.735570] ret_from_fork+0x116/0x1d0 [ 27.735591] ? __pfx_kthread+0x10/0x10 [ 27.735612] ret_from_fork_asm+0x1a/0x30 [ 27.735644] </TASK> [ 27.735668] [ 27.748549] Allocated by task 314: [ 27.748938] kasan_save_stack+0x45/0x70 [ 27.749266] kasan_save_track+0x18/0x40 [ 27.749450] kasan_save_alloc_info+0x3b/0x50 [ 27.749642] __kasan_kmalloc+0xb7/0xc0 [ 27.749804] __kmalloc_cache_noprof+0x189/0x420 [ 27.750139] kasan_atomics+0x95/0x310 [ 27.750710] kunit_try_run_case+0x1a5/0x480 [ 27.750952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.751213] kthread+0x337/0x6f0 [ 27.751588] ret_from_fork+0x116/0x1d0 [ 27.751904] ret_from_fork_asm+0x1a/0x30 [ 27.752314] [ 27.752523] The buggy address belongs to the object at ffff888103eb9580 [ 27.752523] which belongs to the cache kmalloc-64 of size 64 [ 27.753152] The buggy address is located 0 bytes to the right of [ 27.753152] allocated 48-byte region [ffff888103eb9580, ffff888103eb95b0) [ 27.753833] [ 27.754101] The buggy address belongs to the physical page: [ 27.754445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb9 [ 27.754795] flags: 0x200000000000000(node=0|zone=2) [ 27.755231] page_type: f5(slab) [ 27.755502] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.755977] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.756410] page dumped because: kasan: bad access detected [ 27.756756] [ 27.756857] Memory state around the buggy address: [ 27.757222] ffff888103eb9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.757624] ffff888103eb9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.758181] >ffff888103eb9580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.758587] ^ [ 27.758937] ffff888103eb9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.759352] ffff888103eb9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.759683] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 26.571295] ================================================================== [ 26.571631] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.572191] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.572424] [ 26.572510] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.572564] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.572578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.572601] Call Trace: [ 26.572616] <TASK> [ 26.572636] dump_stack_lvl+0x73/0xb0 [ 26.572677] print_report+0xd1/0x610 [ 26.572700] ? __virt_addr_valid+0x1db/0x2d0 [ 26.572724] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.572750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.572775] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.572802] kasan_report+0x141/0x180 [ 26.572826] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.572857] kasan_check_range+0x10c/0x1c0 [ 26.572880] __kasan_check_write+0x18/0x20 [ 26.572912] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.572939] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.572966] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.572991] ? trace_hardirqs_on+0x37/0xe0 [ 26.573014] ? kasan_bitops_generic+0x92/0x1c0 [ 26.573040] kasan_bitops_generic+0x121/0x1c0 [ 26.573063] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.573087] ? __pfx_read_tsc+0x10/0x10 [ 26.573109] ? ktime_get_ts64+0x86/0x230 [ 26.573133] kunit_try_run_case+0x1a5/0x480 [ 26.573157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.573177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.573201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.573225] ? __kthread_parkme+0x82/0x180 [ 26.573247] ? preempt_count_sub+0x50/0x80 [ 26.573270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.573292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.573317] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.573342] kthread+0x337/0x6f0 [ 26.573362] ? trace_preempt_on+0x20/0xc0 [ 26.573384] ? __pfx_kthread+0x10/0x10 [ 26.573405] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.573427] ? calculate_sigpending+0x7b/0xa0 [ 26.573451] ? __pfx_kthread+0x10/0x10 [ 26.573473] ret_from_fork+0x116/0x1d0 [ 26.573492] ? __pfx_kthread+0x10/0x10 [ 26.573513] ret_from_fork_asm+0x1a/0x30 [ 26.573543] </TASK> [ 26.573555] [ 26.581627] Allocated by task 310: [ 26.581818] kasan_save_stack+0x45/0x70 [ 26.582005] kasan_save_track+0x18/0x40 [ 26.582188] kasan_save_alloc_info+0x3b/0x50 [ 26.582381] __kasan_kmalloc+0xb7/0xc0 [ 26.582543] __kmalloc_cache_noprof+0x189/0x420 [ 26.584377] kasan_bitops_generic+0x92/0x1c0 [ 26.584702] kunit_try_run_case+0x1a5/0x480 [ 26.584861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.585037] kthread+0x337/0x6f0 [ 26.585154] ret_from_fork+0x116/0x1d0 [ 26.585281] ret_from_fork_asm+0x1a/0x30 [ 26.585415] [ 26.585481] The buggy address belongs to the object at ffff8881058422c0 [ 26.585481] which belongs to the cache kmalloc-16 of size 16 [ 26.587644] The buggy address is located 8 bytes inside of [ 26.587644] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.588689] [ 26.588793] The buggy address belongs to the physical page: [ 26.588970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.589227] flags: 0x200000000000000(node=0|zone=2) [ 26.589389] page_type: f5(slab) [ 26.589510] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.589927] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.590951] page dumped because: kasan: bad access detected [ 26.591237] [ 26.591739] Memory state around the buggy address: [ 26.592007] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.592479] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.592713] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.592920] ^ [ 26.593425] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.593753] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.594837] ================================================================== [ 26.596350] ================================================================== [ 26.596819] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.597276] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.597592] [ 26.597711] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.597813] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.597828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.597853] Call Trace: [ 26.597884] <TASK> [ 26.597905] dump_stack_lvl+0x73/0xb0 [ 26.597936] print_report+0xd1/0x610 [ 26.597987] ? __virt_addr_valid+0x1db/0x2d0 [ 26.598011] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.598053] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.598095] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.598135] kasan_report+0x141/0x180 [ 26.598156] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.598186] kasan_check_range+0x10c/0x1c0 [ 26.598219] __kasan_check_write+0x18/0x20 [ 26.598241] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.598278] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.598305] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.598329] ? trace_hardirqs_on+0x37/0xe0 [ 26.598352] ? kasan_bitops_generic+0x92/0x1c0 [ 26.598378] kasan_bitops_generic+0x121/0x1c0 [ 26.598400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.598424] ? __pfx_read_tsc+0x10/0x10 [ 26.598445] ? ktime_get_ts64+0x86/0x230 [ 26.598469] kunit_try_run_case+0x1a5/0x480 [ 26.598493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.598514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.598540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.598564] ? __kthread_parkme+0x82/0x180 [ 26.598585] ? preempt_count_sub+0x50/0x80 [ 26.598608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.598632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.598668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.598693] kthread+0x337/0x6f0 [ 26.598713] ? trace_preempt_on+0x20/0xc0 [ 26.598735] ? __pfx_kthread+0x10/0x10 [ 26.598765] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.598787] ? calculate_sigpending+0x7b/0xa0 [ 26.598811] ? __pfx_kthread+0x10/0x10 [ 26.598832] ret_from_fork+0x116/0x1d0 [ 26.598851] ? __pfx_kthread+0x10/0x10 [ 26.598871] ret_from_fork_asm+0x1a/0x30 [ 26.598902] </TASK> [ 26.598914] [ 26.609396] Allocated by task 310: [ 26.609582] kasan_save_stack+0x45/0x70 [ 26.609859] kasan_save_track+0x18/0x40 [ 26.610406] kasan_save_alloc_info+0x3b/0x50 [ 26.610910] __kasan_kmalloc+0xb7/0xc0 [ 26.611090] __kmalloc_cache_noprof+0x189/0x420 [ 26.611281] kasan_bitops_generic+0x92/0x1c0 [ 26.611463] kunit_try_run_case+0x1a5/0x480 [ 26.611641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.612199] kthread+0x337/0x6f0 [ 26.612476] ret_from_fork+0x116/0x1d0 [ 26.612670] ret_from_fork_asm+0x1a/0x30 [ 26.613014] [ 26.613393] The buggy address belongs to the object at ffff8881058422c0 [ 26.613393] which belongs to the cache kmalloc-16 of size 16 [ 26.614187] The buggy address is located 8 bytes inside of [ 26.614187] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.614670] [ 26.614772] The buggy address belongs to the physical page: [ 26.614993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.615307] flags: 0x200000000000000(node=0|zone=2) [ 26.615518] page_type: f5(slab) [ 26.616119] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.616605] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.617069] page dumped because: kasan: bad access detected [ 26.617461] [ 26.617747] Memory state around the buggy address: [ 26.618127] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.618421] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.618888] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.619451] ^ [ 26.619704] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.620324] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.620632] ================================================================== [ 26.684925] ================================================================== [ 26.685203] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.685515] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.685848] [ 26.685960] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.686018] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.686031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.686061] Call Trace: [ 26.686080] <TASK> [ 26.686099] dump_stack_lvl+0x73/0xb0 [ 26.686129] print_report+0xd1/0x610 [ 26.686151] ? __virt_addr_valid+0x1db/0x2d0 [ 26.686175] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.686200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.686226] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.686252] kasan_report+0x141/0x180 [ 26.686272] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.686303] kasan_check_range+0x10c/0x1c0 [ 26.686334] __kasan_check_write+0x18/0x20 [ 26.686356] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.686382] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.686408] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.686432] ? trace_hardirqs_on+0x37/0xe0 [ 26.686455] ? kasan_bitops_generic+0x92/0x1c0 [ 26.686481] kasan_bitops_generic+0x121/0x1c0 [ 26.686504] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.686528] ? __pfx_read_tsc+0x10/0x10 [ 26.686549] ? ktime_get_ts64+0x86/0x230 [ 26.686573] kunit_try_run_case+0x1a5/0x480 [ 26.686596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.686616] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.686640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.686673] ? __kthread_parkme+0x82/0x180 [ 26.686694] ? preempt_count_sub+0x50/0x80 [ 26.686718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.686739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.686777] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.686801] kthread+0x337/0x6f0 [ 26.686821] ? trace_preempt_on+0x20/0xc0 [ 26.686842] ? __pfx_kthread+0x10/0x10 [ 26.686863] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.686885] ? calculate_sigpending+0x7b/0xa0 [ 26.686909] ? __pfx_kthread+0x10/0x10 [ 26.686930] ret_from_fork+0x116/0x1d0 [ 26.686948] ? __pfx_kthread+0x10/0x10 [ 26.686969] ret_from_fork_asm+0x1a/0x30 [ 26.686999] </TASK> [ 26.687009] [ 26.695019] Allocated by task 310: [ 26.695171] kasan_save_stack+0x45/0x70 [ 26.695319] kasan_save_track+0x18/0x40 [ 26.695503] kasan_save_alloc_info+0x3b/0x50 [ 26.695712] __kasan_kmalloc+0xb7/0xc0 [ 26.695906] __kmalloc_cache_noprof+0x189/0x420 [ 26.696083] kasan_bitops_generic+0x92/0x1c0 [ 26.696271] kunit_try_run_case+0x1a5/0x480 [ 26.696450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.696679] kthread+0x337/0x6f0 [ 26.696815] ret_from_fork+0x116/0x1d0 [ 26.696997] ret_from_fork_asm+0x1a/0x30 [ 26.697175] [ 26.697261] The buggy address belongs to the object at ffff8881058422c0 [ 26.697261] which belongs to the cache kmalloc-16 of size 16 [ 26.697720] The buggy address is located 8 bytes inside of [ 26.697720] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.698165] [ 26.698233] The buggy address belongs to the physical page: [ 26.698398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.698632] flags: 0x200000000000000(node=0|zone=2) [ 26.698865] page_type: f5(slab) [ 26.699140] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.699474] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.699763] page dumped because: kasan: bad access detected [ 26.699926] [ 26.699987] Memory state around the buggy address: [ 26.700136] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.700432] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.700748] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.701058] ^ [ 26.701306] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.701625] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.701897] ================================================================== [ 26.702546] ================================================================== [ 26.703105] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.703601] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.703971] [ 26.704083] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.704138] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.704154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.704178] Call Trace: [ 26.704198] <TASK> [ 26.704217] dump_stack_lvl+0x73/0xb0 [ 26.704248] print_report+0xd1/0x610 [ 26.704269] ? __virt_addr_valid+0x1db/0x2d0 [ 26.704295] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.704321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.704346] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.704374] kasan_report+0x141/0x180 [ 26.704396] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.704427] kasan_check_range+0x10c/0x1c0 [ 26.704454] __kasan_check_write+0x18/0x20 [ 26.704479] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.704508] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.704535] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.704560] ? trace_hardirqs_on+0x37/0xe0 [ 26.704584] ? kasan_bitops_generic+0x92/0x1c0 [ 26.704610] kasan_bitops_generic+0x121/0x1c0 [ 26.704633] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.704666] ? __pfx_read_tsc+0x10/0x10 [ 26.704688] ? ktime_get_ts64+0x86/0x230 [ 26.704712] kunit_try_run_case+0x1a5/0x480 [ 26.704736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.704756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.704780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.704803] ? __kthread_parkme+0x82/0x180 [ 26.704825] ? preempt_count_sub+0x50/0x80 [ 26.704848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.704870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.704895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.704920] kthread+0x337/0x6f0 [ 26.704939] ? trace_preempt_on+0x20/0xc0 [ 26.704960] ? __pfx_kthread+0x10/0x10 [ 26.704981] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.705002] ? calculate_sigpending+0x7b/0xa0 [ 26.705026] ? __pfx_kthread+0x10/0x10 [ 26.705047] ret_from_fork+0x116/0x1d0 [ 26.705065] ? __pfx_kthread+0x10/0x10 [ 26.705086] ret_from_fork_asm+0x1a/0x30 [ 26.705117] </TASK> [ 26.705127] [ 26.713756] Allocated by task 310: [ 26.713954] kasan_save_stack+0x45/0x70 [ 26.714158] kasan_save_track+0x18/0x40 [ 26.714336] kasan_save_alloc_info+0x3b/0x50 [ 26.714532] __kasan_kmalloc+0xb7/0xc0 [ 26.715049] __kmalloc_cache_noprof+0x189/0x420 [ 26.715273] kasan_bitops_generic+0x92/0x1c0 [ 26.715680] kunit_try_run_case+0x1a5/0x480 [ 26.716002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.716254] kthread+0x337/0x6f0 [ 26.716409] ret_from_fork+0x116/0x1d0 [ 26.716579] ret_from_fork_asm+0x1a/0x30 [ 26.716792] [ 26.716880] The buggy address belongs to the object at ffff8881058422c0 [ 26.716880] which belongs to the cache kmalloc-16 of size 16 [ 26.717372] The buggy address is located 8 bytes inside of [ 26.717372] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.718325] [ 26.718408] The buggy address belongs to the physical page: [ 26.718745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.719339] flags: 0x200000000000000(node=0|zone=2) [ 26.719680] page_type: f5(slab) [ 26.719958] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.720458] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.721049] page dumped because: kasan: bad access detected [ 26.721405] [ 26.721504] Memory state around the buggy address: [ 26.721708] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.722292] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.722595] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.723090] ^ [ 26.723564] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724117] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.724410] ================================================================== [ 26.742682] ================================================================== [ 26.743447] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.743948] Read of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.744212] [ 26.744318] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.744371] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.744385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.744410] Call Trace: [ 26.744429] <TASK> [ 26.744448] dump_stack_lvl+0x73/0xb0 [ 26.744478] print_report+0xd1/0x610 [ 26.744500] ? __virt_addr_valid+0x1db/0x2d0 [ 26.744524] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.744550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.744577] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.744605] kasan_report+0x141/0x180 [ 26.744626] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.744669] __asan_report_load8_noabort+0x18/0x20 [ 26.744693] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.744720] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.744757] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.744782] ? trace_hardirqs_on+0x37/0xe0 [ 26.744805] ? kasan_bitops_generic+0x92/0x1c0 [ 26.744831] kasan_bitops_generic+0x121/0x1c0 [ 26.744854] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.744878] ? __pfx_read_tsc+0x10/0x10 [ 26.744899] ? ktime_get_ts64+0x86/0x230 [ 26.744924] kunit_try_run_case+0x1a5/0x480 [ 26.744947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.744967] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.744991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.745015] ? __kthread_parkme+0x82/0x180 [ 26.745036] ? preempt_count_sub+0x50/0x80 [ 26.745059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.745107] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.745132] kthread+0x337/0x6f0 [ 26.745151] ? trace_preempt_on+0x20/0xc0 [ 26.745173] ? __pfx_kthread+0x10/0x10 [ 26.745194] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.745215] ? calculate_sigpending+0x7b/0xa0 [ 26.745239] ? __pfx_kthread+0x10/0x10 [ 26.745261] ret_from_fork+0x116/0x1d0 [ 26.745278] ? __pfx_kthread+0x10/0x10 [ 26.745299] ret_from_fork_asm+0x1a/0x30 [ 26.745330] </TASK> [ 26.745341] [ 26.753067] Allocated by task 310: [ 26.753206] kasan_save_stack+0x45/0x70 [ 26.753409] kasan_save_track+0x18/0x40 [ 26.753595] kasan_save_alloc_info+0x3b/0x50 [ 26.753824] __kasan_kmalloc+0xb7/0xc0 [ 26.753978] __kmalloc_cache_noprof+0x189/0x420 [ 26.754134] kasan_bitops_generic+0x92/0x1c0 [ 26.754273] kunit_try_run_case+0x1a5/0x480 [ 26.754412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.754582] kthread+0x337/0x6f0 [ 26.754706] ret_from_fork+0x116/0x1d0 [ 26.754834] ret_from_fork_asm+0x1a/0x30 [ 26.754965] [ 26.755056] The buggy address belongs to the object at ffff8881058422c0 [ 26.755056] which belongs to the cache kmalloc-16 of size 16 [ 26.755641] The buggy address is located 8 bytes inside of [ 26.755641] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.756160] [ 26.756249] The buggy address belongs to the physical page: [ 26.756477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.756723] flags: 0x200000000000000(node=0|zone=2) [ 26.756894] page_type: f5(slab) [ 26.757014] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.757235] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.757451] page dumped because: kasan: bad access detected [ 26.757887] [ 26.757988] Memory state around the buggy address: [ 26.758210] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.758526] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.758849] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.759162] ^ [ 26.759414] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.759855] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.760207] ================================================================== [ 26.725001] ================================================================== [ 26.725306] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.725705] Read of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.725991] [ 26.726119] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.726173] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.726187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.726209] Call Trace: [ 26.726229] <TASK> [ 26.726250] dump_stack_lvl+0x73/0xb0 [ 26.726281] print_report+0xd1/0x610 [ 26.726302] ? __virt_addr_valid+0x1db/0x2d0 [ 26.726326] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.726352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.726378] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.726404] kasan_report+0x141/0x180 [ 26.726427] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.726457] kasan_check_range+0x10c/0x1c0 [ 26.726481] __kasan_check_read+0x15/0x20 [ 26.726503] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.726529] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.726557] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.726581] ? trace_hardirqs_on+0x37/0xe0 [ 26.726603] ? kasan_bitops_generic+0x92/0x1c0 [ 26.726629] kasan_bitops_generic+0x121/0x1c0 [ 26.726652] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.726687] ? __pfx_read_tsc+0x10/0x10 [ 26.726708] ? ktime_get_ts64+0x86/0x230 [ 26.726733] kunit_try_run_case+0x1a5/0x480 [ 26.726756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.726800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.726833] ? __kthread_parkme+0x82/0x180 [ 26.726854] ? preempt_count_sub+0x50/0x80 [ 26.726877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.726923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.726948] kthread+0x337/0x6f0 [ 26.726968] ? trace_preempt_on+0x20/0xc0 [ 26.726989] ? __pfx_kthread+0x10/0x10 [ 26.727010] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.727032] ? calculate_sigpending+0x7b/0xa0 [ 26.727056] ? __pfx_kthread+0x10/0x10 [ 26.727078] ret_from_fork+0x116/0x1d0 [ 26.727097] ? __pfx_kthread+0x10/0x10 [ 26.727117] ret_from_fork_asm+0x1a/0x30 [ 26.727148] </TASK> [ 26.727158] [ 26.735008] Allocated by task 310: [ 26.735196] kasan_save_stack+0x45/0x70 [ 26.735342] kasan_save_track+0x18/0x40 [ 26.735470] kasan_save_alloc_info+0x3b/0x50 [ 26.735611] __kasan_kmalloc+0xb7/0xc0 [ 26.735831] __kmalloc_cache_noprof+0x189/0x420 [ 26.736049] kasan_bitops_generic+0x92/0x1c0 [ 26.736251] kunit_try_run_case+0x1a5/0x480 [ 26.736452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.736696] kthread+0x337/0x6f0 [ 26.736848] ret_from_fork+0x116/0x1d0 [ 26.736995] ret_from_fork_asm+0x1a/0x30 [ 26.737188] [ 26.737279] The buggy address belongs to the object at ffff8881058422c0 [ 26.737279] which belongs to the cache kmalloc-16 of size 16 [ 26.737717] The buggy address is located 8 bytes inside of [ 26.737717] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.738212] [ 26.738294] The buggy address belongs to the physical page: [ 26.738503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.738746] flags: 0x200000000000000(node=0|zone=2) [ 26.738987] page_type: f5(slab) [ 26.739153] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.739441] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.739724] page dumped because: kasan: bad access detected [ 26.739972] [ 26.740060] Memory state around the buggy address: [ 26.740277] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.740551] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.740917] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.741174] ^ [ 26.741341] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.741547] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.741814] ================================================================== [ 26.667159] ================================================================== [ 26.667524] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.668053] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.668324] [ 26.668418] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.668473] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.668486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.668510] Call Trace: [ 26.668531] <TASK> [ 26.668551] dump_stack_lvl+0x73/0xb0 [ 26.668582] print_report+0xd1/0x610 [ 26.668605] ? __virt_addr_valid+0x1db/0x2d0 [ 26.668630] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.668668] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.668694] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.668720] kasan_report+0x141/0x180 [ 26.668741] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.668779] kasan_check_range+0x10c/0x1c0 [ 26.668801] __kasan_check_write+0x18/0x20 [ 26.668823] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.668851] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.668878] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.668903] ? trace_hardirqs_on+0x37/0xe0 [ 26.668926] ? kasan_bitops_generic+0x92/0x1c0 [ 26.668951] kasan_bitops_generic+0x121/0x1c0 [ 26.668974] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.668998] ? __pfx_read_tsc+0x10/0x10 [ 26.669019] ? ktime_get_ts64+0x86/0x230 [ 26.669043] kunit_try_run_case+0x1a5/0x480 [ 26.669066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.669086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.669111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.669134] ? __kthread_parkme+0x82/0x180 [ 26.669155] ? preempt_count_sub+0x50/0x80 [ 26.669178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.669200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.669224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.669249] kthread+0x337/0x6f0 [ 26.669268] ? trace_preempt_on+0x20/0xc0 [ 26.669290] ? __pfx_kthread+0x10/0x10 [ 26.669310] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.669332] ? calculate_sigpending+0x7b/0xa0 [ 26.669355] ? __pfx_kthread+0x10/0x10 [ 26.669376] ret_from_fork+0x116/0x1d0 [ 26.669394] ? __pfx_kthread+0x10/0x10 [ 26.669415] ret_from_fork_asm+0x1a/0x30 [ 26.669446] </TASK> [ 26.669458] [ 26.677030] Allocated by task 310: [ 26.677178] kasan_save_stack+0x45/0x70 [ 26.677340] kasan_save_track+0x18/0x40 [ 26.677527] kasan_save_alloc_info+0x3b/0x50 [ 26.677747] __kasan_kmalloc+0xb7/0xc0 [ 26.677933] __kmalloc_cache_noprof+0x189/0x420 [ 26.678153] kasan_bitops_generic+0x92/0x1c0 [ 26.678312] kunit_try_run_case+0x1a5/0x480 [ 26.678490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.678751] kthread+0x337/0x6f0 [ 26.678898] ret_from_fork+0x116/0x1d0 [ 26.679071] ret_from_fork_asm+0x1a/0x30 [ 26.679239] [ 26.679304] The buggy address belongs to the object at ffff8881058422c0 [ 26.679304] which belongs to the cache kmalloc-16 of size 16 [ 26.679652] The buggy address is located 8 bytes inside of [ 26.679652] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.680063] [ 26.680195] The buggy address belongs to the physical page: [ 26.680442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.680797] flags: 0x200000000000000(node=0|zone=2) [ 26.681025] page_type: f5(slab) [ 26.681195] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.681711] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.682104] page dumped because: kasan: bad access detected [ 26.682267] [ 26.682328] Memory state around the buggy address: [ 26.682477] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.682837] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.683152] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.683459] ^ [ 26.683691] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.684053] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.684320] ================================================================== [ 26.645311] ================================================================== [ 26.645643] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.646556] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.647137] [ 26.647258] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.647314] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.647328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.647352] Call Trace: [ 26.647373] <TASK> [ 26.647393] dump_stack_lvl+0x73/0xb0 [ 26.647429] print_report+0xd1/0x610 [ 26.647452] ? __virt_addr_valid+0x1db/0x2d0 [ 26.647476] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.647502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.647527] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.647554] kasan_report+0x141/0x180 [ 26.647576] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.647608] kasan_check_range+0x10c/0x1c0 [ 26.647631] __kasan_check_write+0x18/0x20 [ 26.647666] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.647693] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.647720] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.647761] ? trace_hardirqs_on+0x37/0xe0 [ 26.647784] ? kasan_bitops_generic+0x92/0x1c0 [ 26.647809] kasan_bitops_generic+0x121/0x1c0 [ 26.647832] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.647856] ? __pfx_read_tsc+0x10/0x10 [ 26.647878] ? ktime_get_ts64+0x86/0x230 [ 26.647902] kunit_try_run_case+0x1a5/0x480 [ 26.647926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.647949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.647974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.647998] ? __kthread_parkme+0x82/0x180 [ 26.648019] ? preempt_count_sub+0x50/0x80 [ 26.648043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.648064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.648089] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.648114] kthread+0x337/0x6f0 [ 26.648133] ? trace_preempt_on+0x20/0xc0 [ 26.648155] ? __pfx_kthread+0x10/0x10 [ 26.648176] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.648197] ? calculate_sigpending+0x7b/0xa0 [ 26.648220] ? __pfx_kthread+0x10/0x10 [ 26.648241] ret_from_fork+0x116/0x1d0 [ 26.648260] ? __pfx_kthread+0x10/0x10 [ 26.648280] ret_from_fork_asm+0x1a/0x30 [ 26.648311] </TASK> [ 26.648322] [ 26.658287] Allocated by task 310: [ 26.658692] kasan_save_stack+0x45/0x70 [ 26.659031] kasan_save_track+0x18/0x40 [ 26.659400] kasan_save_alloc_info+0x3b/0x50 [ 26.659728] __kasan_kmalloc+0xb7/0xc0 [ 26.660072] __kmalloc_cache_noprof+0x189/0x420 [ 26.660289] kasan_bitops_generic+0x92/0x1c0 [ 26.660476] kunit_try_run_case+0x1a5/0x480 [ 26.660652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.660840] kthread+0x337/0x6f0 [ 26.660960] ret_from_fork+0x116/0x1d0 [ 26.661152] ret_from_fork_asm+0x1a/0x30 [ 26.661347] [ 26.661436] The buggy address belongs to the object at ffff8881058422c0 [ 26.661436] which belongs to the cache kmalloc-16 of size 16 [ 26.662059] The buggy address is located 8 bytes inside of [ 26.662059] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.662520] [ 26.662606] The buggy address belongs to the physical page: [ 26.662848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.663150] flags: 0x200000000000000(node=0|zone=2) [ 26.663378] page_type: f5(slab) [ 26.663523] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.663901] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.664197] page dumped because: kasan: bad access detected [ 26.664361] [ 26.664422] Memory state around the buggy address: [ 26.664623] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.664944] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.665167] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.665370] ^ [ 26.665631] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.666126] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.666398] ================================================================== [ 26.621645] ================================================================== [ 26.622676] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.623067] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.623351] [ 26.623453] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.623509] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.623523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.623548] Call Trace: [ 26.623562] <TASK> [ 26.623582] dump_stack_lvl+0x73/0xb0 [ 26.623614] print_report+0xd1/0x610 [ 26.623637] ? __virt_addr_valid+0x1db/0x2d0 [ 26.623671] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.623697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.623723] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.624001] kasan_report+0x141/0x180 [ 26.624027] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.624072] kasan_check_range+0x10c/0x1c0 [ 26.624096] __kasan_check_write+0x18/0x20 [ 26.624323] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.624352] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.624381] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.624406] ? trace_hardirqs_on+0x37/0xe0 [ 26.624429] ? kasan_bitops_generic+0x92/0x1c0 [ 26.624457] kasan_bitops_generic+0x121/0x1c0 [ 26.624480] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.624504] ? __pfx_read_tsc+0x10/0x10 [ 26.624526] ? ktime_get_ts64+0x86/0x230 [ 26.624551] kunit_try_run_case+0x1a5/0x480 [ 26.624575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.624596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.624621] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.624645] ? __kthread_parkme+0x82/0x180 [ 26.624679] ? preempt_count_sub+0x50/0x80 [ 26.624702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.624723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.624759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.624783] kthread+0x337/0x6f0 [ 26.624803] ? trace_preempt_on+0x20/0xc0 [ 26.624825] ? __pfx_kthread+0x10/0x10 [ 26.624846] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.624867] ? calculate_sigpending+0x7b/0xa0 [ 26.624891] ? __pfx_kthread+0x10/0x10 [ 26.624912] ret_from_fork+0x116/0x1d0 [ 26.624930] ? __pfx_kthread+0x10/0x10 [ 26.624951] ret_from_fork_asm+0x1a/0x30 [ 26.625010] </TASK> [ 26.625021] [ 26.635384] Allocated by task 310: [ 26.635630] kasan_save_stack+0x45/0x70 [ 26.635857] kasan_save_track+0x18/0x40 [ 26.636077] kasan_save_alloc_info+0x3b/0x50 [ 26.636382] __kasan_kmalloc+0xb7/0xc0 [ 26.636528] __kmalloc_cache_noprof+0x189/0x420 [ 26.636739] kasan_bitops_generic+0x92/0x1c0 [ 26.636931] kunit_try_run_case+0x1a5/0x480 [ 26.637115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.637355] kthread+0x337/0x6f0 [ 26.637467] ret_from_fork+0x116/0x1d0 [ 26.637677] ret_from_fork_asm+0x1a/0x30 [ 26.637882] [ 26.637944] The buggy address belongs to the object at ffff8881058422c0 [ 26.637944] which belongs to the cache kmalloc-16 of size 16 [ 26.638688] The buggy address is located 8 bytes inside of [ 26.638688] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.639592] [ 26.639724] The buggy address belongs to the physical page: [ 26.640057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.640377] flags: 0x200000000000000(node=0|zone=2) [ 26.640589] page_type: f5(slab) [ 26.640738] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.641044] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.641341] page dumped because: kasan: bad access detected [ 26.641559] [ 26.641628] Memory state around the buggy address: [ 26.642371] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.642750] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.643095] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.643439] ^ [ 26.643624] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.644110] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.644492] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 26.529234] ================================================================== [ 26.529526] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.529916] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.530386] [ 26.530778] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.530837] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.530851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.530875] Call Trace: [ 26.530894] <TASK> [ 26.530915] dump_stack_lvl+0x73/0xb0 [ 26.530947] print_report+0xd1/0x610 [ 26.530970] ? __virt_addr_valid+0x1db/0x2d0 [ 26.530993] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.531017] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.531043] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.531068] kasan_report+0x141/0x180 [ 26.531088] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.531117] kasan_check_range+0x10c/0x1c0 [ 26.531140] __kasan_check_write+0x18/0x20 [ 26.531162] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.531187] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.531212] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.531236] ? trace_hardirqs_on+0x37/0xe0 [ 26.531258] ? kasan_bitops_generic+0x92/0x1c0 [ 26.531284] kasan_bitops_generic+0x116/0x1c0 [ 26.531307] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.531330] ? __pfx_read_tsc+0x10/0x10 [ 26.531352] ? ktime_get_ts64+0x86/0x230 [ 26.531376] kunit_try_run_case+0x1a5/0x480 [ 26.531399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.531418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.531443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.531465] ? __kthread_parkme+0x82/0x180 [ 26.531551] ? preempt_count_sub+0x50/0x80 [ 26.531575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.531597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.531623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.531648] kthread+0x337/0x6f0 [ 26.531679] ? trace_preempt_on+0x20/0xc0 [ 26.531701] ? __pfx_kthread+0x10/0x10 [ 26.531722] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.531744] ? calculate_sigpending+0x7b/0xa0 [ 26.531769] ? __pfx_kthread+0x10/0x10 [ 26.531791] ret_from_fork+0x116/0x1d0 [ 26.531810] ? __pfx_kthread+0x10/0x10 [ 26.531831] ret_from_fork_asm+0x1a/0x30 [ 26.531861] </TASK> [ 26.531872] [ 26.540306] Allocated by task 310: [ 26.540502] kasan_save_stack+0x45/0x70 [ 26.540702] kasan_save_track+0x18/0x40 [ 26.541043] kasan_save_alloc_info+0x3b/0x50 [ 26.541228] __kasan_kmalloc+0xb7/0xc0 [ 26.541398] __kmalloc_cache_noprof+0x189/0x420 [ 26.541597] kasan_bitops_generic+0x92/0x1c0 [ 26.541835] kunit_try_run_case+0x1a5/0x480 [ 26.542058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.542297] kthread+0x337/0x6f0 [ 26.542462] ret_from_fork+0x116/0x1d0 [ 26.542629] ret_from_fork_asm+0x1a/0x30 [ 26.542837] [ 26.542927] The buggy address belongs to the object at ffff8881058422c0 [ 26.542927] which belongs to the cache kmalloc-16 of size 16 [ 26.543379] The buggy address is located 8 bytes inside of [ 26.543379] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.544099] [ 26.544208] The buggy address belongs to the physical page: [ 26.544455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.544746] flags: 0x200000000000000(node=0|zone=2) [ 26.545075] page_type: f5(slab) [ 26.545366] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.545600] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.545831] page dumped because: kasan: bad access detected [ 26.545996] [ 26.546063] Memory state around the buggy address: [ 26.546384] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.546740] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.547383] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.547646] ^ [ 26.547830] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.548037] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.548464] ================================================================== [ 26.549220] ================================================================== [ 26.549533] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.549809] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.550357] [ 26.550477] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.550533] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.550547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.550570] Call Trace: [ 26.550590] <TASK> [ 26.550611] dump_stack_lvl+0x73/0xb0 [ 26.550642] print_report+0xd1/0x610 [ 26.550678] ? __virt_addr_valid+0x1db/0x2d0 [ 26.550702] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.550726] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.550752] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.550776] kasan_report+0x141/0x180 [ 26.550797] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.550826] kasan_check_range+0x10c/0x1c0 [ 26.550849] __kasan_check_write+0x18/0x20 [ 26.550871] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.550897] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.550921] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.550946] ? trace_hardirqs_on+0x37/0xe0 [ 26.550969] ? kasan_bitops_generic+0x92/0x1c0 [ 26.550995] kasan_bitops_generic+0x116/0x1c0 [ 26.551018] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.551043] ? __pfx_read_tsc+0x10/0x10 [ 26.551064] ? ktime_get_ts64+0x86/0x230 [ 26.551088] kunit_try_run_case+0x1a5/0x480 [ 26.551112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.551132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.551156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.551180] ? __kthread_parkme+0x82/0x180 [ 26.551201] ? preempt_count_sub+0x50/0x80 [ 26.551224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.551246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.551560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.551592] kthread+0x337/0x6f0 [ 26.551613] ? trace_preempt_on+0x20/0xc0 [ 26.551635] ? __pfx_kthread+0x10/0x10 [ 26.551669] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.551691] ? calculate_sigpending+0x7b/0xa0 [ 26.551716] ? __pfx_kthread+0x10/0x10 [ 26.551737] ret_from_fork+0x116/0x1d0 [ 26.551756] ? __pfx_kthread+0x10/0x10 [ 26.551777] ret_from_fork_asm+0x1a/0x30 [ 26.551810] </TASK> [ 26.551821] [ 26.561156] Allocated by task 310: [ 26.561318] kasan_save_stack+0x45/0x70 [ 26.561531] kasan_save_track+0x18/0x40 [ 26.561730] kasan_save_alloc_info+0x3b/0x50 [ 26.562059] __kasan_kmalloc+0xb7/0xc0 [ 26.562277] __kmalloc_cache_noprof+0x189/0x420 [ 26.562423] kasan_bitops_generic+0x92/0x1c0 [ 26.562561] kunit_try_run_case+0x1a5/0x480 [ 26.562709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.562929] kthread+0x337/0x6f0 [ 26.563093] ret_from_fork+0x116/0x1d0 [ 26.563318] ret_from_fork_asm+0x1a/0x30 [ 26.563524] [ 26.563742] The buggy address belongs to the object at ffff8881058422c0 [ 26.563742] which belongs to the cache kmalloc-16 of size 16 [ 26.564456] The buggy address is located 8 bytes inside of [ 26.564456] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.565107] [ 26.565208] The buggy address belongs to the physical page: [ 26.565403] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.565640] flags: 0x200000000000000(node=0|zone=2) [ 26.566010] page_type: f5(slab) [ 26.566207] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.566550] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.566882] page dumped because: kasan: bad access detected [ 26.567046] [ 26.567108] Memory state around the buggy address: [ 26.567264] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.567576] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.567965] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.568272] ^ [ 26.568487] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.568705] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.569213] ================================================================== [ 26.387642] ================================================================== [ 26.388294] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.388678] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.389081] [ 26.389188] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.389245] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.389259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.389286] Call Trace: [ 26.389301] <TASK> [ 26.389322] dump_stack_lvl+0x73/0xb0 [ 26.389358] print_report+0xd1/0x610 [ 26.389382] ? __virt_addr_valid+0x1db/0x2d0 [ 26.389408] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.389432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.389458] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.389483] kasan_report+0x141/0x180 [ 26.389505] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.389534] kasan_check_range+0x10c/0x1c0 [ 26.389558] __kasan_check_write+0x18/0x20 [ 26.389580] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.389604] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.389630] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.389668] ? trace_hardirqs_on+0x37/0xe0 [ 26.389692] ? kasan_bitops_generic+0x92/0x1c0 [ 26.389719] kasan_bitops_generic+0x116/0x1c0 [ 26.389742] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.389765] ? __pfx_read_tsc+0x10/0x10 [ 26.389789] ? ktime_get_ts64+0x86/0x230 [ 26.389815] kunit_try_run_case+0x1a5/0x480 [ 26.389840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.389861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.389886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.389910] ? __kthread_parkme+0x82/0x180 [ 26.390154] ? preempt_count_sub+0x50/0x80 [ 26.390183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.390205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.390231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.390256] kthread+0x337/0x6f0 [ 26.390276] ? trace_preempt_on+0x20/0xc0 [ 26.390298] ? __pfx_kthread+0x10/0x10 [ 26.390319] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.390341] ? calculate_sigpending+0x7b/0xa0 [ 26.390366] ? __pfx_kthread+0x10/0x10 [ 26.390387] ret_from_fork+0x116/0x1d0 [ 26.390407] ? __pfx_kthread+0x10/0x10 [ 26.390427] ret_from_fork_asm+0x1a/0x30 [ 26.390460] </TASK> [ 26.390472] [ 26.401578] Allocated by task 310: [ 26.401774] kasan_save_stack+0x45/0x70 [ 26.401982] kasan_save_track+0x18/0x40 [ 26.402241] kasan_save_alloc_info+0x3b/0x50 [ 26.402470] __kasan_kmalloc+0xb7/0xc0 [ 26.402638] __kmalloc_cache_noprof+0x189/0x420 [ 26.402870] kasan_bitops_generic+0x92/0x1c0 [ 26.403036] kunit_try_run_case+0x1a5/0x480 [ 26.403237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.403444] kthread+0x337/0x6f0 [ 26.403615] ret_from_fork+0x116/0x1d0 [ 26.403768] ret_from_fork_asm+0x1a/0x30 [ 26.403905] [ 26.403970] The buggy address belongs to the object at ffff8881058422c0 [ 26.403970] which belongs to the cache kmalloc-16 of size 16 [ 26.404380] The buggy address is located 8 bytes inside of [ 26.404380] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.405266] [ 26.405349] The buggy address belongs to the physical page: [ 26.405522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.406015] flags: 0x200000000000000(node=0|zone=2) [ 26.406270] page_type: f5(slab) [ 26.406439] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.406852] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.407171] page dumped because: kasan: bad access detected [ 26.407396] [ 26.407459] Memory state around the buggy address: [ 26.407683] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.408228] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.408493] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.408751] ^ [ 26.409104] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.409457] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.409716] ================================================================== [ 26.476601] ================================================================== [ 26.478520] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.479372] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.479819] [ 26.479935] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.479991] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.480005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.480028] Call Trace: [ 26.480049] <TASK> [ 26.480069] dump_stack_lvl+0x73/0xb0 [ 26.480370] print_report+0xd1/0x610 [ 26.480396] ? __virt_addr_valid+0x1db/0x2d0 [ 26.480421] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.480446] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.480471] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.480496] kasan_report+0x141/0x180 [ 26.480519] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.480548] kasan_check_range+0x10c/0x1c0 [ 26.480571] __kasan_check_write+0x18/0x20 [ 26.480593] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.480617] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.480643] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.480681] ? trace_hardirqs_on+0x37/0xe0 [ 26.480704] ? kasan_bitops_generic+0x92/0x1c0 [ 26.480730] kasan_bitops_generic+0x116/0x1c0 [ 26.480762] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.480786] ? __pfx_read_tsc+0x10/0x10 [ 26.480807] ? ktime_get_ts64+0x86/0x230 [ 26.480832] kunit_try_run_case+0x1a5/0x480 [ 26.480854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.480874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.480898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.480921] ? __kthread_parkme+0x82/0x180 [ 26.481210] ? preempt_count_sub+0x50/0x80 [ 26.481240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.481262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.481288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.481313] kthread+0x337/0x6f0 [ 26.481332] ? trace_preempt_on+0x20/0xc0 [ 26.481355] ? __pfx_kthread+0x10/0x10 [ 26.481377] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.481399] ? calculate_sigpending+0x7b/0xa0 [ 26.481423] ? __pfx_kthread+0x10/0x10 [ 26.481444] ret_from_fork+0x116/0x1d0 [ 26.481463] ? __pfx_kthread+0x10/0x10 [ 26.481483] ret_from_fork_asm+0x1a/0x30 [ 26.481513] </TASK> [ 26.481525] [ 26.493369] Allocated by task 310: [ 26.493533] kasan_save_stack+0x45/0x70 [ 26.493714] kasan_save_track+0x18/0x40 [ 26.494453] kasan_save_alloc_info+0x3b/0x50 [ 26.495096] __kasan_kmalloc+0xb7/0xc0 [ 26.495246] __kmalloc_cache_noprof+0x189/0x420 [ 26.495400] kasan_bitops_generic+0x92/0x1c0 [ 26.495544] kunit_try_run_case+0x1a5/0x480 [ 26.495700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.495875] kthread+0x337/0x6f0 [ 26.495991] ret_from_fork+0x116/0x1d0 [ 26.496250] ret_from_fork_asm+0x1a/0x30 [ 26.496446] [ 26.496538] The buggy address belongs to the object at ffff8881058422c0 [ 26.496538] which belongs to the cache kmalloc-16 of size 16 [ 26.497012] The buggy address is located 8 bytes inside of [ 26.497012] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.497911] [ 26.498295] The buggy address belongs to the physical page: [ 26.498508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.498930] flags: 0x200000000000000(node=0|zone=2) [ 26.499115] page_type: f5(slab) [ 26.499283] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.499612] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.499967] page dumped because: kasan: bad access detected [ 26.500135] [ 26.500198] Memory state around the buggy address: [ 26.500603] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.501000] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.501347] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.501707] ^ [ 26.502339] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.502797] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.503361] ================================================================== [ 26.410379] ================================================================== [ 26.410693] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.411290] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.411540] [ 26.411627] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.411695] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.411708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.411732] Call Trace: [ 26.411752] <TASK> [ 26.411771] dump_stack_lvl+0x73/0xb0 [ 26.411803] print_report+0xd1/0x610 [ 26.411826] ? __virt_addr_valid+0x1db/0x2d0 [ 26.411850] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.411875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.411913] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.411938] kasan_report+0x141/0x180 [ 26.411959] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.411989] kasan_check_range+0x10c/0x1c0 [ 26.412127] __kasan_check_write+0x18/0x20 [ 26.412152] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.412177] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.412204] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.412228] ? trace_hardirqs_on+0x37/0xe0 [ 26.412251] ? kasan_bitops_generic+0x92/0x1c0 [ 26.412278] kasan_bitops_generic+0x116/0x1c0 [ 26.412301] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.412325] ? __pfx_read_tsc+0x10/0x10 [ 26.412346] ? ktime_get_ts64+0x86/0x230 [ 26.412370] kunit_try_run_case+0x1a5/0x480 [ 26.412393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.412414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.412438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.412461] ? __kthread_parkme+0x82/0x180 [ 26.412483] ? preempt_count_sub+0x50/0x80 [ 26.412505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.412527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.412552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.412577] kthread+0x337/0x6f0 [ 26.412596] ? trace_preempt_on+0x20/0xc0 [ 26.412618] ? __pfx_kthread+0x10/0x10 [ 26.412638] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.412674] ? calculate_sigpending+0x7b/0xa0 [ 26.412697] ? __pfx_kthread+0x10/0x10 [ 26.412719] ret_from_fork+0x116/0x1d0 [ 26.412737] ? __pfx_kthread+0x10/0x10 [ 26.412765] ret_from_fork_asm+0x1a/0x30 [ 26.412796] </TASK> [ 26.412807] [ 26.425016] Allocated by task 310: [ 26.425609] kasan_save_stack+0x45/0x70 [ 26.425877] kasan_save_track+0x18/0x40 [ 26.426192] kasan_save_alloc_info+0x3b/0x50 [ 26.426356] __kasan_kmalloc+0xb7/0xc0 [ 26.426547] __kmalloc_cache_noprof+0x189/0x420 [ 26.426770] kasan_bitops_generic+0x92/0x1c0 [ 26.427280] kunit_try_run_case+0x1a5/0x480 [ 26.427494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.427923] kthread+0x337/0x6f0 [ 26.428258] ret_from_fork+0x116/0x1d0 [ 26.428456] ret_from_fork_asm+0x1a/0x30 [ 26.428932] [ 26.429017] The buggy address belongs to the object at ffff8881058422c0 [ 26.429017] which belongs to the cache kmalloc-16 of size 16 [ 26.429751] The buggy address is located 8 bytes inside of [ 26.429751] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.430626] [ 26.430737] The buggy address belongs to the physical page: [ 26.431132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.431537] flags: 0x200000000000000(node=0|zone=2) [ 26.431725] page_type: f5(slab) [ 26.431942] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.432520] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.432834] page dumped because: kasan: bad access detected [ 26.433118] [ 26.433204] Memory state around the buggy address: [ 26.433440] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.433707] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.434131] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.434906] ^ [ 26.435285] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.435680] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.436433] ================================================================== [ 26.437439] ================================================================== [ 26.437724] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.438080] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.438604] [ 26.438712] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.438768] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.438782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.438806] Call Trace: [ 26.438821] <TASK> [ 26.438841] dump_stack_lvl+0x73/0xb0 [ 26.438874] print_report+0xd1/0x610 [ 26.438898] ? __virt_addr_valid+0x1db/0x2d0 [ 26.438922] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.439046] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.439075] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.439099] kasan_report+0x141/0x180 [ 26.439121] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.439150] kasan_check_range+0x10c/0x1c0 [ 26.439173] __kasan_check_write+0x18/0x20 [ 26.439196] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.439221] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.439246] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.439270] ? trace_hardirqs_on+0x37/0xe0 [ 26.439294] ? kasan_bitops_generic+0x92/0x1c0 [ 26.439320] kasan_bitops_generic+0x116/0x1c0 [ 26.439343] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.439367] ? __pfx_read_tsc+0x10/0x10 [ 26.439389] ? ktime_get_ts64+0x86/0x230 [ 26.439414] kunit_try_run_case+0x1a5/0x480 [ 26.439437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.439482] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.439504] ? __kthread_parkme+0x82/0x180 [ 26.439526] ? preempt_count_sub+0x50/0x80 [ 26.439549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.439596] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.439621] kthread+0x337/0x6f0 [ 26.439640] ? trace_preempt_on+0x20/0xc0 [ 26.439677] ? __pfx_kthread+0x10/0x10 [ 26.439697] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.439719] ? calculate_sigpending+0x7b/0xa0 [ 26.439743] ? __pfx_kthread+0x10/0x10 [ 26.439764] ret_from_fork+0x116/0x1d0 [ 26.439783] ? __pfx_kthread+0x10/0x10 [ 26.439802] ret_from_fork_asm+0x1a/0x30 [ 26.439833] </TASK> [ 26.439844] [ 26.448296] Allocated by task 310: [ 26.448511] kasan_save_stack+0x45/0x70 [ 26.448746] kasan_save_track+0x18/0x40 [ 26.448914] kasan_save_alloc_info+0x3b/0x50 [ 26.449056] __kasan_kmalloc+0xb7/0xc0 [ 26.449299] __kmalloc_cache_noprof+0x189/0x420 [ 26.449539] kasan_bitops_generic+0x92/0x1c0 [ 26.449733] kunit_try_run_case+0x1a5/0x480 [ 26.449875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.450051] kthread+0x337/0x6f0 [ 26.450168] ret_from_fork+0x116/0x1d0 [ 26.450387] ret_from_fork_asm+0x1a/0x30 [ 26.450702] [ 26.450793] The buggy address belongs to the object at ffff8881058422c0 [ 26.450793] which belongs to the cache kmalloc-16 of size 16 [ 26.451360] The buggy address is located 8 bytes inside of [ 26.451360] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.451840] [ 26.451937] The buggy address belongs to the physical page: [ 26.452399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.452789] flags: 0x200000000000000(node=0|zone=2) [ 26.453078] page_type: f5(slab) [ 26.453207] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.453433] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.453818] page dumped because: kasan: bad access detected [ 26.454223] [ 26.454316] Memory state around the buggy address: [ 26.454537] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.455026] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.455245] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.455451] ^ [ 26.455718] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.456500] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.456734] ================================================================== [ 26.504168] ================================================================== [ 26.504836] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.505892] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.506634] [ 26.507027] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.507089] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.507126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.507150] Call Trace: [ 26.507170] <TASK> [ 26.507190] dump_stack_lvl+0x73/0xb0 [ 26.507229] print_report+0xd1/0x610 [ 26.507251] ? __virt_addr_valid+0x1db/0x2d0 [ 26.507275] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.507301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.507326] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.507350] kasan_report+0x141/0x180 [ 26.507371] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.507400] kasan_check_range+0x10c/0x1c0 [ 26.507423] __kasan_check_write+0x18/0x20 [ 26.507444] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.507469] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.507494] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.507518] ? trace_hardirqs_on+0x37/0xe0 [ 26.507540] ? kasan_bitops_generic+0x92/0x1c0 [ 26.507566] kasan_bitops_generic+0x116/0x1c0 [ 26.507589] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.507614] ? __pfx_read_tsc+0x10/0x10 [ 26.507635] ? ktime_get_ts64+0x86/0x230 [ 26.507672] kunit_try_run_case+0x1a5/0x480 [ 26.507695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.507715] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.507739] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.507762] ? __kthread_parkme+0x82/0x180 [ 26.507783] ? preempt_count_sub+0x50/0x80 [ 26.507806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.507828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.507853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.507877] kthread+0x337/0x6f0 [ 26.507897] ? trace_preempt_on+0x20/0xc0 [ 26.507918] ? __pfx_kthread+0x10/0x10 [ 26.507939] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.508016] ? calculate_sigpending+0x7b/0xa0 [ 26.508041] ? __pfx_kthread+0x10/0x10 [ 26.508063] ret_from_fork+0x116/0x1d0 [ 26.508081] ? __pfx_kthread+0x10/0x10 [ 26.508102] ret_from_fork_asm+0x1a/0x30 [ 26.508132] </TASK> [ 26.508144] [ 26.519236] Allocated by task 310: [ 26.519611] kasan_save_stack+0x45/0x70 [ 26.519877] kasan_save_track+0x18/0x40 [ 26.520280] kasan_save_alloc_info+0x3b/0x50 [ 26.520473] __kasan_kmalloc+0xb7/0xc0 [ 26.520597] __kmalloc_cache_noprof+0x189/0x420 [ 26.520752] kasan_bitops_generic+0x92/0x1c0 [ 26.520919] kunit_try_run_case+0x1a5/0x480 [ 26.521185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.521580] kthread+0x337/0x6f0 [ 26.521908] ret_from_fork+0x116/0x1d0 [ 26.522278] ret_from_fork_asm+0x1a/0x30 [ 26.522483] [ 26.522596] The buggy address belongs to the object at ffff8881058422c0 [ 26.522596] which belongs to the cache kmalloc-16 of size 16 [ 26.522982] The buggy address is located 8 bytes inside of [ 26.522982] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.523610] [ 26.523751] The buggy address belongs to the physical page: [ 26.524055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.524359] flags: 0x200000000000000(node=0|zone=2) [ 26.524686] page_type: f5(slab) [ 26.524871] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.525398] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.525756] page dumped because: kasan: bad access detected [ 26.526029] [ 26.526135] Memory state around the buggy address: [ 26.526559] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.526937] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.527296] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.527647] ^ [ 26.528036] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.528310] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.528624] ================================================================== [ 26.457407] ================================================================== [ 26.457729] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.457999] Write of size 8 at addr ffff8881058422c8 by task kunit_try_catch/310 [ 26.458383] [ 26.458496] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.458550] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.458563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.458587] Call Trace: [ 26.458606] <TASK> [ 26.458626] dump_stack_lvl+0x73/0xb0 [ 26.458669] print_report+0xd1/0x610 [ 26.458693] ? __virt_addr_valid+0x1db/0x2d0 [ 26.458718] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.458742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.458777] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.458801] kasan_report+0x141/0x180 [ 26.458822] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.458851] kasan_check_range+0x10c/0x1c0 [ 26.458873] __kasan_check_write+0x18/0x20 [ 26.458896] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.458922] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.458947] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.459016] ? trace_hardirqs_on+0x37/0xe0 [ 26.459041] ? kasan_bitops_generic+0x92/0x1c0 [ 26.459067] kasan_bitops_generic+0x116/0x1c0 [ 26.459090] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.459115] ? __pfx_read_tsc+0x10/0x10 [ 26.459136] ? ktime_get_ts64+0x86/0x230 [ 26.459160] kunit_try_run_case+0x1a5/0x480 [ 26.459183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.459203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.459227] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.459250] ? __kthread_parkme+0x82/0x180 [ 26.459271] ? preempt_count_sub+0x50/0x80 [ 26.459294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.459315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.459340] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.459365] kthread+0x337/0x6f0 [ 26.459385] ? trace_preempt_on+0x20/0xc0 [ 26.459406] ? __pfx_kthread+0x10/0x10 [ 26.459426] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.459448] ? calculate_sigpending+0x7b/0xa0 [ 26.459471] ? __pfx_kthread+0x10/0x10 [ 26.459492] ret_from_fork+0x116/0x1d0 [ 26.459510] ? __pfx_kthread+0x10/0x10 [ 26.459531] ret_from_fork_asm+0x1a/0x30 [ 26.459561] </TASK> [ 26.459573] [ 26.468446] Allocated by task 310: [ 26.468631] kasan_save_stack+0x45/0x70 [ 26.468879] kasan_save_track+0x18/0x40 [ 26.469146] kasan_save_alloc_info+0x3b/0x50 [ 26.469299] __kasan_kmalloc+0xb7/0xc0 [ 26.469424] __kmalloc_cache_noprof+0x189/0x420 [ 26.469626] kasan_bitops_generic+0x92/0x1c0 [ 26.469957] kunit_try_run_case+0x1a5/0x480 [ 26.470179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.470411] kthread+0x337/0x6f0 [ 26.470568] ret_from_fork+0x116/0x1d0 [ 26.470750] ret_from_fork_asm+0x1a/0x30 [ 26.471027] [ 26.471125] The buggy address belongs to the object at ffff8881058422c0 [ 26.471125] which belongs to the cache kmalloc-16 of size 16 [ 26.471545] The buggy address is located 8 bytes inside of [ 26.471545] allocated 9-byte region [ffff8881058422c0, ffff8881058422c9) [ 26.472442] [ 26.472529] The buggy address belongs to the physical page: [ 26.472745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 26.473065] flags: 0x200000000000000(node=0|zone=2) [ 26.473274] page_type: f5(slab) [ 26.473392] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.473616] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.473850] page dumped because: kasan: bad access detected [ 26.474202] [ 26.474302] Memory state around the buggy address: [ 26.474519] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.474951] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 26.475260] >ffff888105842280: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 26.475480] ^ [ 26.475649] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.475865] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.476070] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 26.361513] ================================================================== [ 26.361859] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 26.362391] Read of size 1 at addr ffff888103eba090 by task kunit_try_catch/308 [ 26.362734] [ 26.362837] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.362889] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.362903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.362929] Call Trace: [ 26.362949] <TASK> [ 26.362968] dump_stack_lvl+0x73/0xb0 [ 26.362997] print_report+0xd1/0x610 [ 26.363022] ? __virt_addr_valid+0x1db/0x2d0 [ 26.363045] ? strnlen+0x73/0x80 [ 26.363063] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.363089] ? strnlen+0x73/0x80 [ 26.363107] kasan_report+0x141/0x180 [ 26.363129] ? strnlen+0x73/0x80 [ 26.363151] __asan_report_load1_noabort+0x18/0x20 [ 26.363175] strnlen+0x73/0x80 [ 26.363195] kasan_strings+0x615/0xe80 [ 26.363215] ? trace_hardirqs_on+0x37/0xe0 [ 26.363240] ? __pfx_kasan_strings+0x10/0x10 [ 26.363259] ? finish_task_switch.isra.0+0x153/0x700 [ 26.363280] ? __switch_to+0x47/0xf80 [ 26.363306] ? __schedule+0x10cc/0x2b60 [ 26.363328] ? __pfx_read_tsc+0x10/0x10 [ 26.363348] ? ktime_get_ts64+0x86/0x230 [ 26.363373] kunit_try_run_case+0x1a5/0x480 [ 26.363395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.363415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.363438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.363461] ? __kthread_parkme+0x82/0x180 [ 26.363481] ? preempt_count_sub+0x50/0x80 [ 26.363503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.363525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.363549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.363574] kthread+0x337/0x6f0 [ 26.363594] ? trace_preempt_on+0x20/0xc0 [ 26.363615] ? __pfx_kthread+0x10/0x10 [ 26.363636] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.363668] ? calculate_sigpending+0x7b/0xa0 [ 26.363692] ? __pfx_kthread+0x10/0x10 [ 26.363713] ret_from_fork+0x116/0x1d0 [ 26.363732] ? __pfx_kthread+0x10/0x10 [ 26.363825] ret_from_fork_asm+0x1a/0x30 [ 26.363856] </TASK> [ 26.363867] [ 26.371711] Allocated by task 308: [ 26.371914] kasan_save_stack+0x45/0x70 [ 26.372098] kasan_save_track+0x18/0x40 [ 26.372238] kasan_save_alloc_info+0x3b/0x50 [ 26.372383] __kasan_kmalloc+0xb7/0xc0 [ 26.372509] __kmalloc_cache_noprof+0x189/0x420 [ 26.372668] kasan_strings+0xc0/0xe80 [ 26.372792] kunit_try_run_case+0x1a5/0x480 [ 26.372930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.373099] kthread+0x337/0x6f0 [ 26.373217] ret_from_fork+0x116/0x1d0 [ 26.373451] ret_from_fork_asm+0x1a/0x30 [ 26.373639] [ 26.373812] Freed by task 308: [ 26.373985] kasan_save_stack+0x45/0x70 [ 26.374441] kasan_save_track+0x18/0x40 [ 26.374625] kasan_save_free_info+0x3f/0x60 [ 26.374956] __kasan_slab_free+0x56/0x70 [ 26.375198] kfree+0x222/0x3f0 [ 26.375355] kasan_strings+0x2aa/0xe80 [ 26.375537] kunit_try_run_case+0x1a5/0x480 [ 26.375754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.375932] kthread+0x337/0x6f0 [ 26.376140] ret_from_fork+0x116/0x1d0 [ 26.376321] ret_from_fork_asm+0x1a/0x30 [ 26.376505] [ 26.376577] The buggy address belongs to the object at ffff888103eba080 [ 26.376577] which belongs to the cache kmalloc-32 of size 32 [ 26.377112] The buggy address is located 16 bytes inside of [ 26.377112] freed 32-byte region [ffff888103eba080, ffff888103eba0a0) [ 26.377516] [ 26.377584] The buggy address belongs to the physical page: [ 26.377775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 26.378287] flags: 0x200000000000000(node=0|zone=2) [ 26.378679] page_type: f5(slab) [ 26.378941] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.379517] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.379929] page dumped because: kasan: bad access detected [ 26.380114] [ 26.380178] Memory state around the buggy address: [ 26.380329] ffff888103eb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.380566] ffff888103eba000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.380888] >ffff888103eba080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.381203] ^ [ 26.381378] ffff888103eba100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.381688] ffff888103eba180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.382090] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 26.340871] ================================================================== [ 26.341401] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 26.341685] Read of size 1 at addr ffff888103eba090 by task kunit_try_catch/308 [ 26.342392] [ 26.342502] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.342555] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.342569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.342593] Call Trace: [ 26.342606] <TASK> [ 26.342627] dump_stack_lvl+0x73/0xb0 [ 26.342671] print_report+0xd1/0x610 [ 26.342696] ? __virt_addr_valid+0x1db/0x2d0 [ 26.342720] ? strlen+0x8f/0xb0 [ 26.342738] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.342763] ? strlen+0x8f/0xb0 [ 26.342781] kasan_report+0x141/0x180 [ 26.342803] ? strlen+0x8f/0xb0 [ 26.342842] __asan_report_load1_noabort+0x18/0x20 [ 26.342865] strlen+0x8f/0xb0 [ 26.342884] kasan_strings+0x57b/0xe80 [ 26.342904] ? trace_hardirqs_on+0x37/0xe0 [ 26.342927] ? __pfx_kasan_strings+0x10/0x10 [ 26.342946] ? finish_task_switch.isra.0+0x153/0x700 [ 26.342968] ? __switch_to+0x47/0xf80 [ 26.342993] ? __schedule+0x10cc/0x2b60 [ 26.343015] ? __pfx_read_tsc+0x10/0x10 [ 26.343037] ? ktime_get_ts64+0x86/0x230 [ 26.343061] kunit_try_run_case+0x1a5/0x480 [ 26.343084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.343104] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.343138] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.343161] ? __kthread_parkme+0x82/0x180 [ 26.343185] ? preempt_count_sub+0x50/0x80 [ 26.343207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.343228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.343253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.343277] kthread+0x337/0x6f0 [ 26.343297] ? trace_preempt_on+0x20/0xc0 [ 26.343318] ? __pfx_kthread+0x10/0x10 [ 26.343338] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.343359] ? calculate_sigpending+0x7b/0xa0 [ 26.343382] ? __pfx_kthread+0x10/0x10 [ 26.343404] ret_from_fork+0x116/0x1d0 [ 26.343422] ? __pfx_kthread+0x10/0x10 [ 26.343442] ret_from_fork_asm+0x1a/0x30 [ 26.343472] </TASK> [ 26.343484] [ 26.350917] Allocated by task 308: [ 26.351120] kasan_save_stack+0x45/0x70 [ 26.351332] kasan_save_track+0x18/0x40 [ 26.351527] kasan_save_alloc_info+0x3b/0x50 [ 26.351743] __kasan_kmalloc+0xb7/0xc0 [ 26.351908] __kmalloc_cache_noprof+0x189/0x420 [ 26.352080] kasan_strings+0xc0/0xe80 [ 26.352205] kunit_try_run_case+0x1a5/0x480 [ 26.352343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.352556] kthread+0x337/0x6f0 [ 26.352793] ret_from_fork+0x116/0x1d0 [ 26.352982] ret_from_fork_asm+0x1a/0x30 [ 26.353176] [ 26.353262] Freed by task 308: [ 26.353519] kasan_save_stack+0x45/0x70 [ 26.353776] kasan_save_track+0x18/0x40 [ 26.353905] kasan_save_free_info+0x3f/0x60 [ 26.354230] __kasan_slab_free+0x56/0x70 [ 26.354373] kfree+0x222/0x3f0 [ 26.354822] kasan_strings+0x2aa/0xe80 [ 26.355034] kunit_try_run_case+0x1a5/0x480 [ 26.355220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.355422] kthread+0x337/0x6f0 [ 26.355537] ret_from_fork+0x116/0x1d0 [ 26.355739] ret_from_fork_asm+0x1a/0x30 [ 26.355958] [ 26.356049] The buggy address belongs to the object at ffff888103eba080 [ 26.356049] which belongs to the cache kmalloc-32 of size 32 [ 26.356533] The buggy address is located 16 bytes inside of [ 26.356533] freed 32-byte region [ffff888103eba080, ffff888103eba0a0) [ 26.356978] [ 26.357161] The buggy address belongs to the physical page: [ 26.357371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 26.357671] flags: 0x200000000000000(node=0|zone=2) [ 26.358053] page_type: f5(slab) [ 26.358202] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.358427] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.358646] page dumped because: kasan: bad access detected [ 26.358871] [ 26.358959] Memory state around the buggy address: [ 26.359176] ffff888103eb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.359487] ffff888103eba000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.359805] >ffff888103eba080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.360131] ^ [ 26.360253] ffff888103eba100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.360458] ffff888103eba180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.360977] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 26.307204] ================================================================== [ 26.307566] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 26.308357] Read of size 1 at addr ffff888103eba090 by task kunit_try_catch/308 [ 26.308786] [ 26.309187] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.309253] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.309269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.309293] Call Trace: [ 26.309313] <TASK> [ 26.309334] dump_stack_lvl+0x73/0xb0 [ 26.309369] print_report+0xd1/0x610 [ 26.309393] ? __virt_addr_valid+0x1db/0x2d0 [ 26.309417] ? kasan_strings+0xcbc/0xe80 [ 26.309438] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.309463] ? kasan_strings+0xcbc/0xe80 [ 26.309484] kasan_report+0x141/0x180 [ 26.309505] ? kasan_strings+0xcbc/0xe80 [ 26.309530] __asan_report_load1_noabort+0x18/0x20 [ 26.309553] kasan_strings+0xcbc/0xe80 [ 26.309571] ? trace_hardirqs_on+0x37/0xe0 [ 26.309594] ? __pfx_kasan_strings+0x10/0x10 [ 26.309613] ? finish_task_switch.isra.0+0x153/0x700 [ 26.309636] ? __switch_to+0x47/0xf80 [ 26.309674] ? __schedule+0x10cc/0x2b60 [ 26.309697] ? __pfx_read_tsc+0x10/0x10 [ 26.309718] ? ktime_get_ts64+0x86/0x230 [ 26.309743] kunit_try_run_case+0x1a5/0x480 [ 26.309765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.309785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.309808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.309831] ? __kthread_parkme+0x82/0x180 [ 26.309851] ? preempt_count_sub+0x50/0x80 [ 26.309873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.309894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.309918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.309998] kthread+0x337/0x6f0 [ 26.310020] ? trace_preempt_on+0x20/0xc0 [ 26.310047] ? __pfx_kthread+0x10/0x10 [ 26.310067] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.310088] ? calculate_sigpending+0x7b/0xa0 [ 26.310112] ? __pfx_kthread+0x10/0x10 [ 26.310133] ret_from_fork+0x116/0x1d0 [ 26.310154] ? __pfx_kthread+0x10/0x10 [ 26.310175] ret_from_fork_asm+0x1a/0x30 [ 26.310207] </TASK> [ 26.310218] [ 26.322781] Allocated by task 308: [ 26.322950] kasan_save_stack+0x45/0x70 [ 26.323112] kasan_save_track+0x18/0x40 [ 26.323245] kasan_save_alloc_info+0x3b/0x50 [ 26.323391] __kasan_kmalloc+0xb7/0xc0 [ 26.323518] __kmalloc_cache_noprof+0x189/0x420 [ 26.323683] kasan_strings+0xc0/0xe80 [ 26.323809] kunit_try_run_case+0x1a5/0x480 [ 26.323949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.324117] kthread+0x337/0x6f0 [ 26.326050] ret_from_fork+0x116/0x1d0 [ 26.326421] ret_from_fork_asm+0x1a/0x30 [ 26.327004] [ 26.327168] Freed by task 308: [ 26.327439] kasan_save_stack+0x45/0x70 [ 26.327812] kasan_save_track+0x18/0x40 [ 26.328201] kasan_save_free_info+0x3f/0x60 [ 26.329405] __kasan_slab_free+0x56/0x70 [ 26.330559] kfree+0x222/0x3f0 [ 26.330886] kasan_strings+0x2aa/0xe80 [ 26.331638] kunit_try_run_case+0x1a5/0x480 [ 26.332019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.332467] kthread+0x337/0x6f0 [ 26.332850] ret_from_fork+0x116/0x1d0 [ 26.333228] ret_from_fork_asm+0x1a/0x30 [ 26.333574] [ 26.333746] The buggy address belongs to the object at ffff888103eba080 [ 26.333746] which belongs to the cache kmalloc-32 of size 32 [ 26.334310] The buggy address is located 16 bytes inside of [ 26.334310] freed 32-byte region [ffff888103eba080, ffff888103eba0a0) [ 26.334644] [ 26.334839] The buggy address belongs to the physical page: [ 26.335090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 26.335319] flags: 0x200000000000000(node=0|zone=2) [ 26.335971] page_type: f5(slab) [ 26.336206] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.336517] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.336893] page dumped because: kasan: bad access detected [ 26.337126] [ 26.337205] Memory state around the buggy address: [ 26.337426] ffff888103eb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.337757] ffff888103eba000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.338093] >ffff888103eba080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.338416] ^ [ 26.338600] ffff888103eba100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.338936] ffff888103eba180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.339183] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 26.271380] ================================================================== [ 26.273322] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 26.274275] Read of size 1 at addr ffff888103eba090 by task kunit_try_catch/308 [ 26.274641] [ 26.274898] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.274987] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.275006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.275037] Call Trace: [ 26.275053] <TASK> [ 26.275073] dump_stack_lvl+0x73/0xb0 [ 26.275110] print_report+0xd1/0x610 [ 26.275135] ? __virt_addr_valid+0x1db/0x2d0 [ 26.275160] ? strcmp+0xb0/0xc0 [ 26.275178] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.275203] ? strcmp+0xb0/0xc0 [ 26.275222] kasan_report+0x141/0x180 [ 26.275242] ? strcmp+0xb0/0xc0 [ 26.275264] __asan_report_load1_noabort+0x18/0x20 [ 26.275287] strcmp+0xb0/0xc0 [ 26.275306] kasan_strings+0x431/0xe80 [ 26.275325] ? trace_hardirqs_on+0x37/0xe0 [ 26.275348] ? __pfx_kasan_strings+0x10/0x10 [ 26.275367] ? finish_task_switch.isra.0+0x153/0x700 [ 26.275389] ? __switch_to+0x47/0xf80 [ 26.275414] ? __schedule+0x10cc/0x2b60 [ 26.275437] ? __pfx_read_tsc+0x10/0x10 [ 26.275458] ? ktime_get_ts64+0x86/0x230 [ 26.275482] kunit_try_run_case+0x1a5/0x480 [ 26.275506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.275526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.275548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.275572] ? __kthread_parkme+0x82/0x180 [ 26.275593] ? preempt_count_sub+0x50/0x80 [ 26.275616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.275638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.275672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.275696] kthread+0x337/0x6f0 [ 26.275716] ? trace_preempt_on+0x20/0xc0 [ 26.275743] ? __pfx_kthread+0x10/0x10 [ 26.275764] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.275785] ? calculate_sigpending+0x7b/0xa0 [ 26.275809] ? __pfx_kthread+0x10/0x10 [ 26.275830] ret_from_fork+0x116/0x1d0 [ 26.275848] ? __pfx_kthread+0x10/0x10 [ 26.275869] ret_from_fork_asm+0x1a/0x30 [ 26.275899] </TASK> [ 26.275911] [ 26.290621] Allocated by task 308: [ 26.290956] kasan_save_stack+0x45/0x70 [ 26.291172] kasan_save_track+0x18/0x40 [ 26.291348] kasan_save_alloc_info+0x3b/0x50 [ 26.291547] __kasan_kmalloc+0xb7/0xc0 [ 26.292355] __kmalloc_cache_noprof+0x189/0x420 [ 26.292618] kasan_strings+0xc0/0xe80 [ 26.292812] kunit_try_run_case+0x1a5/0x480 [ 26.293221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.293475] kthread+0x337/0x6f0 [ 26.293644] ret_from_fork+0x116/0x1d0 [ 26.294263] ret_from_fork_asm+0x1a/0x30 [ 26.294449] [ 26.294539] Freed by task 308: [ 26.295248] kasan_save_stack+0x45/0x70 [ 26.295564] kasan_save_track+0x18/0x40 [ 26.295715] kasan_save_free_info+0x3f/0x60 [ 26.296122] __kasan_slab_free+0x56/0x70 [ 26.296304] kfree+0x222/0x3f0 [ 26.296629] kasan_strings+0x2aa/0xe80 [ 26.296845] kunit_try_run_case+0x1a5/0x480 [ 26.297258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.297605] kthread+0x337/0x6f0 [ 26.297761] ret_from_fork+0x116/0x1d0 [ 26.298167] ret_from_fork_asm+0x1a/0x30 [ 26.298523] [ 26.298621] The buggy address belongs to the object at ffff888103eba080 [ 26.298621] which belongs to the cache kmalloc-32 of size 32 [ 26.299457] The buggy address is located 16 bytes inside of [ 26.299457] freed 32-byte region [ffff888103eba080, ffff888103eba0a0) [ 26.300133] [ 26.300229] The buggy address belongs to the physical page: [ 26.300440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 26.300831] flags: 0x200000000000000(node=0|zone=2) [ 26.301702] page_type: f5(slab) [ 26.301927] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.302405] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.302741] page dumped because: kasan: bad access detected [ 26.303392] [ 26.303482] Memory state around the buggy address: [ 26.303820] ffff888103eb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.304131] ffff888103eba000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.304473] >ffff888103eba080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.305286] ^ [ 26.305452] ffff888103eba100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.305948] ffff888103eba180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.306413] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 26.234472] ================================================================== [ 26.235029] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 26.235344] Read of size 1 at addr ffff888103eba018 by task kunit_try_catch/306 [ 26.235670] [ 26.235798] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.235886] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.235901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.235937] Call Trace: [ 26.235949] <TASK> [ 26.235968] dump_stack_lvl+0x73/0xb0 [ 26.236000] print_report+0xd1/0x610 [ 26.236043] ? __virt_addr_valid+0x1db/0x2d0 [ 26.236088] ? memcmp+0x1b4/0x1d0 [ 26.236106] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.236161] ? memcmp+0x1b4/0x1d0 [ 26.236180] kasan_report+0x141/0x180 [ 26.236218] ? memcmp+0x1b4/0x1d0 [ 26.236247] __asan_report_load1_noabort+0x18/0x20 [ 26.236271] memcmp+0x1b4/0x1d0 [ 26.236290] kasan_memcmp+0x18f/0x390 [ 26.236310] ? trace_hardirqs_on+0x37/0xe0 [ 26.236333] ? __pfx_kasan_memcmp+0x10/0x10 [ 26.236352] ? finish_task_switch.isra.0+0x153/0x700 [ 26.236374] ? __switch_to+0x47/0xf80 [ 26.236402] ? __pfx_read_tsc+0x10/0x10 [ 26.236424] ? ktime_get_ts64+0x86/0x230 [ 26.236457] kunit_try_run_case+0x1a5/0x480 [ 26.236480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.236500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.236524] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.236547] ? __kthread_parkme+0x82/0x180 [ 26.236593] ? preempt_count_sub+0x50/0x80 [ 26.236615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.236636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.236694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.236719] kthread+0x337/0x6f0 [ 26.236738] ? trace_preempt_on+0x20/0xc0 [ 26.236779] ? __pfx_kthread+0x10/0x10 [ 26.236799] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.236820] ? calculate_sigpending+0x7b/0xa0 [ 26.236844] ? __pfx_kthread+0x10/0x10 [ 26.236866] ret_from_fork+0x116/0x1d0 [ 26.236885] ? __pfx_kthread+0x10/0x10 [ 26.236905] ret_from_fork_asm+0x1a/0x30 [ 26.236935] </TASK> [ 26.237009] [ 26.249062] Allocated by task 306: [ 26.249481] kasan_save_stack+0x45/0x70 [ 26.249701] kasan_save_track+0x18/0x40 [ 26.250037] kasan_save_alloc_info+0x3b/0x50 [ 26.250233] __kasan_kmalloc+0xb7/0xc0 [ 26.250398] __kmalloc_cache_noprof+0x189/0x420 [ 26.250597] kasan_memcmp+0xb7/0x390 [ 26.251354] kunit_try_run_case+0x1a5/0x480 [ 26.251739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.252448] kthread+0x337/0x6f0 [ 26.252811] ret_from_fork+0x116/0x1d0 [ 26.253053] ret_from_fork_asm+0x1a/0x30 [ 26.253235] [ 26.253321] The buggy address belongs to the object at ffff888103eba000 [ 26.253321] which belongs to the cache kmalloc-32 of size 32 [ 26.253903] The buggy address is located 0 bytes to the right of [ 26.253903] allocated 24-byte region [ffff888103eba000, ffff888103eba018) [ 26.254408] [ 26.254495] The buggy address belongs to the physical page: [ 26.255318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eba [ 26.255785] flags: 0x200000000000000(node=0|zone=2) [ 26.256411] page_type: f5(slab) [ 26.256634] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.257585] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.258369] page dumped because: kasan: bad access detected [ 26.258708] [ 26.259041] Memory state around the buggy address: [ 26.259265] ffff888103eb9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.259550] ffff888103eb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.260279] >ffff888103eba000: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.260726] ^ [ 26.261082] ffff888103eba080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.261378] ffff888103eba100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.261668] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 24.369147] ================================================================== [ 24.369536] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 24.369790] Write of size 4 at addr ffff888105919075 by task kunit_try_catch/223 [ 24.370007] [ 24.370098] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.370150] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.370162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.370185] Call Trace: [ 24.370196] <TASK> [ 24.370214] dump_stack_lvl+0x73/0xb0 [ 24.370245] print_report+0xd1/0x610 [ 24.370267] ? __virt_addr_valid+0x1db/0x2d0 [ 24.370290] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.370333] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370353] kasan_report+0x141/0x180 [ 24.370373] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370398] kasan_check_range+0x10c/0x1c0 [ 24.370419] __asan_memset+0x27/0x50 [ 24.370441] kmalloc_oob_memset_4+0x166/0x330 [ 24.370462] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 24.370482] ? __schedule+0x10cc/0x2b60 [ 24.370505] ? __pfx_read_tsc+0x10/0x10 [ 24.370525] ? ktime_get_ts64+0x86/0x230 [ 24.370548] kunit_try_run_case+0x1a5/0x480 [ 24.370570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.370589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.370611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.370633] ? __kthread_parkme+0x82/0x180 [ 24.370653] ? preempt_count_sub+0x50/0x80 [ 24.370746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.370767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.370792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.370816] kthread+0x337/0x6f0 [ 24.370835] ? trace_preempt_on+0x20/0xc0 [ 24.370858] ? __pfx_kthread+0x10/0x10 [ 24.370877] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.370898] ? calculate_sigpending+0x7b/0xa0 [ 24.371012] ? __pfx_kthread+0x10/0x10 [ 24.371053] ret_from_fork+0x116/0x1d0 [ 24.371072] ? __pfx_kthread+0x10/0x10 [ 24.371091] ret_from_fork_asm+0x1a/0x30 [ 24.371146] </TASK> [ 24.371157] [ 24.383989] Allocated by task 223: [ 24.384393] kasan_save_stack+0x45/0x70 [ 24.384831] kasan_save_track+0x18/0x40 [ 24.385233] kasan_save_alloc_info+0x3b/0x50 [ 24.385626] __kasan_kmalloc+0xb7/0xc0 [ 24.386049] __kmalloc_cache_noprof+0x189/0x420 [ 24.386463] kmalloc_oob_memset_4+0xac/0x330 [ 24.386987] kunit_try_run_case+0x1a5/0x480 [ 24.387362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.387890] kthread+0x337/0x6f0 [ 24.388234] ret_from_fork+0x116/0x1d0 [ 24.388626] ret_from_fork_asm+0x1a/0x30 [ 24.389094] [ 24.389257] The buggy address belongs to the object at ffff888105919000 [ 24.389257] which belongs to the cache kmalloc-128 of size 128 [ 24.390759] The buggy address is located 117 bytes inside of [ 24.390759] allocated 120-byte region [ffff888105919000, ffff888105919078) [ 24.392132] [ 24.392329] The buggy address belongs to the physical page: [ 24.392974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.393817] flags: 0x200000000000000(node=0|zone=2) [ 24.394309] page_type: f5(slab) [ 24.394646] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.395468] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.396115] page dumped because: kasan: bad access detected [ 24.396435] [ 24.396498] Memory state around the buggy address: [ 24.396648] ffff888105918f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.396908] ffff888105918f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.397517] >ffff888105919000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.398333] ^ [ 24.398845] ffff888105919080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.399359] ffff888105919100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.399837] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 24.342252] ================================================================== [ 24.342637] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 24.343039] Write of size 2 at addr ffff888103e99177 by task kunit_try_catch/221 [ 24.343497] [ 24.343676] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.343758] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.343772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.343796] Call Trace: [ 24.343810] <TASK> [ 24.343829] dump_stack_lvl+0x73/0xb0 [ 24.343864] print_report+0xd1/0x610 [ 24.343887] ? __virt_addr_valid+0x1db/0x2d0 [ 24.343911] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.343971] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.344021] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.344042] kasan_report+0x141/0x180 [ 24.344063] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.344100] kasan_check_range+0x10c/0x1c0 [ 24.344123] __asan_memset+0x27/0x50 [ 24.344146] kmalloc_oob_memset_2+0x166/0x330 [ 24.344167] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 24.344189] ? __schedule+0x10cc/0x2b60 [ 24.344213] ? __pfx_read_tsc+0x10/0x10 [ 24.344235] ? ktime_get_ts64+0x86/0x230 [ 24.344261] kunit_try_run_case+0x1a5/0x480 [ 24.344284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.344304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.344327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.344350] ? __kthread_parkme+0x82/0x180 [ 24.344371] ? preempt_count_sub+0x50/0x80 [ 24.344395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.344416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.344440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.344465] kthread+0x337/0x6f0 [ 24.344485] ? trace_preempt_on+0x20/0xc0 [ 24.344509] ? __pfx_kthread+0x10/0x10 [ 24.344529] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.344550] ? calculate_sigpending+0x7b/0xa0 [ 24.344576] ? __pfx_kthread+0x10/0x10 [ 24.344597] ret_from_fork+0x116/0x1d0 [ 24.344616] ? __pfx_kthread+0x10/0x10 [ 24.344637] ret_from_fork_asm+0x1a/0x30 [ 24.344675] </TASK> [ 24.344687] [ 24.355241] Allocated by task 221: [ 24.355447] kasan_save_stack+0x45/0x70 [ 24.355666] kasan_save_track+0x18/0x40 [ 24.355808] kasan_save_alloc_info+0x3b/0x50 [ 24.356016] __kasan_kmalloc+0xb7/0xc0 [ 24.356292] __kmalloc_cache_noprof+0x189/0x420 [ 24.356482] kmalloc_oob_memset_2+0xac/0x330 [ 24.356669] kunit_try_run_case+0x1a5/0x480 [ 24.356850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.357158] kthread+0x337/0x6f0 [ 24.357439] ret_from_fork+0x116/0x1d0 [ 24.357673] ret_from_fork_asm+0x1a/0x30 [ 24.357886] [ 24.357955] The buggy address belongs to the object at ffff888103e99100 [ 24.357955] which belongs to the cache kmalloc-128 of size 128 [ 24.358543] The buggy address is located 119 bytes inside of [ 24.358543] allocated 120-byte region [ffff888103e99100, ffff888103e99178) [ 24.359082] [ 24.359153] The buggy address belongs to the physical page: [ 24.359319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e99 [ 24.360053] flags: 0x200000000000000(node=0|zone=2) [ 24.360298] page_type: f5(slab) [ 24.360569] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.361760] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.362092] page dumped because: kasan: bad access detected [ 24.362466] [ 24.362565] Memory state around the buggy address: [ 24.363033] ffff888103e99000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.363461] ffff888103e99080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.363766] >ffff888103e99100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.364314] ^ [ 24.364700] ffff888103e99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.365081] ffff888103e99200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.365558] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 24.309253] ================================================================== [ 24.310603] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.311692] Write of size 128 at addr ffff888105865f00 by task kunit_try_catch/219 [ 24.312579] [ 24.312928] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.313027] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.313051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.313075] Call Trace: [ 24.313170] <TASK> [ 24.313193] dump_stack_lvl+0x73/0xb0 [ 24.313232] print_report+0xd1/0x610 [ 24.313256] ? __virt_addr_valid+0x1db/0x2d0 [ 24.313282] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.313303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.313328] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.313351] kasan_report+0x141/0x180 [ 24.313372] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.313398] kasan_check_range+0x10c/0x1c0 [ 24.313420] __asan_memset+0x27/0x50 [ 24.313442] kmalloc_oob_in_memset+0x15f/0x320 [ 24.313463] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.313485] ? __schedule+0x10cc/0x2b60 [ 24.313509] ? __pfx_read_tsc+0x10/0x10 [ 24.313531] ? ktime_get_ts64+0x86/0x230 [ 24.313558] kunit_try_run_case+0x1a5/0x480 [ 24.313582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.313602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.313624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.313647] ? __kthread_parkme+0x82/0x180 [ 24.313682] ? preempt_count_sub+0x50/0x80 [ 24.313706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.313727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.313760] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.313785] kthread+0x337/0x6f0 [ 24.313804] ? trace_preempt_on+0x20/0xc0 [ 24.313829] ? __pfx_kthread+0x10/0x10 [ 24.313849] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.313870] ? calculate_sigpending+0x7b/0xa0 [ 24.313894] ? __pfx_kthread+0x10/0x10 [ 24.313915] ret_from_fork+0x116/0x1d0 [ 24.313934] ? __pfx_kthread+0x10/0x10 [ 24.313963] ret_from_fork_asm+0x1a/0x30 [ 24.313995] </TASK> [ 24.314006] [ 24.328563] Allocated by task 219: [ 24.329001] kasan_save_stack+0x45/0x70 [ 24.329307] kasan_save_track+0x18/0x40 [ 24.329472] kasan_save_alloc_info+0x3b/0x50 [ 24.329671] __kasan_kmalloc+0xb7/0xc0 [ 24.329809] __kmalloc_cache_noprof+0x189/0x420 [ 24.330006] kmalloc_oob_in_memset+0xac/0x320 [ 24.330564] kunit_try_run_case+0x1a5/0x480 [ 24.330864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.331233] kthread+0x337/0x6f0 [ 24.331362] ret_from_fork+0x116/0x1d0 [ 24.331694] ret_from_fork_asm+0x1a/0x30 [ 24.331936] [ 24.332183] The buggy address belongs to the object at ffff888105865f00 [ 24.332183] which belongs to the cache kmalloc-128 of size 128 [ 24.332631] The buggy address is located 0 bytes inside of [ 24.332631] allocated 120-byte region [ffff888105865f00, ffff888105865f78) [ 24.333391] [ 24.333568] The buggy address belongs to the physical page: [ 24.333803] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 24.334238] flags: 0x200000000000000(node=0|zone=2) [ 24.334473] page_type: f5(slab) [ 24.334631] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.335197] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.335512] page dumped because: kasan: bad access detected [ 24.335749] [ 24.335826] Memory state around the buggy address: [ 24.336026] ffff888105865e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.336586] ffff888105865e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.337034] >ffff888105865f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.337374] ^ [ 24.337925] ffff888105865f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.338402] ffff888105866000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.338816] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 61.429165] ================================================================== [ 61.429568] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 61.429568] [ 61.430026] Use-after-free read at 0x(____ptrval____) (in kfence-#164): [ 61.430340] test_krealloc+0x6fc/0xbe0 [ 61.430509] kunit_try_run_case+0x1a5/0x480 [ 61.430836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.431011] kthread+0x337/0x6f0 [ 61.431129] ret_from_fork+0x116/0x1d0 [ 61.431294] ret_from_fork_asm+0x1a/0x30 [ 61.431719] [ 61.431911] kfence-#164: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 61.431911] [ 61.432544] allocated by task 386 on cpu 0 at 61.428333s (0.004208s ago): [ 61.432868] test_alloc+0x364/0x10f0 [ 61.433165] test_krealloc+0xad/0xbe0 [ 61.433564] kunit_try_run_case+0x1a5/0x480 [ 61.433763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.434179] kthread+0x337/0x6f0 [ 61.434340] ret_from_fork+0x116/0x1d0 [ 61.434644] ret_from_fork_asm+0x1a/0x30 [ 61.434990] [ 61.435067] freed by task 386 on cpu 0 at 61.428638s (0.006427s ago): [ 61.435526] krealloc_noprof+0x108/0x340 [ 61.435839] test_krealloc+0x226/0xbe0 [ 61.436044] kunit_try_run_case+0x1a5/0x480 [ 61.436211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.436452] kthread+0x337/0x6f0 [ 61.436604] ret_from_fork+0x116/0x1d0 [ 61.436885] ret_from_fork_asm+0x1a/0x30 [ 61.437312] [ 61.437510] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 61.438216] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 61.438579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.439025] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 61.346317] ================================================================== [ 61.346759] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.346759] [ 61.347170] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 61.347472] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.347657] kunit_try_run_case+0x1a5/0x480 [ 61.347997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.348566] kthread+0x337/0x6f0 [ 61.348744] ret_from_fork+0x116/0x1d0 [ 61.348892] ret_from_fork_asm+0x1a/0x30 [ 61.349051] [ 61.349146] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 61.349146] [ 61.349552] allocated by task 384 on cpu 1 at 61.324197s (0.025351s ago): [ 61.349835] test_alloc+0x2a6/0x10f0 [ 61.349966] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 61.350307] kunit_try_run_case+0x1a5/0x480 [ 61.350487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.350668] kthread+0x337/0x6f0 [ 61.351012] ret_from_fork+0x116/0x1d0 [ 61.351161] ret_from_fork_asm+0x1a/0x30 [ 61.351342] [ 61.351408] freed by task 384 on cpu 1 at 61.324318s (0.027087s ago): [ 61.351664] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 61.352161] kunit_try_run_case+0x1a5/0x480 [ 61.352350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.352575] kthread+0x337/0x6f0 [ 61.352712] ret_from_fork+0x116/0x1d0 [ 61.352858] ret_from_fork_asm+0x1a/0x30 [ 61.353096] [ 61.353191] CPU: 1 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 61.353724] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 61.353954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.354311] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.375898] ================================================================== [ 36.376430] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.376430] [ 36.376935] Invalid read at 0x(____ptrval____): [ 36.377501] test_invalid_access+0xf0/0x210 [ 36.377695] kunit_try_run_case+0x1a5/0x480 [ 36.377897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.378155] kthread+0x337/0x6f0 [ 36.378277] ret_from_fork+0x116/0x1d0 [ 36.378420] ret_from_fork_asm+0x1a/0x30 [ 36.378797] [ 36.379767] CPU: 0 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 36.380385] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 36.380630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.381120] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 36.156577] ================================================================== [ 36.157317] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.157317] [ 36.157626] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#159): [ 36.158194] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.158385] kunit_try_run_case+0x1a5/0x480 [ 36.158539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.158807] kthread+0x337/0x6f0 [ 36.158983] ret_from_fork+0x116/0x1d0 [ 36.159142] ret_from_fork_asm+0x1a/0x30 [ 36.159335] [ 36.159403] kfence-#159: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.159403] [ 36.159802] allocated by task 374 on cpu 1 at 36.156310s (0.003490s ago): [ 36.160093] test_alloc+0x364/0x10f0 [ 36.160616] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 36.160809] kunit_try_run_case+0x1a5/0x480 [ 36.160979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.161596] kthread+0x337/0x6f0 [ 36.161791] ret_from_fork+0x116/0x1d0 [ 36.161980] ret_from_fork_asm+0x1a/0x30 [ 36.162164] [ 36.162231] freed by task 374 on cpu 1 at 36.156450s (0.005779s ago): [ 36.162535] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.162732] kunit_try_run_case+0x1a5/0x480 [ 36.162907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.163158] kthread+0x337/0x6f0 [ 36.163354] ret_from_fork+0x116/0x1d0 [ 36.163507] ret_from_fork_asm+0x1a/0x30 [ 36.163706] [ 36.163839] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 36.164255] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 36.164485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.164928] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 36.052526] ================================================================== [ 36.053111] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.053111] [ 36.053504] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#158): [ 36.053889] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.054114] kunit_try_run_case+0x1a5/0x480 [ 36.054286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.054507] kthread+0x337/0x6f0 [ 36.054672] ret_from_fork+0x116/0x1d0 [ 36.054861] ret_from_fork_asm+0x1a/0x30 [ 36.055011] [ 36.055105] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.055105] [ 36.055454] allocated by task 372 on cpu 0 at 36.052290s (0.003161s ago): [ 36.055761] test_alloc+0x364/0x10f0 [ 36.055944] test_kmalloc_aligned_oob_read+0x105/0x560 [ 36.056276] kunit_try_run_case+0x1a5/0x480 [ 36.056526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.056709] kthread+0x337/0x6f0 [ 36.056876] ret_from_fork+0x116/0x1d0 [ 36.057152] ret_from_fork_asm+0x1a/0x30 [ 36.057361] [ 36.057472] CPU: 0 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 36.057953] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 36.058288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.058633] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 30.540559] ================================================================== [ 30.541185] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 30.541185] [ 30.541558] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#105): [ 30.542504] test_corruption+0x2d2/0x3e0 [ 30.542733] kunit_try_run_case+0x1a5/0x480 [ 30.542962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.543180] kthread+0x337/0x6f0 [ 30.543371] ret_from_fork+0x116/0x1d0 [ 30.543565] ret_from_fork_asm+0x1a/0x30 [ 30.543726] [ 30.543828] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.543828] [ 30.544193] allocated by task 360 on cpu 1 at 30.540284s (0.003907s ago): [ 30.544513] test_alloc+0x364/0x10f0 [ 30.544682] test_corruption+0xe6/0x3e0 [ 30.544912] kunit_try_run_case+0x1a5/0x480 [ 30.545210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.545432] kthread+0x337/0x6f0 [ 30.545597] ret_from_fork+0x116/0x1d0 [ 30.545800] ret_from_fork_asm+0x1a/0x30 [ 30.545994] [ 30.546106] freed by task 360 on cpu 1 at 30.540387s (0.005716s ago): [ 30.546431] test_corruption+0x2d2/0x3e0 [ 30.546622] kunit_try_run_case+0x1a5/0x480 [ 30.546833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.547047] kthread+0x337/0x6f0 [ 30.547159] ret_from_fork+0x116/0x1d0 [ 30.547282] ret_from_fork_asm+0x1a/0x30 [ 30.547560] [ 30.547700] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.548261] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.548464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.548889] ================================================================== [ 30.852333] ================================================================== [ 30.852795] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.852795] [ 30.853135] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#108): [ 30.853560] test_corruption+0x216/0x3e0 [ 30.853782] kunit_try_run_case+0x1a5/0x480 [ 30.854418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.854954] kthread+0x337/0x6f0 [ 30.855163] ret_from_fork+0x116/0x1d0 [ 30.855482] ret_from_fork_asm+0x1a/0x30 [ 30.855701] [ 30.855779] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.855779] [ 30.856353] allocated by task 362 on cpu 0 at 30.852197s (0.004153s ago): [ 30.856725] test_alloc+0x2a6/0x10f0 [ 30.857100] test_corruption+0x1cb/0x3e0 [ 30.857305] kunit_try_run_case+0x1a5/0x480 [ 30.857608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.857952] kthread+0x337/0x6f0 [ 30.858144] ret_from_fork+0x116/0x1d0 [ 30.858424] ret_from_fork_asm+0x1a/0x30 [ 30.858658] [ 30.858838] freed by task 362 on cpu 0 at 30.852256s (0.006580s ago): [ 30.859224] test_corruption+0x216/0x3e0 [ 30.859479] kunit_try_run_case+0x1a5/0x480 [ 30.859695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.860155] kthread+0x337/0x6f0 [ 30.860295] ret_from_fork+0x116/0x1d0 [ 30.860503] ret_from_fork_asm+0x1a/0x30 [ 30.860911] [ 30.861080] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.861564] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.861967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.862400] ================================================================== [ 30.644541] ================================================================== [ 30.644956] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 30.644956] [ 30.645325] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#106): [ 30.645829] test_corruption+0x2df/0x3e0 [ 30.646027] kunit_try_run_case+0x1a5/0x480 [ 30.646259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.646473] kthread+0x337/0x6f0 [ 30.646646] ret_from_fork+0x116/0x1d0 [ 30.646853] ret_from_fork_asm+0x1a/0x30 [ 30.647002] [ 30.647093] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.647093] [ 30.647565] allocated by task 360 on cpu 1 at 30.644290s (0.003258s ago): [ 30.647981] test_alloc+0x364/0x10f0 [ 30.648254] test_corruption+0x1cb/0x3e0 [ 30.648446] kunit_try_run_case+0x1a5/0x480 [ 30.648663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.648970] kthread+0x337/0x6f0 [ 30.649153] ret_from_fork+0x116/0x1d0 [ 30.649339] ret_from_fork_asm+0x1a/0x30 [ 30.649540] [ 30.649607] freed by task 360 on cpu 1 at 30.644382s (0.005223s ago): [ 30.649915] test_corruption+0x2df/0x3e0 [ 30.650053] kunit_try_run_case+0x1a5/0x480 [ 30.650369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.650667] kthread+0x337/0x6f0 [ 30.650808] ret_from_fork+0x116/0x1d0 [ 30.651021] ret_from_fork_asm+0x1a/0x30 [ 30.651207] [ 30.651322] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.651762] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.652040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.652437] ================================================================== [ 30.748447] ================================================================== [ 30.748912] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.748912] [ 30.749276] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#107): [ 30.749822] test_corruption+0x131/0x3e0 [ 30.749969] kunit_try_run_case+0x1a5/0x480 [ 30.750379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.750660] kthread+0x337/0x6f0 [ 30.750788] ret_from_fork+0x116/0x1d0 [ 30.750918] ret_from_fork_asm+0x1a/0x30 [ 30.751142] [ 30.751248] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.751248] [ 30.751628] allocated by task 362 on cpu 0 at 30.748307s (0.003318s ago): [ 30.751856] test_alloc+0x2a6/0x10f0 [ 30.752037] test_corruption+0xe6/0x3e0 [ 30.752232] kunit_try_run_case+0x1a5/0x480 [ 30.752434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.752642] kthread+0x337/0x6f0 [ 30.752864] ret_from_fork+0x116/0x1d0 [ 30.753038] ret_from_fork_asm+0x1a/0x30 [ 30.753222] [ 30.753296] freed by task 362 on cpu 0 at 30.748368s (0.004926s ago): [ 30.753514] test_corruption+0x131/0x3e0 [ 30.753645] kunit_try_run_case+0x1a5/0x480 [ 30.753901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.754297] kthread+0x337/0x6f0 [ 30.754875] ret_from_fork+0x116/0x1d0 [ 30.755011] ret_from_fork_asm+0x1a/0x30 [ 30.755150] [ 30.755336] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.755696] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.755845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.756098] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 24.273911] ================================================================== [ 24.275036] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 24.275630] Read of size 16 at addr ffff888103e49440 by task kunit_try_catch/217 [ 24.276504] [ 24.276704] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.276759] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.276772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.276796] Call Trace: [ 24.276810] <TASK> [ 24.276842] dump_stack_lvl+0x73/0xb0 [ 24.276876] print_report+0xd1/0x610 [ 24.276899] ? __virt_addr_valid+0x1db/0x2d0 [ 24.276923] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.276942] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.276979] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.276999] kasan_report+0x141/0x180 [ 24.277020] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.277044] __asan_report_load16_noabort+0x18/0x20 [ 24.277067] kmalloc_uaf_16+0x47b/0x4c0 [ 24.277087] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 24.277108] ? __schedule+0x10cc/0x2b60 [ 24.277131] ? __pfx_read_tsc+0x10/0x10 [ 24.277152] ? ktime_get_ts64+0x86/0x230 [ 24.277177] kunit_try_run_case+0x1a5/0x480 [ 24.277200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.277219] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.277242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.277265] ? __kthread_parkme+0x82/0x180 [ 24.277287] ? preempt_count_sub+0x50/0x80 [ 24.277311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.277331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.277356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.277380] kthread+0x337/0x6f0 [ 24.277400] ? trace_preempt_on+0x20/0xc0 [ 24.277423] ? __pfx_kthread+0x10/0x10 [ 24.277443] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.277464] ? calculate_sigpending+0x7b/0xa0 [ 24.277487] ? __pfx_kthread+0x10/0x10 [ 24.277508] ret_from_fork+0x116/0x1d0 [ 24.277527] ? __pfx_kthread+0x10/0x10 [ 24.277547] ret_from_fork_asm+0x1a/0x30 [ 24.277577] </TASK> [ 24.277588] [ 24.288843] Allocated by task 217: [ 24.289228] kasan_save_stack+0x45/0x70 [ 24.289550] kasan_save_track+0x18/0x40 [ 24.289985] kasan_save_alloc_info+0x3b/0x50 [ 24.290427] __kasan_kmalloc+0xb7/0xc0 [ 24.290562] __kmalloc_cache_noprof+0x189/0x420 [ 24.290724] kmalloc_uaf_16+0x15b/0x4c0 [ 24.291159] kunit_try_run_case+0x1a5/0x480 [ 24.291640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.292311] kthread+0x337/0x6f0 [ 24.292606] ret_from_fork+0x116/0x1d0 [ 24.293098] ret_from_fork_asm+0x1a/0x30 [ 24.293445] [ 24.293512] Freed by task 217: [ 24.293617] kasan_save_stack+0x45/0x70 [ 24.293764] kasan_save_track+0x18/0x40 [ 24.293892] kasan_save_free_info+0x3f/0x60 [ 24.294030] __kasan_slab_free+0x56/0x70 [ 24.294163] kfree+0x222/0x3f0 [ 24.294273] kmalloc_uaf_16+0x1d6/0x4c0 [ 24.294402] kunit_try_run_case+0x1a5/0x480 [ 24.294539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.294922] kthread+0x337/0x6f0 [ 24.295211] ret_from_fork+0x116/0x1d0 [ 24.295586] ret_from_fork_asm+0x1a/0x30 [ 24.295997] [ 24.296246] The buggy address belongs to the object at ffff888103e49440 [ 24.296246] which belongs to the cache kmalloc-16 of size 16 [ 24.297385] The buggy address is located 0 bytes inside of [ 24.297385] freed 16-byte region [ffff888103e49440, ffff888103e49450) [ 24.298375] [ 24.298548] The buggy address belongs to the physical page: [ 24.299084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e49 [ 24.299896] flags: 0x200000000000000(node=0|zone=2) [ 24.300460] page_type: f5(slab) [ 24.300825] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.301711] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.302513] page dumped because: kasan: bad access detected [ 24.303137] [ 24.303353] Memory state around the buggy address: [ 24.303801] ffff888103e49300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.304071] ffff888103e49380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.304296] >ffff888103e49400: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 24.304503] ^ [ 24.304677] ffff888103e49480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.304886] ffff888103e49500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.305090] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 30.332429] ================================================================== [ 30.333042] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 30.333042] [ 30.333409] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 30.333723] test_invalid_addr_free+0xfb/0x260 [ 30.333990] kunit_try_run_case+0x1a5/0x480 [ 30.334214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.334386] kthread+0x337/0x6f0 [ 30.334515] ret_from_fork+0x116/0x1d0 [ 30.334710] ret_from_fork_asm+0x1a/0x30 [ 30.334927] [ 30.335020] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.335020] [ 30.335705] allocated by task 358 on cpu 1 at 30.332296s (0.003405s ago): [ 30.336420] test_alloc+0x2a6/0x10f0 [ 30.336836] test_invalid_addr_free+0xdb/0x260 [ 30.337042] kunit_try_run_case+0x1a5/0x480 [ 30.337239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.337700] kthread+0x337/0x6f0 [ 30.337998] ret_from_fork+0x116/0x1d0 [ 30.338284] ret_from_fork_asm+0x1a/0x30 [ 30.338585] [ 30.338753] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.339281] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.339710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.340235] ================================================================== [ 30.228436] ================================================================== [ 30.228906] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 30.228906] [ 30.229337] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 30.229660] test_invalid_addr_free+0x1e1/0x260 [ 30.230203] kunit_try_run_case+0x1a5/0x480 [ 30.230422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.230675] kthread+0x337/0x6f0 [ 30.230885] ret_from_fork+0x116/0x1d0 [ 30.231058] ret_from_fork_asm+0x1a/0x30 [ 30.231245] [ 30.231322] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.231322] [ 30.231615] allocated by task 356 on cpu 1 at 30.228299s (0.003313s ago): [ 30.231888] test_alloc+0x364/0x10f0 [ 30.232161] test_invalid_addr_free+0xdb/0x260 [ 30.232455] kunit_try_run_case+0x1a5/0x480 [ 30.232810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.233458] kthread+0x337/0x6f0 [ 30.233595] ret_from_fork+0x116/0x1d0 [ 30.233738] ret_from_fork_asm+0x1a/0x30 [ 30.233873] [ 30.233965] CPU: 1 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.234314] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.234465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.234833] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 30.124541] ================================================================== [ 30.124981] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 30.124981] [ 30.125593] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 30.125828] test_double_free+0x112/0x260 [ 30.125978] kunit_try_run_case+0x1a5/0x480 [ 30.126127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.126299] kthread+0x337/0x6f0 [ 30.126418] ret_from_fork+0x116/0x1d0 [ 30.126549] ret_from_fork_asm+0x1a/0x30 [ 30.126699] [ 30.126807] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.126807] [ 30.127138] allocated by task 354 on cpu 1 at 30.124272s (0.002863s ago): [ 30.127430] test_alloc+0x2a6/0x10f0 [ 30.127554] test_double_free+0xdb/0x260 [ 30.127697] kunit_try_run_case+0x1a5/0x480 [ 30.127959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.128901] kthread+0x337/0x6f0 [ 30.129075] ret_from_fork+0x116/0x1d0 [ 30.129237] ret_from_fork_asm+0x1a/0x30 [ 30.129427] [ 30.129496] freed by task 354 on cpu 1 at 30.124328s (0.005165s ago): [ 30.129811] test_double_free+0xfa/0x260 [ 30.130402] kunit_try_run_case+0x1a5/0x480 [ 30.130699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.131035] kthread+0x337/0x6f0 [ 30.131195] ret_from_fork+0x116/0x1d0 [ 30.131481] ret_from_fork_asm+0x1a/0x30 [ 30.131734] [ 30.131879] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.132484] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.132803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.133166] ================================================================== [ 30.020554] ================================================================== [ 30.021148] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 30.021148] [ 30.021465] Invalid free of 0x(____ptrval____) (in kfence-#100): [ 30.021740] test_double_free+0x1d3/0x260 [ 30.022179] kunit_try_run_case+0x1a5/0x480 [ 30.022339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.022544] kthread+0x337/0x6f0 [ 30.022728] ret_from_fork+0x116/0x1d0 [ 30.022936] ret_from_fork_asm+0x1a/0x30 [ 30.023124] [ 30.023190] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.023190] [ 30.023567] allocated by task 352 on cpu 0 at 30.020259s (0.003305s ago): [ 30.023982] test_alloc+0x364/0x10f0 [ 30.024141] test_double_free+0xdb/0x260 [ 30.024307] kunit_try_run_case+0x1a5/0x480 [ 30.024478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.024721] kthread+0x337/0x6f0 [ 30.024890] ret_from_fork+0x116/0x1d0 [ 30.025048] ret_from_fork_asm+0x1a/0x30 [ 30.025224] [ 30.025294] freed by task 352 on cpu 0 at 30.020340s (0.004951s ago): [ 30.025557] test_double_free+0x1e0/0x260 [ 30.025743] kunit_try_run_case+0x1a5/0x480 [ 30.025881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.026055] kthread+0x337/0x6f0 [ 30.026169] ret_from_fork+0x116/0x1d0 [ 30.026343] ret_from_fork_asm+0x1a/0x30 [ 30.026543] [ 30.026687] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 30.027174] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.027329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.027611] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 29.604541] ================================================================== [ 29.605150] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.605150] [ 29.605640] Use-after-free read at 0x(____ptrval____) (in kfence-#96): [ 29.605890] test_use_after_free_read+0x129/0x270 [ 29.606235] kunit_try_run_case+0x1a5/0x480 [ 29.606814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.607066] kthread+0x337/0x6f0 [ 29.607225] ret_from_fork+0x116/0x1d0 [ 29.607394] ret_from_fork_asm+0x1a/0x30 [ 29.607576] [ 29.607675] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.607675] [ 29.608418] allocated by task 344 on cpu 1 at 29.604309s (0.004105s ago): [ 29.608935] test_alloc+0x364/0x10f0 [ 29.609108] test_use_after_free_read+0xdc/0x270 [ 29.609325] kunit_try_run_case+0x1a5/0x480 [ 29.609512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.609754] kthread+0x337/0x6f0 [ 29.609908] ret_from_fork+0x116/0x1d0 [ 29.610067] ret_from_fork_asm+0x1a/0x30 [ 29.610288] [ 29.610494] freed by task 344 on cpu 1 at 29.604384s (0.006020s ago): [ 29.610815] test_use_after_free_read+0x1e7/0x270 [ 29.611052] kunit_try_run_case+0x1a5/0x480 [ 29.611237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.611458] kthread+0x337/0x6f0 [ 29.611621] ret_from_fork+0x116/0x1d0 [ 29.611847] ret_from_fork_asm+0x1a/0x30 [ 29.612037] [ 29.612142] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 29.612621] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.612794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.613152] ================================================================== [ 29.708401] ================================================================== [ 29.708861] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.708861] [ 29.709315] Use-after-free read at 0x(____ptrval____) (in kfence-#97): [ 29.709616] test_use_after_free_read+0x129/0x270 [ 29.709788] kunit_try_run_case+0x1a5/0x480 [ 29.709975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.710222] kthread+0x337/0x6f0 [ 29.710388] ret_from_fork+0x116/0x1d0 [ 29.710582] ret_from_fork_asm+0x1a/0x30 [ 29.710723] [ 29.710830] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.710830] [ 29.711235] allocated by task 346 on cpu 1 at 29.708285s (0.002947s ago): [ 29.711590] test_alloc+0x2a6/0x10f0 [ 29.711775] test_use_after_free_read+0xdc/0x270 [ 29.711988] kunit_try_run_case+0x1a5/0x480 [ 29.712125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.712308] kthread+0x337/0x6f0 [ 29.712445] ret_from_fork+0x116/0x1d0 [ 29.712569] ret_from_fork_asm+0x1a/0x30 [ 29.712710] [ 29.712833] freed by task 346 on cpu 1 at 29.708326s (0.004504s ago): [ 29.713350] test_use_after_free_read+0xfb/0x270 [ 29.713571] kunit_try_run_case+0x1a5/0x480 [ 29.713727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.713893] kthread+0x337/0x6f0 [ 29.714005] ret_from_fork+0x116/0x1d0 [ 29.714132] ret_from_fork_asm+0x1a/0x30 [ 29.714262] [ 29.714359] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 29.715479] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.715935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.716593] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 29.500376] ================================================================== [ 29.500777] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.500777] [ 29.501467] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#95): [ 29.501851] test_out_of_bounds_write+0x10d/0x260 [ 29.502062] kunit_try_run_case+0x1a5/0x480 [ 29.502210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.502740] kthread+0x337/0x6f0 [ 29.502913] ret_from_fork+0x116/0x1d0 [ 29.503121] ret_from_fork_asm+0x1a/0x30 [ 29.503309] [ 29.503426] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.503426] [ 29.503802] allocated by task 342 on cpu 0 at 29.500313s (0.003487s ago): [ 29.504226] test_alloc+0x2a6/0x10f0 [ 29.504433] test_out_of_bounds_write+0xd4/0x260 [ 29.504648] kunit_try_run_case+0x1a5/0x480 [ 29.504878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.505156] kthread+0x337/0x6f0 [ 29.505353] ret_from_fork+0x116/0x1d0 [ 29.505556] ret_from_fork_asm+0x1a/0x30 [ 29.505755] [ 29.505849] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 29.506474] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.506666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.507290] ================================================================== [ 29.396425] ================================================================== [ 29.396908] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.396908] [ 29.397321] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#94): [ 29.397639] test_out_of_bounds_write+0x10d/0x260 [ 29.397816] kunit_try_run_case+0x1a5/0x480 [ 29.398089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.398423] kthread+0x337/0x6f0 [ 29.398544] ret_from_fork+0x116/0x1d0 [ 29.398841] ret_from_fork_asm+0x1a/0x30 [ 29.399058] [ 29.399153] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.399153] [ 29.399494] allocated by task 340 on cpu 1 at 29.396299s (0.003192s ago): [ 29.399796] test_alloc+0x364/0x10f0 [ 29.399998] test_out_of_bounds_write+0xd4/0x260 [ 29.400216] kunit_try_run_case+0x1a5/0x480 [ 29.400381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.400584] kthread+0x337/0x6f0 [ 29.400755] ret_from_fork+0x116/0x1d0 [ 29.401032] ret_from_fork_asm+0x1a/0x30 [ 29.401168] [ 29.401264] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 29.401813] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.402073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.402433] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.876418] ================================================================== [ 28.876841] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.876841] [ 28.877353] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#89): [ 28.877689] test_out_of_bounds_read+0x126/0x4e0 [ 28.878251] kunit_try_run_case+0x1a5/0x480 [ 28.878477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.878677] kthread+0x337/0x6f0 [ 28.879189] ret_from_fork+0x116/0x1d0 [ 28.879443] ret_from_fork_asm+0x1a/0x30 [ 28.879606] [ 28.879711] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.879711] [ 28.880280] allocated by task 338 on cpu 0 at 28.876354s (0.003923s ago): [ 28.880814] test_alloc+0x2a6/0x10f0 [ 28.881014] test_out_of_bounds_read+0xed/0x4e0 [ 28.881215] kunit_try_run_case+0x1a5/0x480 [ 28.881388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.881618] kthread+0x337/0x6f0 [ 28.881771] ret_from_fork+0x116/0x1d0 [ 28.882218] ret_from_fork_asm+0x1a/0x30 [ 28.882371] [ 28.882618] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.883284] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.883578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.883967] ================================================================== [ 28.565408] ================================================================== [ 28.565893] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.565893] [ 28.566635] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 28.567270] test_out_of_bounds_read+0x126/0x4e0 [ 28.567878] kunit_try_run_case+0x1a5/0x480 [ 28.568185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.568517] kthread+0x337/0x6f0 [ 28.568820] ret_from_fork+0x116/0x1d0 [ 28.569105] ret_from_fork_asm+0x1a/0x30 [ 28.569419] [ 28.569687] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.569687] [ 28.570586] allocated by task 336 on cpu 1 at 28.564228s (0.006277s ago): [ 28.571341] test_alloc+0x364/0x10f0 [ 28.571559] test_out_of_bounds_read+0xed/0x4e0 [ 28.571953] kunit_try_run_case+0x1a5/0x480 [ 28.572267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.572596] kthread+0x337/0x6f0 [ 28.572901] ret_from_fork+0x116/0x1d0 [ 28.573057] ret_from_fork_asm+0x1a/0x30 [ 28.573349] [ 28.573497] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.574285] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.574597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.575167] ================================================================== [ 29.292348] ================================================================== [ 29.292771] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.292771] [ 29.293229] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#93): [ 29.293518] test_out_of_bounds_read+0x216/0x4e0 [ 29.294134] kunit_try_run_case+0x1a5/0x480 [ 29.294372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.294579] kthread+0x337/0x6f0 [ 29.294775] ret_from_fork+0x116/0x1d0 [ 29.294939] ret_from_fork_asm+0x1a/0x30 [ 29.295139] [ 29.295225] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.295225] [ 29.295554] allocated by task 338 on cpu 0 at 29.292290s (0.003261s ago): [ 29.296489] test_alloc+0x2a6/0x10f0 [ 29.296768] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.296980] kunit_try_run_case+0x1a5/0x480 [ 29.297290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.297592] kthread+0x337/0x6f0 [ 29.297739] ret_from_fork+0x116/0x1d0 [ 29.298027] ret_from_fork_asm+0x1a/0x30 [ 29.298332] [ 29.298514] CPU: 0 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 29.299108] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.299421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.299866] ================================================================== [ 28.668490] ================================================================== [ 28.669003] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.669003] [ 28.669482] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#87): [ 28.670305] test_out_of_bounds_read+0x216/0x4e0 [ 28.670621] kunit_try_run_case+0x1a5/0x480 [ 28.670966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.671307] kthread+0x337/0x6f0 [ 28.671570] ret_from_fork+0x116/0x1d0 [ 28.671857] ret_from_fork_asm+0x1a/0x30 [ 28.672044] [ 28.672140] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.672140] [ 28.672538] allocated by task 336 on cpu 1 at 28.668300s (0.004235s ago): [ 28.672837] test_alloc+0x364/0x10f0 [ 28.673070] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.673279] kunit_try_run_case+0x1a5/0x480 [ 28.673422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.673676] kthread+0x337/0x6f0 [ 28.673919] ret_from_fork+0x116/0x1d0 [ 28.674105] ret_from_fork_asm+0x1a/0x30 [ 28.674253] [ 28.674386] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.674865] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.675153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.675421] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 28.494178] ================================================================== [ 28.494427] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.494993] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.495333] [ 28.495446] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.495499] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.495513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.495537] Call Trace: [ 28.495557] <TASK> [ 28.495577] dump_stack_lvl+0x73/0xb0 [ 28.495608] print_report+0xd1/0x610 [ 28.495632] ? __virt_addr_valid+0x1db/0x2d0 [ 28.495670] ? strncpy_from_user+0x2e/0x1d0 [ 28.495694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.495721] ? strncpy_from_user+0x2e/0x1d0 [ 28.495744] kasan_report+0x141/0x180 [ 28.495778] ? strncpy_from_user+0x2e/0x1d0 [ 28.495806] kasan_check_range+0x10c/0x1c0 [ 28.495829] __kasan_check_write+0x18/0x20 [ 28.495853] strncpy_from_user+0x2e/0x1d0 [ 28.495877] ? __kasan_check_read+0x15/0x20 [ 28.495903] copy_user_test_oob+0x760/0x10f0 [ 28.495930] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.495953] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.495985] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.496013] kunit_try_run_case+0x1a5/0x480 [ 28.496036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.496057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.496083] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.496107] ? __kthread_parkme+0x82/0x180 [ 28.496130] ? preempt_count_sub+0x50/0x80 [ 28.496155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.496178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.496205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.496231] kthread+0x337/0x6f0 [ 28.496252] ? trace_preempt_on+0x20/0xc0 [ 28.496277] ? __pfx_kthread+0x10/0x10 [ 28.496299] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.496322] ? calculate_sigpending+0x7b/0xa0 [ 28.496347] ? __pfx_kthread+0x10/0x10 [ 28.496370] ret_from_fork+0x116/0x1d0 [ 28.496391] ? __pfx_kthread+0x10/0x10 [ 28.496413] ret_from_fork_asm+0x1a/0x30 [ 28.496445] </TASK> [ 28.496457] [ 28.503497] Allocated by task 334: [ 28.503632] kasan_save_stack+0x45/0x70 [ 28.503847] kasan_save_track+0x18/0x40 [ 28.504035] kasan_save_alloc_info+0x3b/0x50 [ 28.504243] __kasan_kmalloc+0xb7/0xc0 [ 28.504431] __kmalloc_noprof+0x1c9/0x500 [ 28.504765] kunit_kmalloc_array+0x25/0x60 [ 28.504979] copy_user_test_oob+0xab/0x10f0 [ 28.505182] kunit_try_run_case+0x1a5/0x480 [ 28.505383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.505645] kthread+0x337/0x6f0 [ 28.505802] ret_from_fork+0x116/0x1d0 [ 28.505929] ret_from_fork_asm+0x1a/0x30 [ 28.506068] [ 28.506134] The buggy address belongs to the object at ffff888105919e00 [ 28.506134] which belongs to the cache kmalloc-128 of size 128 [ 28.506977] The buggy address is located 0 bytes inside of [ 28.506977] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.507409] [ 28.507510] The buggy address belongs to the physical page: [ 28.507824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.508127] flags: 0x200000000000000(node=0|zone=2) [ 28.508341] page_type: f5(slab) [ 28.508474] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.508736] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.509088] page dumped because: kasan: bad access detected [ 28.509310] [ 28.509397] Memory state around the buggy address: [ 28.509594] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.509937] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.510174] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.510412] ^ [ 28.510731] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.511020] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.511227] ================================================================== [ 28.513094] ================================================================== [ 28.513882] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.514674] Write of size 1 at addr ffff888105919e78 by task kunit_try_catch/334 [ 28.515569] [ 28.515900] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.515964] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.515980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.516005] Call Trace: [ 28.516025] <TASK> [ 28.516048] dump_stack_lvl+0x73/0xb0 [ 28.516089] print_report+0xd1/0x610 [ 28.516116] ? __virt_addr_valid+0x1db/0x2d0 [ 28.516141] ? strncpy_from_user+0x1a5/0x1d0 [ 28.516167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.516194] ? strncpy_from_user+0x1a5/0x1d0 [ 28.516217] kasan_report+0x141/0x180 [ 28.516240] ? strncpy_from_user+0x1a5/0x1d0 [ 28.516268] __asan_report_store1_noabort+0x1b/0x30 [ 28.516292] strncpy_from_user+0x1a5/0x1d0 [ 28.516318] copy_user_test_oob+0x760/0x10f0 [ 28.516345] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.516368] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.516399] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.516427] kunit_try_run_case+0x1a5/0x480 [ 28.516450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.516471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.516496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.516521] ? __kthread_parkme+0x82/0x180 [ 28.516544] ? preempt_count_sub+0x50/0x80 [ 28.516568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.516591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.516617] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.516643] kthread+0x337/0x6f0 [ 28.516674] ? trace_preempt_on+0x20/0xc0 [ 28.516700] ? __pfx_kthread+0x10/0x10 [ 28.516721] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.516744] ? calculate_sigpending+0x7b/0xa0 [ 28.516769] ? __pfx_kthread+0x10/0x10 [ 28.516792] ret_from_fork+0x116/0x1d0 [ 28.516822] ? __pfx_kthread+0x10/0x10 [ 28.516845] ret_from_fork_asm+0x1a/0x30 [ 28.516877] </TASK> [ 28.516889] [ 28.525708] Allocated by task 334: [ 28.525886] kasan_save_stack+0x45/0x70 [ 28.526072] kasan_save_track+0x18/0x40 [ 28.526245] kasan_save_alloc_info+0x3b/0x50 [ 28.526389] __kasan_kmalloc+0xb7/0xc0 [ 28.526547] __kmalloc_noprof+0x1c9/0x500 [ 28.526759] kunit_kmalloc_array+0x25/0x60 [ 28.526960] copy_user_test_oob+0xab/0x10f0 [ 28.527165] kunit_try_run_case+0x1a5/0x480 [ 28.527312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527482] kthread+0x337/0x6f0 [ 28.527599] ret_from_fork+0x116/0x1d0 [ 28.527769] ret_from_fork_asm+0x1a/0x30 [ 28.527961] [ 28.528054] The buggy address belongs to the object at ffff888105919e00 [ 28.528054] which belongs to the cache kmalloc-128 of size 128 [ 28.528511] The buggy address is located 0 bytes to the right of [ 28.528511] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.529244] [ 28.529358] The buggy address belongs to the physical page: [ 28.529585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.529941] flags: 0x200000000000000(node=0|zone=2) [ 28.530109] page_type: f5(slab) [ 28.530228] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.530563] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.530917] page dumped because: kasan: bad access detected [ 28.531108] [ 28.531208] Memory state around the buggy address: [ 28.531416] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.531635] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.532170] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.532455] ^ [ 28.532732] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.533001] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.533208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 28.421013] ================================================================== [ 28.421465] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.421741] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.421978] [ 28.422307] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.422373] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.422388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.422413] Call Trace: [ 28.422433] <TASK> [ 28.422455] dump_stack_lvl+0x73/0xb0 [ 28.422490] print_report+0xd1/0x610 [ 28.422515] ? __virt_addr_valid+0x1db/0x2d0 [ 28.422539] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.422590] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422614] kasan_report+0x141/0x180 [ 28.422636] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.422690] kasan_check_range+0x10c/0x1c0 [ 28.422714] __kasan_check_write+0x18/0x20 [ 28.422738] copy_user_test_oob+0x3fd/0x10f0 [ 28.422764] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.422787] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.422819] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.422847] kunit_try_run_case+0x1a5/0x480 [ 28.422871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.422907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.422932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.422957] ? __kthread_parkme+0x82/0x180 [ 28.422980] ? preempt_count_sub+0x50/0x80 [ 28.423005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.423028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.423054] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.423080] kthread+0x337/0x6f0 [ 28.423102] ? trace_preempt_on+0x20/0xc0 [ 28.423127] ? __pfx_kthread+0x10/0x10 [ 28.423148] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.423171] ? calculate_sigpending+0x7b/0xa0 [ 28.423196] ? __pfx_kthread+0x10/0x10 [ 28.423219] ret_from_fork+0x116/0x1d0 [ 28.423240] ? __pfx_kthread+0x10/0x10 [ 28.423262] ret_from_fork_asm+0x1a/0x30 [ 28.423294] </TASK> [ 28.423307] [ 28.431943] Allocated by task 334: [ 28.432385] kasan_save_stack+0x45/0x70 [ 28.432687] kasan_save_track+0x18/0x40 [ 28.432902] kasan_save_alloc_info+0x3b/0x50 [ 28.433117] __kasan_kmalloc+0xb7/0xc0 [ 28.433459] __kmalloc_noprof+0x1c9/0x500 [ 28.433622] kunit_kmalloc_array+0x25/0x60 [ 28.434006] copy_user_test_oob+0xab/0x10f0 [ 28.434233] kunit_try_run_case+0x1a5/0x480 [ 28.434539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.434839] kthread+0x337/0x6f0 [ 28.434999] ret_from_fork+0x116/0x1d0 [ 28.435165] ret_from_fork_asm+0x1a/0x30 [ 28.435337] [ 28.435416] The buggy address belongs to the object at ffff888105919e00 [ 28.435416] which belongs to the cache kmalloc-128 of size 128 [ 28.435943] The buggy address is located 0 bytes inside of [ 28.435943] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.436411] [ 28.436506] The buggy address belongs to the physical page: [ 28.437288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.437587] flags: 0x200000000000000(node=0|zone=2) [ 28.438083] page_type: f5(slab) [ 28.438270] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.438708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.439104] page dumped because: kasan: bad access detected [ 28.439347] [ 28.439558] Memory state around the buggy address: [ 28.439746] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.440193] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.440570] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.440866] ^ [ 28.441275] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.441663] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.442071] ================================================================== [ 28.477332] ================================================================== [ 28.477699] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.478167] Read of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.478390] [ 28.478499] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.478553] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.478567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.478591] Call Trace: [ 28.478611] <TASK> [ 28.478632] dump_stack_lvl+0x73/0xb0 [ 28.478676] print_report+0xd1/0x610 [ 28.478700] ? __virt_addr_valid+0x1db/0x2d0 [ 28.478724] ? copy_user_test_oob+0x604/0x10f0 [ 28.478748] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.478775] ? copy_user_test_oob+0x604/0x10f0 [ 28.478798] kasan_report+0x141/0x180 [ 28.478821] ? copy_user_test_oob+0x604/0x10f0 [ 28.478850] kasan_check_range+0x10c/0x1c0 [ 28.478874] __kasan_check_read+0x15/0x20 [ 28.478898] copy_user_test_oob+0x604/0x10f0 [ 28.478923] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.478949] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.478980] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.479008] kunit_try_run_case+0x1a5/0x480 [ 28.479032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.479055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.479081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.479105] ? __kthread_parkme+0x82/0x180 [ 28.479128] ? preempt_count_sub+0x50/0x80 [ 28.479152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.479176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.479202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.479228] kthread+0x337/0x6f0 [ 28.479249] ? trace_preempt_on+0x20/0xc0 [ 28.479274] ? __pfx_kthread+0x10/0x10 [ 28.479296] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.479319] ? calculate_sigpending+0x7b/0xa0 [ 28.479358] ? __pfx_kthread+0x10/0x10 [ 28.479380] ret_from_fork+0x116/0x1d0 [ 28.479401] ? __pfx_kthread+0x10/0x10 [ 28.479423] ret_from_fork_asm+0x1a/0x30 [ 28.479456] </TASK> [ 28.479468] [ 28.486062] Allocated by task 334: [ 28.486246] kasan_save_stack+0x45/0x70 [ 28.486447] kasan_save_track+0x18/0x40 [ 28.486575] kasan_save_alloc_info+0x3b/0x50 [ 28.486839] __kasan_kmalloc+0xb7/0xc0 [ 28.487039] __kmalloc_noprof+0x1c9/0x500 [ 28.487218] kunit_kmalloc_array+0x25/0x60 [ 28.487396] copy_user_test_oob+0xab/0x10f0 [ 28.487569] kunit_try_run_case+0x1a5/0x480 [ 28.487719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.487980] kthread+0x337/0x6f0 [ 28.488146] ret_from_fork+0x116/0x1d0 [ 28.488283] ret_from_fork_asm+0x1a/0x30 [ 28.488432] [ 28.488524] The buggy address belongs to the object at ffff888105919e00 [ 28.488524] which belongs to the cache kmalloc-128 of size 128 [ 28.489112] The buggy address is located 0 bytes inside of [ 28.489112] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.489537] [ 28.489630] The buggy address belongs to the physical page: [ 28.489876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.490325] flags: 0x200000000000000(node=0|zone=2) [ 28.490546] page_type: f5(slab) [ 28.490719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.490957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.491176] page dumped because: kasan: bad access detected [ 28.491339] [ 28.491402] Memory state around the buggy address: [ 28.491551] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.491771] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.492021] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.492418] ^ [ 28.492754] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.493066] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.493362] ================================================================== [ 28.442840] ================================================================== [ 28.443448] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.443898] Read of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.444217] [ 28.444331] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.444387] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.444402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.444427] Call Trace: [ 28.444448] <TASK> [ 28.444470] dump_stack_lvl+0x73/0xb0 [ 28.444504] print_report+0xd1/0x610 [ 28.444528] ? __virt_addr_valid+0x1db/0x2d0 [ 28.444555] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.444605] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444629] kasan_report+0x141/0x180 [ 28.444665] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.444693] kasan_check_range+0x10c/0x1c0 [ 28.444717] __kasan_check_read+0x15/0x20 [ 28.444740] copy_user_test_oob+0x4aa/0x10f0 [ 28.444767] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.444791] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.444823] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.444851] kunit_try_run_case+0x1a5/0x480 [ 28.444875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.444896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.444921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.444946] ? __kthread_parkme+0x82/0x180 [ 28.444969] ? preempt_count_sub+0x50/0x80 [ 28.444993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.445016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.445042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.445068] kthread+0x337/0x6f0 [ 28.445089] ? trace_preempt_on+0x20/0xc0 [ 28.445115] ? __pfx_kthread+0x10/0x10 [ 28.445136] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.445159] ? calculate_sigpending+0x7b/0xa0 [ 28.445184] ? __pfx_kthread+0x10/0x10 [ 28.445206] ret_from_fork+0x116/0x1d0 [ 28.445227] ? __pfx_kthread+0x10/0x10 [ 28.445249] ret_from_fork_asm+0x1a/0x30 [ 28.445281] </TASK> [ 28.445294] [ 28.451782] Allocated by task 334: [ 28.451972] kasan_save_stack+0x45/0x70 [ 28.452180] kasan_save_track+0x18/0x40 [ 28.452374] kasan_save_alloc_info+0x3b/0x50 [ 28.452569] __kasan_kmalloc+0xb7/0xc0 [ 28.452707] __kmalloc_noprof+0x1c9/0x500 [ 28.453008] kunit_kmalloc_array+0x25/0x60 [ 28.453213] copy_user_test_oob+0xab/0x10f0 [ 28.453393] kunit_try_run_case+0x1a5/0x480 [ 28.453531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.453796] kthread+0x337/0x6f0 [ 28.453960] ret_from_fork+0x116/0x1d0 [ 28.454158] ret_from_fork_asm+0x1a/0x30 [ 28.454293] [ 28.454358] The buggy address belongs to the object at ffff888105919e00 [ 28.454358] which belongs to the cache kmalloc-128 of size 128 [ 28.454954] The buggy address is located 0 bytes inside of [ 28.454954] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.455328] [ 28.455397] The buggy address belongs to the physical page: [ 28.455563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.455889] flags: 0x200000000000000(node=0|zone=2) [ 28.456120] page_type: f5(slab) [ 28.456284] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.456577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.456807] page dumped because: kasan: bad access detected [ 28.456972] [ 28.457035] Memory state around the buggy address: [ 28.457282] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.457598] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.458189] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.458503] ^ [ 28.458829] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.459080] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.459286] ================================================================== [ 28.460084] ================================================================== [ 28.461030] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.461326] Write of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.461551] [ 28.461675] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.461731] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.461746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.461788] Call Trace: [ 28.461809] <TASK> [ 28.461830] dump_stack_lvl+0x73/0xb0 [ 28.461862] print_report+0xd1/0x610 [ 28.461885] ? __virt_addr_valid+0x1db/0x2d0 [ 28.461910] ? copy_user_test_oob+0x557/0x10f0 [ 28.461933] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.461960] ? copy_user_test_oob+0x557/0x10f0 [ 28.461984] kasan_report+0x141/0x180 [ 28.462007] ? copy_user_test_oob+0x557/0x10f0 [ 28.462035] kasan_check_range+0x10c/0x1c0 [ 28.462065] __kasan_check_write+0x18/0x20 [ 28.462088] copy_user_test_oob+0x557/0x10f0 [ 28.462114] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.462138] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.462171] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.462198] kunit_try_run_case+0x1a5/0x480 [ 28.462223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.462244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.462270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.462294] ? __kthread_parkme+0x82/0x180 [ 28.462317] ? preempt_count_sub+0x50/0x80 [ 28.462342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.462365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.462391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.462418] kthread+0x337/0x6f0 [ 28.462438] ? trace_preempt_on+0x20/0xc0 [ 28.462464] ? __pfx_kthread+0x10/0x10 [ 28.462486] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.462508] ? calculate_sigpending+0x7b/0xa0 [ 28.462534] ? __pfx_kthread+0x10/0x10 [ 28.462557] ret_from_fork+0x116/0x1d0 [ 28.462577] ? __pfx_kthread+0x10/0x10 [ 28.462600] ret_from_fork_asm+0x1a/0x30 [ 28.462633] </TASK> [ 28.462645] [ 28.469232] Allocated by task 334: [ 28.469425] kasan_save_stack+0x45/0x70 [ 28.469628] kasan_save_track+0x18/0x40 [ 28.469846] kasan_save_alloc_info+0x3b/0x50 [ 28.469991] __kasan_kmalloc+0xb7/0xc0 [ 28.470123] __kmalloc_noprof+0x1c9/0x500 [ 28.470257] kunit_kmalloc_array+0x25/0x60 [ 28.470455] copy_user_test_oob+0xab/0x10f0 [ 28.470667] kunit_try_run_case+0x1a5/0x480 [ 28.471022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.471280] kthread+0x337/0x6f0 [ 28.471424] ret_from_fork+0x116/0x1d0 [ 28.471593] ret_from_fork_asm+0x1a/0x30 [ 28.471837] [ 28.471911] The buggy address belongs to the object at ffff888105919e00 [ 28.471911] which belongs to the cache kmalloc-128 of size 128 [ 28.472382] The buggy address is located 0 bytes inside of [ 28.472382] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.472878] [ 28.472971] The buggy address belongs to the physical page: [ 28.473145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.473449] flags: 0x200000000000000(node=0|zone=2) [ 28.473689] page_type: f5(slab) [ 28.473955] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.474190] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.474410] page dumped because: kasan: bad access detected [ 28.474586] [ 28.474682] Memory state around the buggy address: [ 28.474897] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.475208] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.475517] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.476013] ^ [ 28.476271] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.476488] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.476728] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 28.392007] ================================================================== [ 28.392401] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 28.392895] Read of size 121 at addr ffff888105919e00 by task kunit_try_catch/334 [ 28.393398] [ 28.393507] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 28.393564] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.393579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.393605] Call Trace: [ 28.393626] <TASK> [ 28.393649] dump_stack_lvl+0x73/0xb0 [ 28.393945] print_report+0xd1/0x610 [ 28.393985] ? __virt_addr_valid+0x1db/0x2d0 [ 28.394011] ? _copy_to_user+0x3c/0x70 [ 28.394033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.394067] ? _copy_to_user+0x3c/0x70 [ 28.394088] kasan_report+0x141/0x180 [ 28.394111] ? _copy_to_user+0x3c/0x70 [ 28.394137] kasan_check_range+0x10c/0x1c0 [ 28.394161] __kasan_check_read+0x15/0x20 [ 28.394185] _copy_to_user+0x3c/0x70 [ 28.394208] copy_user_test_oob+0x364/0x10f0 [ 28.394234] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.394257] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.394289] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.394317] kunit_try_run_case+0x1a5/0x480 [ 28.394340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.394362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.394387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.394412] ? __kthread_parkme+0x82/0x180 [ 28.394435] ? preempt_count_sub+0x50/0x80 [ 28.394461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.394483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.394509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.394536] kthread+0x337/0x6f0 [ 28.394557] ? trace_preempt_on+0x20/0xc0 [ 28.394582] ? __pfx_kthread+0x10/0x10 [ 28.394604] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.394628] ? calculate_sigpending+0x7b/0xa0 [ 28.394663] ? __pfx_kthread+0x10/0x10 [ 28.394686] ret_from_fork+0x116/0x1d0 [ 28.394707] ? __pfx_kthread+0x10/0x10 [ 28.394729] ret_from_fork_asm+0x1a/0x30 [ 28.394773] </TASK> [ 28.394785] [ 28.404237] Allocated by task 334: [ 28.404520] kasan_save_stack+0x45/0x70 [ 28.404818] kasan_save_track+0x18/0x40 [ 28.405020] kasan_save_alloc_info+0x3b/0x50 [ 28.405338] __kasan_kmalloc+0xb7/0xc0 [ 28.405581] __kmalloc_noprof+0x1c9/0x500 [ 28.405775] kunit_kmalloc_array+0x25/0x60 [ 28.405965] copy_user_test_oob+0xab/0x10f0 [ 28.406334] kunit_try_run_case+0x1a5/0x480 [ 28.406536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.406926] kthread+0x337/0x6f0 [ 28.407088] ret_from_fork+0x116/0x1d0 [ 28.407255] ret_from_fork_asm+0x1a/0x30 [ 28.407429] [ 28.407502] The buggy address belongs to the object at ffff888105919e00 [ 28.407502] which belongs to the cache kmalloc-128 of size 128 [ 28.408339] The buggy address is located 0 bytes inside of [ 28.408339] allocated 120-byte region [ffff888105919e00, ffff888105919e78) [ 28.408960] [ 28.409145] The buggy address belongs to the physical page: [ 28.409375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 28.409842] flags: 0x200000000000000(node=0|zone=2) [ 28.410148] page_type: f5(slab) [ 28.410285] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.410729] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.411107] page dumped because: kasan: bad access detected [ 28.411302] [ 28.411392] Memory state around the buggy address: [ 28.411614] ffff888105919d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.412105] ffff888105919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.412487] >ffff888105919e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.412751] ^ [ 28.413226] ffff888105919e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.413518] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.413812] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 26.208085] ================================================================== [ 26.209030] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 26.209496] Read of size 1 at addr ffff8881058cfc4a by task kunit_try_catch/302 [ 26.209925] [ 26.210152] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.210243] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.210257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.210297] Call Trace: [ 26.210313] <TASK> [ 26.210334] dump_stack_lvl+0x73/0xb0 [ 26.210372] print_report+0xd1/0x610 [ 26.210395] ? __virt_addr_valid+0x1db/0x2d0 [ 26.210429] ? kasan_alloca_oob_right+0x329/0x390 [ 26.210451] ? kasan_addr_to_slab+0x11/0xa0 [ 26.210471] ? kasan_alloca_oob_right+0x329/0x390 [ 26.210504] kasan_report+0x141/0x180 [ 26.210526] ? kasan_alloca_oob_right+0x329/0x390 [ 26.210552] __asan_report_load1_noabort+0x18/0x20 [ 26.210576] kasan_alloca_oob_right+0x329/0x390 [ 26.210598] ? finish_task_switch.isra.0+0x153/0x700 [ 26.210647] ? __mutex_lock.constprop.0+0x10ee/0x1280 [ 26.210693] ? trace_hardirqs_on+0x37/0xe0 [ 26.210718] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 26.210742] ? __schedule+0x10cc/0x2b60 [ 26.210766] ? __pfx_read_tsc+0x10/0x10 [ 26.210787] ? ktime_get_ts64+0x86/0x230 [ 26.210839] kunit_try_run_case+0x1a5/0x480 [ 26.210863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.210885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.210921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.210998] ? __kthread_parkme+0x82/0x180 [ 26.211021] ? preempt_count_sub+0x50/0x80 [ 26.211045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.211067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.211093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.211118] kthread+0x337/0x6f0 [ 26.211138] ? trace_preempt_on+0x20/0xc0 [ 26.211159] ? __pfx_kthread+0x10/0x10 [ 26.211180] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.211201] ? calculate_sigpending+0x7b/0xa0 [ 26.211224] ? __pfx_kthread+0x10/0x10 [ 26.211245] ret_from_fork+0x116/0x1d0 [ 26.211264] ? __pfx_kthread+0x10/0x10 [ 26.211284] ret_from_fork_asm+0x1a/0x30 [ 26.211315] </TASK> [ 26.211326] [ 26.220504] The buggy address belongs to stack of task kunit_try_catch/302 [ 26.220761] [ 26.220850] The buggy address belongs to the physical page: [ 26.221158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058cf [ 26.221424] flags: 0x200000000000000(node=0|zone=2) [ 26.221777] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.222363] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.222683] page dumped because: kasan: bad access detected [ 26.222994] [ 26.223189] Memory state around the buggy address: [ 26.223425] ffff8881058cfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.223765] ffff8881058cfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.224099] >ffff8881058cfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.224366] ^ [ 26.224531] ffff8881058cfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.225229] ffff8881058cfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.225949] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 26.185456] ================================================================== [ 26.185933] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 26.186637] Read of size 1 at addr ffff8881061a7c3f by task kunit_try_catch/300 [ 26.187160] [ 26.187306] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.187379] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.187408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.187432] Call Trace: [ 26.187444] <TASK> [ 26.187464] dump_stack_lvl+0x73/0xb0 [ 26.187510] print_report+0xd1/0x610 [ 26.187533] ? __virt_addr_valid+0x1db/0x2d0 [ 26.187558] ? kasan_alloca_oob_left+0x320/0x380 [ 26.187590] ? kasan_addr_to_slab+0x11/0xa0 [ 26.187611] ? kasan_alloca_oob_left+0x320/0x380 [ 26.187632] kasan_report+0x141/0x180 [ 26.187663] ? kasan_alloca_oob_left+0x320/0x380 [ 26.187689] __asan_report_load1_noabort+0x18/0x20 [ 26.187713] kasan_alloca_oob_left+0x320/0x380 [ 26.187733] ? update_curr+0x7d/0x7f0 [ 26.187769] ? finish_task_switch.isra.0+0x153/0x700 [ 26.187792] ? __mutex_lock.constprop.0+0x10ee/0x1280 [ 26.187846] ? trace_hardirqs_on+0x37/0xe0 [ 26.187871] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 26.187906] ? __schedule+0x10cc/0x2b60 [ 26.187930] ? __pfx_read_tsc+0x10/0x10 [ 26.188028] ? ktime_get_ts64+0x86/0x230 [ 26.188055] kunit_try_run_case+0x1a5/0x480 [ 26.188078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.188125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.188148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.188172] ? __kthread_parkme+0x82/0x180 [ 26.188193] ? preempt_count_sub+0x50/0x80 [ 26.188216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.188238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.188263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.188288] kthread+0x337/0x6f0 [ 26.188308] ? trace_preempt_on+0x20/0xc0 [ 26.188329] ? __pfx_kthread+0x10/0x10 [ 26.188349] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.188371] ? calculate_sigpending+0x7b/0xa0 [ 26.188394] ? __pfx_kthread+0x10/0x10 [ 26.188415] ret_from_fork+0x116/0x1d0 [ 26.188433] ? __pfx_kthread+0x10/0x10 [ 26.188454] ret_from_fork_asm+0x1a/0x30 [ 26.188484] </TASK> [ 26.188496] [ 26.198290] The buggy address belongs to stack of task kunit_try_catch/300 [ 26.198753] [ 26.198823] The buggy address belongs to the physical page: [ 26.199123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a7 [ 26.199685] flags: 0x200000000000000(node=0|zone=2) [ 26.199941] raw: 0200000000000000 ffffea00041869c8 ffffea00041869c8 0000000000000000 [ 26.200164] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.200426] page dumped because: kasan: bad access detected [ 26.200739] [ 26.200832] Memory state around the buggy address: [ 26.201111] ffff8881061a7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.201371] ffff8881061a7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.201745] >ffff8881061a7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.202068] ^ [ 26.202539] ffff8881061a7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.202988] ffff8881061a7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.203432] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 26.160434] ================================================================== [ 26.161484] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 26.161911] Read of size 1 at addr ffff8881058f7d02 by task kunit_try_catch/298 [ 26.162302] [ 26.162409] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.162465] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.162478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.162503] Call Trace: [ 26.162519] <TASK> [ 26.162538] dump_stack_lvl+0x73/0xb0 [ 26.162573] print_report+0xd1/0x610 [ 26.162597] ? __virt_addr_valid+0x1db/0x2d0 [ 26.162621] ? kasan_stack_oob+0x2b5/0x300 [ 26.162640] ? kasan_addr_to_slab+0x11/0xa0 [ 26.162672] ? kasan_stack_oob+0x2b5/0x300 [ 26.162691] kasan_report+0x141/0x180 [ 26.162712] ? kasan_stack_oob+0x2b5/0x300 [ 26.162736] __asan_report_load1_noabort+0x18/0x20 [ 26.162760] kasan_stack_oob+0x2b5/0x300 [ 26.162779] ? __pfx_kasan_stack_oob+0x10/0x10 [ 26.162798] ? finish_task_switch.isra.0+0x153/0x700 [ 26.162848] ? __switch_to+0x47/0xf80 [ 26.162889] ? __schedule+0x10cc/0x2b60 [ 26.162912] ? __pfx_read_tsc+0x10/0x10 [ 26.162933] ? ktime_get_ts64+0x86/0x230 [ 26.162973] kunit_try_run_case+0x1a5/0x480 [ 26.162996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.163030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.163097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.163120] ? __kthread_parkme+0x82/0x180 [ 26.163180] ? preempt_count_sub+0x50/0x80 [ 26.163202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.163235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.163259] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.163285] kthread+0x337/0x6f0 [ 26.163305] ? trace_preempt_on+0x20/0xc0 [ 26.163327] ? __pfx_kthread+0x10/0x10 [ 26.163348] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.163370] ? calculate_sigpending+0x7b/0xa0 [ 26.163395] ? __pfx_kthread+0x10/0x10 [ 26.163416] ret_from_fork+0x116/0x1d0 [ 26.163434] ? __pfx_kthread+0x10/0x10 [ 26.163454] ret_from_fork_asm+0x1a/0x30 [ 26.163484] </TASK> [ 26.163496] [ 26.173488] The buggy address belongs to stack of task kunit_try_catch/298 [ 26.173996] and is located at offset 138 in frame: [ 26.174566] kasan_stack_oob+0x0/0x300 [ 26.174913] [ 26.175408] This frame has 4 objects: [ 26.175712] [48, 49) '__assertion' [ 26.175737] [64, 72) 'array' [ 26.176014] [96, 112) '__assertion' [ 26.176240] [128, 138) 'stack_array' [ 26.176423] [ 26.176695] The buggy address belongs to the physical page: [ 26.177204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7 [ 26.177595] flags: 0x200000000000000(node=0|zone=2) [ 26.177828] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.178355] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.178725] page dumped because: kasan: bad access detected [ 26.178998] [ 26.179127] Memory state around the buggy address: [ 26.179489] ffff8881058f7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.179834] ffff8881058f7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 26.180311] >ffff8881058f7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.180591] ^ [ 26.180762] ffff8881058f7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 26.181473] ffff8881058f7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.181753] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 26.131822] ================================================================== [ 26.132305] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 26.132561] Read of size 1 at addr ffffffff970bdf4d by task kunit_try_catch/294 [ 26.132796] [ 26.132908] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.133036] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.133051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.133378] Call Trace: [ 26.133398] <TASK> [ 26.133419] dump_stack_lvl+0x73/0xb0 [ 26.133455] print_report+0xd1/0x610 [ 26.133479] ? __virt_addr_valid+0x1db/0x2d0 [ 26.133518] ? kasan_global_oob_right+0x286/0x2d0 [ 26.133540] ? kasan_addr_to_slab+0x11/0xa0 [ 26.133561] ? kasan_global_oob_right+0x286/0x2d0 [ 26.133591] kasan_report+0x141/0x180 [ 26.133613] ? kasan_global_oob_right+0x286/0x2d0 [ 26.133639] __asan_report_load1_noabort+0x18/0x20 [ 26.133673] kasan_global_oob_right+0x286/0x2d0 [ 26.133694] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 26.133718] ? __schedule+0x10cc/0x2b60 [ 26.133742] ? __pfx_read_tsc+0x10/0x10 [ 26.133764] ? ktime_get_ts64+0x86/0x230 [ 26.133791] kunit_try_run_case+0x1a5/0x480 [ 26.133815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.133835] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.133858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.133883] ? __kthread_parkme+0x82/0x180 [ 26.133905] ? preempt_count_sub+0x50/0x80 [ 26.133928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.134166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.134192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.134219] kthread+0x337/0x6f0 [ 26.134240] ? trace_preempt_on+0x20/0xc0 [ 26.134265] ? __pfx_kthread+0x10/0x10 [ 26.134287] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.134309] ? calculate_sigpending+0x7b/0xa0 [ 26.134333] ? __pfx_kthread+0x10/0x10 [ 26.134355] ret_from_fork+0x116/0x1d0 [ 26.134374] ? __pfx_kthread+0x10/0x10 [ 26.134395] ret_from_fork_asm+0x1a/0x30 [ 26.134426] </TASK> [ 26.134437] [ 26.145921] The buggy address belongs to the variable: [ 26.146348] global_array+0xd/0x40 [ 26.146540] [ 26.146666] The buggy address belongs to the physical page: [ 26.147232] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1622bd [ 26.147780] flags: 0x200000000002000(reserved|node=0|zone=2) [ 26.148348] raw: 0200000000002000 ffffea000588af48 ffffea000588af48 0000000000000000 [ 26.148808] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.149400] page dumped because: kasan: bad access detected [ 26.149768] [ 26.149869] Memory state around the buggy address: [ 26.150308] ffffffff970bde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.150947] ffffffff970bde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.151457] >ffffffff970bdf00: 00 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 [ 26.151895] ^ [ 26.152299] ffffffff970bdf80: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 26.152620] ffffffff970be000: 02 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 26.153208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 26.062345] ================================================================== [ 26.062875] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.063545] Free of addr ffff888103e99901 by task kunit_try_catch/290 [ 26.063764] [ 26.063852] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.063908] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.063923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.063947] Call Trace: [ 26.063960] <TASK> [ 26.063979] dump_stack_lvl+0x73/0xb0 [ 26.064012] print_report+0xd1/0x610 [ 26.064036] ? __virt_addr_valid+0x1db/0x2d0 [ 26.064083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.064109] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.064134] kasan_report_invalid_free+0x10a/0x130 [ 26.064157] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.064183] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.064207] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.064230] check_slab_allocation+0x11f/0x130 [ 26.064251] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.064274] mempool_free+0x2ec/0x380 [ 26.064300] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.064324] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.064349] ? dequeue_entities+0x23f/0x1630 [ 26.064375] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.064397] ? finish_task_switch.isra.0+0x153/0x700 [ 26.064422] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.064445] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.064470] ? __kasan_check_write+0x18/0x20 [ 26.064494] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.064516] ? __pfx_mempool_kfree+0x10/0x10 [ 26.064539] ? __pfx_read_tsc+0x10/0x10 [ 26.064561] ? ktime_get_ts64+0x86/0x230 [ 26.064587] kunit_try_run_case+0x1a5/0x480 [ 26.064610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.064630] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 26.064666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.064763] ? __kthread_parkme+0x82/0x180 [ 26.064784] ? preempt_count_sub+0x50/0x80 [ 26.064807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.064829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.064854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.064880] kthread+0x337/0x6f0 [ 26.064899] ? trace_preempt_on+0x20/0xc0 [ 26.064923] ? __pfx_kthread+0x10/0x10 [ 26.064958] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.065026] ? calculate_sigpending+0x7b/0xa0 [ 26.065051] ? __pfx_kthread+0x10/0x10 [ 26.065073] ret_from_fork+0x116/0x1d0 [ 26.065092] ? __pfx_kthread+0x10/0x10 [ 26.065113] ret_from_fork_asm+0x1a/0x30 [ 26.065143] </TASK> [ 26.065154] [ 26.081694] Allocated by task 290: [ 26.081895] kasan_save_stack+0x45/0x70 [ 26.082095] kasan_save_track+0x18/0x40 [ 26.082268] kasan_save_alloc_info+0x3b/0x50 [ 26.082460] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.082714] remove_element+0x11e/0x190 [ 26.082921] mempool_alloc_preallocated+0x4d/0x90 [ 26.083560] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.083819] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.084298] kunit_try_run_case+0x1a5/0x480 [ 26.084482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.084719] kthread+0x337/0x6f0 [ 26.085499] ret_from_fork+0x116/0x1d0 [ 26.085711] ret_from_fork_asm+0x1a/0x30 [ 26.085865] [ 26.085955] The buggy address belongs to the object at ffff888103e99900 [ 26.085955] which belongs to the cache kmalloc-128 of size 128 [ 26.087011] The buggy address is located 1 bytes inside of [ 26.087011] 128-byte region [ffff888103e99900, ffff888103e99980) [ 26.087488] [ 26.087572] The buggy address belongs to the physical page: [ 26.088131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e99 [ 26.088534] flags: 0x200000000000000(node=0|zone=2) [ 26.088787] page_type: f5(slab) [ 26.089124] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.089461] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.090302] page dumped because: kasan: bad access detected [ 26.090534] [ 26.090614] Memory state around the buggy address: [ 26.091226] ffff888103e99800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.091519] ffff888103e99880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.091941] >ffff888103e99900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.092439] ^ [ 26.092564] ffff888103e99980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.092931] ffff888103e99a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.093498] ================================================================== [ 26.097274] ================================================================== [ 26.097915] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.098895] Free of addr ffff888106148001 by task kunit_try_catch/292 [ 26.099547] [ 26.099651] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.099718] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.099738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.099763] Call Trace: [ 26.099777] <TASK> [ 26.099796] dump_stack_lvl+0x73/0xb0 [ 26.099842] print_report+0xd1/0x610 [ 26.099865] ? __virt_addr_valid+0x1db/0x2d0 [ 26.099913] ? kasan_addr_to_slab+0x11/0xa0 [ 26.099934] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.099960] kasan_report_invalid_free+0x10a/0x130 [ 26.099984] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.100011] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.100034] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.100058] mempool_free+0x2ec/0x380 [ 26.100087] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.100153] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.100191] ? dequeue_entities+0x23f/0x1630 [ 26.100216] ? __kasan_check_write+0x18/0x20 [ 26.100239] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.100272] ? finish_task_switch.isra.0+0x153/0x700 [ 26.100299] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.100323] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.100351] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.100372] ? __pfx_mempool_kfree+0x10/0x10 [ 26.100396] ? __pfx_read_tsc+0x10/0x10 [ 26.100418] ? ktime_get_ts64+0x86/0x230 [ 26.100442] kunit_try_run_case+0x1a5/0x480 [ 26.100467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.100487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.100511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.100534] ? __kthread_parkme+0x82/0x180 [ 26.100556] ? preempt_count_sub+0x50/0x80 [ 26.100579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.100599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.100624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.100649] kthread+0x337/0x6f0 [ 26.100678] ? trace_preempt_on+0x20/0xc0 [ 26.100702] ? __pfx_kthread+0x10/0x10 [ 26.100723] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.100744] ? calculate_sigpending+0x7b/0xa0 [ 26.100768] ? __pfx_kthread+0x10/0x10 [ 26.100789] ret_from_fork+0x116/0x1d0 [ 26.100808] ? __pfx_kthread+0x10/0x10 [ 26.100828] ret_from_fork_asm+0x1a/0x30 [ 26.100859] </TASK> [ 26.100870] [ 26.118834] The buggy address belongs to the physical page: [ 26.119455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106148 [ 26.119897] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.120665] flags: 0x200000000000040(head|node=0|zone=2) [ 26.121245] page_type: f8(unknown) [ 26.121380] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.121599] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.122162] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.122965] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.123702] head: 0200000000000002 ffffea0004185201 00000000ffffffff 00000000ffffffff [ 26.124493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.125099] page dumped because: kasan: bad access detected [ 26.125279] [ 26.125342] Memory state around the buggy address: [ 26.125489] ffff888106147f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.125722] ffff888106147f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.126297] >ffff888106148000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.126742] ^ [ 26.126858] ffff888106148080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.127414] ffff888106148100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.128182] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 26.010341] ================================================================== [ 26.011912] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.012693] Free of addr ffff8881061b4000 by task kunit_try_catch/286 [ 26.013336] [ 26.013583] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.013644] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.013667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.013693] Call Trace: [ 26.013706] <TASK> [ 26.013727] dump_stack_lvl+0x73/0xb0 [ 26.013777] print_report+0xd1/0x610 [ 26.013835] ? __virt_addr_valid+0x1db/0x2d0 [ 26.013863] ? kasan_addr_to_slab+0x11/0xa0 [ 26.013883] ? mempool_double_free_helper+0x184/0x370 [ 26.013919] kasan_report_invalid_free+0x10a/0x130 [ 26.013943] ? mempool_double_free_helper+0x184/0x370 [ 26.013980] ? mempool_double_free_helper+0x184/0x370 [ 26.014003] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.014027] mempool_free+0x2ec/0x380 [ 26.014061] mempool_double_free_helper+0x184/0x370 [ 26.014085] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.014109] ? dequeue_entities+0x23f/0x1630 [ 26.014135] ? __kasan_check_write+0x18/0x20 [ 26.014159] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.014181] ? finish_task_switch.isra.0+0x153/0x700 [ 26.014206] mempool_kmalloc_large_double_free+0xed/0x140 [ 26.014230] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.014256] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.014279] ? __pfx_mempool_kfree+0x10/0x10 [ 26.014301] ? irqentry_exit+0x2a/0x60 [ 26.014325] ? __pfx_read_tsc+0x10/0x10 [ 26.014347] ? ktime_get_ts64+0x86/0x230 [ 26.014373] kunit_try_run_case+0x1a5/0x480 [ 26.014396] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.014420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.014490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.014516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.014541] kthread+0x337/0x6f0 [ 26.014561] ? trace_preempt_on+0x20/0xc0 [ 26.014585] ? __pfx_kthread+0x10/0x10 [ 26.014605] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.014627] ? calculate_sigpending+0x7b/0xa0 [ 26.014652] ? __pfx_kthread+0x10/0x10 [ 26.014682] ret_from_fork+0x116/0x1d0 [ 26.014701] ? __pfx_kthread+0x10/0x10 [ 26.014722] ret_from_fork_asm+0x1a/0x30 [ 26.014769] </TASK> [ 26.014780] [ 26.029284] The buggy address belongs to the physical page: [ 26.029665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b4 [ 26.030115] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.030509] flags: 0x200000000000040(head|node=0|zone=2) [ 26.030702] page_type: f8(unknown) [ 26.030861] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.031157] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.031521] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.031832] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.032194] head: 0200000000000002 ffffea0004186d01 00000000ffffffff 00000000ffffffff [ 26.032491] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.032833] page dumped because: kasan: bad access detected [ 26.033096] [ 26.033178] Memory state around the buggy address: [ 26.033810] ffff8881061b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.034203] ffff8881061b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.034510] >ffff8881061b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.034783] ^ [ 26.034953] ffff8881061b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.035255] ffff8881061b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.035567] ================================================================== [ 26.039298] ================================================================== [ 26.039885] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.040245] Free of addr ffff888106144000 by task kunit_try_catch/288 [ 26.040542] [ 26.040682] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 26.040739] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.040753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.040777] Call Trace: [ 26.040790] <TASK> [ 26.040810] dump_stack_lvl+0x73/0xb0 [ 26.040844] print_report+0xd1/0x610 [ 26.040867] ? __virt_addr_valid+0x1db/0x2d0 [ 26.040894] ? kasan_addr_to_slab+0x11/0xa0 [ 26.040914] ? mempool_double_free_helper+0x184/0x370 [ 26.040938] kasan_report_invalid_free+0x10a/0x130 [ 26.040963] ? mempool_double_free_helper+0x184/0x370 [ 26.040988] ? mempool_double_free_helper+0x184/0x370 [ 26.041023] __kasan_mempool_poison_pages+0x115/0x130 [ 26.041059] mempool_free+0x290/0x380 [ 26.041087] mempool_double_free_helper+0x184/0x370 [ 26.041124] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.041148] ? update_load_avg+0x1be/0x21b0 [ 26.041184] ? update_curr+0x7d/0x7f0 [ 26.041207] ? finish_task_switch.isra.0+0x153/0x700 [ 26.041245] mempool_page_alloc_double_free+0xe8/0x140 [ 26.041271] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.041297] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.041322] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.041418] ? __pfx_read_tsc+0x10/0x10 [ 26.041443] ? ktime_get_ts64+0x86/0x230 [ 26.041469] kunit_try_run_case+0x1a5/0x480 [ 26.041493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.041514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.041538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.041563] ? __kthread_parkme+0x82/0x180 [ 26.041585] ? preempt_count_sub+0x50/0x80 [ 26.041608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.041630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.041666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.041692] kthread+0x337/0x6f0 [ 26.041712] ? trace_preempt_on+0x20/0xc0 [ 26.041736] ? __pfx_kthread+0x10/0x10 [ 26.041773] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.041794] ? calculate_sigpending+0x7b/0xa0 [ 26.041819] ? __pfx_kthread+0x10/0x10 [ 26.041841] ret_from_fork+0x116/0x1d0 [ 26.041860] ? __pfx_kthread+0x10/0x10 [ 26.041881] ret_from_fork_asm+0x1a/0x30 [ 26.041913] </TASK> [ 26.041925] [ 26.052107] The buggy address belongs to the physical page: [ 26.052481] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144 [ 26.053018] flags: 0x200000000000000(node=0|zone=2) [ 26.053614] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.054004] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.054380] page dumped because: kasan: bad access detected [ 26.054724] [ 26.054866] Memory state around the buggy address: [ 26.055064] ffff888106143f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.055453] ffff888106143f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.055751] >ffff888106144000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.056045] ^ [ 26.056252] ffff888106144080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.056460] ffff888106144100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.057002] ================================================================== [ 25.967147] ================================================================== [ 25.967565] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.968144] Free of addr ffff888105919a00 by task kunit_try_catch/284 [ 25.969477] [ 25.969596] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.969667] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.969681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.969706] Call Trace: [ 25.969719] <TASK> [ 25.969739] dump_stack_lvl+0x73/0xb0 [ 25.969777] print_report+0xd1/0x610 [ 25.969802] ? __virt_addr_valid+0x1db/0x2d0 [ 25.969828] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.969854] ? mempool_double_free_helper+0x184/0x370 [ 25.969878] kasan_report_invalid_free+0x10a/0x130 [ 25.969901] ? mempool_double_free_helper+0x184/0x370 [ 25.969925] ? mempool_double_free_helper+0x184/0x370 [ 25.969947] ? mempool_double_free_helper+0x184/0x370 [ 25.969969] check_slab_allocation+0x101/0x130 [ 25.970141] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.970166] mempool_free+0x2ec/0x380 [ 25.970193] ? mempool_alloc_preallocated+0x5b/0x90 [ 25.970222] mempool_double_free_helper+0x184/0x370 [ 25.970245] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.970269] ? dequeue_entities+0x23f/0x1630 [ 25.970295] ? __kasan_check_write+0x18/0x20 [ 25.970318] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.970341] ? finish_task_switch.isra.0+0x153/0x700 [ 25.970369] mempool_kmalloc_double_free+0xed/0x140 [ 25.970392] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 25.970417] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.970441] ? __pfx_mempool_kfree+0x10/0x10 [ 25.970467] ? __pfx_read_tsc+0x10/0x10 [ 25.970493] ? ktime_get_ts64+0x86/0x230 [ 25.970519] kunit_try_run_case+0x1a5/0x480 [ 25.970545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.970566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.970591] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.970615] ? __kthread_parkme+0x82/0x180 [ 25.970637] ? preempt_count_sub+0x50/0x80 [ 25.970671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.970694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.970719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.970745] kthread+0x337/0x6f0 [ 25.970765] ? trace_preempt_on+0x20/0xc0 [ 25.970792] ? __pfx_kthread+0x10/0x10 [ 25.970814] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.970836] ? calculate_sigpending+0x7b/0xa0 [ 25.970862] ? __pfx_kthread+0x10/0x10 [ 25.970883] ret_from_fork+0x116/0x1d0 [ 25.970903] ? __pfx_kthread+0x10/0x10 [ 25.970924] ret_from_fork_asm+0x1a/0x30 [ 25.971188] </TASK> [ 25.971201] [ 25.985329] Allocated by task 284: [ 25.985771] kasan_save_stack+0x45/0x70 [ 25.986248] kasan_save_track+0x18/0x40 [ 25.986457] kasan_save_alloc_info+0x3b/0x50 [ 25.986647] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.987136] remove_element+0x11e/0x190 [ 25.987551] mempool_alloc_preallocated+0x4d/0x90 [ 25.987844] mempool_double_free_helper+0x8a/0x370 [ 25.988182] mempool_kmalloc_double_free+0xed/0x140 [ 25.988391] kunit_try_run_case+0x1a5/0x480 [ 25.988579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.989568] kthread+0x337/0x6f0 [ 25.989895] ret_from_fork+0x116/0x1d0 [ 25.990306] ret_from_fork_asm+0x1a/0x30 [ 25.990631] [ 25.990856] Freed by task 284: [ 25.991129] kasan_save_stack+0x45/0x70 [ 25.991430] kasan_save_track+0x18/0x40 [ 25.991621] kasan_save_free_info+0x3f/0x60 [ 25.992095] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.992483] mempool_free+0x2ec/0x380 [ 25.992668] mempool_double_free_helper+0x109/0x370 [ 25.993031] mempool_kmalloc_double_free+0xed/0x140 [ 25.993889] kunit_try_run_case+0x1a5/0x480 [ 25.994036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.994218] kthread+0x337/0x6f0 [ 25.994341] ret_from_fork+0x116/0x1d0 [ 25.994469] ret_from_fork_asm+0x1a/0x30 [ 25.994604] [ 25.994684] The buggy address belongs to the object at ffff888105919a00 [ 25.994684] which belongs to the cache kmalloc-128 of size 128 [ 25.996535] The buggy address is located 0 bytes inside of [ 25.996535] 128-byte region [ffff888105919a00, ffff888105919a80) [ 25.997939] [ 25.998288] The buggy address belongs to the physical page: [ 25.998948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 25.999859] flags: 0x200000000000000(node=0|zone=2) [ 26.000490] page_type: f5(slab) [ 26.000969] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.001524] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.001867] page dumped because: kasan: bad access detected [ 26.002454] [ 26.002617] Memory state around the buggy address: [ 26.003172] ffff888105919900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.003923] ffff888105919980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.004176] >ffff888105919a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.004384] ^ [ 26.004497] ffff888105919a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.004726] ffff888105919b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.004976] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 25.948067] ================================================================== [ 25.948532] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.948829] Read of size 1 at addr ffff8881061b4000 by task kunit_try_catch/282 [ 25.949176] [ 25.949276] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.949333] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.949363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.949388] Call Trace: [ 25.949403] <TASK> [ 25.949425] dump_stack_lvl+0x73/0xb0 [ 25.949461] print_report+0xd1/0x610 [ 25.949487] ? __virt_addr_valid+0x1db/0x2d0 [ 25.949514] ? mempool_uaf_helper+0x392/0x400 [ 25.949536] ? kasan_addr_to_slab+0x11/0xa0 [ 25.949557] ? mempool_uaf_helper+0x392/0x400 [ 25.949578] kasan_report+0x141/0x180 [ 25.949600] ? mempool_uaf_helper+0x392/0x400 [ 25.949626] __asan_report_load1_noabort+0x18/0x20 [ 25.949650] mempool_uaf_helper+0x392/0x400 [ 25.949682] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.949704] ? dequeue_entities+0x23f/0x1630 [ 25.949732] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.949771] ? finish_task_switch.isra.0+0x153/0x700 [ 25.949797] mempool_page_alloc_uaf+0xed/0x140 [ 25.949821] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 25.949847] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.949872] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.949897] ? __pfx_read_tsc+0x10/0x10 [ 25.949921] ? ktime_get_ts64+0x86/0x230 [ 25.949947] kunit_try_run_case+0x1a5/0x480 [ 25.949972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.949992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.950017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.950046] ? __kthread_parkme+0x82/0x180 [ 25.950067] ? preempt_count_sub+0x50/0x80 [ 25.950090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.950111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.950136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.950161] kthread+0x337/0x6f0 [ 25.950182] ? trace_preempt_on+0x20/0xc0 [ 25.950206] ? __pfx_kthread+0x10/0x10 [ 25.950226] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.950247] ? calculate_sigpending+0x7b/0xa0 [ 25.950271] ? __pfx_kthread+0x10/0x10 [ 25.950293] ret_from_fork+0x116/0x1d0 [ 25.950312] ? __pfx_kthread+0x10/0x10 [ 25.950333] ret_from_fork_asm+0x1a/0x30 [ 25.950364] </TASK> [ 25.950375] [ 25.958268] The buggy address belongs to the physical page: [ 25.958550] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b4 [ 25.959353] flags: 0x200000000000000(node=0|zone=2) [ 25.959587] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.960256] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.960680] page dumped because: kasan: bad access detected [ 25.961151] [ 25.961248] Memory state around the buggy address: [ 25.961460] ffff8881061b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.961921] ffff8881061b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.962425] >ffff8881061b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.962836] ^ [ 25.962991] ffff8881061b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.963256] ffff8881061b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.963517] ================================================================== [ 25.881651] ================================================================== [ 25.882162] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.882951] Read of size 1 at addr ffff888106144000 by task kunit_try_catch/278 [ 25.883196] [ 25.883309] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.883366] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.883380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.883405] Call Trace: [ 25.883419] <TASK> [ 25.883439] dump_stack_lvl+0x73/0xb0 [ 25.883475] print_report+0xd1/0x610 [ 25.883500] ? __virt_addr_valid+0x1db/0x2d0 [ 25.883526] ? mempool_uaf_helper+0x392/0x400 [ 25.883548] ? kasan_addr_to_slab+0x11/0xa0 [ 25.883569] ? mempool_uaf_helper+0x392/0x400 [ 25.883590] kasan_report+0x141/0x180 [ 25.883612] ? mempool_uaf_helper+0x392/0x400 [ 25.883690] __asan_report_load1_noabort+0x18/0x20 [ 25.883715] mempool_uaf_helper+0x392/0x400 [ 25.883738] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.883771] ? dequeue_entities+0x23f/0x1630 [ 25.883860] ? __kasan_check_write+0x18/0x20 [ 25.883883] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.883905] ? finish_task_switch.isra.0+0x153/0x700 [ 25.883931] mempool_kmalloc_large_uaf+0xef/0x140 [ 25.883953] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 25.883979] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.884004] ? __pfx_mempool_kfree+0x10/0x10 [ 25.884028] ? __pfx_read_tsc+0x10/0x10 [ 25.884059] ? ktime_get_ts64+0x86/0x230 [ 25.884085] kunit_try_run_case+0x1a5/0x480 [ 25.884110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.884130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.884154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.884177] ? __kthread_parkme+0x82/0x180 [ 25.884199] ? preempt_count_sub+0x50/0x80 [ 25.884221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.884242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.884268] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.884296] kthread+0x337/0x6f0 [ 25.884315] ? trace_preempt_on+0x20/0xc0 [ 25.884339] ? __pfx_kthread+0x10/0x10 [ 25.884359] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.884381] ? calculate_sigpending+0x7b/0xa0 [ 25.884407] ? __pfx_kthread+0x10/0x10 [ 25.884428] ret_from_fork+0x116/0x1d0 [ 25.884448] ? __pfx_kthread+0x10/0x10 [ 25.884469] ret_from_fork_asm+0x1a/0x30 [ 25.884501] </TASK> [ 25.884512] [ 25.896364] The buggy address belongs to the physical page: [ 25.896680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144 [ 25.897281] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.897690] flags: 0x200000000000040(head|node=0|zone=2) [ 25.898068] page_type: f8(unknown) [ 25.898203] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.898551] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.899205] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.899590] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.900050] head: 0200000000000002 ffffea0004185101 00000000ffffffff 00000000ffffffff [ 25.900385] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.900722] page dumped because: kasan: bad access detected [ 25.901215] [ 25.901297] Memory state around the buggy address: [ 25.901646] ffff888106143f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.902196] ffff888106143f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.902570] >ffff888106144000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.902980] ^ [ 25.903424] ffff888106144080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.903918] ffff888106144100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.904260] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 25.908804] ================================================================== [ 25.909435] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.909816] Read of size 1 at addr ffff888103eb6240 by task kunit_try_catch/280 [ 25.910102] [ 25.910277] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.910333] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.910347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.910370] Call Trace: [ 25.910385] <TASK> [ 25.910405] dump_stack_lvl+0x73/0xb0 [ 25.910437] print_report+0xd1/0x610 [ 25.910459] ? __virt_addr_valid+0x1db/0x2d0 [ 25.910484] ? mempool_uaf_helper+0x392/0x400 [ 25.910505] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.910530] ? mempool_uaf_helper+0x392/0x400 [ 25.910552] kasan_report+0x141/0x180 [ 25.910574] ? mempool_uaf_helper+0x392/0x400 [ 25.910599] __asan_report_load1_noabort+0x18/0x20 [ 25.910622] mempool_uaf_helper+0x392/0x400 [ 25.910644] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.910681] ? finish_task_switch.isra.0+0x153/0x700 [ 25.910708] mempool_slab_uaf+0xea/0x140 [ 25.910731] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 25.910756] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.910780] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.910804] ? __pfx_read_tsc+0x10/0x10 [ 25.910826] ? ktime_get_ts64+0x86/0x230 [ 25.910850] kunit_try_run_case+0x1a5/0x480 [ 25.910874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.910893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.910917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.910940] ? __kthread_parkme+0x82/0x180 [ 25.910961] ? preempt_count_sub+0x50/0x80 [ 25.910983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.911060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.911085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.911109] kthread+0x337/0x6f0 [ 25.911130] ? trace_preempt_on+0x20/0xc0 [ 25.911152] ? __pfx_kthread+0x10/0x10 [ 25.911173] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.911194] ? calculate_sigpending+0x7b/0xa0 [ 25.911218] ? __pfx_kthread+0x10/0x10 [ 25.911239] ret_from_fork+0x116/0x1d0 [ 25.911257] ? __pfx_kthread+0x10/0x10 [ 25.911278] ret_from_fork_asm+0x1a/0x30 [ 25.911308] </TASK> [ 25.911319] [ 25.920472] Allocated by task 280: [ 25.920643] kasan_save_stack+0x45/0x70 [ 25.920817] kasan_save_track+0x18/0x40 [ 25.920948] kasan_save_alloc_info+0x3b/0x50 [ 25.921263] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.922222] remove_element+0x11e/0x190 [ 25.922456] mempool_alloc_preallocated+0x4d/0x90 [ 25.922736] mempool_uaf_helper+0x96/0x400 [ 25.922972] mempool_slab_uaf+0xea/0x140 [ 25.923177] kunit_try_run_case+0x1a5/0x480 [ 25.923394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.923627] kthread+0x337/0x6f0 [ 25.923808] ret_from_fork+0x116/0x1d0 [ 25.923936] ret_from_fork_asm+0x1a/0x30 [ 25.924069] [ 25.924175] Freed by task 280: [ 25.924329] kasan_save_stack+0x45/0x70 [ 25.924516] kasan_save_track+0x18/0x40 [ 25.924644] kasan_save_free_info+0x3f/0x60 [ 25.925001] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.925305] mempool_free+0x2ec/0x380 [ 25.925450] mempool_uaf_helper+0x11a/0x400 [ 25.925678] mempool_slab_uaf+0xea/0x140 [ 25.925882] kunit_try_run_case+0x1a5/0x480 [ 25.926063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.926236] kthread+0x337/0x6f0 [ 25.926559] ret_from_fork+0x116/0x1d0 [ 25.926839] ret_from_fork_asm+0x1a/0x30 [ 25.926984] [ 25.927049] The buggy address belongs to the object at ffff888103eb6240 [ 25.927049] which belongs to the cache test_cache of size 123 [ 25.927516] The buggy address is located 0 bytes inside of [ 25.927516] freed 123-byte region [ffff888103eb6240, ffff888103eb62bb) [ 25.928828] [ 25.928927] The buggy address belongs to the physical page: [ 25.929745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb6 [ 25.930233] flags: 0x200000000000000(node=0|zone=2) [ 25.930477] page_type: f5(slab) [ 25.930884] raw: 0200000000000000 ffff888103eb1280 dead000000000122 0000000000000000 [ 25.931449] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.931925] page dumped because: kasan: bad access detected [ 25.932389] [ 25.932467] Memory state around the buggy address: [ 25.932676] ffff888103eb6100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.933022] ffff888103eb6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.933641] >ffff888103eb6200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.934152] ^ [ 25.934365] ffff888103eb6280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.934879] ffff888103eb6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.935683] ================================================================== [ 25.841295] ================================================================== [ 25.843092] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.844371] Read of size 1 at addr ffff888103e99500 by task kunit_try_catch/276 [ 25.845680] [ 25.846170] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.846249] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.846265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.846337] Call Trace: [ 25.846356] <TASK> [ 25.846378] dump_stack_lvl+0x73/0xb0 [ 25.846422] print_report+0xd1/0x610 [ 25.846469] ? __virt_addr_valid+0x1db/0x2d0 [ 25.846496] ? mempool_uaf_helper+0x392/0x400 [ 25.846518] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.846544] ? mempool_uaf_helper+0x392/0x400 [ 25.846566] kasan_report+0x141/0x180 [ 25.846587] ? mempool_uaf_helper+0x392/0x400 [ 25.846613] __asan_report_load1_noabort+0x18/0x20 [ 25.846637] mempool_uaf_helper+0x392/0x400 [ 25.846668] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.846690] ? dequeue_entities+0x23f/0x1630 [ 25.846716] ? __kasan_check_write+0x18/0x20 [ 25.846755] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.846777] ? finish_task_switch.isra.0+0x153/0x700 [ 25.846804] mempool_kmalloc_uaf+0xef/0x140 [ 25.846825] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 25.846849] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.846874] ? __pfx_mempool_kfree+0x10/0x10 [ 25.846898] ? __pfx_read_tsc+0x10/0x10 [ 25.846920] ? ktime_get_ts64+0x86/0x230 [ 25.846976] kunit_try_run_case+0x1a5/0x480 [ 25.847001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.847021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.847046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.847069] ? __kthread_parkme+0x82/0x180 [ 25.847090] ? preempt_count_sub+0x50/0x80 [ 25.847113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.847135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.847160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.847184] kthread+0x337/0x6f0 [ 25.847205] ? trace_preempt_on+0x20/0xc0 [ 25.847228] ? __pfx_kthread+0x10/0x10 [ 25.847249] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.847270] ? calculate_sigpending+0x7b/0xa0 [ 25.847293] ? __pfx_kthread+0x10/0x10 [ 25.847315] ret_from_fork+0x116/0x1d0 [ 25.847333] ? __pfx_kthread+0x10/0x10 [ 25.847353] ret_from_fork_asm+0x1a/0x30 [ 25.847385] </TASK> [ 25.847396] [ 25.862285] Allocated by task 276: [ 25.862497] kasan_save_stack+0x45/0x70 [ 25.862710] kasan_save_track+0x18/0x40 [ 25.863154] kasan_save_alloc_info+0x3b/0x50 [ 25.863310] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.863539] remove_element+0x11e/0x190 [ 25.863964] mempool_alloc_preallocated+0x4d/0x90 [ 25.864206] mempool_uaf_helper+0x96/0x400 [ 25.864587] mempool_kmalloc_uaf+0xef/0x140 [ 25.864924] kunit_try_run_case+0x1a5/0x480 [ 25.865285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.865627] kthread+0x337/0x6f0 [ 25.865828] ret_from_fork+0x116/0x1d0 [ 25.866240] ret_from_fork_asm+0x1a/0x30 [ 25.866379] [ 25.866600] Freed by task 276: [ 25.866727] kasan_save_stack+0x45/0x70 [ 25.867023] kasan_save_track+0x18/0x40 [ 25.867468] kasan_save_free_info+0x3f/0x60 [ 25.867782] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.868174] mempool_free+0x2ec/0x380 [ 25.868557] mempool_uaf_helper+0x11a/0x400 [ 25.869248] mempool_kmalloc_uaf+0xef/0x140 [ 25.869447] kunit_try_run_case+0x1a5/0x480 [ 25.869912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.870266] kthread+0x337/0x6f0 [ 25.870555] ret_from_fork+0x116/0x1d0 [ 25.870729] ret_from_fork_asm+0x1a/0x30 [ 25.870920] [ 25.871160] The buggy address belongs to the object at ffff888103e99500 [ 25.871160] which belongs to the cache kmalloc-128 of size 128 [ 25.871623] The buggy address is located 0 bytes inside of [ 25.871623] freed 128-byte region [ffff888103e99500, ffff888103e99580) [ 25.872241] [ 25.872340] The buggy address belongs to the physical page: [ 25.872534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e99 [ 25.872932] flags: 0x200000000000000(node=0|zone=2) [ 25.873377] page_type: f5(slab) [ 25.873507] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.873905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.874202] page dumped because: kasan: bad access detected [ 25.874672] [ 25.875245] Memory state around the buggy address: [ 25.875428] ffff888103e99400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.875786] ffff888103e99480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.876042] >ffff888103e99500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.876451] ^ [ 25.876651] ffff888103e99580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.877128] ffff888103e99600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.877431] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 25.742759] ================================================================== [ 25.743291] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.743598] Read of size 1 at addr ffff888105919673 by task kunit_try_catch/270 [ 25.743960] [ 25.744054] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.744113] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.744127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.744152] Call Trace: [ 25.744166] <TASK> [ 25.744188] dump_stack_lvl+0x73/0xb0 [ 25.744222] print_report+0xd1/0x610 [ 25.744244] ? __virt_addr_valid+0x1db/0x2d0 [ 25.744270] ? mempool_oob_right_helper+0x318/0x380 [ 25.744292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.744318] ? mempool_oob_right_helper+0x318/0x380 [ 25.744341] kasan_report+0x141/0x180 [ 25.744362] ? mempool_oob_right_helper+0x318/0x380 [ 25.744389] __asan_report_load1_noabort+0x18/0x20 [ 25.744412] mempool_oob_right_helper+0x318/0x380 [ 25.744435] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.744459] ? dequeue_entities+0x23f/0x1630 [ 25.744485] ? __kasan_check_write+0x18/0x20 [ 25.744508] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.744530] ? finish_task_switch.isra.0+0x153/0x700 [ 25.744557] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.744580] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 25.744604] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.744630] ? __pfx_mempool_kfree+0x10/0x10 [ 25.744789] ? __pfx_read_tsc+0x10/0x10 [ 25.744848] ? ktime_get_ts64+0x86/0x230 [ 25.744874] kunit_try_run_case+0x1a5/0x480 [ 25.744900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.744920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.744996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.745022] ? __kthread_parkme+0x82/0x180 [ 25.745044] ? preempt_count_sub+0x50/0x80 [ 25.745066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.745088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.745114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.745138] kthread+0x337/0x6f0 [ 25.745158] ? trace_preempt_on+0x20/0xc0 [ 25.745183] ? __pfx_kthread+0x10/0x10 [ 25.745204] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.745225] ? calculate_sigpending+0x7b/0xa0 [ 25.745249] ? __pfx_kthread+0x10/0x10 [ 25.745270] ret_from_fork+0x116/0x1d0 [ 25.745290] ? __pfx_kthread+0x10/0x10 [ 25.745310] ret_from_fork_asm+0x1a/0x30 [ 25.745342] </TASK> [ 25.745354] [ 25.756611] Allocated by task 270: [ 25.756800] kasan_save_stack+0x45/0x70 [ 25.757387] kasan_save_track+0x18/0x40 [ 25.757531] kasan_save_alloc_info+0x3b/0x50 [ 25.757773] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.757974] remove_element+0x11e/0x190 [ 25.758145] mempool_alloc_preallocated+0x4d/0x90 [ 25.758356] mempool_oob_right_helper+0x8a/0x380 [ 25.758518] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.758751] kunit_try_run_case+0x1a5/0x480 [ 25.758957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.759142] kthread+0x337/0x6f0 [ 25.759305] ret_from_fork+0x116/0x1d0 [ 25.759460] ret_from_fork_asm+0x1a/0x30 [ 25.760036] [ 25.760149] The buggy address belongs to the object at ffff888105919600 [ 25.760149] which belongs to the cache kmalloc-128 of size 128 [ 25.760681] The buggy address is located 0 bytes to the right of [ 25.760681] allocated 115-byte region [ffff888105919600, ffff888105919673) [ 25.761286] [ 25.761716] The buggy address belongs to the physical page: [ 25.762004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 25.762541] flags: 0x200000000000000(node=0|zone=2) [ 25.762897] page_type: f5(slab) [ 25.763073] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.763552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.764031] page dumped because: kasan: bad access detected [ 25.764345] [ 25.764594] Memory state around the buggy address: [ 25.764893] ffff888105919500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.765171] ffff888105919580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.765689] >ffff888105919600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.766123] ^ [ 25.766503] ffff888105919680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.766844] ffff888105919700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.767242] ================================================================== [ 25.771211] ================================================================== [ 25.771628] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.772185] Read of size 1 at addr ffff8881061b2001 by task kunit_try_catch/272 [ 25.772710] [ 25.772861] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.772917] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.772930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.772956] Call Trace: [ 25.772971] <TASK> [ 25.772991] dump_stack_lvl+0x73/0xb0 [ 25.773026] print_report+0xd1/0x610 [ 25.773048] ? __virt_addr_valid+0x1db/0x2d0 [ 25.773073] ? mempool_oob_right_helper+0x318/0x380 [ 25.773096] ? kasan_addr_to_slab+0x11/0xa0 [ 25.773115] ? mempool_oob_right_helper+0x318/0x380 [ 25.773138] kasan_report+0x141/0x180 [ 25.773158] ? mempool_oob_right_helper+0x318/0x380 [ 25.773186] __asan_report_load1_noabort+0x18/0x20 [ 25.773209] mempool_oob_right_helper+0x318/0x380 [ 25.773232] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.773256] ? dequeue_entities+0x23f/0x1630 [ 25.773281] ? __kasan_check_write+0x18/0x20 [ 25.773303] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.773325] ? finish_task_switch.isra.0+0x153/0x700 [ 25.773351] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 25.773374] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 25.773400] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.773425] ? __pfx_mempool_kfree+0x10/0x10 [ 25.773448] ? __pfx_read_tsc+0x10/0x10 [ 25.773470] ? ktime_get_ts64+0x86/0x230 [ 25.773495] kunit_try_run_case+0x1a5/0x480 [ 25.773519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.773539] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.773564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.773586] ? __kthread_parkme+0x82/0x180 [ 25.773608] ? preempt_count_sub+0x50/0x80 [ 25.773630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.773651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.773699] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.773725] kthread+0x337/0x6f0 [ 25.773756] ? trace_preempt_on+0x20/0xc0 [ 25.773780] ? __pfx_kthread+0x10/0x10 [ 25.773800] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.773822] ? calculate_sigpending+0x7b/0xa0 [ 25.773846] ? __pfx_kthread+0x10/0x10 [ 25.773867] ret_from_fork+0x116/0x1d0 [ 25.773886] ? __pfx_kthread+0x10/0x10 [ 25.773906] ret_from_fork_asm+0x1a/0x30 [ 25.773936] </TASK> [ 25.773958] [ 25.784968] The buggy address belongs to the physical page: [ 25.785475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b0 [ 25.786198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.786499] flags: 0x200000000000040(head|node=0|zone=2) [ 25.786767] page_type: f8(unknown) [ 25.787164] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.787599] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.788085] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.788411] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.788886] head: 0200000000000002 ffffea0004186c01 00000000ffffffff 00000000ffffffff [ 25.789248] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.789580] page dumped because: kasan: bad access detected [ 25.789812] [ 25.789879] Memory state around the buggy address: [ 25.790454] ffff8881061b1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.790737] ffff8881061b1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.791542] >ffff8881061b2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.791815] ^ [ 25.791980] ffff8881061b2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.792384] ffff8881061b2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.792684] ================================================================== [ 25.797400] ================================================================== [ 25.798543] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.799809] Read of size 1 at addr ffff888103eb42bb by task kunit_try_catch/274 [ 25.801022] [ 25.801559] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.801649] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.801763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.801791] Call Trace: [ 25.801809] <TASK> [ 25.801831] dump_stack_lvl+0x73/0xb0 [ 25.801875] print_report+0xd1/0x610 [ 25.801900] ? __virt_addr_valid+0x1db/0x2d0 [ 25.801986] ? mempool_oob_right_helper+0x318/0x380 [ 25.802015] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.802046] ? mempool_oob_right_helper+0x318/0x380 [ 25.802070] kasan_report+0x141/0x180 [ 25.802092] ? mempool_oob_right_helper+0x318/0x380 [ 25.802119] __asan_report_load1_noabort+0x18/0x20 [ 25.802179] mempool_oob_right_helper+0x318/0x380 [ 25.802204] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.802229] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.802251] ? finish_task_switch.isra.0+0x153/0x700 [ 25.802278] mempool_slab_oob_right+0xed/0x140 [ 25.802302] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 25.802327] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.802352] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.802377] ? __pfx_read_tsc+0x10/0x10 [ 25.802398] ? ktime_get_ts64+0x86/0x230 [ 25.802422] kunit_try_run_case+0x1a5/0x480 [ 25.802446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.802466] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.802490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.802514] ? __kthread_parkme+0x82/0x180 [ 25.802535] ? preempt_count_sub+0x50/0x80 [ 25.802557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.802579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.802604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.802629] kthread+0x337/0x6f0 [ 25.802652] ? trace_preempt_on+0x20/0xc0 [ 25.802690] ? __pfx_kthread+0x10/0x10 [ 25.802713] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.802760] ? calculate_sigpending+0x7b/0xa0 [ 25.802785] ? __pfx_kthread+0x10/0x10 [ 25.802807] ret_from_fork+0x116/0x1d0 [ 25.802826] ? __pfx_kthread+0x10/0x10 [ 25.802846] ret_from_fork_asm+0x1a/0x30 [ 25.802878] </TASK> [ 25.802889] [ 25.818555] Allocated by task 274: [ 25.818785] kasan_save_stack+0x45/0x70 [ 25.818971] kasan_save_track+0x18/0x40 [ 25.819487] kasan_save_alloc_info+0x3b/0x50 [ 25.819699] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.819900] remove_element+0x11e/0x190 [ 25.820177] mempool_alloc_preallocated+0x4d/0x90 [ 25.820385] mempool_oob_right_helper+0x8a/0x380 [ 25.820550] mempool_slab_oob_right+0xed/0x140 [ 25.820803] kunit_try_run_case+0x1a5/0x480 [ 25.821055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.821256] kthread+0x337/0x6f0 [ 25.821600] ret_from_fork+0x116/0x1d0 [ 25.821829] ret_from_fork_asm+0x1a/0x30 [ 25.821966] [ 25.822065] The buggy address belongs to the object at ffff888103eb4240 [ 25.822065] which belongs to the cache test_cache of size 123 [ 25.822627] The buggy address is located 0 bytes to the right of [ 25.822627] allocated 123-byte region [ffff888103eb4240, ffff888103eb42bb) [ 25.823386] [ 25.823491] The buggy address belongs to the physical page: [ 25.823757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eb4 [ 25.824041] flags: 0x200000000000000(node=0|zone=2) [ 25.824233] page_type: f5(slab) [ 25.824422] raw: 0200000000000000 ffff888103eb1140 dead000000000122 0000000000000000 [ 25.824981] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.825950] page dumped because: kasan: bad access detected [ 25.826148] [ 25.826214] Memory state around the buggy address: [ 25.826365] ffff888103eb4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.826571] ffff888103eb4200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.826784] >ffff888103eb4280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 25.826983] ^ [ 25.827134] ffff888103eb4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.827333] ffff888103eb4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.827532] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 25.153563] ================================================================== [ 25.154397] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 25.155056] Read of size 1 at addr ffff888100faadc0 by task kunit_try_catch/264 [ 25.155277] [ 25.155369] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.155425] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.155439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.155464] Call Trace: [ 25.155479] <TASK> [ 25.155501] dump_stack_lvl+0x73/0xb0 [ 25.155535] print_report+0xd1/0x610 [ 25.155560] ? __virt_addr_valid+0x1db/0x2d0 [ 25.155585] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.155609] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.155635] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.155674] kasan_report+0x141/0x180 [ 25.155696] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.155723] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.155748] __kasan_check_byte+0x3d/0x50 [ 25.155769] kmem_cache_destroy+0x25/0x1d0 [ 25.155796] kmem_cache_double_destroy+0x1bf/0x380 [ 25.155820] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 25.155843] ? finish_task_switch.isra.0+0x153/0x700 [ 25.155866] ? __switch_to+0x47/0xf80 [ 25.155895] ? __pfx_read_tsc+0x10/0x10 [ 25.155916] ? ktime_get_ts64+0x86/0x230 [ 25.155962] kunit_try_run_case+0x1a5/0x480 [ 25.155986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.156007] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.156031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.156055] ? __kthread_parkme+0x82/0x180 [ 25.156075] ? preempt_count_sub+0x50/0x80 [ 25.156098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.156119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.156144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.156169] kthread+0x337/0x6f0 [ 25.156188] ? trace_preempt_on+0x20/0xc0 [ 25.156212] ? __pfx_kthread+0x10/0x10 [ 25.156232] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.156253] ? calculate_sigpending+0x7b/0xa0 [ 25.156278] ? __pfx_kthread+0x10/0x10 [ 25.156298] ret_from_fork+0x116/0x1d0 [ 25.156318] ? __pfx_kthread+0x10/0x10 [ 25.156337] ret_from_fork_asm+0x1a/0x30 [ 25.156369] </TASK> [ 25.156380] [ 25.168817] Allocated by task 264: [ 25.168974] kasan_save_stack+0x45/0x70 [ 25.169132] kasan_save_track+0x18/0x40 [ 25.169535] kasan_save_alloc_info+0x3b/0x50 [ 25.169964] __kasan_slab_alloc+0x91/0xa0 [ 25.170416] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.170884] __kmem_cache_create_args+0x169/0x240 [ 25.171489] kmem_cache_double_destroy+0xd5/0x380 [ 25.171668] kunit_try_run_case+0x1a5/0x480 [ 25.171884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.172380] kthread+0x337/0x6f0 [ 25.172721] ret_from_fork+0x116/0x1d0 [ 25.173208] ret_from_fork_asm+0x1a/0x30 [ 25.173636] [ 25.173794] Freed by task 264: [ 25.174075] kasan_save_stack+0x45/0x70 [ 25.174204] kasan_save_track+0x18/0x40 [ 25.174666] kasan_save_free_info+0x3f/0x60 [ 25.175079] __kasan_slab_free+0x56/0x70 [ 25.175251] kmem_cache_free+0x249/0x420 [ 25.175378] slab_kmem_cache_release+0x2e/0x40 [ 25.175519] kmem_cache_release+0x16/0x20 [ 25.175649] kobject_put+0x181/0x450 [ 25.176154] sysfs_slab_release+0x16/0x20 [ 25.176538] kmem_cache_destroy+0xf0/0x1d0 [ 25.176957] kmem_cache_double_destroy+0x14e/0x380 [ 25.177442] kunit_try_run_case+0x1a5/0x480 [ 25.177861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.178386] kthread+0x337/0x6f0 [ 25.178753] ret_from_fork+0x116/0x1d0 [ 25.179282] ret_from_fork_asm+0x1a/0x30 [ 25.179510] [ 25.179575] The buggy address belongs to the object at ffff888100faadc0 [ 25.179575] which belongs to the cache kmem_cache of size 208 [ 25.180330] The buggy address is located 0 bytes inside of [ 25.180330] freed 208-byte region [ffff888100faadc0, ffff888100faae90) [ 25.181414] [ 25.181644] The buggy address belongs to the physical page: [ 25.182004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100faa [ 25.182610] flags: 0x200000000000000(node=0|zone=2) [ 25.182870] page_type: f5(slab) [ 25.183198] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 25.184141] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 25.184497] page dumped because: kasan: bad access detected [ 25.184670] [ 25.184731] Memory state around the buggy address: [ 25.185193] ffff888100faac80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.185858] ffff888100faad00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 25.186543] >ffff888100faad80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.187229] ^ [ 25.187621] ffff888100faae00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.187986] ffff888100faae80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.188637] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 25.086367] ================================================================== [ 25.086912] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.087463] Read of size 1 at addr ffff8881060a2000 by task kunit_try_catch/262 [ 25.087923] [ 25.088019] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.088077] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.088091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.088116] Call Trace: [ 25.088132] <TASK> [ 25.088152] dump_stack_lvl+0x73/0xb0 [ 25.088188] print_report+0xd1/0x610 [ 25.088212] ? __virt_addr_valid+0x1db/0x2d0 [ 25.088237] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.088260] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.088286] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.088308] kasan_report+0x141/0x180 [ 25.088330] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.088356] __asan_report_load1_noabort+0x18/0x20 [ 25.088460] kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.088487] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 25.088510] ? finish_task_switch.isra.0+0x153/0x700 [ 25.088534] ? __switch_to+0x47/0xf80 [ 25.088564] ? __pfx_read_tsc+0x10/0x10 [ 25.088587] ? ktime_get_ts64+0x86/0x230 [ 25.088615] kunit_try_run_case+0x1a5/0x480 [ 25.088639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.088671] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.088696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.088719] ? __kthread_parkme+0x82/0x180 [ 25.088740] ? preempt_count_sub+0x50/0x80 [ 25.088774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.088796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.088821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.088845] kthread+0x337/0x6f0 [ 25.088865] ? trace_preempt_on+0x20/0xc0 [ 25.088890] ? __pfx_kthread+0x10/0x10 [ 25.088911] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.088932] ? calculate_sigpending+0x7b/0xa0 [ 25.088967] ? __pfx_kthread+0x10/0x10 [ 25.088988] ret_from_fork+0x116/0x1d0 [ 25.089009] ? __pfx_kthread+0x10/0x10 [ 25.089029] ret_from_fork_asm+0x1a/0x30 [ 25.089060] </TASK> [ 25.089072] [ 25.099565] Allocated by task 262: [ 25.099769] kasan_save_stack+0x45/0x70 [ 25.100420] kasan_save_track+0x18/0x40 [ 25.100596] kasan_save_alloc_info+0x3b/0x50 [ 25.100815] __kasan_slab_alloc+0x91/0xa0 [ 25.101197] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.101639] kmem_cache_rcu_uaf+0x155/0x510 [ 25.101970] kunit_try_run_case+0x1a5/0x480 [ 25.102183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.102404] kthread+0x337/0x6f0 [ 25.102572] ret_from_fork+0x116/0x1d0 [ 25.102745] ret_from_fork_asm+0x1a/0x30 [ 25.103229] [ 25.103323] Freed by task 0: [ 25.103434] kasan_save_stack+0x45/0x70 [ 25.103621] kasan_save_track+0x18/0x40 [ 25.104222] kasan_save_free_info+0x3f/0x60 [ 25.104401] __kasan_slab_free+0x56/0x70 [ 25.104755] slab_free_after_rcu_debug+0xe4/0x310 [ 25.105041] rcu_core+0x66f/0x1c40 [ 25.105288] rcu_core_si+0x12/0x20 [ 25.105474] handle_softirqs+0x209/0x730 [ 25.105885] __irq_exit_rcu+0xc9/0x110 [ 25.106031] irq_exit_rcu+0x12/0x20 [ 25.106384] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.106619] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.106890] [ 25.106964] Last potentially related work creation: [ 25.107180] kasan_save_stack+0x45/0x70 [ 25.107366] kasan_record_aux_stack+0xb2/0xc0 [ 25.107531] kmem_cache_free+0x131/0x420 [ 25.107732] kmem_cache_rcu_uaf+0x194/0x510 [ 25.108584] kunit_try_run_case+0x1a5/0x480 [ 25.108741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.109242] kthread+0x337/0x6f0 [ 25.109427] ret_from_fork+0x116/0x1d0 [ 25.109584] ret_from_fork_asm+0x1a/0x30 [ 25.109946] [ 25.110165] The buggy address belongs to the object at ffff8881060a2000 [ 25.110165] which belongs to the cache test_cache of size 200 [ 25.110829] The buggy address is located 0 bytes inside of [ 25.110829] freed 200-byte region [ffff8881060a2000, ffff8881060a20c8) [ 25.111695] [ 25.111863] The buggy address belongs to the physical page: [ 25.112311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a2 [ 25.112653] flags: 0x200000000000000(node=0|zone=2) [ 25.113125] page_type: f5(slab) [ 25.113287] raw: 0200000000000000 ffff8881060a0000 dead000000000122 0000000000000000 [ 25.113751] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.114263] page dumped because: kasan: bad access detected [ 25.114583] [ 25.114678] Memory state around the buggy address: [ 25.114892] ffff8881060a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115256] ffff8881060a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.116150] >ffff8881060a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.116470] ^ [ 25.116718] ffff8881060a2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.117189] ffff8881060a2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.117733] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 25.029829] ================================================================== [ 25.030292] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.030538] Free of addr ffff888103eae001 by task kunit_try_catch/260 [ 25.031474] [ 25.031929] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 25.031991] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 25.032005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.032030] Call Trace: [ 25.032042] <TASK> [ 25.032063] dump_stack_lvl+0x73/0xb0 [ 25.032133] print_report+0xd1/0x610 [ 25.032157] ? __virt_addr_valid+0x1db/0x2d0 [ 25.032183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.032209] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.032233] kasan_report_invalid_free+0x10a/0x130 [ 25.032256] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.032281] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.032305] check_slab_allocation+0x11f/0x130 [ 25.032325] __kasan_slab_pre_free+0x28/0x40 [ 25.032345] kmem_cache_free+0xed/0x420 [ 25.032366] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.032390] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.032416] kmem_cache_invalid_free+0x1d8/0x460 [ 25.032440] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.032462] ? finish_task_switch.isra.0+0x153/0x700 [ 25.032485] ? __switch_to+0x47/0xf80 [ 25.033338] ? __pfx_read_tsc+0x10/0x10 [ 25.033366] ? ktime_get_ts64+0x86/0x230 [ 25.033395] kunit_try_run_case+0x1a5/0x480 [ 25.033421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.033442] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.033467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.033490] ? __kthread_parkme+0x82/0x180 [ 25.033511] ? preempt_count_sub+0x50/0x80 [ 25.033534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.033555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.033580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.033605] kthread+0x337/0x6f0 [ 25.033624] ? trace_preempt_on+0x20/0xc0 [ 25.033650] ? __pfx_kthread+0x10/0x10 [ 25.033685] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.033707] ? calculate_sigpending+0x7b/0xa0 [ 25.033731] ? __pfx_kthread+0x10/0x10 [ 25.033763] ret_from_fork+0x116/0x1d0 [ 25.033782] ? __pfx_kthread+0x10/0x10 [ 25.033802] ret_from_fork_asm+0x1a/0x30 [ 25.033833] </TASK> [ 25.033845] [ 25.047736] Allocated by task 260: [ 25.048034] kasan_save_stack+0x45/0x70 [ 25.048207] kasan_save_track+0x18/0x40 [ 25.048398] kasan_save_alloc_info+0x3b/0x50 [ 25.048598] __kasan_slab_alloc+0x91/0xa0 [ 25.048819] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.048986] kmem_cache_invalid_free+0x157/0x460 [ 25.049135] kunit_try_run_case+0x1a5/0x480 [ 25.049308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.049554] kthread+0x337/0x6f0 [ 25.049727] ret_from_fork+0x116/0x1d0 [ 25.050036] ret_from_fork_asm+0x1a/0x30 [ 25.050184] [ 25.050250] The buggy address belongs to the object at ffff888103eae000 [ 25.050250] which belongs to the cache test_cache of size 200 [ 25.050709] The buggy address is located 1 bytes inside of [ 25.050709] 200-byte region [ffff888103eae000, ffff888103eae0c8) [ 25.051475] [ 25.051576] The buggy address belongs to the physical page: [ 25.051866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eae [ 25.052106] flags: 0x200000000000000(node=0|zone=2) [ 25.052289] page_type: f5(slab) [ 25.052455] raw: 0200000000000000 ffff888153e88000 dead000000000122 0000000000000000 [ 25.052775] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.052995] page dumped because: kasan: bad access detected [ 25.053159] [ 25.053231] Memory state around the buggy address: [ 25.053524] ffff888103eadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.053859] ffff888103eadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.054618] >ffff888103eae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.055096] ^ [ 25.055224] ffff888103eae080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.055437] ffff888103eae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.055761] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 24.978173] ================================================================== [ 24.979274] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.979961] Free of addr ffff888105fef000 by task kunit_try_catch/258 [ 24.980165] [ 24.980260] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.980316] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.980329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.980353] Call Trace: [ 24.980367] <TASK> [ 24.980526] dump_stack_lvl+0x73/0xb0 [ 24.980563] print_report+0xd1/0x610 [ 24.980586] ? __virt_addr_valid+0x1db/0x2d0 [ 24.980612] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.980637] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980674] kasan_report_invalid_free+0x10a/0x130 [ 24.980698] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980722] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980745] check_slab_allocation+0x101/0x130 [ 24.980777] __kasan_slab_pre_free+0x28/0x40 [ 24.980797] kmem_cache_free+0xed/0x420 [ 24.980818] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.980854] ? kmem_cache_double_free+0x1e5/0x480 [ 24.980879] kmem_cache_double_free+0x1e5/0x480 [ 24.980902] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.980925] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.981183] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.981216] kunit_try_run_case+0x1a5/0x480 [ 24.981247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981267] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.981290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.981313] ? __kthread_parkme+0x82/0x180 [ 24.981335] ? preempt_count_sub+0x50/0x80 [ 24.981358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.981380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.981405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.981430] kthread+0x337/0x6f0 [ 24.981449] ? trace_preempt_on+0x20/0xc0 [ 24.981475] ? __pfx_kthread+0x10/0x10 [ 24.981495] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.981517] ? calculate_sigpending+0x7b/0xa0 [ 24.981542] ? __pfx_kthread+0x10/0x10 [ 24.981563] ret_from_fork+0x116/0x1d0 [ 24.981583] ? __pfx_kthread+0x10/0x10 [ 24.981603] ret_from_fork_asm+0x1a/0x30 [ 24.981635] </TASK> [ 24.981646] [ 24.995484] Allocated by task 258: [ 24.995879] kasan_save_stack+0x45/0x70 [ 24.996091] kasan_save_track+0x18/0x40 [ 24.996243] kasan_save_alloc_info+0x3b/0x50 [ 24.996637] __kasan_slab_alloc+0x91/0xa0 [ 24.997034] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.997393] kmem_cache_double_free+0x14f/0x480 [ 24.997549] kunit_try_run_case+0x1a5/0x480 [ 24.997695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.998131] kthread+0x337/0x6f0 [ 24.998497] ret_from_fork+0x116/0x1d0 [ 24.998893] ret_from_fork_asm+0x1a/0x30 [ 24.999345] [ 24.999496] Freed by task 258: [ 24.999807] kasan_save_stack+0x45/0x70 [ 25.000205] kasan_save_track+0x18/0x40 [ 25.000654] kasan_save_free_info+0x3f/0x60 [ 25.001030] __kasan_slab_free+0x56/0x70 [ 25.001315] kmem_cache_free+0x249/0x420 [ 25.001720] kmem_cache_double_free+0x16a/0x480 [ 25.001987] kunit_try_run_case+0x1a5/0x480 [ 25.002437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.002968] kthread+0x337/0x6f0 [ 25.003085] ret_from_fork+0x116/0x1d0 [ 25.003228] ret_from_fork_asm+0x1a/0x30 [ 25.003614] [ 25.003792] The buggy address belongs to the object at ffff888105fef000 [ 25.003792] which belongs to the cache test_cache of size 200 [ 25.005181] The buggy address is located 0 bytes inside of [ 25.005181] 200-byte region [ffff888105fef000, ffff888105fef0c8) [ 25.006004] [ 25.006222] The buggy address belongs to the physical page: [ 25.006409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fef [ 25.007118] flags: 0x200000000000000(node=0|zone=2) [ 25.007616] page_type: f5(slab) [ 25.007918] raw: 0200000000000000 ffff888101a6adc0 dead000000000122 0000000000000000 [ 25.008670] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.009360] page dumped because: kasan: bad access detected [ 25.009773] [ 25.009839] Memory state around the buggy address: [ 25.009990] ffff888105feef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010206] ffff888105feef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.010548] >ffff888105fef000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.011327] ^ [ 25.011676] ffff888105fef080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.012287] ffff888105fef100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.012752] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 24.934096] ================================================================== [ 24.934629] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.935293] Read of size 1 at addr ffff888103ead0c8 by task kunit_try_catch/256 [ 24.935819] [ 24.936093] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.936151] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.936164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.936189] Call Trace: [ 24.936203] <TASK> [ 24.936287] dump_stack_lvl+0x73/0xb0 [ 24.936327] print_report+0xd1/0x610 [ 24.936413] ? __virt_addr_valid+0x1db/0x2d0 [ 24.936438] ? kmem_cache_oob+0x402/0x530 [ 24.936461] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.936486] ? kmem_cache_oob+0x402/0x530 [ 24.936507] kasan_report+0x141/0x180 [ 24.936528] ? kmem_cache_oob+0x402/0x530 [ 24.936553] __asan_report_load1_noabort+0x18/0x20 [ 24.936576] kmem_cache_oob+0x402/0x530 [ 24.936596] ? trace_hardirqs_on+0x37/0xe0 [ 24.936621] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.936642] ? finish_task_switch.isra.0+0x153/0x700 [ 24.936677] ? __switch_to+0x47/0xf80 [ 24.936706] ? __pfx_read_tsc+0x10/0x10 [ 24.936728] ? ktime_get_ts64+0x86/0x230 [ 24.936763] kunit_try_run_case+0x1a5/0x480 [ 24.936788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.936807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.936831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.936854] ? __kthread_parkme+0x82/0x180 [ 24.936874] ? preempt_count_sub+0x50/0x80 [ 24.936896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.936916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.936941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.936966] kthread+0x337/0x6f0 [ 24.936985] ? trace_preempt_on+0x20/0xc0 [ 24.937006] ? __pfx_kthread+0x10/0x10 [ 24.937026] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.937046] ? calculate_sigpending+0x7b/0xa0 [ 24.937070] ? __pfx_kthread+0x10/0x10 [ 24.937091] ret_from_fork+0x116/0x1d0 [ 24.937109] ? __pfx_kthread+0x10/0x10 [ 24.937129] ret_from_fork_asm+0x1a/0x30 [ 24.937159] </TASK> [ 24.937170] [ 24.946619] Allocated by task 256: [ 24.946805] kasan_save_stack+0x45/0x70 [ 24.947333] kasan_save_track+0x18/0x40 [ 24.947468] kasan_save_alloc_info+0x3b/0x50 [ 24.947821] __kasan_slab_alloc+0x91/0xa0 [ 24.948005] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.948360] kmem_cache_oob+0x157/0x530 [ 24.948518] kunit_try_run_case+0x1a5/0x480 [ 24.948718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.949118] kthread+0x337/0x6f0 [ 24.949278] ret_from_fork+0x116/0x1d0 [ 24.949522] ret_from_fork_asm+0x1a/0x30 [ 24.949699] [ 24.949817] The buggy address belongs to the object at ffff888103ead000 [ 24.949817] which belongs to the cache test_cache of size 200 [ 24.950715] The buggy address is located 0 bytes to the right of [ 24.950715] allocated 200-byte region [ffff888103ead000, ffff888103ead0c8) [ 24.951349] [ 24.951503] The buggy address belongs to the physical page: [ 24.951884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ead [ 24.952346] flags: 0x200000000000000(node=0|zone=2) [ 24.952555] page_type: f5(slab) [ 24.952890] raw: 0200000000000000 ffff888100faac80 dead000000000122 0000000000000000 [ 24.953361] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.953781] page dumped because: kasan: bad access detected [ 24.954186] [ 24.954281] Memory state around the buggy address: [ 24.954446] ffff888103eacf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.954917] ffff888103ead000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.955308] >ffff888103ead080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.955586] ^ [ 24.956001] ffff888103ead100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.956291] ffff888103ead180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.956631] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 24.894324] ================================================================== [ 24.894825] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 24.895351] Read of size 8 at addr ffff888103ea5c00 by task kunit_try_catch/249 [ 24.895611] [ 24.895712] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.895773] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.895786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.895810] Call Trace: [ 24.895822] <TASK> [ 24.895841] dump_stack_lvl+0x73/0xb0 [ 24.895874] print_report+0xd1/0x610 [ 24.895897] ? __virt_addr_valid+0x1db/0x2d0 [ 24.895922] ? workqueue_uaf+0x4d6/0x560 [ 24.895942] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.895967] ? workqueue_uaf+0x4d6/0x560 [ 24.895988] kasan_report+0x141/0x180 [ 24.896008] ? workqueue_uaf+0x4d6/0x560 [ 24.896033] __asan_report_load8_noabort+0x18/0x20 [ 24.896056] workqueue_uaf+0x4d6/0x560 [ 24.896077] ? __pfx_workqueue_uaf+0x10/0x10 [ 24.896098] ? __schedule+0x10cc/0x2b60 [ 24.896122] ? __pfx_read_tsc+0x10/0x10 [ 24.896143] ? ktime_get_ts64+0x86/0x230 [ 24.896168] kunit_try_run_case+0x1a5/0x480 [ 24.896190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.896209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.896232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.896254] ? __kthread_parkme+0x82/0x180 [ 24.896276] ? preempt_count_sub+0x50/0x80 [ 24.896298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.896345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.896371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.896396] kthread+0x337/0x6f0 [ 24.896415] ? trace_preempt_on+0x20/0xc0 [ 24.896438] ? __pfx_kthread+0x10/0x10 [ 24.896458] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.896479] ? calculate_sigpending+0x7b/0xa0 [ 24.896502] ? __pfx_kthread+0x10/0x10 [ 24.896523] ret_from_fork+0x116/0x1d0 [ 24.896541] ? __pfx_kthread+0x10/0x10 [ 24.896561] ret_from_fork_asm+0x1a/0x30 [ 24.896591] </TASK> [ 24.896602] [ 24.906737] Allocated by task 249: [ 24.907346] kasan_save_stack+0x45/0x70 [ 24.907634] kasan_save_track+0x18/0x40 [ 24.907887] kasan_save_alloc_info+0x3b/0x50 [ 24.908212] __kasan_kmalloc+0xb7/0xc0 [ 24.908394] __kmalloc_cache_noprof+0x189/0x420 [ 24.908717] workqueue_uaf+0x152/0x560 [ 24.908922] kunit_try_run_case+0x1a5/0x480 [ 24.909311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.909615] kthread+0x337/0x6f0 [ 24.909772] ret_from_fork+0x116/0x1d0 [ 24.910117] ret_from_fork_asm+0x1a/0x30 [ 24.910271] [ 24.910336] Freed by task 9: [ 24.910593] kasan_save_stack+0x45/0x70 [ 24.910953] kasan_save_track+0x18/0x40 [ 24.911337] kasan_save_free_info+0x3f/0x60 [ 24.911741] __kasan_slab_free+0x56/0x70 [ 24.912164] kfree+0x222/0x3f0 [ 24.912492] workqueue_uaf_work+0x12/0x20 [ 24.912993] process_one_work+0x5ee/0xf60 [ 24.913278] worker_thread+0x758/0x1220 [ 24.913562] kthread+0x337/0x6f0 [ 24.913901] ret_from_fork+0x116/0x1d0 [ 24.914057] ret_from_fork_asm+0x1a/0x30 [ 24.914488] [ 24.914667] Last potentially related work creation: [ 24.914955] kasan_save_stack+0x45/0x70 [ 24.915081] kasan_record_aux_stack+0xb2/0xc0 [ 24.915376] __queue_work+0x61a/0xe70 [ 24.915506] queue_work_on+0xb6/0xc0 [ 24.915717] workqueue_uaf+0x26d/0x560 [ 24.916063] kunit_try_run_case+0x1a5/0x480 [ 24.916496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.917131] kthread+0x337/0x6f0 [ 24.917591] ret_from_fork+0x116/0x1d0 [ 24.917993] ret_from_fork_asm+0x1a/0x30 [ 24.918196] [ 24.918287] The buggy address belongs to the object at ffff888103ea5c00 [ 24.918287] which belongs to the cache kmalloc-32 of size 32 [ 24.919505] The buggy address is located 0 bytes inside of [ 24.919505] freed 32-byte region [ffff888103ea5c00, ffff888103ea5c20) [ 24.920091] [ 24.920253] The buggy address belongs to the physical page: [ 24.920737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ea5 [ 24.921524] flags: 0x200000000000000(node=0|zone=2) [ 24.922012] page_type: f5(slab) [ 24.922379] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.922843] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.923169] page dumped because: kasan: bad access detected [ 24.923331] [ 24.923391] Memory state around the buggy address: [ 24.923537] ffff888103ea5b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.923792] ffff888103ea5b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.924018] >ffff888103ea5c00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 24.924424] ^ [ 24.924611] ffff888103ea5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.924821] ffff888103ea5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.925318] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 24.849116] ================================================================== [ 24.849706] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 24.850331] Read of size 4 at addr ffff888105918ac0 by task swapper/1/0 [ 24.850952] [ 24.851121] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.851176] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.851190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.851214] Call Trace: [ 24.851247] <IRQ> [ 24.851269] dump_stack_lvl+0x73/0xb0 [ 24.851305] print_report+0xd1/0x610 [ 24.851327] ? __virt_addr_valid+0x1db/0x2d0 [ 24.851352] ? rcu_uaf_reclaim+0x50/0x60 [ 24.851371] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.851395] ? rcu_uaf_reclaim+0x50/0x60 [ 24.851414] kasan_report+0x141/0x180 [ 24.851434] ? rcu_uaf_reclaim+0x50/0x60 [ 24.851457] __asan_report_load4_noabort+0x18/0x20 [ 24.851480] rcu_uaf_reclaim+0x50/0x60 [ 24.851683] rcu_core+0x66f/0x1c40 [ 24.851724] ? __pfx_rcu_core+0x10/0x10 [ 24.851746] ? ktime_get+0x6b/0x150 [ 24.851783] ? handle_softirqs+0x18e/0x730 [ 24.851808] rcu_core_si+0x12/0x20 [ 24.851828] handle_softirqs+0x209/0x730 [ 24.851847] ? hrtimer_interrupt+0x2fe/0x780 [ 24.851870] ? __pfx_handle_softirqs+0x10/0x10 [ 24.851894] __irq_exit_rcu+0xc9/0x110 [ 24.851914] irq_exit_rcu+0x12/0x20 [ 24.851934] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.852010] </IRQ> [ 24.852020] <TASK> [ 24.852031] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.852113] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 24.852143] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 d2 17 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 24.852187] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010212 [ 24.852223] RAX: ffff8881bd71a000 RBX: ffff88810085b000 RCX: ffffffff94b0ea25 [ 24.852243] RDX: ffffed102a8e6193 RSI: 0000000000000004 RDI: 000000000002674c [ 24.852260] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102a8e6192 [ 24.852278] R10: ffff888154730c93 R11: ffff8881547363c8 R12: 0000000000000001 [ 24.852296] R13: ffffed102010b600 R14: ffffffff967f4fd0 R15: 0000000000000000 [ 24.852342] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 24.852396] ? default_idle+0xd/0x20 [ 24.852415] arch_cpu_idle+0xd/0x20 [ 24.852433] default_idle_call+0x48/0x80 [ 24.852452] do_idle+0x379/0x4f0 [ 24.852477] ? __pfx_do_idle+0x10/0x10 [ 24.852498] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 24.852522] ? complete+0x15b/0x1d0 [ 24.852547] cpu_startup_entry+0x5c/0x70 [ 24.852569] start_secondary+0x211/0x290 [ 24.852592] ? __pfx_start_secondary+0x10/0x10 [ 24.852617] common_startup_64+0x13e/0x148 [ 24.852651] </TASK> [ 24.852677] [ 24.868258] Allocated by task 247: [ 24.868455] kasan_save_stack+0x45/0x70 [ 24.868653] kasan_save_track+0x18/0x40 [ 24.868901] kasan_save_alloc_info+0x3b/0x50 [ 24.869053] __kasan_kmalloc+0xb7/0xc0 [ 24.869260] __kmalloc_cache_noprof+0x189/0x420 [ 24.869571] rcu_uaf+0xb0/0x330 [ 24.869705] kunit_try_run_case+0x1a5/0x480 [ 24.870002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.870303] kthread+0x337/0x6f0 [ 24.870556] ret_from_fork+0x116/0x1d0 [ 24.870805] ret_from_fork_asm+0x1a/0x30 [ 24.870947] [ 24.871012] Freed by task 0: [ 24.871179] kasan_save_stack+0x45/0x70 [ 24.871472] kasan_save_track+0x18/0x40 [ 24.871652] kasan_save_free_info+0x3f/0x60 [ 24.871978] __kasan_slab_free+0x56/0x70 [ 24.872379] kfree+0x222/0x3f0 [ 24.872531] rcu_uaf_reclaim+0x1f/0x60 [ 24.872714] rcu_core+0x66f/0x1c40 [ 24.872901] rcu_core_si+0x12/0x20 [ 24.873021] handle_softirqs+0x209/0x730 [ 24.873152] __irq_exit_rcu+0xc9/0x110 [ 24.873325] irq_exit_rcu+0x12/0x20 [ 24.873502] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.874036] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.874236] [ 24.874353] Last potentially related work creation: [ 24.874570] kasan_save_stack+0x45/0x70 [ 24.874771] kasan_record_aux_stack+0xb2/0xc0 [ 24.875433] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 24.876027] call_rcu+0x12/0x20 [ 24.876384] rcu_uaf+0x168/0x330 [ 24.876734] kunit_try_run_case+0x1a5/0x480 [ 24.876949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.877182] kthread+0x337/0x6f0 [ 24.877634] ret_from_fork+0x116/0x1d0 [ 24.877922] ret_from_fork_asm+0x1a/0x30 [ 24.878335] [ 24.878442] The buggy address belongs to the object at ffff888105918ac0 [ 24.878442] which belongs to the cache kmalloc-32 of size 32 [ 24.879230] The buggy address is located 0 bytes inside of [ 24.879230] freed 32-byte region [ffff888105918ac0, ffff888105918ae0) [ 24.880524] [ 24.880830] The buggy address belongs to the physical page: [ 24.881308] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105918 [ 24.882090] flags: 0x200000000000000(node=0|zone=2) [ 24.882569] page_type: f5(slab) [ 24.882920] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.883648] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.884467] page dumped because: kasan: bad access detected [ 24.885337] [ 24.885437] Memory state around the buggy address: [ 24.885602] ffff888105918980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.886227] ffff888105918a00: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 24.886636] >ffff888105918a80: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 24.887232] ^ [ 24.887756] ffff888105918b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.888580] ffff888105918b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.889284] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 24.811431] ================================================================== [ 24.811684] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 24.812042] Read of size 1 at addr ffff888105919378 by task kunit_try_catch/245 [ 24.812738] [ 24.812922] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.812988] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.813002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.813024] Call Trace: [ 24.813043] <TASK> [ 24.813062] dump_stack_lvl+0x73/0xb0 [ 24.813095] print_report+0xd1/0x610 [ 24.813273] ? __virt_addr_valid+0x1db/0x2d0 [ 24.813298] ? ksize_uaf+0x5e4/0x6c0 [ 24.813317] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.813342] ? ksize_uaf+0x5e4/0x6c0 [ 24.813362] kasan_report+0x141/0x180 [ 24.813382] ? ksize_uaf+0x5e4/0x6c0 [ 24.813406] __asan_report_load1_noabort+0x18/0x20 [ 24.813429] ksize_uaf+0x5e4/0x6c0 [ 24.813448] ? __pfx_ksize_uaf+0x10/0x10 [ 24.813470] ? __pfx_ksize_uaf+0x10/0x10 [ 24.813495] kunit_try_run_case+0x1a5/0x480 [ 24.813517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.813561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.813583] ? __kthread_parkme+0x82/0x180 [ 24.813605] ? preempt_count_sub+0x50/0x80 [ 24.813628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.813711] kthread+0x337/0x6f0 [ 24.813731] ? trace_preempt_on+0x20/0xc0 [ 24.813762] ? __pfx_kthread+0x10/0x10 [ 24.813782] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.813803] ? calculate_sigpending+0x7b/0xa0 [ 24.813827] ? __pfx_kthread+0x10/0x10 [ 24.813847] ret_from_fork+0x116/0x1d0 [ 24.813867] ? __pfx_kthread+0x10/0x10 [ 24.813887] ret_from_fork_asm+0x1a/0x30 [ 24.813917] </TASK> [ 24.813928] [ 24.822480] Allocated by task 245: [ 24.822648] kasan_save_stack+0x45/0x70 [ 24.822900] kasan_save_track+0x18/0x40 [ 24.823385] kasan_save_alloc_info+0x3b/0x50 [ 24.823559] __kasan_kmalloc+0xb7/0xc0 [ 24.823864] __kmalloc_cache_noprof+0x189/0x420 [ 24.824218] ksize_uaf+0xaa/0x6c0 [ 24.824453] kunit_try_run_case+0x1a5/0x480 [ 24.824600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.824864] kthread+0x337/0x6f0 [ 24.825098] ret_from_fork+0x116/0x1d0 [ 24.825360] ret_from_fork_asm+0x1a/0x30 [ 24.825593] [ 24.825960] Freed by task 245: [ 24.826116] kasan_save_stack+0x45/0x70 [ 24.826276] kasan_save_track+0x18/0x40 [ 24.826483] kasan_save_free_info+0x3f/0x60 [ 24.826677] __kasan_slab_free+0x56/0x70 [ 24.827198] kfree+0x222/0x3f0 [ 24.827404] ksize_uaf+0x12c/0x6c0 [ 24.827674] kunit_try_run_case+0x1a5/0x480 [ 24.827910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.828277] kthread+0x337/0x6f0 [ 24.828567] ret_from_fork+0x116/0x1d0 [ 24.828732] ret_from_fork_asm+0x1a/0x30 [ 24.829005] [ 24.829089] The buggy address belongs to the object at ffff888105919300 [ 24.829089] which belongs to the cache kmalloc-128 of size 128 [ 24.829627] The buggy address is located 120 bytes inside of [ 24.829627] freed 128-byte region [ffff888105919300, ffff888105919380) [ 24.830340] [ 24.830436] The buggy address belongs to the physical page: [ 24.830668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.831057] flags: 0x200000000000000(node=0|zone=2) [ 24.831423] page_type: f5(slab) [ 24.831597] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.831942] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.832514] page dumped because: kasan: bad access detected [ 24.832789] [ 24.832860] Memory state around the buggy address: [ 24.833217] ffff888105919200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.833498] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.833971] >ffff888105919300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.834377] ^ [ 24.834789] ffff888105919380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.835248] ffff888105919400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.835602] ================================================================== [ 24.755394] ================================================================== [ 24.755846] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 24.756357] Read of size 1 at addr ffff888105919300 by task kunit_try_catch/245 [ 24.756727] [ 24.756834] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.756888] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.756902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.756926] Call Trace: [ 24.756939] <TASK> [ 24.756959] dump_stack_lvl+0x73/0xb0 [ 24.756993] print_report+0xd1/0x610 [ 24.757016] ? __virt_addr_valid+0x1db/0x2d0 [ 24.757041] ? ksize_uaf+0x19d/0x6c0 [ 24.757060] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.757085] ? ksize_uaf+0x19d/0x6c0 [ 24.757105] kasan_report+0x141/0x180 [ 24.757126] ? ksize_uaf+0x19d/0x6c0 [ 24.757160] ? ksize_uaf+0x19d/0x6c0 [ 24.757180] __kasan_check_byte+0x3d/0x50 [ 24.757201] ksize+0x20/0x60 [ 24.757221] ksize_uaf+0x19d/0x6c0 [ 24.757241] ? __pfx_ksize_uaf+0x10/0x10 [ 24.757263] ? __pfx_ksize_uaf+0x10/0x10 [ 24.757287] kunit_try_run_case+0x1a5/0x480 [ 24.757310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.757331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.757355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.757378] ? __kthread_parkme+0x82/0x180 [ 24.757399] ? preempt_count_sub+0x50/0x80 [ 24.757423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.757443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.757468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.757492] kthread+0x337/0x6f0 [ 24.757511] ? trace_preempt_on+0x20/0xc0 [ 24.757535] ? __pfx_kthread+0x10/0x10 [ 24.757555] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.757576] ? calculate_sigpending+0x7b/0xa0 [ 24.757600] ? __pfx_kthread+0x10/0x10 [ 24.757621] ret_from_fork+0x116/0x1d0 [ 24.757641] ? __pfx_kthread+0x10/0x10 [ 24.757672] ret_from_fork_asm+0x1a/0x30 [ 24.757703] </TASK> [ 24.757714] [ 24.766980] Allocated by task 245: [ 24.767132] kasan_save_stack+0x45/0x70 [ 24.767290] kasan_save_track+0x18/0x40 [ 24.767418] kasan_save_alloc_info+0x3b/0x50 [ 24.767559] __kasan_kmalloc+0xb7/0xc0 [ 24.769368] __kmalloc_cache_noprof+0x189/0x420 [ 24.770710] ksize_uaf+0xaa/0x6c0 [ 24.771256] kunit_try_run_case+0x1a5/0x480 [ 24.772154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.773199] kthread+0x337/0x6f0 [ 24.774697] ret_from_fork+0x116/0x1d0 [ 24.774954] ret_from_fork_asm+0x1a/0x30 [ 24.775131] [ 24.775233] Freed by task 245: [ 24.775379] kasan_save_stack+0x45/0x70 [ 24.775552] kasan_save_track+0x18/0x40 [ 24.775725] kasan_save_free_info+0x3f/0x60 [ 24.775923] __kasan_slab_free+0x56/0x70 [ 24.776170] kfree+0x222/0x3f0 [ 24.776287] ksize_uaf+0x12c/0x6c0 [ 24.776451] kunit_try_run_case+0x1a5/0x480 [ 24.776646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.776889] kthread+0x337/0x6f0 [ 24.777081] ret_from_fork+0x116/0x1d0 [ 24.777518] ret_from_fork_asm+0x1a/0x30 [ 24.777748] [ 24.778060] The buggy address belongs to the object at ffff888105919300 [ 24.778060] which belongs to the cache kmalloc-128 of size 128 [ 24.778541] The buggy address is located 0 bytes inside of [ 24.778541] freed 128-byte region [ffff888105919300, ffff888105919380) [ 24.779613] [ 24.779895] The buggy address belongs to the physical page: [ 24.780186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.780615] flags: 0x200000000000000(node=0|zone=2) [ 24.781283] page_type: f5(slab) [ 24.781423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.781759] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.782163] page dumped because: kasan: bad access detected [ 24.782391] [ 24.782458] Memory state around the buggy address: [ 24.782648] ffff888105919200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.783341] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.783581] >ffff888105919300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.784187] ^ [ 24.784506] ffff888105919380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.784957] ffff888105919400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.785713] ================================================================== [ 24.786618] ================================================================== [ 24.787129] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 24.787419] Read of size 1 at addr ffff888105919300 by task kunit_try_catch/245 [ 24.787720] [ 24.788086] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.788143] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.788262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.788287] Call Trace: [ 24.788307] <TASK> [ 24.788327] dump_stack_lvl+0x73/0xb0 [ 24.788359] print_report+0xd1/0x610 [ 24.788381] ? __virt_addr_valid+0x1db/0x2d0 [ 24.788404] ? ksize_uaf+0x5fe/0x6c0 [ 24.788423] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.788448] ? ksize_uaf+0x5fe/0x6c0 [ 24.788560] kasan_report+0x141/0x180 [ 24.788585] ? ksize_uaf+0x5fe/0x6c0 [ 24.788608] __asan_report_load1_noabort+0x18/0x20 [ 24.788631] ksize_uaf+0x5fe/0x6c0 [ 24.788652] ? __pfx_ksize_uaf+0x10/0x10 [ 24.788685] ? __pfx_ksize_uaf+0x10/0x10 [ 24.788709] kunit_try_run_case+0x1a5/0x480 [ 24.788731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.788766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.788790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.788812] ? __kthread_parkme+0x82/0x180 [ 24.788833] ? preempt_count_sub+0x50/0x80 [ 24.788855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.788876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.788900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.788924] kthread+0x337/0x6f0 [ 24.788955] ? trace_preempt_on+0x20/0xc0 [ 24.788978] ? __pfx_kthread+0x10/0x10 [ 24.788998] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.789019] ? calculate_sigpending+0x7b/0xa0 [ 24.789042] ? __pfx_kthread+0x10/0x10 [ 24.789063] ret_from_fork+0x116/0x1d0 [ 24.789082] ? __pfx_kthread+0x10/0x10 [ 24.789101] ret_from_fork_asm+0x1a/0x30 [ 24.789132] </TASK> [ 24.789143] [ 24.797691] Allocated by task 245: [ 24.797863] kasan_save_stack+0x45/0x70 [ 24.798237] kasan_save_track+0x18/0x40 [ 24.798497] kasan_save_alloc_info+0x3b/0x50 [ 24.798717] __kasan_kmalloc+0xb7/0xc0 [ 24.798925] __kmalloc_cache_noprof+0x189/0x420 [ 24.799133] ksize_uaf+0xaa/0x6c0 [ 24.799627] kunit_try_run_case+0x1a5/0x480 [ 24.799847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.800260] kthread+0x337/0x6f0 [ 24.800423] ret_from_fork+0x116/0x1d0 [ 24.800566] ret_from_fork_asm+0x1a/0x30 [ 24.800796] [ 24.801052] Freed by task 245: [ 24.801347] kasan_save_stack+0x45/0x70 [ 24.801510] kasan_save_track+0x18/0x40 [ 24.801771] kasan_save_free_info+0x3f/0x60 [ 24.802094] __kasan_slab_free+0x56/0x70 [ 24.802394] kfree+0x222/0x3f0 [ 24.802544] ksize_uaf+0x12c/0x6c0 [ 24.802723] kunit_try_run_case+0x1a5/0x480 [ 24.803124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.803522] kthread+0x337/0x6f0 [ 24.803677] ret_from_fork+0x116/0x1d0 [ 24.803860] ret_from_fork_asm+0x1a/0x30 [ 24.804096] [ 24.804191] The buggy address belongs to the object at ffff888105919300 [ 24.804191] which belongs to the cache kmalloc-128 of size 128 [ 24.804985] The buggy address is located 0 bytes inside of [ 24.804985] freed 128-byte region [ffff888105919300, ffff888105919380) [ 24.805600] [ 24.805771] The buggy address belongs to the physical page: [ 24.806179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.806624] flags: 0x200000000000000(node=0|zone=2) [ 24.806869] page_type: f5(slab) [ 24.807200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.807492] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.807810] page dumped because: kasan: bad access detected [ 24.808176] [ 24.808247] Memory state around the buggy address: [ 24.808467] ffff888105919200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.808771] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.809349] >ffff888105919300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.809848] ^ [ 24.810000] ffff888105919380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.810468] ffff888105919400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.810829] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 24.678175] ================================================================== [ 24.679314] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.679578] Read of size 1 at addr ffff888105919273 by task kunit_try_catch/243 [ 24.680588] [ 24.680923] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.681007] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.681023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.681053] Call Trace: [ 24.681070] <TASK> [ 24.681089] dump_stack_lvl+0x73/0xb0 [ 24.681126] print_report+0xd1/0x610 [ 24.681150] ? __virt_addr_valid+0x1db/0x2d0 [ 24.681174] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.681220] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681243] kasan_report+0x141/0x180 [ 24.681263] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681289] __asan_report_load1_noabort+0x18/0x20 [ 24.681312] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.681334] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.681356] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.681385] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.681411] kunit_try_run_case+0x1a5/0x480 [ 24.681433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.681453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.681476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.681498] ? __kthread_parkme+0x82/0x180 [ 24.681519] ? preempt_count_sub+0x50/0x80 [ 24.681541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.681562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.681587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.681611] kthread+0x337/0x6f0 [ 24.681630] ? trace_preempt_on+0x20/0xc0 [ 24.681653] ? __pfx_kthread+0x10/0x10 [ 24.681683] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.681704] ? calculate_sigpending+0x7b/0xa0 [ 24.681844] ? __pfx_kthread+0x10/0x10 [ 24.681876] ret_from_fork+0x116/0x1d0 [ 24.681897] ? __pfx_kthread+0x10/0x10 [ 24.681918] ret_from_fork_asm+0x1a/0x30 [ 24.681973] </TASK> [ 24.681984] [ 24.695151] Allocated by task 243: [ 24.695366] kasan_save_stack+0x45/0x70 [ 24.695572] kasan_save_track+0x18/0x40 [ 24.695791] kasan_save_alloc_info+0x3b/0x50 [ 24.696394] __kasan_kmalloc+0xb7/0xc0 [ 24.696647] __kmalloc_cache_noprof+0x189/0x420 [ 24.697047] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.697407] kunit_try_run_case+0x1a5/0x480 [ 24.697711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.698180] kthread+0x337/0x6f0 [ 24.698354] ret_from_fork+0x116/0x1d0 [ 24.698533] ret_from_fork_asm+0x1a/0x30 [ 24.698941] [ 24.699212] The buggy address belongs to the object at ffff888105919200 [ 24.699212] which belongs to the cache kmalloc-128 of size 128 [ 24.700319] The buggy address is located 0 bytes to the right of [ 24.700319] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.701143] [ 24.701423] The buggy address belongs to the physical page: [ 24.701796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.702415] flags: 0x200000000000000(node=0|zone=2) [ 24.702792] page_type: f5(slab) [ 24.703049] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.703476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.703966] page dumped because: kasan: bad access detected [ 24.704385] [ 24.704459] Memory state around the buggy address: [ 24.704851] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.705380] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.705881] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.706301] ^ [ 24.706508] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.706927] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.707261] ================================================================== [ 24.729203] ================================================================== [ 24.729496] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.729935] Read of size 1 at addr ffff88810591927f by task kunit_try_catch/243 [ 24.730274] [ 24.730501] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.730558] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.730573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.730597] Call Trace: [ 24.730616] <TASK> [ 24.730636] dump_stack_lvl+0x73/0xb0 [ 24.730681] print_report+0xd1/0x610 [ 24.730703] ? __virt_addr_valid+0x1db/0x2d0 [ 24.730727] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.730788] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730810] kasan_report+0x141/0x180 [ 24.730831] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.730898] __asan_report_load1_noabort+0x18/0x20 [ 24.730991] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.731017] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.731039] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.731069] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.731095] kunit_try_run_case+0x1a5/0x480 [ 24.731118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.731138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.731160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.731183] ? __kthread_parkme+0x82/0x180 [ 24.731204] ? preempt_count_sub+0x50/0x80 [ 24.731227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.731285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.731334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.731358] kthread+0x337/0x6f0 [ 24.731378] ? trace_preempt_on+0x20/0xc0 [ 24.731402] ? __pfx_kthread+0x10/0x10 [ 24.731422] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.731444] ? calculate_sigpending+0x7b/0xa0 [ 24.731467] ? __pfx_kthread+0x10/0x10 [ 24.731488] ret_from_fork+0x116/0x1d0 [ 24.731507] ? __pfx_kthread+0x10/0x10 [ 24.731527] ret_from_fork_asm+0x1a/0x30 [ 24.731587] </TASK> [ 24.731599] [ 24.740301] Allocated by task 243: [ 24.740455] kasan_save_stack+0x45/0x70 [ 24.740602] kasan_save_track+0x18/0x40 [ 24.741039] kasan_save_alloc_info+0x3b/0x50 [ 24.741204] __kasan_kmalloc+0xb7/0xc0 [ 24.741327] __kmalloc_cache_noprof+0x189/0x420 [ 24.741516] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.741809] kunit_try_run_case+0x1a5/0x480 [ 24.742213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.742400] kthread+0x337/0x6f0 [ 24.742592] ret_from_fork+0x116/0x1d0 [ 24.742843] ret_from_fork_asm+0x1a/0x30 [ 24.743137] [ 24.743265] The buggy address belongs to the object at ffff888105919200 [ 24.743265] which belongs to the cache kmalloc-128 of size 128 [ 24.743803] The buggy address is located 12 bytes to the right of [ 24.743803] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.744448] [ 24.744558] The buggy address belongs to the physical page: [ 24.744844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.745074] flags: 0x200000000000000(node=0|zone=2) [ 24.745435] page_type: f5(slab) [ 24.745941] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.746563] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.746963] page dumped because: kasan: bad access detected [ 24.747291] [ 24.747364] Memory state around the buggy address: [ 24.747511] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.747723] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.748254] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.748686] ^ [ 24.749089] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.749674] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.750614] ================================================================== [ 24.708642] ================================================================== [ 24.709360] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.709887] Read of size 1 at addr ffff888105919278 by task kunit_try_catch/243 [ 24.710480] [ 24.710607] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.710775] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.710791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.710815] Call Trace: [ 24.710835] <TASK> [ 24.710855] dump_stack_lvl+0x73/0xb0 [ 24.710888] print_report+0xd1/0x610 [ 24.710910] ? __virt_addr_valid+0x1db/0x2d0 [ 24.710933] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.711197] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711219] kasan_report+0x141/0x180 [ 24.711241] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711267] __asan_report_load1_noabort+0x18/0x20 [ 24.711290] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.711313] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.711334] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.711364] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.711390] kunit_try_run_case+0x1a5/0x480 [ 24.711413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.711433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.711455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.711478] ? __kthread_parkme+0x82/0x180 [ 24.711499] ? preempt_count_sub+0x50/0x80 [ 24.711522] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.711543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.711567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.711592] kthread+0x337/0x6f0 [ 24.711611] ? trace_preempt_on+0x20/0xc0 [ 24.711634] ? __pfx_kthread+0x10/0x10 [ 24.711667] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.711689] ? calculate_sigpending+0x7b/0xa0 [ 24.711712] ? __pfx_kthread+0x10/0x10 [ 24.711733] ret_from_fork+0x116/0x1d0 [ 24.711767] ? __pfx_kthread+0x10/0x10 [ 24.711787] ret_from_fork_asm+0x1a/0x30 [ 24.711817] </TASK> [ 24.711828] [ 24.719315] Allocated by task 243: [ 24.719513] kasan_save_stack+0x45/0x70 [ 24.719673] kasan_save_track+0x18/0x40 [ 24.719950] kasan_save_alloc_info+0x3b/0x50 [ 24.720274] __kasan_kmalloc+0xb7/0xc0 [ 24.720488] __kmalloc_cache_noprof+0x189/0x420 [ 24.720724] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.720959] kunit_try_run_case+0x1a5/0x480 [ 24.721472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.721778] kthread+0x337/0x6f0 [ 24.722036] ret_from_fork+0x116/0x1d0 [ 24.722254] ret_from_fork_asm+0x1a/0x30 [ 24.722463] [ 24.722555] The buggy address belongs to the object at ffff888105919200 [ 24.722555] which belongs to the cache kmalloc-128 of size 128 [ 24.723099] The buggy address is located 5 bytes to the right of [ 24.723099] allocated 115-byte region [ffff888105919200, ffff888105919273) [ 24.723597] [ 24.723676] The buggy address belongs to the physical page: [ 24.723875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.724211] flags: 0x200000000000000(node=0|zone=2) [ 24.724759] page_type: f5(slab) [ 24.724930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.725191] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.725471] page dumped because: kasan: bad access detected [ 24.725725] [ 24.725866] Memory state around the buggy address: [ 24.726208] ffff888105919100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.726547] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.726914] >ffff888105919200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.727263] ^ [ 24.727552] ffff888105919280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.728242] ffff888105919300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.728564] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 24.648884] ================================================================== [ 24.649544] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 24.649943] Free of addr ffff8881058422a0 by task kunit_try_catch/241 [ 24.650255] [ 24.650342] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.650394] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.650407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.650429] Call Trace: [ 24.650448] <TASK> [ 24.650468] dump_stack_lvl+0x73/0xb0 [ 24.650499] print_report+0xd1/0x610 [ 24.650521] ? __virt_addr_valid+0x1db/0x2d0 [ 24.650545] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.650570] ? kfree_sensitive+0x2e/0x90 [ 24.650589] kasan_report_invalid_free+0x10a/0x130 [ 24.650612] ? kfree_sensitive+0x2e/0x90 [ 24.650633] ? kfree_sensitive+0x2e/0x90 [ 24.650652] check_slab_allocation+0x101/0x130 [ 24.650696] __kasan_slab_pre_free+0x28/0x40 [ 24.650716] kfree+0xf0/0x3f0 [ 24.650738] ? kfree_sensitive+0x2e/0x90 [ 24.650780] kfree_sensitive+0x2e/0x90 [ 24.650798] kmalloc_double_kzfree+0x19c/0x350 [ 24.650821] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.650843] ? __schedule+0x10cc/0x2b60 [ 24.650867] ? __pfx_read_tsc+0x10/0x10 [ 24.650888] ? ktime_get_ts64+0x86/0x230 [ 24.650912] kunit_try_run_case+0x1a5/0x480 [ 24.650934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.651037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.651059] ? __kthread_parkme+0x82/0x180 [ 24.651081] ? preempt_count_sub+0x50/0x80 [ 24.651104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.651125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.651149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.651173] kthread+0x337/0x6f0 [ 24.651193] ? trace_preempt_on+0x20/0xc0 [ 24.651216] ? __pfx_kthread+0x10/0x10 [ 24.651236] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.651257] ? calculate_sigpending+0x7b/0xa0 [ 24.651281] ? __pfx_kthread+0x10/0x10 [ 24.651302] ret_from_fork+0x116/0x1d0 [ 24.651320] ? __pfx_kthread+0x10/0x10 [ 24.651340] ret_from_fork_asm+0x1a/0x30 [ 24.651370] </TASK> [ 24.651381] [ 24.659722] Allocated by task 241: [ 24.660356] kasan_save_stack+0x45/0x70 [ 24.660583] kasan_save_track+0x18/0x40 [ 24.660851] kasan_save_alloc_info+0x3b/0x50 [ 24.661106] __kasan_kmalloc+0xb7/0xc0 [ 24.661252] __kmalloc_cache_noprof+0x189/0x420 [ 24.661401] kmalloc_double_kzfree+0xa9/0x350 [ 24.661596] kunit_try_run_case+0x1a5/0x480 [ 24.661874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.662438] kthread+0x337/0x6f0 [ 24.662688] ret_from_fork+0x116/0x1d0 [ 24.662981] ret_from_fork_asm+0x1a/0x30 [ 24.663151] [ 24.663235] Freed by task 241: [ 24.663392] kasan_save_stack+0x45/0x70 [ 24.663583] kasan_save_track+0x18/0x40 [ 24.663779] kasan_save_free_info+0x3f/0x60 [ 24.663984] __kasan_slab_free+0x56/0x70 [ 24.664164] kfree+0x222/0x3f0 [ 24.664578] kfree_sensitive+0x67/0x90 [ 24.664782] kmalloc_double_kzfree+0x12b/0x350 [ 24.664972] kunit_try_run_case+0x1a5/0x480 [ 24.665236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.665488] kthread+0x337/0x6f0 [ 24.665671] ret_from_fork+0x116/0x1d0 [ 24.665862] ret_from_fork_asm+0x1a/0x30 [ 24.666112] [ 24.666192] The buggy address belongs to the object at ffff8881058422a0 [ 24.666192] which belongs to the cache kmalloc-16 of size 16 [ 24.666744] The buggy address is located 0 bytes inside of [ 24.666744] 16-byte region [ffff8881058422a0, ffff8881058422b0) [ 24.667069] [ 24.667136] The buggy address belongs to the physical page: [ 24.667304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 24.667648] flags: 0x200000000000000(node=0|zone=2) [ 24.667994] page_type: f5(slab) [ 24.668168] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.668497] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.668906] page dumped because: kasan: bad access detected [ 24.669495] [ 24.669583] Memory state around the buggy address: [ 24.669905] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.670222] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 24.670431] >ffff888105842280: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.670677] ^ [ 24.671110] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.671478] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.671928] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 24.625557] ================================================================== [ 24.626507] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 24.626923] Read of size 1 at addr ffff8881058422a0 by task kunit_try_catch/241 [ 24.627500] [ 24.627628] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.627703] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.627716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.627740] Call Trace: [ 24.627752] <TASK> [ 24.627771] dump_stack_lvl+0x73/0xb0 [ 24.627805] print_report+0xd1/0x610 [ 24.627828] ? __virt_addr_valid+0x1db/0x2d0 [ 24.627852] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.627874] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.627899] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.627921] kasan_report+0x141/0x180 [ 24.627942] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.628046] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.628071] __kasan_check_byte+0x3d/0x50 [ 24.628092] kfree_sensitive+0x22/0x90 [ 24.628115] kmalloc_double_kzfree+0x19c/0x350 [ 24.628137] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.628159] ? __schedule+0x10cc/0x2b60 [ 24.628183] ? __pfx_read_tsc+0x10/0x10 [ 24.628205] ? ktime_get_ts64+0x86/0x230 [ 24.628231] kunit_try_run_case+0x1a5/0x480 [ 24.628256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.628277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.628301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.628325] ? __kthread_parkme+0x82/0x180 [ 24.628348] ? preempt_count_sub+0x50/0x80 [ 24.628372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.628393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.628417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.628442] kthread+0x337/0x6f0 [ 24.628461] ? trace_preempt_on+0x20/0xc0 [ 24.628485] ? __pfx_kthread+0x10/0x10 [ 24.628506] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.628527] ? calculate_sigpending+0x7b/0xa0 [ 24.628551] ? __pfx_kthread+0x10/0x10 [ 24.628572] ret_from_fork+0x116/0x1d0 [ 24.628591] ? __pfx_kthread+0x10/0x10 [ 24.628611] ret_from_fork_asm+0x1a/0x30 [ 24.628642] </TASK> [ 24.628653] [ 24.636335] Allocated by task 241: [ 24.636481] kasan_save_stack+0x45/0x70 [ 24.636754] kasan_save_track+0x18/0x40 [ 24.636977] kasan_save_alloc_info+0x3b/0x50 [ 24.637308] __kasan_kmalloc+0xb7/0xc0 [ 24.637722] __kmalloc_cache_noprof+0x189/0x420 [ 24.638270] kmalloc_double_kzfree+0xa9/0x350 [ 24.638455] kunit_try_run_case+0x1a5/0x480 [ 24.638669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.639003] kthread+0x337/0x6f0 [ 24.639121] ret_from_fork+0x116/0x1d0 [ 24.639247] ret_from_fork_asm+0x1a/0x30 [ 24.639392] [ 24.639578] Freed by task 241: [ 24.639821] kasan_save_stack+0x45/0x70 [ 24.640087] kasan_save_track+0x18/0x40 [ 24.640249] kasan_save_free_info+0x3f/0x60 [ 24.640388] __kasan_slab_free+0x56/0x70 [ 24.640516] kfree+0x222/0x3f0 [ 24.640709] kfree_sensitive+0x67/0x90 [ 24.640928] kmalloc_double_kzfree+0x12b/0x350 [ 24.641212] kunit_try_run_case+0x1a5/0x480 [ 24.641436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.641694] kthread+0x337/0x6f0 [ 24.641888] ret_from_fork+0x116/0x1d0 [ 24.642264] ret_from_fork_asm+0x1a/0x30 [ 24.642429] [ 24.642518] The buggy address belongs to the object at ffff8881058422a0 [ 24.642518] which belongs to the cache kmalloc-16 of size 16 [ 24.643300] The buggy address is located 0 bytes inside of [ 24.643300] freed 16-byte region [ffff8881058422a0, ffff8881058422b0) [ 24.643997] [ 24.644098] The buggy address belongs to the physical page: [ 24.644326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 24.644665] flags: 0x200000000000000(node=0|zone=2) [ 24.644931] page_type: f5(slab) [ 24.645148] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.645402] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.645620] page dumped because: kasan: bad access detected [ 24.645836] [ 24.645943] Memory state around the buggy address: [ 24.646202] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.646516] ffff888105842200: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 24.647274] >ffff888105842280: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 24.647595] ^ [ 24.647819] ffff888105842300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.648028] ffff888105842380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.648234] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 24.592261] ================================================================== [ 24.592725] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 24.593355] Read of size 1 at addr ffff888103eaa2a8 by task kunit_try_catch/237 [ 24.593630] [ 24.593730] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.593784] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.593799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.593822] Call Trace: [ 24.593834] <TASK> [ 24.593854] dump_stack_lvl+0x73/0xb0 [ 24.593889] print_report+0xd1/0x610 [ 24.593911] ? __virt_addr_valid+0x1db/0x2d0 [ 24.593935] ? kmalloc_uaf2+0x4a8/0x520 [ 24.594466] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.594493] ? kmalloc_uaf2+0x4a8/0x520 [ 24.594513] kasan_report+0x141/0x180 [ 24.594535] ? kmalloc_uaf2+0x4a8/0x520 [ 24.594558] __asan_report_load1_noabort+0x18/0x20 [ 24.594581] kmalloc_uaf2+0x4a8/0x520 [ 24.594601] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 24.594620] ? finish_task_switch.isra.0+0x153/0x700 [ 24.594644] ? __switch_to+0x47/0xf80 [ 24.594686] ? __schedule+0x10cc/0x2b60 [ 24.594709] ? __pfx_read_tsc+0x10/0x10 [ 24.594730] ? ktime_get_ts64+0x86/0x230 [ 24.594766] kunit_try_run_case+0x1a5/0x480 [ 24.594790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.594809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.594832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.594855] ? __kthread_parkme+0x82/0x180 [ 24.594876] ? preempt_count_sub+0x50/0x80 [ 24.594898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.594919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.594957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.594981] kthread+0x337/0x6f0 [ 24.595000] ? trace_preempt_on+0x20/0xc0 [ 24.595024] ? __pfx_kthread+0x10/0x10 [ 24.595044] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.595065] ? calculate_sigpending+0x7b/0xa0 [ 24.595088] ? __pfx_kthread+0x10/0x10 [ 24.595109] ret_from_fork+0x116/0x1d0 [ 24.595128] ? __pfx_kthread+0x10/0x10 [ 24.595148] ret_from_fork_asm+0x1a/0x30 [ 24.595179] </TASK> [ 24.595192] [ 24.608251] Allocated by task 237: [ 24.608468] kasan_save_stack+0x45/0x70 [ 24.609116] kasan_save_track+0x18/0x40 [ 24.609371] kasan_save_alloc_info+0x3b/0x50 [ 24.609558] __kasan_kmalloc+0xb7/0xc0 [ 24.609751] __kmalloc_cache_noprof+0x189/0x420 [ 24.609984] kmalloc_uaf2+0xc6/0x520 [ 24.610386] kunit_try_run_case+0x1a5/0x480 [ 24.610643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.610893] kthread+0x337/0x6f0 [ 24.611207] ret_from_fork+0x116/0x1d0 [ 24.611502] ret_from_fork_asm+0x1a/0x30 [ 24.611706] [ 24.611791] Freed by task 237: [ 24.611995] kasan_save_stack+0x45/0x70 [ 24.612248] kasan_save_track+0x18/0x40 [ 24.612437] kasan_save_free_info+0x3f/0x60 [ 24.612649] __kasan_slab_free+0x56/0x70 [ 24.612871] kfree+0x222/0x3f0 [ 24.613054] kmalloc_uaf2+0x14c/0x520 [ 24.613349] kunit_try_run_case+0x1a5/0x480 [ 24.613553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.613736] kthread+0x337/0x6f0 [ 24.613895] ret_from_fork+0x116/0x1d0 [ 24.614357] ret_from_fork_asm+0x1a/0x30 [ 24.614514] [ 24.614578] The buggy address belongs to the object at ffff888103eaa280 [ 24.614578] which belongs to the cache kmalloc-64 of size 64 [ 24.615331] The buggy address is located 40 bytes inside of [ 24.615331] freed 64-byte region [ffff888103eaa280, ffff888103eaa2c0) [ 24.615810] [ 24.615914] The buggy address belongs to the physical page: [ 24.616229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103eaa [ 24.616552] flags: 0x200000000000000(node=0|zone=2) [ 24.616789] page_type: f5(slab) [ 24.617066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.617389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.617603] page dumped because: kasan: bad access detected [ 24.617994] [ 24.618161] Memory state around the buggy address: [ 24.618396] ffff888103eaa180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.618620] ffff888103eaa200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.619380] >ffff888103eaa280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.619672] ^ [ 24.619862] ffff888103eaa300: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 24.620317] ffff888103eaa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.620598] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 24.559584] ================================================================== [ 24.560895] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 24.561152] Write of size 33 at addr ffff88810510bc00 by task kunit_try_catch/235 [ 24.561409] [ 24.561495] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.561549] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.561607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.561631] Call Trace: [ 24.561644] <TASK> [ 24.561677] dump_stack_lvl+0x73/0xb0 [ 24.561711] print_report+0xd1/0x610 [ 24.561734] ? __virt_addr_valid+0x1db/0x2d0 [ 24.561979] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.562002] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.562027] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.562260] kasan_report+0x141/0x180 [ 24.562283] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.562308] kasan_check_range+0x10c/0x1c0 [ 24.562330] __asan_memset+0x27/0x50 [ 24.562353] kmalloc_uaf_memset+0x1a3/0x360 [ 24.562374] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 24.562395] ? __schedule+0x10cc/0x2b60 [ 24.562419] ? __pfx_read_tsc+0x10/0x10 [ 24.562441] ? ktime_get_ts64+0x86/0x230 [ 24.562465] kunit_try_run_case+0x1a5/0x480 [ 24.562489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.562508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.562530] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.562553] ? __kthread_parkme+0x82/0x180 [ 24.562574] ? preempt_count_sub+0x50/0x80 [ 24.562597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.562617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.562642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.562681] kthread+0x337/0x6f0 [ 24.562701] ? trace_preempt_on+0x20/0xc0 [ 24.562723] ? __pfx_kthread+0x10/0x10 [ 24.562743] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.562767] ? calculate_sigpending+0x7b/0xa0 [ 24.562793] ? __pfx_kthread+0x10/0x10 [ 24.562816] ret_from_fork+0x116/0x1d0 [ 24.562836] ? __pfx_kthread+0x10/0x10 [ 24.562856] ret_from_fork_asm+0x1a/0x30 [ 24.562888] </TASK> [ 24.562899] [ 24.574550] Allocated by task 235: [ 24.574913] kasan_save_stack+0x45/0x70 [ 24.575343] kasan_save_track+0x18/0x40 [ 24.575741] kasan_save_alloc_info+0x3b/0x50 [ 24.576207] __kasan_kmalloc+0xb7/0xc0 [ 24.576536] __kmalloc_cache_noprof+0x189/0x420 [ 24.576705] kmalloc_uaf_memset+0xa9/0x360 [ 24.577059] kunit_try_run_case+0x1a5/0x480 [ 24.577475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.578060] kthread+0x337/0x6f0 [ 24.578282] ret_from_fork+0x116/0x1d0 [ 24.578416] ret_from_fork_asm+0x1a/0x30 [ 24.578556] [ 24.578624] Freed by task 235: [ 24.578744] kasan_save_stack+0x45/0x70 [ 24.578897] kasan_save_track+0x18/0x40 [ 24.579055] kasan_save_free_info+0x3f/0x60 [ 24.579303] __kasan_slab_free+0x56/0x70 [ 24.579433] kfree+0x222/0x3f0 [ 24.579596] kmalloc_uaf_memset+0x12b/0x360 [ 24.580075] kunit_try_run_case+0x1a5/0x480 [ 24.580258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.580490] kthread+0x337/0x6f0 [ 24.580644] ret_from_fork+0x116/0x1d0 [ 24.580909] ret_from_fork_asm+0x1a/0x30 [ 24.581131] [ 24.581248] The buggy address belongs to the object at ffff88810510bc00 [ 24.581248] which belongs to the cache kmalloc-64 of size 64 [ 24.581714] The buggy address is located 0 bytes inside of [ 24.581714] freed 64-byte region [ffff88810510bc00, ffff88810510bc40) [ 24.582100] [ 24.582223] The buggy address belongs to the physical page: [ 24.582553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10510b [ 24.582929] flags: 0x200000000000000(node=0|zone=2) [ 24.583316] page_type: f5(slab) [ 24.584183] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.584535] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.585062] page dumped because: kasan: bad access detected [ 24.585527] [ 24.585619] Memory state around the buggy address: [ 24.585890] ffff88810510bb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.586517] ffff88810510bb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.587053] >ffff88810510bc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.587293] ^ [ 24.587547] ffff88810510bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.587826] ffff88810510bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.588393] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 24.534522] ================================================================== [ 24.535181] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 24.535501] Read of size 1 at addr ffff888103e49468 by task kunit_try_catch/233 [ 24.535856] [ 24.536220] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.536279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.536292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.536315] Call Trace: [ 24.536329] <TASK> [ 24.536348] dump_stack_lvl+0x73/0xb0 [ 24.536400] print_report+0xd1/0x610 [ 24.536423] ? __virt_addr_valid+0x1db/0x2d0 [ 24.536447] ? kmalloc_uaf+0x320/0x380 [ 24.536477] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.536502] ? kmalloc_uaf+0x320/0x380 [ 24.536521] kasan_report+0x141/0x180 [ 24.536542] ? kmalloc_uaf+0x320/0x380 [ 24.536575] __asan_report_load1_noabort+0x18/0x20 [ 24.536598] kmalloc_uaf+0x320/0x380 [ 24.536616] ? __pfx_kmalloc_uaf+0x10/0x10 [ 24.536648] ? __pfx_kmalloc_uaf+0x10/0x10 [ 24.536681] kunit_try_run_case+0x1a5/0x480 [ 24.536705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.536724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.536757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.536780] ? __kthread_parkme+0x82/0x180 [ 24.536802] ? preempt_count_sub+0x50/0x80 [ 24.536835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.536856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.536880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.536904] kthread+0x337/0x6f0 [ 24.536924] ? trace_preempt_on+0x20/0xc0 [ 24.537046] ? __pfx_kthread+0x10/0x10 [ 24.537067] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.537088] ? calculate_sigpending+0x7b/0xa0 [ 24.537111] ? __pfx_kthread+0x10/0x10 [ 24.537132] ret_from_fork+0x116/0x1d0 [ 24.537152] ? __pfx_kthread+0x10/0x10 [ 24.537172] ret_from_fork_asm+0x1a/0x30 [ 24.537202] </TASK> [ 24.537214] [ 24.544598] Allocated by task 233: [ 24.544780] kasan_save_stack+0x45/0x70 [ 24.545136] kasan_save_track+0x18/0x40 [ 24.545347] kasan_save_alloc_info+0x3b/0x50 [ 24.545549] __kasan_kmalloc+0xb7/0xc0 [ 24.545738] __kmalloc_cache_noprof+0x189/0x420 [ 24.546077] kmalloc_uaf+0xaa/0x380 [ 24.546247] kunit_try_run_case+0x1a5/0x480 [ 24.546448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.546719] kthread+0x337/0x6f0 [ 24.546910] ret_from_fork+0x116/0x1d0 [ 24.547172] ret_from_fork_asm+0x1a/0x30 [ 24.547373] [ 24.547475] Freed by task 233: [ 24.547620] kasan_save_stack+0x45/0x70 [ 24.547764] kasan_save_track+0x18/0x40 [ 24.547899] kasan_save_free_info+0x3f/0x60 [ 24.548039] __kasan_slab_free+0x56/0x70 [ 24.548169] kfree+0x222/0x3f0 [ 24.548600] kmalloc_uaf+0x12c/0x380 [ 24.548855] kunit_try_run_case+0x1a5/0x480 [ 24.549191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.549451] kthread+0x337/0x6f0 [ 24.549642] ret_from_fork+0x116/0x1d0 [ 24.549865] ret_from_fork_asm+0x1a/0x30 [ 24.550112] [ 24.550271] The buggy address belongs to the object at ffff888103e49460 [ 24.550271] which belongs to the cache kmalloc-16 of size 16 [ 24.550696] The buggy address is located 8 bytes inside of [ 24.550696] freed 16-byte region [ffff888103e49460, ffff888103e49470) [ 24.551259] [ 24.551358] The buggy address belongs to the physical page: [ 24.551645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e49 [ 24.552337] flags: 0x200000000000000(node=0|zone=2) [ 24.552512] page_type: f5(slab) [ 24.552673] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.553144] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.553506] page dumped because: kasan: bad access detected [ 24.553693] [ 24.553782] Memory state around the buggy address: [ 24.554066] ffff888103e49300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.554436] ffff888103e49380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.554745] >ffff888103e49400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.555144] ^ [ 24.555421] ffff888103e49480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.555708] ffff888103e49500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.556214] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 24.503033] ================================================================== [ 24.503617] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.504140] Read of size 64 at addr ffff88810510bb84 by task kunit_try_catch/231 [ 24.504768] [ 24.504950] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.505018] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.505031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.505055] Call Trace: [ 24.505068] <TASK> [ 24.505087] dump_stack_lvl+0x73/0xb0 [ 24.505121] print_report+0xd1/0x610 [ 24.505144] ? __virt_addr_valid+0x1db/0x2d0 [ 24.505168] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.505215] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505238] kasan_report+0x141/0x180 [ 24.505259] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505286] kasan_check_range+0x10c/0x1c0 [ 24.505308] __asan_memmove+0x27/0x70 [ 24.505330] kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.505353] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 24.505377] ? __schedule+0x10cc/0x2b60 [ 24.505400] ? __pfx_read_tsc+0x10/0x10 [ 24.505422] ? ktime_get_ts64+0x86/0x230 [ 24.505448] kunit_try_run_case+0x1a5/0x480 [ 24.505471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.505513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.505535] ? __kthread_parkme+0x82/0x180 [ 24.505556] ? preempt_count_sub+0x50/0x80 [ 24.505579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.505600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.505624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.505648] kthread+0x337/0x6f0 [ 24.505679] ? trace_preempt_on+0x20/0xc0 [ 24.505703] ? __pfx_kthread+0x10/0x10 [ 24.505723] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.505744] ? calculate_sigpending+0x7b/0xa0 [ 24.505768] ? __pfx_kthread+0x10/0x10 [ 24.505788] ret_from_fork+0x116/0x1d0 [ 24.505806] ? __pfx_kthread+0x10/0x10 [ 24.505826] ret_from_fork_asm+0x1a/0x30 [ 24.505857] </TASK> [ 24.505867] [ 24.521914] Allocated by task 231: [ 24.522168] kasan_save_stack+0x45/0x70 [ 24.522674] kasan_save_track+0x18/0x40 [ 24.523100] kasan_save_alloc_info+0x3b/0x50 [ 24.523255] __kasan_kmalloc+0xb7/0xc0 [ 24.523385] __kmalloc_cache_noprof+0x189/0x420 [ 24.523545] kmalloc_memmove_invalid_size+0xac/0x330 [ 24.523744] kunit_try_run_case+0x1a5/0x480 [ 24.523944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.524239] kthread+0x337/0x6f0 [ 24.524434] ret_from_fork+0x116/0x1d0 [ 24.524585] ret_from_fork_asm+0x1a/0x30 [ 24.524786] [ 24.524852] The buggy address belongs to the object at ffff88810510bb80 [ 24.524852] which belongs to the cache kmalloc-64 of size 64 [ 24.525328] The buggy address is located 4 bytes inside of [ 24.525328] allocated 64-byte region [ffff88810510bb80, ffff88810510bbc0) [ 24.525749] [ 24.525842] The buggy address belongs to the physical page: [ 24.526105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10510b [ 24.526397] flags: 0x200000000000000(node=0|zone=2) [ 24.526632] page_type: f5(slab) [ 24.527258] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.527560] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.528016] page dumped because: kasan: bad access detected [ 24.528221] [ 24.528306] Memory state around the buggy address: [ 24.528543] ffff88810510ba80: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 24.528857] ffff88810510bb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.529225] >ffff88810510bb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.529532] ^ [ 24.529797] ffff88810510bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.530163] ffff88810510bc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.530477] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 24.464614] ================================================================== [ 24.465174] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 24.465424] Read of size 18446744073709551614 at addr ffff888103ea0e84 by task kunit_try_catch/229 [ 24.465728] [ 24.465816] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.465871] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.465884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.465907] Call Trace: [ 24.465919] <TASK> [ 24.465937] dump_stack_lvl+0x73/0xb0 [ 24.465969] print_report+0xd1/0x610 [ 24.465990] ? __virt_addr_valid+0x1db/0x2d0 [ 24.466014] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.466036] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.466067] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.466107] kasan_report+0x141/0x180 [ 24.466128] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.466155] kasan_check_range+0x10c/0x1c0 [ 24.466177] __asan_memmove+0x27/0x70 [ 24.466199] kmalloc_memmove_negative_size+0x171/0x330 [ 24.466222] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 24.466246] ? __schedule+0x10cc/0x2b60 [ 24.466268] ? __pfx_read_tsc+0x10/0x10 [ 24.466289] ? ktime_get_ts64+0x86/0x230 [ 24.466313] kunit_try_run_case+0x1a5/0x480 [ 24.466335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.466355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.466377] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.466399] ? __kthread_parkme+0x82/0x180 [ 24.466420] ? preempt_count_sub+0x50/0x80 [ 24.466442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.466463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.466487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.466511] kthread+0x337/0x6f0 [ 24.466529] ? trace_preempt_on+0x20/0xc0 [ 24.466552] ? __pfx_kthread+0x10/0x10 [ 24.466571] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.466591] ? calculate_sigpending+0x7b/0xa0 [ 24.466615] ? __pfx_kthread+0x10/0x10 [ 24.466635] ret_from_fork+0x116/0x1d0 [ 24.466653] ? __pfx_kthread+0x10/0x10 [ 24.466720] ret_from_fork_asm+0x1a/0x30 [ 24.466767] </TASK> [ 24.466777] [ 24.485762] Allocated by task 229: [ 24.486341] kasan_save_stack+0x45/0x70 [ 24.486507] kasan_save_track+0x18/0x40 [ 24.486637] kasan_save_alloc_info+0x3b/0x50 [ 24.486960] __kasan_kmalloc+0xb7/0xc0 [ 24.487333] __kmalloc_cache_noprof+0x189/0x420 [ 24.487885] kmalloc_memmove_negative_size+0xac/0x330 [ 24.488404] kunit_try_run_case+0x1a5/0x480 [ 24.488987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.489400] kthread+0x337/0x6f0 [ 24.489531] ret_from_fork+0x116/0x1d0 [ 24.489670] ret_from_fork_asm+0x1a/0x30 [ 24.489904] [ 24.490098] The buggy address belongs to the object at ffff888103ea0e80 [ 24.490098] which belongs to the cache kmalloc-64 of size 64 [ 24.491296] The buggy address is located 4 bytes inside of [ 24.491296] 64-byte region [ffff888103ea0e80, ffff888103ea0ec0) [ 24.492369] [ 24.492460] The buggy address belongs to the physical page: [ 24.492628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ea0 [ 24.493199] flags: 0x200000000000000(node=0|zone=2) [ 24.493408] page_type: f5(slab) [ 24.493527] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.493865] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.494584] page dumped because: kasan: bad access detected [ 24.495161] [ 24.495390] Memory state around the buggy address: [ 24.495873] ffff888103ea0d80: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 24.496374] ffff888103ea0e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.496939] >ffff888103ea0e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.497619] ^ [ 24.497865] ffff888103ea0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.498382] ffff888103ea0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.498922] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 24.433449] ================================================================== [ 24.434538] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 24.435357] Write of size 16 at addr ffff888105919169 by task kunit_try_catch/227 [ 24.435587] [ 24.435691] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.435774] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.435789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.435813] Call Trace: [ 24.436029] <TASK> [ 24.436059] dump_stack_lvl+0x73/0xb0 [ 24.436230] print_report+0xd1/0x610 [ 24.436256] ? __virt_addr_valid+0x1db/0x2d0 [ 24.436281] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.436301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.436326] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.436346] kasan_report+0x141/0x180 [ 24.436367] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.436392] kasan_check_range+0x10c/0x1c0 [ 24.436415] __asan_memset+0x27/0x50 [ 24.436437] kmalloc_oob_memset_16+0x166/0x330 [ 24.436458] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 24.436480] ? __schedule+0x10cc/0x2b60 [ 24.436503] ? __pfx_read_tsc+0x10/0x10 [ 24.436524] ? ktime_get_ts64+0x86/0x230 [ 24.436548] kunit_try_run_case+0x1a5/0x480 [ 24.436571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.436591] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.436613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.436635] ? __kthread_parkme+0x82/0x180 [ 24.436668] ? preempt_count_sub+0x50/0x80 [ 24.436691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.436712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.436743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.436767] kthread+0x337/0x6f0 [ 24.436786] ? trace_preempt_on+0x20/0xc0 [ 24.436809] ? __pfx_kthread+0x10/0x10 [ 24.436829] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.436849] ? calculate_sigpending+0x7b/0xa0 [ 24.436873] ? __pfx_kthread+0x10/0x10 [ 24.436893] ret_from_fork+0x116/0x1d0 [ 24.436911] ? __pfx_kthread+0x10/0x10 [ 24.436931] ret_from_fork_asm+0x1a/0x30 [ 24.436962] </TASK> [ 24.436974] [ 24.451301] Allocated by task 227: [ 24.451456] kasan_save_stack+0x45/0x70 [ 24.451615] kasan_save_track+0x18/0x40 [ 24.451969] kasan_save_alloc_info+0x3b/0x50 [ 24.452424] __kasan_kmalloc+0xb7/0xc0 [ 24.452604] __kmalloc_cache_noprof+0x189/0x420 [ 24.452875] kmalloc_oob_memset_16+0xac/0x330 [ 24.453360] kunit_try_run_case+0x1a5/0x480 [ 24.453743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.454338] kthread+0x337/0x6f0 [ 24.454504] ret_from_fork+0x116/0x1d0 [ 24.454632] ret_from_fork_asm+0x1a/0x30 [ 24.454889] [ 24.455076] The buggy address belongs to the object at ffff888105919100 [ 24.455076] which belongs to the cache kmalloc-128 of size 128 [ 24.456237] The buggy address is located 105 bytes inside of [ 24.456237] allocated 120-byte region [ffff888105919100, ffff888105919178) [ 24.457070] [ 24.457144] The buggy address belongs to the physical page: [ 24.457310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.457543] flags: 0x200000000000000(node=0|zone=2) [ 24.457719] page_type: f5(slab) [ 24.457934] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.458313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.458604] page dumped because: kasan: bad access detected [ 24.458857] [ 24.458950] Memory state around the buggy address: [ 24.459159] ffff888105919000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.459376] ffff888105919080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.459621] >ffff888105919100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.459956] ^ [ 24.460181] ffff888105919180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.460452] ffff888105919200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.461050] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 24.403837] ================================================================== [ 24.404610] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 24.405505] Write of size 8 at addr ffff888103e99271 by task kunit_try_catch/225 [ 24.406520] [ 24.406974] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.407290] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.407310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.407336] Call Trace: [ 24.407351] <TASK> [ 24.407377] dump_stack_lvl+0x73/0xb0 [ 24.407425] print_report+0xd1/0x610 [ 24.407449] ? __virt_addr_valid+0x1db/0x2d0 [ 24.407476] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.407524] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407546] kasan_report+0x141/0x180 [ 24.407567] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407592] kasan_check_range+0x10c/0x1c0 [ 24.407615] __asan_memset+0x27/0x50 [ 24.407638] kmalloc_oob_memset_8+0x166/0x330 [ 24.407673] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.407695] ? __schedule+0x10cc/0x2b60 [ 24.407720] ? __pfx_read_tsc+0x10/0x10 [ 24.407766] ? ktime_get_ts64+0x86/0x230 [ 24.407792] kunit_try_run_case+0x1a5/0x480 [ 24.407819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.407842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.407870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.407895] ? __kthread_parkme+0x82/0x180 [ 24.407918] ? preempt_count_sub+0x50/0x80 [ 24.407971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.407993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.408019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.408044] kthread+0x337/0x6f0 [ 24.408064] ? trace_preempt_on+0x20/0xc0 [ 24.408090] ? __pfx_kthread+0x10/0x10 [ 24.408111] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.408132] ? calculate_sigpending+0x7b/0xa0 [ 24.408156] ? __pfx_kthread+0x10/0x10 [ 24.408177] ret_from_fork+0x116/0x1d0 [ 24.408196] ? __pfx_kthread+0x10/0x10 [ 24.408216] ret_from_fork_asm+0x1a/0x30 [ 24.408247] </TASK> [ 24.408259] [ 24.419924] Allocated by task 225: [ 24.420146] kasan_save_stack+0x45/0x70 [ 24.420456] kasan_save_track+0x18/0x40 [ 24.420797] kasan_save_alloc_info+0x3b/0x50 [ 24.421042] __kasan_kmalloc+0xb7/0xc0 [ 24.421219] __kmalloc_cache_noprof+0x189/0x420 [ 24.421440] kmalloc_oob_memset_8+0xac/0x330 [ 24.421646] kunit_try_run_case+0x1a5/0x480 [ 24.422154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.422420] kthread+0x337/0x6f0 [ 24.422607] ret_from_fork+0x116/0x1d0 [ 24.423067] ret_from_fork_asm+0x1a/0x30 [ 24.423283] [ 24.423386] The buggy address belongs to the object at ffff888103e99200 [ 24.423386] which belongs to the cache kmalloc-128 of size 128 [ 24.424095] The buggy address is located 113 bytes inside of [ 24.424095] allocated 120-byte region [ffff888103e99200, ffff888103e99278) [ 24.424702] [ 24.424805] The buggy address belongs to the physical page: [ 24.425368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e99 [ 24.425935] flags: 0x200000000000000(node=0|zone=2) [ 24.426179] page_type: f5(slab) [ 24.426352] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.426609] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.426994] page dumped because: kasan: bad access detected [ 24.427321] [ 24.427384] Memory state around the buggy address: [ 24.427592] ffff888103e99100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.427984] ffff888103e99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.428242] >ffff888103e99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.428630] ^ [ 24.428866] ffff888103e99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.429163] ffff888103e99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.429484] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 23.796809] ================================================================== [ 23.797534] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 23.797798] Read of size 1 at addr ffff8881058c0000 by task kunit_try_catch/203 [ 23.798278] [ 23.798396] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.798450] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.798463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.798486] Call Trace: [ 23.798501] <TASK> [ 23.798519] dump_stack_lvl+0x73/0xb0 [ 23.798551] print_report+0xd1/0x610 [ 23.798573] ? __virt_addr_valid+0x1db/0x2d0 [ 23.798596] ? page_alloc_uaf+0x356/0x3d0 [ 23.798616] ? kasan_addr_to_slab+0x11/0xa0 [ 23.798635] ? page_alloc_uaf+0x356/0x3d0 [ 23.798670] kasan_report+0x141/0x180 [ 23.798691] ? page_alloc_uaf+0x356/0x3d0 [ 23.798716] __asan_report_load1_noabort+0x18/0x20 [ 23.798739] page_alloc_uaf+0x356/0x3d0 [ 23.798759] ? __pfx_page_alloc_uaf+0x10/0x10 [ 23.798781] ? __schedule+0x10cc/0x2b60 [ 23.798804] ? __pfx_read_tsc+0x10/0x10 [ 23.798824] ? ktime_get_ts64+0x86/0x230 [ 23.798848] kunit_try_run_case+0x1a5/0x480 [ 23.798889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.798908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.798930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.799002] ? __kthread_parkme+0x82/0x180 [ 23.799023] ? preempt_count_sub+0x50/0x80 [ 23.799046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.799067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.799091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.799116] kthread+0x337/0x6f0 [ 23.799135] ? trace_preempt_on+0x20/0xc0 [ 23.799158] ? __pfx_kthread+0x10/0x10 [ 23.799178] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.799199] ? calculate_sigpending+0x7b/0xa0 [ 23.799222] ? __pfx_kthread+0x10/0x10 [ 23.799243] ret_from_fork+0x116/0x1d0 [ 23.799261] ? __pfx_kthread+0x10/0x10 [ 23.799281] ret_from_fork_asm+0x1a/0x30 [ 23.799311] </TASK> [ 23.799322] [ 23.809822] The buggy address belongs to the physical page: [ 23.810256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c0 [ 23.810835] flags: 0x200000000000000(node=0|zone=2) [ 23.811193] page_type: f0(buddy) [ 23.811368] raw: 0200000000000000 ffff88817fffd4f0 ffff88817fffd4f0 0000000000000000 [ 23.811672] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 23.811961] page dumped because: kasan: bad access detected [ 23.812312] [ 23.812436] Memory state around the buggy address: [ 23.812932] ffff8881058bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.813354] ffff8881058bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.813639] >ffff8881058c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.814167] ^ [ 23.814300] ffff8881058c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.814779] ffff8881058c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.815217] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 23.769182] ================================================================== [ 23.770455] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 23.771141] Free of addr ffff888105878001 by task kunit_try_catch/199 [ 23.771653] [ 23.771999] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.772057] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.772071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.772117] Call Trace: [ 23.772130] <TASK> [ 23.772151] dump_stack_lvl+0x73/0xb0 [ 23.772186] print_report+0xd1/0x610 [ 23.772209] ? __virt_addr_valid+0x1db/0x2d0 [ 23.772233] ? kasan_addr_to_slab+0x11/0xa0 [ 23.772252] ? kfree+0x274/0x3f0 [ 23.772273] kasan_report_invalid_free+0x10a/0x130 [ 23.772295] ? kfree+0x274/0x3f0 [ 23.772317] ? kfree+0x274/0x3f0 [ 23.772337] __kasan_kfree_large+0x86/0xd0 [ 23.772357] free_large_kmalloc+0x52/0x110 [ 23.772378] kfree+0x274/0x3f0 [ 23.772402] kmalloc_large_invalid_free+0x120/0x2b0 [ 23.772423] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.772446] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.772471] kunit_try_run_case+0x1a5/0x480 [ 23.772493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.772513] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.772536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.772558] ? __kthread_parkme+0x82/0x180 [ 23.772578] ? preempt_count_sub+0x50/0x80 [ 23.772601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.772622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.772645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.772681] kthread+0x337/0x6f0 [ 23.772700] ? trace_preempt_on+0x20/0xc0 [ 23.772723] ? __pfx_kthread+0x10/0x10 [ 23.772743] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.772776] ? calculate_sigpending+0x7b/0xa0 [ 23.772800] ? __pfx_kthread+0x10/0x10 [ 23.772820] ret_from_fork+0x116/0x1d0 [ 23.772839] ? __pfx_kthread+0x10/0x10 [ 23.772859] ret_from_fork_asm+0x1a/0x30 [ 23.772889] </TASK> [ 23.772900] [ 23.784145] The buggy address belongs to the physical page: [ 23.784626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105878 [ 23.784918] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.785795] flags: 0x200000000000040(head|node=0|zone=2) [ 23.786063] page_type: f8(unknown) [ 23.786262] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.786488] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.786739] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.787066] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.787376] head: 0200000000000002 ffffea0004161e01 00000000ffffffff 00000000ffffffff [ 23.787730] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.788115] page dumped because: kasan: bad access detected [ 23.788356] [ 23.788445] Memory state around the buggy address: [ 23.788639] ffff888105877f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.788903] ffff888105877f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789290] >ffff888105878000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.789576] ^ [ 23.789825] ffff888105878080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.790461] ffff888105878100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.790796] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 23.750203] ================================================================== [ 23.750671] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 23.751381] Read of size 1 at addr ffff888105978000 by task kunit_try_catch/197 [ 23.752032] [ 23.752207] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.752302] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.752316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.752361] Call Trace: [ 23.752378] <TASK> [ 23.752398] dump_stack_lvl+0x73/0xb0 [ 23.752434] print_report+0xd1/0x610 [ 23.752457] ? __virt_addr_valid+0x1db/0x2d0 [ 23.752482] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.752501] ? kasan_addr_to_slab+0x11/0xa0 [ 23.752521] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.752550] kasan_report+0x141/0x180 [ 23.752571] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.752595] __asan_report_load1_noabort+0x18/0x20 [ 23.752629] kmalloc_large_uaf+0x2f1/0x340 [ 23.752649] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 23.752680] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 23.752704] kunit_try_run_case+0x1a5/0x480 [ 23.752744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.752790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.752813] ? __kthread_parkme+0x82/0x180 [ 23.752835] ? preempt_count_sub+0x50/0x80 [ 23.752858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.752879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.752910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.752956] kthread+0x337/0x6f0 [ 23.752976] ? trace_preempt_on+0x20/0xc0 [ 23.753001] ? __pfx_kthread+0x10/0x10 [ 23.753021] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.753042] ? calculate_sigpending+0x7b/0xa0 [ 23.753065] ? __pfx_kthread+0x10/0x10 [ 23.753086] ret_from_fork+0x116/0x1d0 [ 23.753106] ? __pfx_kthread+0x10/0x10 [ 23.753126] ret_from_fork_asm+0x1a/0x30 [ 23.753158] </TASK> [ 23.753171] [ 23.760858] The buggy address belongs to the physical page: [ 23.761166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105978 [ 23.761523] flags: 0x200000000000000(node=0|zone=2) [ 23.761822] raw: 0200000000000000 ffffea0004165f08 ffff888154639fc0 0000000000000000 [ 23.762168] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.762502] page dumped because: kasan: bad access detected [ 23.762720] [ 23.762821] Memory state around the buggy address: [ 23.763123] ffff888105977f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.763332] ffff888105977f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.763532] >ffff888105978000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.764086] ^ [ 23.764252] ffff888105978080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.764652] ffff888105978100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.765158] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 23.723734] ================================================================== [ 23.724280] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 23.725171] Write of size 1 at addr ffff88810597a00a by task kunit_try_catch/195 [ 23.725411] [ 23.725502] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.725555] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.725933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.725975] Call Trace: [ 23.725989] <TASK> [ 23.726009] dump_stack_lvl+0x73/0xb0 [ 23.726053] print_report+0xd1/0x610 [ 23.726077] ? __virt_addr_valid+0x1db/0x2d0 [ 23.726103] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.726125] ? kasan_addr_to_slab+0x11/0xa0 [ 23.726146] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.726168] kasan_report+0x141/0x180 [ 23.726189] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.726238] __asan_report_store1_noabort+0x1b/0x30 [ 23.726261] kmalloc_large_oob_right+0x2e9/0x330 [ 23.726282] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 23.726304] ? __schedule+0x10cc/0x2b60 [ 23.726327] ? __pfx_read_tsc+0x10/0x10 [ 23.726349] ? ktime_get_ts64+0x86/0x230 [ 23.726373] kunit_try_run_case+0x1a5/0x480 [ 23.726396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.726416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.726438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.726461] ? __kthread_parkme+0x82/0x180 [ 23.726482] ? preempt_count_sub+0x50/0x80 [ 23.726506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.726527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.726551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.726575] kthread+0x337/0x6f0 [ 23.726594] ? trace_preempt_on+0x20/0xc0 [ 23.726618] ? __pfx_kthread+0x10/0x10 [ 23.726638] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.726671] ? calculate_sigpending+0x7b/0xa0 [ 23.726695] ? __pfx_kthread+0x10/0x10 [ 23.726716] ret_from_fork+0x116/0x1d0 [ 23.726735] ? __pfx_kthread+0x10/0x10 [ 23.726891] ret_from_fork_asm+0x1a/0x30 [ 23.726950] </TASK> [ 23.726962] [ 23.736725] The buggy address belongs to the physical page: [ 23.737354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105978 [ 23.738386] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.738942] flags: 0x200000000000040(head|node=0|zone=2) [ 23.739382] page_type: f8(unknown) [ 23.739812] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.740500] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.740753] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.740979] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.741204] head: 0200000000000002 ffffea0004165e01 00000000ffffffff 00000000ffffffff [ 23.741427] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.741650] page dumped because: kasan: bad access detected [ 23.741831] [ 23.741895] Memory state around the buggy address: [ 23.742301] ffff888105979f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.742939] ffff888105979f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.743725] >ffff88810597a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.744604] ^ [ 23.745004] ffff88810597a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.745715] ffff88810597a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.746344] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 23.693626] ================================================================== [ 23.694506] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 23.695720] Write of size 1 at addr ffff888105891f00 by task kunit_try_catch/193 [ 23.696310] [ 23.696410] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.696466] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.696480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.696504] Call Trace: [ 23.696516] <TASK> [ 23.696535] dump_stack_lvl+0x73/0xb0 [ 23.696573] print_report+0xd1/0x610 [ 23.696596] ? __virt_addr_valid+0x1db/0x2d0 [ 23.696619] ? kmalloc_big_oob_right+0x316/0x370 [ 23.696641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.696680] ? kmalloc_big_oob_right+0x316/0x370 [ 23.696702] kasan_report+0x141/0x180 [ 23.696722] ? kmalloc_big_oob_right+0x316/0x370 [ 23.696748] __asan_report_store1_noabort+0x1b/0x30 [ 23.696771] kmalloc_big_oob_right+0x316/0x370 [ 23.696809] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 23.696831] ? __schedule+0x10cc/0x2b60 [ 23.696854] ? __pfx_read_tsc+0x10/0x10 [ 23.696876] ? ktime_get_ts64+0x86/0x230 [ 23.696902] kunit_try_run_case+0x1a5/0x480 [ 23.696925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.696944] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.696978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.697001] ? __kthread_parkme+0x82/0x180 [ 23.697022] ? preempt_count_sub+0x50/0x80 [ 23.697045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.697066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.697091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.697115] kthread+0x337/0x6f0 [ 23.697135] ? trace_preempt_on+0x20/0xc0 [ 23.697157] ? __pfx_kthread+0x10/0x10 [ 23.697178] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.697198] ? calculate_sigpending+0x7b/0xa0 [ 23.697223] ? __pfx_kthread+0x10/0x10 [ 23.697243] ret_from_fork+0x116/0x1d0 [ 23.697262] ? __pfx_kthread+0x10/0x10 [ 23.697282] ret_from_fork_asm+0x1a/0x30 [ 23.697312] </TASK> [ 23.697323] [ 23.706318] Allocated by task 193: [ 23.706507] kasan_save_stack+0x45/0x70 [ 23.706702] kasan_save_track+0x18/0x40 [ 23.706882] kasan_save_alloc_info+0x3b/0x50 [ 23.707089] __kasan_kmalloc+0xb7/0xc0 [ 23.707619] __kmalloc_cache_noprof+0x189/0x420 [ 23.707894] kmalloc_big_oob_right+0xa9/0x370 [ 23.708241] kunit_try_run_case+0x1a5/0x480 [ 23.708401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.708622] kthread+0x337/0x6f0 [ 23.708930] ret_from_fork+0x116/0x1d0 [ 23.709119] ret_from_fork_asm+0x1a/0x30 [ 23.709292] [ 23.709383] The buggy address belongs to the object at ffff888105890000 [ 23.709383] which belongs to the cache kmalloc-8k of size 8192 [ 23.710228] The buggy address is located 0 bytes to the right of [ 23.710228] allocated 7936-byte region [ffff888105890000, ffff888105891f00) [ 23.710904] [ 23.711082] The buggy address belongs to the physical page: [ 23.711368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890 [ 23.711863] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.712149] flags: 0x200000000000040(head|node=0|zone=2) [ 23.712431] page_type: f5(slab) [ 23.712558] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.712926] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.713392] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 23.713939] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.714388] head: 0200000000000003 ffffea0004162401 00000000ffffffff 00000000ffffffff [ 23.714913] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.715410] page dumped because: kasan: bad access detected [ 23.715590] [ 23.715760] Memory state around the buggy address: [ 23.716196] ffff888105891e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.716412] ffff888105891e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.716734] >ffff888105891f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.717074] ^ [ 23.717207] ffff888105891f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.717862] ffff888105892000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.718459] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 23.636605] ================================================================== [ 23.637357] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.637631] Write of size 1 at addr ffff888105865d78 by task kunit_try_catch/191 [ 23.638452] [ 23.638695] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.638770] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.638784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.638807] Call Trace: [ 23.638820] <TASK> [ 23.638840] dump_stack_lvl+0x73/0xb0 [ 23.638877] print_report+0xd1/0x610 [ 23.638899] ? __virt_addr_valid+0x1db/0x2d0 [ 23.638924] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.638947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.638971] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.638994] kasan_report+0x141/0x180 [ 23.639015] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.639042] __asan_report_store1_noabort+0x1b/0x30 [ 23.639065] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.639088] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.639112] ? __schedule+0x10cc/0x2b60 [ 23.639136] ? __pfx_read_tsc+0x10/0x10 [ 23.639157] ? ktime_get_ts64+0x86/0x230 [ 23.639193] kunit_try_run_case+0x1a5/0x480 [ 23.639218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.639237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.639259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.639281] ? __kthread_parkme+0x82/0x180 [ 23.639302] ? preempt_count_sub+0x50/0x80 [ 23.639325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.639346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.639369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.639393] kthread+0x337/0x6f0 [ 23.639412] ? trace_preempt_on+0x20/0xc0 [ 23.639436] ? __pfx_kthread+0x10/0x10 [ 23.639456] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.639476] ? calculate_sigpending+0x7b/0xa0 [ 23.639500] ? __pfx_kthread+0x10/0x10 [ 23.639520] ret_from_fork+0x116/0x1d0 [ 23.639538] ? __pfx_kthread+0x10/0x10 [ 23.639558] ret_from_fork_asm+0x1a/0x30 [ 23.639588] </TASK> [ 23.639598] [ 23.652583] Allocated by task 191: [ 23.652752] kasan_save_stack+0x45/0x70 [ 23.652915] kasan_save_track+0x18/0x40 [ 23.653057] kasan_save_alloc_info+0x3b/0x50 [ 23.653200] __kasan_kmalloc+0xb7/0xc0 [ 23.653326] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.653501] kmalloc_track_caller_oob_right+0x99/0x520 [ 23.653671] kunit_try_run_case+0x1a5/0x480 [ 23.653809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.653977] kthread+0x337/0x6f0 [ 23.654096] ret_from_fork+0x116/0x1d0 [ 23.654223] ret_from_fork_asm+0x1a/0x30 [ 23.654355] [ 23.654420] The buggy address belongs to the object at ffff888105865d00 [ 23.654420] which belongs to the cache kmalloc-128 of size 128 [ 23.655017] The buggy address is located 0 bytes to the right of [ 23.655017] allocated 120-byte region [ffff888105865d00, ffff888105865d78) [ 23.656057] [ 23.656233] The buggy address belongs to the physical page: [ 23.656834] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.657680] flags: 0x200000000000000(node=0|zone=2) [ 23.658167] page_type: f5(slab) [ 23.658636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.659268] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.659976] page dumped because: kasan: bad access detected [ 23.660439] [ 23.660586] Memory state around the buggy address: [ 23.661044] ffff888105865c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.661802] ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.662485] >ffff888105865d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.663250] ^ [ 23.663932] ffff888105865d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.664629] ffff888105865e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.665301] ================================================================== [ 23.666600] ================================================================== [ 23.667289] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.668004] Write of size 1 at addr ffff888105865e78 by task kunit_try_catch/191 [ 23.668736] [ 23.668932] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.668985] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.668997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.669020] Call Trace: [ 23.669033] <TASK> [ 23.669053] dump_stack_lvl+0x73/0xb0 [ 23.669084] print_report+0xd1/0x610 [ 23.669105] ? __virt_addr_valid+0x1db/0x2d0 [ 23.669128] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.669151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.669175] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.669198] kasan_report+0x141/0x180 [ 23.669218] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.669245] __asan_report_store1_noabort+0x1b/0x30 [ 23.669268] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.669291] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.669316] ? __schedule+0x10cc/0x2b60 [ 23.669339] ? __pfx_read_tsc+0x10/0x10 [ 23.669359] ? ktime_get_ts64+0x86/0x230 [ 23.669383] kunit_try_run_case+0x1a5/0x480 [ 23.669405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.669424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.669446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.669469] ? __kthread_parkme+0x82/0x180 [ 23.669489] ? preempt_count_sub+0x50/0x80 [ 23.669512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.669532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.669556] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.669580] kthread+0x337/0x6f0 [ 23.669599] ? trace_preempt_on+0x20/0xc0 [ 23.669642] ? __pfx_kthread+0x10/0x10 [ 23.669672] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.669693] ? calculate_sigpending+0x7b/0xa0 [ 23.669716] ? __pfx_kthread+0x10/0x10 [ 23.669737] ret_from_fork+0x116/0x1d0 [ 23.669762] ? __pfx_kthread+0x10/0x10 [ 23.669782] ret_from_fork_asm+0x1a/0x30 [ 23.669812] </TASK> [ 23.669823] [ 23.681927] Allocated by task 191: [ 23.682144] kasan_save_stack+0x45/0x70 [ 23.682358] kasan_save_track+0x18/0x40 [ 23.682541] kasan_save_alloc_info+0x3b/0x50 [ 23.682753] __kasan_kmalloc+0xb7/0xc0 [ 23.682943] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.683160] kmalloc_track_caller_oob_right+0x19a/0x520 [ 23.683380] kunit_try_run_case+0x1a5/0x480 [ 23.683571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.683880] kthread+0x337/0x6f0 [ 23.683998] ret_from_fork+0x116/0x1d0 [ 23.684125] ret_from_fork_asm+0x1a/0x30 [ 23.684326] [ 23.684419] The buggy address belongs to the object at ffff888105865e00 [ 23.684419] which belongs to the cache kmalloc-128 of size 128 [ 23.685006] The buggy address is located 0 bytes to the right of [ 23.685006] allocated 120-byte region [ffff888105865e00, ffff888105865e78) [ 23.685872] [ 23.685944] The buggy address belongs to the physical page: [ 23.686177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.686411] flags: 0x200000000000000(node=0|zone=2) [ 23.686744] page_type: f5(slab) [ 23.687017] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.687310] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.687594] page dumped because: kasan: bad access detected [ 23.687867] [ 23.687932] Memory state around the buggy address: [ 23.688122] ffff888105865d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.688412] ffff888105865d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.688703] >ffff888105865e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.688906] ^ [ 23.689234] ffff888105865e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.689538] ffff888105865f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.689951] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 23.607163] ================================================================== [ 23.608219] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 23.608483] Read of size 1 at addr ffff888105ff5000 by task kunit_try_catch/189 [ 23.608711] [ 23.609005] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.609078] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.609090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.609115] Call Trace: [ 23.609129] <TASK> [ 23.609150] dump_stack_lvl+0x73/0xb0 [ 23.609220] print_report+0xd1/0x610 [ 23.609242] ? __virt_addr_valid+0x1db/0x2d0 [ 23.609278] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.609300] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.609325] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.609347] kasan_report+0x141/0x180 [ 23.609368] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.609395] __asan_report_load1_noabort+0x18/0x20 [ 23.609418] kmalloc_node_oob_right+0x369/0x3c0 [ 23.609470] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 23.609495] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 23.609521] kunit_try_run_case+0x1a5/0x480 [ 23.609555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.609575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.609600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.609623] ? __kthread_parkme+0x82/0x180 [ 23.609645] ? preempt_count_sub+0x50/0x80 [ 23.609677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.609698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.609722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.609794] kthread+0x337/0x6f0 [ 23.609814] ? trace_preempt_on+0x20/0xc0 [ 23.609851] ? __pfx_kthread+0x10/0x10 [ 23.609873] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.609894] ? calculate_sigpending+0x7b/0xa0 [ 23.609964] ? __pfx_kthread+0x10/0x10 [ 23.609985] ret_from_fork+0x116/0x1d0 [ 23.610016] ? __pfx_kthread+0x10/0x10 [ 23.610037] ret_from_fork_asm+0x1a/0x30 [ 23.610087] </TASK> [ 23.610107] [ 23.622233] Allocated by task 189: [ 23.622422] kasan_save_stack+0x45/0x70 [ 23.622613] kasan_save_track+0x18/0x40 [ 23.622898] kasan_save_alloc_info+0x3b/0x50 [ 23.623056] __kasan_kmalloc+0xb7/0xc0 [ 23.623344] __kmalloc_cache_node_noprof+0x188/0x420 [ 23.623508] kmalloc_node_oob_right+0xab/0x3c0 [ 23.623653] kunit_try_run_case+0x1a5/0x480 [ 23.623826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.624108] kthread+0x337/0x6f0 [ 23.624274] ret_from_fork+0x116/0x1d0 [ 23.624457] ret_from_fork_asm+0x1a/0x30 [ 23.624651] [ 23.624814] The buggy address belongs to the object at ffff888105ff4000 [ 23.624814] which belongs to the cache kmalloc-4k of size 4096 [ 23.625348] The buggy address is located 0 bytes to the right of [ 23.625348] allocated 4096-byte region [ffff888105ff4000, ffff888105ff5000) [ 23.626077] [ 23.626254] The buggy address belongs to the physical page: [ 23.626618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ff0 [ 23.627407] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.627815] flags: 0x200000000000040(head|node=0|zone=2) [ 23.628151] page_type: f5(slab) [ 23.628357] raw: 0200000000000040 ffff888100042140 ffffea0004180000 dead000000000002 [ 23.628597] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.629122] head: 0200000000000040 ffff888100042140 ffffea0004180000 dead000000000002 [ 23.629426] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.629806] head: 0200000000000003 ffffea000417fc01 00000000ffffffff 00000000ffffffff [ 23.630189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.630490] page dumped because: kasan: bad access detected [ 23.630846] [ 23.631008] Memory state around the buggy address: [ 23.631248] ffff888105ff4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.631589] ffff888105ff4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.631836] >ffff888105ff5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.632098] ^ [ 23.632259] ffff888105ff5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.632620] ffff888105ff5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.633044] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 23.529758] ================================================================== [ 23.530487] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 23.531085] Read of size 1 at addr ffff8881058420bf by task kunit_try_catch/187 [ 23.531572] [ 23.532049] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.532109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.532122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.532145] Call Trace: [ 23.532162] <TASK> [ 23.532181] dump_stack_lvl+0x73/0xb0 [ 23.532217] print_report+0xd1/0x610 [ 23.532239] ? __virt_addr_valid+0x1db/0x2d0 [ 23.532263] ? kmalloc_oob_left+0x361/0x3c0 [ 23.532283] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.532307] ? kmalloc_oob_left+0x361/0x3c0 [ 23.532327] kasan_report+0x141/0x180 [ 23.532347] ? kmalloc_oob_left+0x361/0x3c0 [ 23.532371] __asan_report_load1_noabort+0x18/0x20 [ 23.532395] kmalloc_oob_left+0x361/0x3c0 [ 23.532416] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.532437] ? __schedule+0x10cc/0x2b60 [ 23.532460] ? __pfx_read_tsc+0x10/0x10 [ 23.532483] ? ktime_get_ts64+0x86/0x230 [ 23.532509] kunit_try_run_case+0x1a5/0x480 [ 23.532533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.532553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.532575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.532598] ? __kthread_parkme+0x82/0x180 [ 23.532620] ? preempt_count_sub+0x50/0x80 [ 23.532643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.532675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.532699] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.532723] kthread+0x337/0x6f0 [ 23.532742] ? trace_preempt_on+0x20/0xc0 [ 23.532768] ? __pfx_kthread+0x10/0x10 [ 23.532787] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.532808] ? calculate_sigpending+0x7b/0xa0 [ 23.532831] ? __pfx_kthread+0x10/0x10 [ 23.532852] ret_from_fork+0x116/0x1d0 [ 23.532870] ? __pfx_kthread+0x10/0x10 [ 23.532890] ret_from_fork_asm+0x1a/0x30 [ 23.532920] </TASK> [ 23.532931] [ 23.543529] Allocated by task 119: [ 23.543947] kasan_save_stack+0x45/0x70 [ 23.544266] kasan_save_track+0x18/0x40 [ 23.544549] kasan_save_alloc_info+0x3b/0x50 [ 23.544916] __kasan_kmalloc+0xb7/0xc0 [ 23.545228] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.545550] kvasprintf+0xc5/0x150 [ 23.545889] kasprintf+0xb6/0xf0 [ 23.546238] miscdev_test_can_open+0x9a/0x2e0 [ 23.546401] miscdev_test_collision_reverse+0x402/0x750 [ 23.546648] kunit_try_run_case+0x1a5/0x480 [ 23.547231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.547446] kthread+0x337/0x6f0 [ 23.547815] ret_from_fork+0x116/0x1d0 [ 23.548167] ret_from_fork_asm+0x1a/0x30 [ 23.548491] [ 23.548608] Freed by task 92545664: [ 23.549340] ------------[ cut here ]------------ [ 23.549572] pool index 100480 out of bounds (155) for stack id ffff8881 [ 23.550806] WARNING: lib/stackdepot.c:451 at depot_fetch_stack+0x62/0x80, CPU#1: kunit_try_catch/187 [ 23.551741] Modules linked in: [ 23.552078] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.552866] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.553360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.554070] RIP: 0010:depot_fetch_stack+0x62/0x80 [ 23.554800] Code: d2 74 05 c3 cc cc cc cc 90 0f 0b 90 31 c0 e9 d5 25 69 02 55 48 89 e5 90 89 f9 44 89 c2 48 c7 c7 90 c9 99 95 e8 9f d7 ba fe 90 <0f> 0b 90 90 31 c0 5d c3 cc cc cc cc 90 0f 0b 90 31 c0 c3 cc cc cc [ 23.555800] RSP: 0000:ffff888106127b28 EFLAGS: 00010082 [ 23.556354] RAX: 0000000000000000 RBX: ffff888106127b50 RCX: 1ffffffff2ba4bc0 [ 23.556788] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 23.557468] RBP: ffff888106127b28 R08: 0000000000000000 R09: fffffbfff2ba4bc0 [ 23.558099] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881058420bf [ 23.558686] R13: ffff888106168000 R14: ffffea0004161080 R15: 0000000000000001 [ 23.559288] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 23.559775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.560238] CR2: 0000000000000000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 23.560668] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 23.561222] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 23.561571] Call Trace: [ 23.562015] <TASK> [ 23.562141] stack_depot_fetch+0x2c/0x60 [ 23.562453] stack_depot_print+0x23/0x50 [ 23.562651] print_report+0x5f8/0x610 [ 23.563121] ? __virt_addr_valid+0x1db/0x2d0 [ 23.563287] ? kmalloc_oob_left+0x361/0x3c0 [ 23.563670] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.564053] ? kmalloc_oob_left+0x361/0x3c0 [ 23.564456] kasan_report+0x141/0x180 [ 23.564670] ? kmalloc_oob_left+0x361/0x3c0 [ 23.565090] __asan_report_load1_noabort+0x18/0x20 [ 23.565470] kmalloc_oob_left+0x361/0x3c0 [ 23.565899] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.566315] ? __schedule+0x10cc/0x2b60 [ 23.566562] ? __pfx_read_tsc+0x10/0x10 [ 23.566731] ? ktime_get_ts64+0x86/0x230 [ 23.566884] kunit_try_run_case+0x1a5/0x480 [ 23.567189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.567792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.568165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.568518] ? __kthread_parkme+0x82/0x180 [ 23.568896] ? preempt_count_sub+0x50/0x80 [ 23.569157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.569539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.569900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.570428] kthread+0x337/0x6f0 [ 23.570615] ? trace_preempt_on+0x20/0xc0 [ 23.570958] ? __pfx_kthread+0x10/0x10 [ 23.571208] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.571415] ? calculate_sigpending+0x7b/0xa0 [ 23.571908] ? __pfx_kthread+0x10/0x10 [ 23.572213] ret_from_fork+0x116/0x1d0 [ 23.572551] ? __pfx_kthread+0x10/0x10 [ 23.572807] ret_from_fork_asm+0x1a/0x30 [ 23.573240] </TASK> [ 23.573714] ---[ end trace 0000000000000000 ]--- [ 23.574239] ------------[ cut here ]------------ [ 23.574588] corrupt handle or use after stack_depot_put() [ 23.574703] WARNING: lib/stackdepot.c:723 at stack_depot_fetch+0x53/0x60, CPU#1: kunit_try_catch/187 [ 23.575688] Modules linked in: [ 23.575948] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.576492] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 23.576736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.577448] RIP: 0010:stack_depot_fetch+0x53/0x60 [ 23.577764] Code: ff ff ff 48 85 c0 74 14 48 8d 50 20 48 89 13 8b 40 14 48 8b 5d f8 c9 e9 4b 25 69 02 90 48 c7 c7 c8 c9 99 95 e8 1e d7 ba fe 90 <0f> 0b 90 90 31 c0 eb e0 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 [ 23.578832] RSP: 0000:ffff888106127b38 EFLAGS: 00010082 [ 23.579371] RAX: 0000000000000000 RBX: ffff888106127b50 RCX: 1ffffffff2ba4bc0 [ 23.579852] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 23.580441] RBP: ffff888106127b40 R08: 0000000000000000 R09: fffffbfff2ba4bc0 [ 23.580836] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881058420bf [ 23.581243] R13: ffff888106168000 R14: ffffea0004161080 R15: 0000000000000001 [ 23.581538] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 23.582197] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.582464] CR2: 0000000000000000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 23.582936] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 23.583267] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 23.583697] Call Trace: [ 23.583907] <TASK> [ 23.584245] stack_depot_print+0x23/0x50 [ 23.584628] print_report+0x5f8/0x610 [ 23.584832] ? __virt_addr_valid+0x1db/0x2d0 [ 23.585411] ? kmalloc_oob_left+0x361/0x3c0 [ 23.585649] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.586178] ? kmalloc_oob_left+0x361/0x3c0 [ 23.586469] kasan_report+0x141/0x180 [ 23.586713] ? kmalloc_oob_left+0x361/0x3c0 [ 23.587039] __asan_report_load1_noabort+0x18/0x20 [ 23.587371] kmalloc_oob_left+0x361/0x3c0 [ 23.587848] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.588060] ? __schedule+0x10cc/0x2b60 [ 23.588233] ? __pfx_read_tsc+0x10/0x10 [ 23.588655] ? ktime_get_ts64+0x86/0x230 [ 23.588913] kunit_try_run_case+0x1a5/0x480 [ 23.589051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.589585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.589905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.590362] ? __kthread_parkme+0x82/0x180 [ 23.590692] ? preempt_count_sub+0x50/0x80 [ 23.590974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.591138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.591704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.592087] kthread+0x337/0x6f0 [ 23.592406] ? trace_preempt_on+0x20/0xc0 [ 23.592623] ? __pfx_kthread+0x10/0x10 [ 23.592888] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.593262] ? calculate_sigpending+0x7b/0xa0 [ 23.593484] ? __pfx_kthread+0x10/0x10 [ 23.593680] ret_from_fork+0x116/0x1d0 [ 23.594094] ? __pfx_kthread+0x10/0x10 [ 23.594398] ret_from_fork_asm+0x1a/0x30 [ 23.594814] </TASK> [ 23.594967] ---[ end trace 0000000000000000 ]--- [ 23.595505] [ 23.595620] The buggy address belongs to the object at ffff8881058420a0 [ 23.595620] which belongs to the cache kmalloc-16 of size 16 [ 23.596435] The buggy address is located 15 bytes to the right of [ 23.596435] allocated 16-byte region [ffff8881058420a0, ffff8881058420b0) [ 23.597191] [ 23.597292] The buggy address belongs to the physical page: [ 23.597537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105842 [ 23.597939] flags: 0x200000000000000(node=0|zone=2) [ 23.598457] page_type: f5(slab) [ 23.598636] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.599092] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.599604] page dumped because: kasan: bad access detected [ 23.599967] [ 23.600094] Memory state around the buggy address: [ 23.600426] ffff888105841f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.601087] ffff888105842000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.601391] >ffff888105842080: fa fb fc fc fa fb fc fc 00 07 fc fc fa fb fc fc [ 23.601999] ^ [ 23.602492] ffff888105842100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.602841] ffff888105842180: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.603131] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 23.446858] ================================================================== [ 23.447921] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 23.449105] Write of size 1 at addr ffff888105865c73 by task kunit_try_catch/185 [ 23.449952] [ 23.450908] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.451290] Tainted: [N]=TEST [ 23.451323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.451538] Call Trace: [ 23.451605] <TASK> [ 23.451769] dump_stack_lvl+0x73/0xb0 [ 23.451868] print_report+0xd1/0x610 [ 23.451900] ? __virt_addr_valid+0x1db/0x2d0 [ 23.451927] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.451964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.451989] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.452010] kasan_report+0x141/0x180 [ 23.452032] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.452058] __asan_report_store1_noabort+0x1b/0x30 [ 23.452082] kmalloc_oob_right+0x6f0/0x7f0 [ 23.452104] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.452125] ? __schedule+0x10cc/0x2b60 [ 23.452150] ? __pfx_read_tsc+0x10/0x10 [ 23.452173] ? ktime_get_ts64+0x86/0x230 [ 23.452199] kunit_try_run_case+0x1a5/0x480 [ 23.452224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.452244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.452267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.452290] ? __kthread_parkme+0x82/0x180 [ 23.452311] ? preempt_count_sub+0x50/0x80 [ 23.452335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.452356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.452380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.452404] kthread+0x337/0x6f0 [ 23.452425] ? trace_preempt_on+0x20/0xc0 [ 23.452449] ? __pfx_kthread+0x10/0x10 [ 23.452469] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.452491] ? calculate_sigpending+0x7b/0xa0 [ 23.452514] ? __pfx_kthread+0x10/0x10 [ 23.452535] ret_from_fork+0x116/0x1d0 [ 23.452553] ? __pfx_kthread+0x10/0x10 [ 23.452573] ret_from_fork_asm+0x1a/0x30 [ 23.452629] </TASK> [ 23.452707] [ 23.467328] Allocated by task 185: [ 23.468181] kasan_save_stack+0x45/0x70 [ 23.469037] kasan_save_track+0x18/0x40 [ 23.469770] kasan_save_alloc_info+0x3b/0x50 [ 23.470189] __kasan_kmalloc+0xb7/0xc0 [ 23.470381] __kmalloc_cache_noprof+0x189/0x420 [ 23.470578] kmalloc_oob_right+0xa9/0x7f0 [ 23.471251] kunit_try_run_case+0x1a5/0x480 [ 23.471447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.471622] kthread+0x337/0x6f0 [ 23.471803] ret_from_fork+0x116/0x1d0 [ 23.472114] ret_from_fork_asm+0x1a/0x30 [ 23.473070] [ 23.473348] The buggy address belongs to the object at ffff888105865c00 [ 23.473348] which belongs to the cache kmalloc-128 of size 128 [ 23.474185] The buggy address is located 0 bytes to the right of [ 23.474185] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.475513] [ 23.475853] The buggy address belongs to the physical page: [ 23.476699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.477367] flags: 0x200000000000000(node=0|zone=2) [ 23.478040] page_type: f5(slab) [ 23.478590] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.479039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.479391] page dumped because: kasan: bad access detected [ 23.479629] [ 23.479728] Memory state around the buggy address: [ 23.480238] ffff888105865b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.480602] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.481082] >ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.481348] ^ [ 23.481653] ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.482134] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.482387] ================================================================== [ 23.483867] ================================================================== [ 23.484380] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.484716] Write of size 1 at addr ffff888105865c78 by task kunit_try_catch/185 [ 23.485123] [ 23.485257] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.485309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.485321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.485345] Call Trace: [ 23.485366] <TASK> [ 23.485387] dump_stack_lvl+0x73/0xb0 [ 23.485419] print_report+0xd1/0x610 [ 23.485441] ? __virt_addr_valid+0x1db/0x2d0 [ 23.485464] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.485508] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485529] kasan_report+0x141/0x180 [ 23.485549] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.485574] __asan_report_store1_noabort+0x1b/0x30 [ 23.485598] kmalloc_oob_right+0x6bd/0x7f0 [ 23.485618] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.485639] ? __schedule+0x10cc/0x2b60 [ 23.485675] ? __pfx_read_tsc+0x10/0x10 [ 23.485695] ? ktime_get_ts64+0x86/0x230 [ 23.485720] kunit_try_run_case+0x1a5/0x480 [ 23.485742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.485820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.485843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.485866] ? __kthread_parkme+0x82/0x180 [ 23.485887] ? preempt_count_sub+0x50/0x80 [ 23.485910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.485930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.485955] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.485979] kthread+0x337/0x6f0 [ 23.485999] ? trace_preempt_on+0x20/0xc0 [ 23.486070] ? __pfx_kthread+0x10/0x10 [ 23.486092] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.486113] ? calculate_sigpending+0x7b/0xa0 [ 23.486137] ? __pfx_kthread+0x10/0x10 [ 23.486157] ret_from_fork+0x116/0x1d0 [ 23.486176] ? __pfx_kthread+0x10/0x10 [ 23.486196] ret_from_fork_asm+0x1a/0x30 [ 23.486226] </TASK> [ 23.486237] [ 23.495741] Allocated by task 185: [ 23.496043] kasan_save_stack+0x45/0x70 [ 23.496290] kasan_save_track+0x18/0x40 [ 23.496496] kasan_save_alloc_info+0x3b/0x50 [ 23.496722] __kasan_kmalloc+0xb7/0xc0 [ 23.497057] __kmalloc_cache_noprof+0x189/0x420 [ 23.497291] kmalloc_oob_right+0xa9/0x7f0 [ 23.497424] kunit_try_run_case+0x1a5/0x480 [ 23.497561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.497774] kthread+0x337/0x6f0 [ 23.497937] ret_from_fork+0x116/0x1d0 [ 23.498205] ret_from_fork_asm+0x1a/0x30 [ 23.498403] [ 23.498494] The buggy address belongs to the object at ffff888105865c00 [ 23.498494] which belongs to the cache kmalloc-128 of size 128 [ 23.499215] The buggy address is located 5 bytes to the right of [ 23.499215] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.499587] [ 23.500033] The buggy address belongs to the physical page: [ 23.500338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.500707] flags: 0x200000000000000(node=0|zone=2) [ 23.500987] page_type: f5(slab) [ 23.501164] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.501448] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.501729] page dumped because: kasan: bad access detected [ 23.502313] [ 23.502422] Memory state around the buggy address: [ 23.502634] ffff888105865b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.503284] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.503652] >ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.504100] ^ [ 23.504457] ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.504785] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.505364] ================================================================== [ 23.506261] ================================================================== [ 23.506587] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.507286] Read of size 1 at addr ffff888105865c80 by task kunit_try_catch/185 [ 23.507677] [ 23.507921] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 23.508173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.508187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.508210] Call Trace: [ 23.508230] <TASK> [ 23.508251] dump_stack_lvl+0x73/0xb0 [ 23.508284] print_report+0xd1/0x610 [ 23.508307] ? __virt_addr_valid+0x1db/0x2d0 [ 23.508331] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.508375] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508396] kasan_report+0x141/0x180 [ 23.508417] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.508441] __asan_report_load1_noabort+0x18/0x20 [ 23.508463] kmalloc_oob_right+0x68a/0x7f0 [ 23.508484] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.508505] ? __schedule+0x10cc/0x2b60 [ 23.508527] ? __pfx_read_tsc+0x10/0x10 [ 23.508548] ? ktime_get_ts64+0x86/0x230 [ 23.508572] kunit_try_run_case+0x1a5/0x480 [ 23.508594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.508635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.508667] ? __kthread_parkme+0x82/0x180 [ 23.508688] ? preempt_count_sub+0x50/0x80 [ 23.508711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.508769] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.508793] kthread+0x337/0x6f0 [ 23.508813] ? trace_preempt_on+0x20/0xc0 [ 23.508836] ? __pfx_kthread+0x10/0x10 [ 23.508857] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.508877] ? calculate_sigpending+0x7b/0xa0 [ 23.508901] ? __pfx_kthread+0x10/0x10 [ 23.508921] ret_from_fork+0x116/0x1d0 [ 23.508939] ? __pfx_kthread+0x10/0x10 [ 23.508965] ret_from_fork_asm+0x1a/0x30 [ 23.508997] </TASK> [ 23.509007] [ 23.517289] Allocated by task 185: [ 23.517509] kasan_save_stack+0x45/0x70 [ 23.517742] kasan_save_track+0x18/0x40 [ 23.517869] kasan_save_alloc_info+0x3b/0x50 [ 23.518005] __kasan_kmalloc+0xb7/0xc0 [ 23.518150] __kmalloc_cache_noprof+0x189/0x420 [ 23.518390] kmalloc_oob_right+0xa9/0x7f0 [ 23.518576] kunit_try_run_case+0x1a5/0x480 [ 23.518817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.519083] kthread+0x337/0x6f0 [ 23.519196] ret_from_fork+0x116/0x1d0 [ 23.519317] ret_from_fork_asm+0x1a/0x30 [ 23.519445] [ 23.519508] The buggy address belongs to the object at ffff888105865c00 [ 23.519508] which belongs to the cache kmalloc-128 of size 128 [ 23.520605] The buggy address is located 13 bytes to the right of [ 23.520605] allocated 115-byte region [ffff888105865c00, ffff888105865c73) [ 23.521135] [ 23.521201] The buggy address belongs to the physical page: [ 23.521359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105865 [ 23.521952] flags: 0x200000000000000(node=0|zone=2) [ 23.522302] page_type: f5(slab) [ 23.522425] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.522639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.523193] page dumped because: kasan: bad access detected [ 23.523553] [ 23.523613] Memory state around the buggy address: [ 23.523825] ffff888105865b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.524337] ffff888105865c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.524598] >ffff888105865c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.524804] ^ [ 23.524929] ffff888105865d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525232] ffff888105865d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525527] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 192.669506] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2921 [ 192.669947] Modules linked in: [ 192.670355] CPU: 1 UID: 0 PID: 2921 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 192.670949] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.671335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.671666] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 192.672036] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 192.672707] RSP: 0000:ffff88810d807c78 EFLAGS: 00010286 [ 192.672929] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 192.673406] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9505fddc [ 192.673873] RBP: ffff88810d807ca0 R08: 0000000000000000 R09: ffffed1020b27640 [ 192.674355] R10: ffff88810593b207 R11: 0000000000000000 R12: ffffffff9505fdc8 [ 192.674707] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810d807d38 [ 192.675324] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 192.675717] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.676125] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 192.676794] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 192.677508] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.677877] Call Trace: [ 192.677989] <TASK> [ 192.678325] drm_test_rect_calc_vscale+0x108/0x270 [ 192.678704] ? __kasan_check_write+0x18/0x20 [ 192.678896] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 192.679388] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 192.679820] ? __pfx_read_tsc+0x10/0x10 [ 192.680204] ? ktime_get_ts64+0x86/0x230 [ 192.680542] kunit_try_run_case+0x1a5/0x480 [ 192.680861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.681271] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 192.681512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.681997] ? __kthread_parkme+0x82/0x180 [ 192.682347] ? preempt_count_sub+0x50/0x80 [ 192.682716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.683144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.683517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.684010] kthread+0x337/0x6f0 [ 192.684385] ? trace_preempt_on+0x20/0xc0 [ 192.684762] ? __pfx_kthread+0x10/0x10 [ 192.685258] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.685503] ? calculate_sigpending+0x7b/0xa0 [ 192.685853] ? __pfx_kthread+0x10/0x10 [ 192.686158] ret_from_fork+0x116/0x1d0 [ 192.686448] ? __pfx_kthread+0x10/0x10 [ 192.686796] ret_from_fork_asm+0x1a/0x30 [ 192.687129] </TASK> [ 192.687263] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 192.690448] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2923 [ 192.691215] Modules linked in: [ 192.691444] CPU: 1 UID: 0 PID: 2923 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 192.692109] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.692379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.692863] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 192.693276] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 192.694257] RSP: 0000:ffff88810d9a7c78 EFLAGS: 00010286 [ 192.694541] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 192.694846] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9505fe14 [ 192.695167] RBP: ffff88810d9a7ca0 R08: 0000000000000000 R09: ffffed1020b27680 [ 192.695680] R10: ffff88810593b407 R11: 0000000000000000 R12: ffffffff9505fe00 [ 192.696099] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810d9a7d38 [ 192.696440] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 192.696816] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.697164] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 192.697533] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 192.698012] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.698436] Call Trace: [ 192.698595] <TASK> [ 192.698741] drm_test_rect_calc_vscale+0x108/0x270 [ 192.699136] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 192.699447] ? __schedule+0x10cc/0x2b60 [ 192.699684] ? __pfx_read_tsc+0x10/0x10 [ 192.699925] ? ktime_get_ts64+0x86/0x230 [ 192.700095] kunit_try_run_case+0x1a5/0x480 [ 192.700485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.700804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.701261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.701499] ? __kthread_parkme+0x82/0x180 [ 192.701759] ? preempt_count_sub+0x50/0x80 [ 192.702100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.702325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.702648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.702908] kthread+0x337/0x6f0 [ 192.703319] ? trace_preempt_on+0x20/0xc0 [ 192.703534] ? __pfx_kthread+0x10/0x10 [ 192.703676] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.703901] ? calculate_sigpending+0x7b/0xa0 [ 192.704826] ? __pfx_kthread+0x10/0x10 [ 192.704992] ret_from_fork+0x116/0x1d0 [ 192.705128] ? __pfx_kthread+0x10/0x10 [ 192.705260] ret_from_fork_asm+0x1a/0x30 [ 192.705403] </TASK> [ 192.705499] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 192.643277] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2911 [ 192.643774] Modules linked in: [ 192.643941] CPU: 0 UID: 0 PID: 2911 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 192.644571] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.644817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.645142] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 192.645440] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b 2b 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 192.646282] RSP: 0000:ffff88810db9fc78 EFLAGS: 00010286 [ 192.646526] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 192.646798] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9505fe18 [ 192.647106] RBP: ffff88810db9fca0 R08: 0000000000000000 R09: ffffed1020b6c1c0 [ 192.647407] R10: ffff888105b60e07 R11: 0000000000000000 R12: ffffffff9505fe00 [ 192.647728] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810db9fd38 [ 192.647966] FS: 0000000000000000(0000) GS:ffff8881bd61a000(0000) knlGS:0000000000000000 [ 192.648401] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.648842] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 192.649197] DR0: ffffffff970ac500 DR1: ffffffff970ac501 DR2: ffffffff970ac503 [ 192.649490] DR3: ffffffff970ac505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.649759] Call Trace: [ 192.649894] <TASK> [ 192.650021] drm_test_rect_calc_hscale+0x108/0x270 [ 192.650346] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 192.650680] ? __schedule+0x10cc/0x2b60 [ 192.650858] ? __pfx_read_tsc+0x10/0x10 [ 192.651038] ? ktime_get_ts64+0x86/0x230 [ 192.651285] kunit_try_run_case+0x1a5/0x480 [ 192.651520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.651777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.651980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.652367] ? __kthread_parkme+0x82/0x180 [ 192.652538] ? preempt_count_sub+0x50/0x80 [ 192.652747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.652968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.653213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.653512] kthread+0x337/0x6f0 [ 192.653672] ? trace_preempt_on+0x20/0xc0 [ 192.653814] ? __pfx_kthread+0x10/0x10 [ 192.654110] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.654328] ? calculate_sigpending+0x7b/0xa0 [ 192.654554] ? __pfx_kthread+0x10/0x10 [ 192.654717] ret_from_fork+0x116/0x1d0 [ 192.654854] ? __pfx_kthread+0x10/0x10 [ 192.655144] ret_from_fork_asm+0x1a/0x30 [ 192.655313] </TASK> [ 192.655399] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 192.623812] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2909 [ 192.625495] Modules linked in: [ 192.625840] CPU: 1 UID: 0 PID: 2909 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 192.626420] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.626776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.627842] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 192.628215] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b 2b 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 192.629517] RSP: 0000:ffff88810d777c78 EFLAGS: 00010286 [ 192.629704] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 192.629913] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff9505fde0 [ 192.630625] RBP: ffff88810d777ca0 R08: 0000000000000000 R09: ffffed1020b6c1a0 [ 192.631272] R10: ffff888105b60d07 R11: 0000000000000000 R12: ffffffff9505fdc8 [ 192.632090] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810d777d38 [ 192.632531] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 192.632781] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.632970] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 192.633372] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 192.633787] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.634046] Call Trace: [ 192.634156] <TASK> [ 192.634323] drm_test_rect_calc_hscale+0x108/0x270 [ 192.634677] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 192.634925] ? __schedule+0x10cc/0x2b60 [ 192.635237] ? __pfx_read_tsc+0x10/0x10 [ 192.635411] ? ktime_get_ts64+0x86/0x230 [ 192.635625] kunit_try_run_case+0x1a5/0x480 [ 192.635886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.636077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.636243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.636489] ? __kthread_parkme+0x82/0x180 [ 192.636731] ? preempt_count_sub+0x50/0x80 [ 192.636913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.637215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.637447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.637690] kthread+0x337/0x6f0 [ 192.637813] ? trace_preempt_on+0x20/0xc0 [ 192.638015] ? __pfx_kthread+0x10/0x10 [ 192.638363] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.638569] ? calculate_sigpending+0x7b/0xa0 [ 192.638785] ? __pfx_kthread+0x10/0x10 [ 192.639126] ret_from_fork+0x116/0x1d0 [ 192.639324] ? __pfx_kthread+0x10/0x10 [ 192.639531] ret_from_fork_asm+0x1a/0x30 [ 192.639701] </TASK> [ 192.639819] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 191.915328] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 191.915425] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2714 [ 191.917244] Modules linked in: [ 191.917568] CPU: 0 UID: 0 PID: 2714 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 191.918229] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 191.918667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.919238] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 191.919625] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 bd c9 81 00 48 c7 c1 00 3d 01 95 4c 89 f2 48 c7 c7 20 39 01 95 48 89 c6 e8 d4 d3 71 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 191.920508] RSP: 0000:ffff888107197d18 EFLAGS: 00010286 [ 191.920870] RAX: 0000000000000000 RBX: ffff88810a818c00 RCX: 1ffffffff2ba4bc0 [ 191.921369] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 191.921805] RBP: ffff888107197d48 R08: 0000000000000000 R09: fffffbfff2ba4bc0 [ 191.922276] R10: 0000000000000003 R11: 000000000003dcf0 R12: ffff8881071be800 [ 191.922702] R13: ffff88810a818cf8 R14: ffff88810f63c200 R15: ffff8881003c7b48 [ 191.923165] FS: 0000000000000000(0000) GS:ffff8881bd61a000(0000) knlGS:0000000000000000 [ 191.923599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.923901] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 191.924387] DR0: ffffffff970ac500 DR1: ffffffff970ac501 DR2: ffffffff970ac503 [ 191.924807] DR3: ffffffff970ac505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 191.925243] Call Trace: [ 191.925474] <TASK> [ 191.925580] ? trace_preempt_on+0x20/0xc0 [ 191.925818] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 191.926396] drm_gem_shmem_free_wrapper+0x12/0x20 [ 191.926754] __kunit_action_free+0x57/0x70 [ 191.927651] kunit_remove_resource+0x133/0x200 [ 191.927903] ? preempt_count_sub+0x50/0x80 [ 191.928055] kunit_cleanup+0x7a/0x120 [ 191.928188] kunit_try_run_case_cleanup+0xbd/0xf0 [ 191.928342] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 191.928529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 191.928702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 191.928888] kthread+0x337/0x6f0 [ 191.929005] ? trace_preempt_on+0x20/0xc0 [ 191.929141] ? __pfx_kthread+0x10/0x10 [ 191.929270] ? _raw_spin_unlock_irq+0x47/0x80 [ 191.929424] ? calculate_sigpending+0x7b/0xa0 [ 191.929825] ? __pfx_kthread+0x10/0x10 [ 191.929993] ret_from_fork+0x116/0x1d0 [ 191.930130] ? __pfx_kthread+0x10/0x10 [ 191.930257] ret_from_fork_asm+0x1a/0x30 [ 191.930533] </TASK> [ 191.930673] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 191.769841] WARNING: drivers/gpu/drm/drm_framebuffer.c:869 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2695 [ 191.770178] Modules linked in: [ 191.770780] CPU: 0 UID: 0 PID: 2695 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 191.772661] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 191.773758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.775074] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 191.775642] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 191.777584] RSP: 0000:ffff88810ceafb20 EFLAGS: 00010246 [ 191.778115] RAX: ffff88810ceafba8 RBX: ffff88810ceafc28 RCX: 1ffff110219d5f8e [ 191.778909] RDX: dffffc0000000000 RSI: ffff88810706f000 RDI: ffff88810706f000 [ 191.779754] RBP: ffff88810ceafb70 R08: ffff88810706f000 R09: ffffffff95003b20 [ 191.780639] R10: 0000000000000003 R11: 00000000061ba5cb R12: 1ffff110219d5f71 [ 191.781528] R13: ffff88810ceafc70 R14: ffff88810ceafdb8 R15: 0000000000000000 [ 191.782480] FS: 0000000000000000(0000) GS:ffff8881bd61a000(0000) knlGS:0000000000000000 [ 191.783449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.783654] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 191.783854] DR0: ffffffff970ac500 DR1: ffffffff970ac501 DR2: ffffffff970ac503 [ 191.784053] DR3: ffffffff970ac505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 191.784250] Call Trace: [ 191.784341] <TASK> [ 191.784422] ? trace_preempt_on+0x20/0xc0 [ 191.785518] ? add_dr+0xc1/0x1d0 [ 191.786113] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 191.787016] ? add_dr+0x148/0x1d0 [ 191.787583] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 191.788420] ? __drmm_add_action+0x1a4/0x280 [ 191.789101] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 191.789908] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 191.790513] ? __drmm_add_action_or_reset+0x22/0x50 [ 191.790747] ? __schedule+0x10cc/0x2b60 [ 191.790900] ? __pfx_read_tsc+0x10/0x10 [ 191.791085] ? ktime_get_ts64+0x86/0x230 [ 191.791373] kunit_try_run_case+0x1a5/0x480 [ 191.791556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.791795] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 191.792004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 191.792165] ? __kthread_parkme+0x82/0x180 [ 191.792598] ? preempt_count_sub+0x50/0x80 [ 191.792811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.793098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 191.793331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 191.793623] kthread+0x337/0x6f0 [ 191.793788] ? trace_preempt_on+0x20/0xc0 [ 191.794071] ? __pfx_kthread+0x10/0x10 [ 191.794228] ? _raw_spin_unlock_irq+0x47/0x80 [ 191.794429] ? calculate_sigpending+0x7b/0xa0 [ 191.794644] ? __pfx_kthread+0x10/0x10 [ 191.794777] ret_from_fork+0x116/0x1d0 [ 191.794938] ? __pfx_kthread+0x10/0x10 [ 191.795175] ret_from_fork_asm+0x1a/0x30 [ 191.795385] </TASK> [ 191.795516] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 191.735377] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 191.735482] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2691 [ 191.736397] Modules linked in: [ 191.736669] CPU: 0 UID: 0 PID: 2691 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 191.737123] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 191.737453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.738185] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 191.738482] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 7b 01 89 00 48 c7 c1 c0 e5 ff 94 4c 89 fa 48 c7 c7 20 e6 ff 94 48 89 c6 e8 92 0b 79 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 191.739738] RSP: 0000:ffff88810775fb68 EFLAGS: 00010282 [ 191.740155] RAX: 0000000000000000 RBX: ffff88810775fc40 RCX: 1ffffffff2ba4bc0 [ 191.740537] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 191.740817] RBP: ffff88810775fb90 R08: 0000000000000000 R09: fffffbfff2ba4bc0 [ 191.741399] R10: 0000000000000003 R11: 000000000003c338 R12: ffff88810775fc18 [ 191.742000] R13: ffff8881071ba800 R14: ffff88810706d000 R15: ffff88810f6cdf80 [ 191.742411] FS: 0000000000000000(0000) GS:ffff8881bd61a000(0000) knlGS:0000000000000000 [ 191.743153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.743581] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 191.743879] DR0: ffffffff970ac500 DR1: ffffffff970ac501 DR2: ffffffff970ac503 [ 191.744557] DR3: ffffffff970ac505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 191.744854] Call Trace: [ 191.745227] <TASK> [ 191.745416] drm_test_framebuffer_free+0x1ab/0x610 [ 191.745806] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 191.746190] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 191.746438] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 191.746886] ? __drmm_add_action_or_reset+0x22/0x50 [ 191.747358] ? __schedule+0x10cc/0x2b60 [ 191.747753] ? __pfx_read_tsc+0x10/0x10 [ 191.748134] ? ktime_get_ts64+0x86/0x230 [ 191.748339] kunit_try_run_case+0x1a5/0x480 [ 191.748546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.748749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 191.749237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 191.749659] ? __kthread_parkme+0x82/0x180 [ 191.750156] ? preempt_count_sub+0x50/0x80 [ 191.750375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.750653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 191.750885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 191.751445] kthread+0x337/0x6f0 [ 191.751769] ? trace_preempt_on+0x20/0xc0 [ 191.752205] ? __pfx_kthread+0x10/0x10 [ 191.752615] ? _raw_spin_unlock_irq+0x47/0x80 [ 191.752887] ? calculate_sigpending+0x7b/0xa0 [ 191.753317] ? __pfx_kthread+0x10/0x10 [ 191.753526] ret_from_fork+0x116/0x1d0 [ 191.753703] ? __pfx_kthread+0x10/0x10 [ 191.753884] ret_from_fork_asm+0x1a/0x30 [ 191.754362] </TASK> [ 191.754504] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 190.470832] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2131 [ 190.471426] Modules linked in: [ 190.471721] CPU: 1 UID: 0 PID: 2131 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 190.472523] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 190.472760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 190.473084] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 190.473382] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 d0 83 2a 02 48 89 df e8 68 [ 190.474368] RSP: 0000:ffff88810745fc90 EFLAGS: 00010246 [ 190.474682] RAX: dffffc0000000000 RBX: ffff8881076a6000 RCX: 0000000000000000 [ 190.474929] RDX: 1ffff11020ed4c34 RSI: ffffffff92206488 RDI: ffff8881076a61a0 [ 190.475334] RBP: ffff88810745fca0 R08: 1ffff11020078f6a R09: ffffed1020e8bf65 [ 190.475651] R10: 0000000000000003 R11: ffffffff91783b38 R12: 0000000000000000 [ 190.475986] R13: ffff88810745fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 190.476437] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 190.476799] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.477149] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 190.477444] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 190.477826] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 190.478080] Call Trace: [ 190.478223] <TASK> [ 190.478430] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 190.478852] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 190.479215] ? __schedule+0x10cc/0x2b60 [ 190.479487] ? __pfx_read_tsc+0x10/0x10 [ 190.480281] ? ktime_get_ts64+0x86/0x230 [ 190.480677] kunit_try_run_case+0x1a5/0x480 [ 190.480862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 190.481543] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 190.481918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 190.482213] ? __kthread_parkme+0x82/0x180 [ 190.482399] ? preempt_count_sub+0x50/0x80 [ 190.482810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 190.483488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 190.483930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 190.484251] kthread+0x337/0x6f0 [ 190.484406] ? trace_preempt_on+0x20/0xc0 [ 190.484569] ? __pfx_kthread+0x10/0x10 [ 190.484743] ? _raw_spin_unlock_irq+0x47/0x80 [ 190.485358] ? calculate_sigpending+0x7b/0xa0 [ 190.485698] ? __pfx_kthread+0x10/0x10 [ 190.486195] ret_from_fork+0x116/0x1d0 [ 190.486595] ? __pfx_kthread+0x10/0x10 [ 190.486908] ret_from_fork_asm+0x1a/0x30 [ 190.487337] </TASK> [ 190.487454] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 190.545601] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2139 [ 190.545970] Modules linked in: [ 190.546274] CPU: 1 UID: 0 PID: 2139 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 190.546824] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 190.547213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 190.547584] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 190.547875] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 d0 83 2a 02 48 89 df e8 68 [ 190.548985] RSP: 0000:ffff8881077dfc90 EFLAGS: 00010246 [ 190.549260] RAX: dffffc0000000000 RBX: ffff8881070cc000 RCX: 0000000000000000 [ 190.549506] RDX: 1ffff11020e19834 RSI: ffffffff92206488 RDI: ffff8881070cc1a0 [ 190.549966] RBP: ffff8881077dfca0 R08: 1ffff11020078f6a R09: ffffed1020efbf65 [ 190.550330] R10: 0000000000000003 R11: ffffffff91783b38 R12: 0000000000000000 [ 190.550714] R13: ffff8881077dfd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 190.551154] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 190.551502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.552027] CR2: 00007ffff7ffe000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 190.552431] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 190.552711] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 190.553167] Call Trace: [ 190.553302] <TASK> [ 190.553432] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 190.553723] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 190.554058] ? __schedule+0x10cc/0x2b60 [ 190.554255] ? __pfx_read_tsc+0x10/0x10 [ 190.554482] ? ktime_get_ts64+0x86/0x230 [ 190.554783] kunit_try_run_case+0x1a5/0x480 [ 190.555038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 190.555300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 190.555593] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 190.555875] ? __kthread_parkme+0x82/0x180 [ 190.556238] ? preempt_count_sub+0x50/0x80 [ 190.556498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 190.556735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 190.556989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 190.557352] kthread+0x337/0x6f0 [ 190.557725] ? trace_preempt_on+0x20/0xc0 [ 190.558064] ? __pfx_kthread+0x10/0x10 [ 190.558209] ? _raw_spin_unlock_irq+0x47/0x80 [ 190.558419] ? calculate_sigpending+0x7b/0xa0 [ 190.558664] ? __pfx_kthread+0x10/0x10 [ 190.558833] ret_from_fork+0x116/0x1d0 [ 190.559169] ? __pfx_kthread+0x10/0x10 [ 190.559346] ret_from_fork_asm+0x1a/0x30 [ 190.559555] </TASK> [ 190.559671] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 121.747444] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 121.747926] Modules linked in: [ 121.748806] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 121.749476] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 121.749769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 121.750151] RIP: 0010:intlog10+0x2a/0x40 [ 121.750407] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 121.751261] RSP: 0000:ffff88810e8cfcb0 EFLAGS: 00010246 [ 121.751758] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021d19fb4 [ 121.752096] RDX: 1ffffffff29d32b0 RSI: 1ffff11021d19fb3 RDI: 0000000000000000 [ 121.752570] RBP: ffff88810e8cfd60 R08: 0000000000000000 R09: ffffed10209be6c0 [ 121.752886] R10: ffff888104df3607 R11: 0000000000000000 R12: 1ffff11021d19f97 [ 121.753224] R13: ffffffff94e99580 R14: 0000000000000000 R15: ffff88810e8cfd38 [ 121.753586] FS: 0000000000000000(0000) GS:ffff8881bd61a000(0000) knlGS:0000000000000000 [ 121.754080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.754396] CR2: ffff888153f4a000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 121.754746] DR0: ffffffff970ac500 DR1: ffffffff970ac501 DR2: ffffffff970ac503 [ 121.754980] DR3: ffffffff970ac505 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 121.755382] Call Trace: [ 121.755680] <TASK> [ 121.755824] ? intlog10_test+0xf2/0x220 [ 121.756181] ? __pfx_intlog10_test+0x10/0x10 [ 121.756368] ? __schedule+0x10cc/0x2b60 [ 121.756571] ? __pfx_read_tsc+0x10/0x10 [ 121.756775] ? ktime_get_ts64+0x86/0x230 [ 121.756978] kunit_try_run_case+0x1a5/0x480 [ 121.757258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.757517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 121.757742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 121.758237] ? __kthread_parkme+0x82/0x180 [ 121.758820] ? preempt_count_sub+0x50/0x80 [ 121.759347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.759601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 121.760136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 121.760743] kthread+0x337/0x6f0 [ 121.760910] ? trace_preempt_on+0x20/0xc0 [ 121.761309] ? __pfx_kthread+0x10/0x10 [ 121.761504] ? _raw_spin_unlock_irq+0x47/0x80 [ 121.761923] ? calculate_sigpending+0x7b/0xa0 [ 121.762366] ? __pfx_kthread+0x10/0x10 [ 121.762542] ret_from_fork+0x116/0x1d0 [ 121.762888] ? __pfx_kthread+0x10/0x10 [ 121.763399] ret_from_fork_asm+0x1a/0x30 [ 121.763630] </TASK> [ 121.763745] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 121.708497] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/689 [ 121.709462] Modules linked in: [ 121.709684] CPU: 1 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 121.710465] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 121.710823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 121.711517] RIP: 0010:intlog2+0xdf/0x110 [ 121.711786] Code: e9 94 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 57 3a 90 02 89 45 e4 e8 5f b0 55 ff 8b 45 e4 eb [ 121.712814] RSP: 0000:ffff88810e8cfcb0 EFLAGS: 00010246 [ 121.713319] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021d19fb4 [ 121.713761] RDX: 1ffffffff29d3304 RSI: 1ffff11021d19fb3 RDI: 0000000000000000 [ 121.714259] RBP: ffff88810e8cfd60 R08: 0000000000000000 R09: ffffed1020c61740 [ 121.714673] R10: ffff88810630ba07 R11: 0000000000000000 R12: 1ffff11021d19f97 [ 121.715100] R13: ffffffff94e99820 R14: 0000000000000000 R15: ffff88810e8cfd38 [ 121.715519] FS: 0000000000000000(0000) GS:ffff8881bd71a000(0000) knlGS:0000000000000000 [ 121.716130] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.716387] CR2: dffffc0000000000 CR3: 0000000160ebc000 CR4: 00000000000006f0 [ 121.716730] DR0: ffffffff970ac504 DR1: ffffffff970ac509 DR2: ffffffff970ac50a [ 121.717220] DR3: ffffffff970ac50b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 121.717769] Call Trace: [ 121.718090] <TASK> [ 121.718314] ? intlog2_test+0xf2/0x220 [ 121.718713] ? __pfx_intlog2_test+0x10/0x10 [ 121.718931] ? __schedule+0x10cc/0x2b60 [ 121.719293] ? __pfx_read_tsc+0x10/0x10 [ 121.719483] ? ktime_get_ts64+0x86/0x230 [ 121.719712] kunit_try_run_case+0x1a5/0x480 [ 121.719903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.720478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 121.720896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 121.721339] ? __kthread_parkme+0x82/0x180 [ 121.721795] ? preempt_count_sub+0x50/0x80 [ 121.722159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 121.722380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 121.722622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 121.722875] kthread+0x337/0x6f0 [ 121.723283] ? trace_preempt_on+0x20/0xc0 [ 121.723681] ? __pfx_kthread+0x10/0x10 [ 121.723987] ? _raw_spin_unlock_irq+0x47/0x80 [ 121.724426] ? calculate_sigpending+0x7b/0xa0 [ 121.724852] ? __pfx_kthread+0x10/0x10 [ 121.725177] ret_from_fork+0x116/0x1d0 [ 121.725355] ? __pfx_kthread+0x10/0x10 [ 121.725529] ret_from_fork_asm+0x1a/0x30 [ 121.726017] </TASK> [ 121.726382] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 121.115393] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI