Date
July 15, 2025, 11:35 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 26.007445] ================================================================== [ 26.008580] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 26.009086] Read of size 1 at addr ffff88810591fe50 by task kunit_try_catch/307 [ 26.009427] [ 26.009564] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.009656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.009672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.009872] Call Trace: [ 26.009889] <TASK> [ 26.009910] dump_stack_lvl+0x73/0xb0 [ 26.009958] print_report+0xd1/0x610 [ 26.009989] ? __virt_addr_valid+0x1db/0x2d0 [ 26.010020] ? strcmp+0xb0/0xc0 [ 26.010046] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.010078] ? strcmp+0xb0/0xc0 [ 26.010103] kasan_report+0x141/0x180 [ 26.010131] ? strcmp+0xb0/0xc0 [ 26.010163] __asan_report_load1_noabort+0x18/0x20 [ 26.010355] strcmp+0xb0/0xc0 [ 26.010387] kasan_strings+0x431/0xe80 [ 26.010422] ? trace_hardirqs_on+0x37/0xe0 [ 26.010453] ? __pfx_kasan_strings+0x10/0x10 [ 26.010495] ? finish_task_switch.isra.0+0x153/0x700 [ 26.010522] ? __switch_to+0x47/0xf80 [ 26.010566] ? __schedule+0x10cc/0x2b60 [ 26.010661] ? __pfx_read_tsc+0x10/0x10 [ 26.010690] ? ktime_get_ts64+0x86/0x230 [ 26.010721] kunit_try_run_case+0x1a5/0x480 [ 26.010750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.010776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.010803] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.010830] ? __kthread_parkme+0x82/0x180 [ 26.010857] ? preempt_count_sub+0x50/0x80 [ 26.010886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.010913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.010944] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.010976] kthread+0x337/0x6f0 [ 26.011000] ? trace_preempt_on+0x20/0xc0 [ 26.011028] ? __pfx_kthread+0x10/0x10 [ 26.011053] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.011082] ? calculate_sigpending+0x7b/0xa0 [ 26.011112] ? __pfx_kthread+0x10/0x10 [ 26.011140] ret_from_fork+0x116/0x1d0 [ 26.011163] ? __pfx_kthread+0x10/0x10 [ 26.011189] ret_from_fork_asm+0x1a/0x30 [ 26.011230] </TASK> [ 26.011243] [ 26.020766] Allocated by task 307: [ 26.020937] kasan_save_stack+0x45/0x70 [ 26.021179] kasan_save_track+0x18/0x40 [ 26.021399] kasan_save_alloc_info+0x3b/0x50 [ 26.021602] __kasan_kmalloc+0xb7/0xc0 [ 26.021829] __kmalloc_cache_noprof+0x189/0x420 [ 26.022066] kasan_strings+0xc0/0xe80 [ 26.022255] kunit_try_run_case+0x1a5/0x480 [ 26.022458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.022805] kthread+0x337/0x6f0 [ 26.022933] ret_from_fork+0x116/0x1d0 [ 26.023069] ret_from_fork_asm+0x1a/0x30 [ 26.023209] [ 26.023296] Freed by task 307: [ 26.023449] kasan_save_stack+0x45/0x70 [ 26.023668] kasan_save_track+0x18/0x40 [ 26.023861] kasan_save_free_info+0x3f/0x60 [ 26.024067] __kasan_slab_free+0x56/0x70 [ 26.024437] kfree+0x222/0x3f0 [ 26.024693] kasan_strings+0x2aa/0xe80 [ 26.024854] kunit_try_run_case+0x1a5/0x480 [ 26.025100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.025343] kthread+0x337/0x6f0 [ 26.025467] ret_from_fork+0x116/0x1d0 [ 26.025615] ret_from_fork_asm+0x1a/0x30 [ 26.025799] [ 26.025906] The buggy address belongs to the object at ffff88810591fe40 [ 26.025906] which belongs to the cache kmalloc-32 of size 32 [ 26.026537] The buggy address is located 16 bytes inside of [ 26.026537] freed 32-byte region [ffff88810591fe40, ffff88810591fe60) [ 26.027104] [ 26.027191] The buggy address belongs to the physical page: [ 26.027447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591f [ 26.027855] flags: 0x200000000000000(node=0|zone=2) [ 26.028088] page_type: f5(slab) [ 26.028238] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.028555] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 26.029006] page dumped because: kasan: bad access detected [ 26.029189] [ 26.029257] Memory state around the buggy address: [ 26.029411] ffff88810591fd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.029768] ffff88810591fd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.030083] >ffff88810591fe00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.030590] ^ [ 26.030999] ffff88810591fe80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.031216] ffff88810591ff00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.031429] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.966558] ================================================================== [ 25.968129] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.969447] Read of size 1 at addr ffff8881060af298 by task kunit_try_catch/305 [ 25.971250] [ 25.971508] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.971577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.971590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.971960] Call Trace: [ 25.971978] <TASK> [ 25.971998] dump_stack_lvl+0x73/0xb0 [ 25.972031] print_report+0xd1/0x610 [ 25.972057] ? __virt_addr_valid+0x1db/0x2d0 [ 25.972083] ? memcmp+0x1b4/0x1d0 [ 25.972105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.972132] ? memcmp+0x1b4/0x1d0 [ 25.972154] kasan_report+0x141/0x180 [ 25.972176] ? memcmp+0x1b4/0x1d0 [ 25.972202] __asan_report_load1_noabort+0x18/0x20 [ 25.972226] memcmp+0x1b4/0x1d0 [ 25.972249] kasan_memcmp+0x18f/0x390 [ 25.972270] ? trace_hardirqs_on+0x37/0xe0 [ 25.972294] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.972314] ? finish_task_switch.isra.0+0x153/0x700 [ 25.972337] ? __switch_to+0x47/0xf80 [ 25.972367] ? __pfx_read_tsc+0x10/0x10 [ 25.972389] ? ktime_get_ts64+0x86/0x230 [ 25.972414] kunit_try_run_case+0x1a5/0x480 [ 25.972439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.972460] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.972483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.972505] ? __kthread_parkme+0x82/0x180 [ 25.972540] ? preempt_count_sub+0x50/0x80 [ 25.972571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.972594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.972637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.972671] kthread+0x337/0x6f0 [ 25.972692] ? trace_preempt_on+0x20/0xc0 [ 25.972714] ? __pfx_kthread+0x10/0x10 [ 25.972734] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.972769] ? calculate_sigpending+0x7b/0xa0 [ 25.972793] ? __pfx_kthread+0x10/0x10 [ 25.972815] ret_from_fork+0x116/0x1d0 [ 25.972834] ? __pfx_kthread+0x10/0x10 [ 25.972854] ret_from_fork_asm+0x1a/0x30 [ 25.972886] </TASK> [ 25.972897] [ 25.986610] Allocated by task 305: [ 25.986868] kasan_save_stack+0x45/0x70 [ 25.987284] kasan_save_track+0x18/0x40 [ 25.987694] kasan_save_alloc_info+0x3b/0x50 [ 25.987871] __kasan_kmalloc+0xb7/0xc0 [ 25.988288] __kmalloc_cache_noprof+0x189/0x420 [ 25.988756] kasan_memcmp+0xb7/0x390 [ 25.988951] kunit_try_run_case+0x1a5/0x480 [ 25.989420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.989684] kthread+0x337/0x6f0 [ 25.990027] ret_from_fork+0x116/0x1d0 [ 25.990456] ret_from_fork_asm+0x1a/0x30 [ 25.990825] [ 25.991037] The buggy address belongs to the object at ffff8881060af280 [ 25.991037] which belongs to the cache kmalloc-32 of size 32 [ 25.991856] The buggy address is located 0 bytes to the right of [ 25.991856] allocated 24-byte region [ffff8881060af280, ffff8881060af298) [ 25.993046] [ 25.993277] The buggy address belongs to the physical page: [ 25.993695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060af [ 25.994243] flags: 0x200000000000000(node=0|zone=2) [ 25.994773] page_type: f5(slab) [ 25.995198] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.995915] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.996318] page dumped because: kasan: bad access detected [ 25.996901] [ 25.996988] Memory state around the buggy address: [ 25.997558] ffff8881060af180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.997923] ffff8881060af200: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.998151] >ffff8881060af280: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.998662] ^ [ 25.998993] ffff8881060af300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.999443] ffff8881060af380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.999794] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.935248] ================================================================== [ 25.936322] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.936841] Read of size 1 at addr ffff8881061b7c4a by task kunit_try_catch/301 [ 25.937781] [ 25.937940] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.938001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.938017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.938042] Call Trace: [ 25.938058] <TASK> [ 25.938079] dump_stack_lvl+0x73/0xb0 [ 25.938118] print_report+0xd1/0x610 [ 25.938156] ? __virt_addr_valid+0x1db/0x2d0 [ 25.938188] ? kasan_alloca_oob_right+0x329/0x390 [ 25.938218] ? kasan_addr_to_slab+0x11/0xa0 [ 25.938244] ? kasan_alloca_oob_right+0x329/0x390 [ 25.938272] kasan_report+0x141/0x180 [ 25.938300] ? kasan_alloca_oob_right+0x329/0x390 [ 25.938335] __asan_report_load1_noabort+0x18/0x20 [ 25.938364] kasan_alloca_oob_right+0x329/0x390 [ 25.938394] ? __kasan_check_write+0x18/0x20 [ 25.938423] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.938450] ? finish_task_switch.isra.0+0x153/0x700 [ 25.938485] ? try_to_take_rt_mutex+0x7be/0xff0 [ 25.938515] ? trace_hardirqs_on+0x37/0xe0 [ 25.938557] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.938589] ? __schedule+0x10cc/0x2b60 [ 25.938623] ? __pfx_read_tsc+0x10/0x10 [ 25.938649] ? ktime_get_ts64+0x86/0x230 [ 25.938681] kunit_try_run_case+0x1a5/0x480 [ 25.938711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.938737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.938764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.938792] ? __kthread_parkme+0x82/0x180 [ 25.938818] ? preempt_count_sub+0x50/0x80 [ 25.938847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.938875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.938908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.938941] kthread+0x337/0x6f0 [ 25.938966] ? trace_preempt_on+0x20/0xc0 [ 25.938995] ? __pfx_kthread+0x10/0x10 [ 25.939020] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.939050] ? calculate_sigpending+0x7b/0xa0 [ 25.939079] ? __pfx_kthread+0x10/0x10 [ 25.939106] ret_from_fork+0x116/0x1d0 [ 25.939129] ? __pfx_kthread+0x10/0x10 [ 25.939155] ret_from_fork_asm+0x1a/0x30 [ 25.939198] </TASK> [ 25.939210] [ 25.953618] The buggy address belongs to stack of task kunit_try_catch/301 [ 25.954293] [ 25.954482] The buggy address belongs to the physical page: [ 25.954958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b7 [ 25.955866] flags: 0x200000000000000(node=0|zone=2) [ 25.956047] raw: 0200000000000000 ffffea0004186dc8 ffffea0004186dc8 0000000000000000 [ 25.956279] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.956506] page dumped because: kasan: bad access detected [ 25.956690] [ 25.956757] Memory state around the buggy address: [ 25.957060] ffff8881061b7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.957751] ffff8881061b7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.957997] >ffff8881061b7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.958209] ^ [ 25.958383] ffff8881061b7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.958685] ffff8881061b7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.958978] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.903785] ================================================================== [ 25.904706] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.905901] Read of size 1 at addr ffff88810627fc3f by task kunit_try_catch/299 [ 25.906881] [ 25.907295] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.907352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.907365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.907387] Call Trace: [ 25.907401] <TASK> [ 25.907418] dump_stack_lvl+0x73/0xb0 [ 25.907452] print_report+0xd1/0x610 [ 25.907476] ? __virt_addr_valid+0x1db/0x2d0 [ 25.907501] ? kasan_alloca_oob_left+0x320/0x380 [ 25.907536] ? kasan_addr_to_slab+0x11/0xa0 [ 25.907556] ? kasan_alloca_oob_left+0x320/0x380 [ 25.907700] kasan_report+0x141/0x180 [ 25.907875] ? kasan_alloca_oob_left+0x320/0x380 [ 25.907915] __asan_report_load1_noabort+0x18/0x20 [ 25.907942] kasan_alloca_oob_left+0x320/0x380 [ 25.907964] ? __kasan_check_write+0x18/0x20 [ 25.907988] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.908012] ? finish_task_switch.isra.0+0x153/0x700 [ 25.908036] ? try_to_take_rt_mutex+0x7be/0xff0 [ 25.908061] ? trace_hardirqs_on+0x37/0xe0 [ 25.908087] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.908113] ? __schedule+0x10cc/0x2b60 [ 25.908134] ? __pfx_read_tsc+0x10/0x10 [ 25.908156] ? ktime_get_ts64+0x86/0x230 [ 25.908180] kunit_try_run_case+0x1a5/0x480 [ 25.908205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.908226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.908248] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.908270] ? __kthread_parkme+0x82/0x180 [ 25.908291] ? preempt_count_sub+0x50/0x80 [ 25.908314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.908337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.908363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.908389] kthread+0x337/0x6f0 [ 25.908409] ? trace_preempt_on+0x20/0xc0 [ 25.908431] ? __pfx_kthread+0x10/0x10 [ 25.908452] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.908476] ? calculate_sigpending+0x7b/0xa0 [ 25.908501] ? __pfx_kthread+0x10/0x10 [ 25.908535] ret_from_fork+0x116/0x1d0 [ 25.908554] ? __pfx_kthread+0x10/0x10 [ 25.908575] ret_from_fork_asm+0x1a/0x30 [ 25.908617] </TASK> [ 25.908629] [ 25.923569] The buggy address belongs to stack of task kunit_try_catch/299 [ 25.924616] [ 25.924776] The buggy address belongs to the physical page: [ 25.925540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627f [ 25.926579] flags: 0x200000000000000(node=0|zone=2) [ 25.927130] raw: 0200000000000000 ffffea0004189fc8 ffffea0004189fc8 0000000000000000 [ 25.927992] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.928694] page dumped because: kasan: bad access detected [ 25.929124] [ 25.929198] Memory state around the buggy address: [ 25.929350] ffff88810627fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.929577] ffff88810627fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.929893] >ffff88810627fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.930425] ^ [ 25.930868] ffff88810627fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.931273] ffff88810627fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.931674] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 60.766473] ================================================================== [ 60.766906] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 60.766906] [ 60.767258] Use-after-free read at 0x(____ptrval____) (in kfence-#163): [ 60.767525] test_krealloc+0x6fc/0xbe0 [ 60.767717] kunit_try_run_case+0x1a5/0x480 [ 60.768296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.768535] kthread+0x337/0x6f0 [ 60.768704] ret_from_fork+0x116/0x1d0 [ 60.768887] ret_from_fork_asm+0x1a/0x30 [ 60.769410] [ 60.769504] kfence-#163: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 60.769504] [ 60.770054] allocated by task 385 on cpu 1 at 60.765874s (0.004178s ago): [ 60.770424] test_alloc+0x364/0x10f0 [ 60.770590] test_krealloc+0xad/0xbe0 [ 60.770757] kunit_try_run_case+0x1a5/0x480 [ 60.771141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.771443] kthread+0x337/0x6f0 [ 60.771578] ret_from_fork+0x116/0x1d0 [ 60.771842] ret_from_fork_asm+0x1a/0x30 [ 60.772129] [ 60.772221] freed by task 385 on cpu 1 at 60.766089s (0.006130s ago): [ 60.772623] krealloc_noprof+0x108/0x340 [ 60.772887] test_krealloc+0x226/0xbe0 [ 60.773145] kunit_try_run_case+0x1a5/0x480 [ 60.773399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.773602] kthread+0x337/0x6f0 [ 60.773761] ret_from_fork+0x116/0x1d0 [ 60.773967] ret_from_fork_asm+0x1a/0x30 [ 60.774447] [ 60.774548] CPU: 1 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 60.775297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.775555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.776008] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.875503] ================================================================== [ 25.876275] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.876565] Read of size 1 at addr ffff8881061b7d02 by task kunit_try_catch/297 [ 25.877205] [ 25.877420] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.877580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.877612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.877636] Call Trace: [ 25.877650] <TASK> [ 25.877667] dump_stack_lvl+0x73/0xb0 [ 25.877708] print_report+0xd1/0x610 [ 25.877769] ? __virt_addr_valid+0x1db/0x2d0 [ 25.877797] ? kasan_stack_oob+0x2b5/0x300 [ 25.877817] ? kasan_addr_to_slab+0x11/0xa0 [ 25.877838] ? kasan_stack_oob+0x2b5/0x300 [ 25.877859] kasan_report+0x141/0x180 [ 25.877881] ? kasan_stack_oob+0x2b5/0x300 [ 25.877907] __asan_report_load1_noabort+0x18/0x20 [ 25.877942] kasan_stack_oob+0x2b5/0x300 [ 25.877963] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.877982] ? finish_task_switch.isra.0+0x153/0x700 [ 25.878005] ? __switch_to+0x47/0xf80 [ 25.878034] ? __schedule+0x10cc/0x2b60 [ 25.878056] ? __pfx_read_tsc+0x10/0x10 [ 25.878078] ? ktime_get_ts64+0x86/0x230 [ 25.878104] kunit_try_run_case+0x1a5/0x480 [ 25.878130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.878152] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.878174] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.878197] ? __kthread_parkme+0x82/0x180 [ 25.878218] ? preempt_count_sub+0x50/0x80 [ 25.878241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.878265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.878291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.878317] kthread+0x337/0x6f0 [ 25.878338] ? trace_preempt_on+0x20/0xc0 [ 25.878362] ? __pfx_kthread+0x10/0x10 [ 25.878382] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.878407] ? calculate_sigpending+0x7b/0xa0 [ 25.878432] ? __pfx_kthread+0x10/0x10 [ 25.878453] ret_from_fork+0x116/0x1d0 [ 25.878479] ? __pfx_kthread+0x10/0x10 [ 25.878500] ret_from_fork_asm+0x1a/0x30 [ 25.878542] </TASK> [ 25.878554] [ 25.889582] The buggy address belongs to stack of task kunit_try_catch/297 [ 25.890113] and is located at offset 138 in frame: [ 25.890333] kasan_stack_oob+0x0/0x300 [ 25.890645] [ 25.890794] This frame has 4 objects: [ 25.891038] [48, 49) '__assertion' [ 25.891061] [64, 72) 'array' [ 25.891224] [96, 112) '__assertion' [ 25.891343] [128, 138) 'stack_array' [ 25.891538] [ 25.891785] The buggy address belongs to the physical page: [ 25.892070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b7 [ 25.892316] flags: 0x200000000000000(node=0|zone=2) [ 25.892563] raw: 0200000000000000 ffffea0004186dc8 ffffea0004186dc8 0000000000000000 [ 25.892910] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.893380] page dumped because: kasan: bad access detected [ 25.894911] [ 25.895271] Memory state around the buggy address: [ 25.895904] ffff8881061b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.896146] ffff8881061b7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.896359] >ffff8881061b7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.896605] ^ [ 25.896771] ffff8881061b7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.897018] ffff8881061b7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.897332] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 60.684931] ================================================================== [ 60.685346] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.685346] [ 60.685914] Use-after-free read at 0x(____ptrval____) (in kfence-#162): [ 60.686310] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.686591] kunit_try_run_case+0x1a5/0x480 [ 60.686861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.687167] kthread+0x337/0x6f0 [ 60.687348] ret_from_fork+0x116/0x1d0 [ 60.687652] ret_from_fork_asm+0x1a/0x30 [ 60.687862] [ 60.687935] kfence-#162: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 60.687935] [ 60.688268] allocated by task 383 on cpu 0 at 60.661867s (0.026398s ago): [ 60.688659] test_alloc+0x2a6/0x10f0 [ 60.688910] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 60.689271] kunit_try_run_case+0x1a5/0x480 [ 60.689482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.689725] kthread+0x337/0x6f0 [ 60.690068] ret_from_fork+0x116/0x1d0 [ 60.690298] ret_from_fork_asm+0x1a/0x30 [ 60.690544] [ 60.690617] freed by task 383 on cpu 0 at 60.661959s (0.028655s ago): [ 60.690942] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 60.691658] kunit_try_run_case+0x1a5/0x480 [ 60.691910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.692354] kthread+0x337/0x6f0 [ 60.692548] ret_from_fork+0x116/0x1d0 [ 60.692745] ret_from_fork_asm+0x1a/0x30 [ 60.693127] [ 60.693240] CPU: 0 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 60.693945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.694231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.694692] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 35.925436] ================================================================== [ 35.926191] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 35.926191] [ 35.926615] Invalid read at 0x(____ptrval____): [ 35.927717] test_invalid_access+0xf0/0x210 [ 35.927937] kunit_try_run_case+0x1a5/0x480 [ 35.928142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.928385] kthread+0x337/0x6f0 [ 35.928550] ret_from_fork+0x116/0x1d0 [ 35.929014] ret_from_fork_asm+0x1a/0x30 [ 35.929346] [ 35.929468] CPU: 0 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 35.930015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.930229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.930713] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.702107] ================================================================== [ 35.702498] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.702498] [ 35.702915] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#158): [ 35.704202] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.704414] kunit_try_run_case+0x1a5/0x480 [ 35.704820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.705121] kthread+0x337/0x6f0 [ 35.705270] ret_from_fork+0x116/0x1d0 [ 35.705584] ret_from_fork_asm+0x1a/0x30 [ 35.705768] [ 35.705937] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.705937] [ 35.706516] allocated by task 373 on cpu 1 at 35.701836s (0.004673s ago): [ 35.706863] test_alloc+0x364/0x10f0 [ 35.707027] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.707232] kunit_try_run_case+0x1a5/0x480 [ 35.707416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.707652] kthread+0x337/0x6f0 [ 35.708135] ret_from_fork+0x116/0x1d0 [ 35.708296] ret_from_fork_asm+0x1a/0x30 [ 35.708496] [ 35.708658] freed by task 373 on cpu 1 at 35.701972s (0.006684s ago): [ 35.709128] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.709337] kunit_try_run_case+0x1a5/0x480 [ 35.709664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.709927] kthread+0x337/0x6f0 [ 35.710217] ret_from_fork+0x116/0x1d0 [ 35.710448] ret_from_fork_asm+0x1a/0x30 [ 35.710733] [ 35.710845] CPU: 1 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 35.711481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.711674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.712042] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 35.390107] ================================================================== [ 35.390524] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.390524] [ 35.391057] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#155): [ 35.391953] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.392440] kunit_try_run_case+0x1a5/0x480 [ 35.392815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.393190] kthread+0x337/0x6f0 [ 35.393383] ret_from_fork+0x116/0x1d0 [ 35.393575] ret_from_fork_asm+0x1a/0x30 [ 35.393977] [ 35.394164] kfence-#155: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.394164] [ 35.394662] allocated by task 371 on cpu 0 at 35.389860s (0.004798s ago): [ 35.395102] test_alloc+0x364/0x10f0 [ 35.395430] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.395799] kunit_try_run_case+0x1a5/0x480 [ 35.396103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.396378] kthread+0x337/0x6f0 [ 35.396690] ret_from_fork+0x116/0x1d0 [ 35.396969] ret_from_fork_asm+0x1a/0x30 [ 35.397253] [ 35.397401] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 35.398032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.398316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.398800] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 30.605999] ================================================================== [ 30.606464] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 30.606464] [ 30.606924] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#109): [ 30.607524] test_corruption+0x131/0x3e0 [ 30.607702] kunit_try_run_case+0x1a5/0x480 [ 30.607913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.608187] kthread+0x337/0x6f0 [ 30.608343] ret_from_fork+0x116/0x1d0 [ 30.608562] ret_from_fork_asm+0x1a/0x30 [ 30.608787] [ 30.608879] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.608879] [ 30.609183] allocated by task 361 on cpu 1 at 30.605864s (0.003316s ago): [ 30.609526] test_alloc+0x2a6/0x10f0 [ 30.609741] test_corruption+0xe6/0x3e0 [ 30.609924] kunit_try_run_case+0x1a5/0x480 [ 30.610125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.610319] kthread+0x337/0x6f0 [ 30.610512] ret_from_fork+0x116/0x1d0 [ 30.610706] ret_from_fork_asm+0x1a/0x30 [ 30.610903] [ 30.611011] freed by task 361 on cpu 1 at 30.605919s (0.005090s ago): [ 30.611260] test_corruption+0x131/0x3e0 [ 30.611472] kunit_try_run_case+0x1a5/0x480 [ 30.611669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.611966] kthread+0x337/0x6f0 [ 30.612125] ret_from_fork+0x116/0x1d0 [ 30.612316] ret_from_fork_asm+0x1a/0x30 [ 30.612558] [ 30.612685] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 30.613217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.613429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.613856] ================================================================== [ 30.190108] ================================================================== [ 30.190566] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 30.190566] [ 30.190934] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#105): [ 30.191753] test_corruption+0x2d2/0x3e0 [ 30.191976] kunit_try_run_case+0x1a5/0x480 [ 30.192214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.192409] kthread+0x337/0x6f0 [ 30.192599] ret_from_fork+0x116/0x1d0 [ 30.192830] ret_from_fork_asm+0x1a/0x30 [ 30.193020] [ 30.193097] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.193097] [ 30.193524] allocated by task 359 on cpu 0 at 30.189852s (0.003669s ago): [ 30.193896] test_alloc+0x364/0x10f0 [ 30.194082] test_corruption+0xe6/0x3e0 [ 30.194240] kunit_try_run_case+0x1a5/0x480 [ 30.194452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.194684] kthread+0x337/0x6f0 [ 30.194868] ret_from_fork+0x116/0x1d0 [ 30.195019] ret_from_fork_asm+0x1a/0x30 [ 30.195161] [ 30.195233] freed by task 359 on cpu 0 at 30.189932s (0.005298s ago): [ 30.195567] test_corruption+0x2d2/0x3e0 [ 30.195837] kunit_try_run_case+0x1a5/0x480 [ 30.195987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.196175] kthread+0x337/0x6f0 [ 30.196351] ret_from_fork+0x116/0x1d0 [ 30.196556] ret_from_fork_asm+0x1a/0x30 [ 30.196930] [ 30.197052] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 30.197546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.197739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.198116] ================================================================== [ 30.917941] ================================================================== [ 30.918329] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 30.918329] [ 30.918724] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#112): [ 30.919115] test_corruption+0x216/0x3e0 [ 30.919307] kunit_try_run_case+0x1a5/0x480 [ 30.919540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.919764] kthread+0x337/0x6f0 [ 30.919945] ret_from_fork+0x116/0x1d0 [ 30.920074] ret_from_fork_asm+0x1a/0x30 [ 30.920271] [ 30.920389] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.920389] [ 30.920828] allocated by task 361 on cpu 1 at 30.917817s (0.003009s ago): [ 30.921075] test_alloc+0x2a6/0x10f0 [ 30.921279] test_corruption+0x1cb/0x3e0 [ 30.921427] kunit_try_run_case+0x1a5/0x480 [ 30.921684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.921906] kthread+0x337/0x6f0 [ 30.922050] ret_from_fork+0x116/0x1d0 [ 30.922250] ret_from_fork_asm+0x1a/0x30 [ 30.922442] [ 30.922574] freed by task 361 on cpu 1 at 30.917862s (0.004709s ago): [ 30.922832] test_corruption+0x216/0x3e0 [ 30.923019] kunit_try_run_case+0x1a5/0x480 [ 30.923218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.923480] kthread+0x337/0x6f0 [ 30.923644] ret_from_fork+0x116/0x1d0 [ 30.923768] ret_from_fork_asm+0x1a/0x30 [ 30.923898] [ 30.923987] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 30.924552] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.924780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.925209] ================================================================== [ 30.294072] ================================================================== [ 30.294442] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 30.294442] [ 30.294818] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#106): [ 30.295203] test_corruption+0x2df/0x3e0 [ 30.295418] kunit_try_run_case+0x1a5/0x480 [ 30.295656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.295862] kthread+0x337/0x6f0 [ 30.296026] ret_from_fork+0x116/0x1d0 [ 30.296230] ret_from_fork_asm+0x1a/0x30 [ 30.296421] [ 30.296522] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.296522] [ 30.297023] allocated by task 359 on cpu 0 at 30.293838s (0.003182s ago): [ 30.297353] test_alloc+0x364/0x10f0 [ 30.297504] test_corruption+0x1cb/0x3e0 [ 30.297656] kunit_try_run_case+0x1a5/0x480 [ 30.297858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.298119] kthread+0x337/0x6f0 [ 30.298289] ret_from_fork+0x116/0x1d0 [ 30.298441] ret_from_fork_asm+0x1a/0x30 [ 30.298597] [ 30.298788] freed by task 359 on cpu 0 at 30.293911s (0.004874s ago): [ 30.299113] test_corruption+0x2df/0x3e0 [ 30.299300] kunit_try_run_case+0x1a5/0x480 [ 30.299508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.299763] kthread+0x337/0x6f0 [ 30.299940] ret_from_fork+0x116/0x1d0 [ 30.300108] ret_from_fork_asm+0x1a/0x30 [ 30.300300] [ 30.300409] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 30.300926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.301065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.301335] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.877934] ================================================================== [ 29.878294] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 29.878294] [ 29.878640] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 29.878929] test_invalid_addr_free+0x1e1/0x260 [ 29.879096] kunit_try_run_case+0x1a5/0x480 [ 29.879305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.879529] kthread+0x337/0x6f0 [ 29.879663] ret_from_fork+0x116/0x1d0 [ 29.879793] ret_from_fork_asm+0x1a/0x30 [ 29.879935] [ 29.880026] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.880026] [ 29.880650] allocated by task 355 on cpu 1 at 29.877804s (0.002844s ago): [ 29.880944] test_alloc+0x364/0x10f0 [ 29.881113] test_invalid_addr_free+0xdb/0x260 [ 29.881295] kunit_try_run_case+0x1a5/0x480 [ 29.881433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.881684] kthread+0x337/0x6f0 [ 29.881902] ret_from_fork+0x116/0x1d0 [ 29.882109] ret_from_fork_asm+0x1a/0x30 [ 29.882260] [ 29.882354] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.882863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.883059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.883402] ================================================================== [ 29.982004] ================================================================== [ 29.982393] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 29.982393] [ 29.982738] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 29.983065] test_invalid_addr_free+0xfb/0x260 [ 29.983272] kunit_try_run_case+0x1a5/0x480 [ 29.983424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.983740] kthread+0x337/0x6f0 [ 29.983875] ret_from_fork+0x116/0x1d0 [ 29.984032] ret_from_fork_asm+0x1a/0x30 [ 29.984230] [ 29.984324] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.984324] [ 29.984758] allocated by task 357 on cpu 1 at 29.981888s (0.002868s ago): [ 29.985093] test_alloc+0x2a6/0x10f0 [ 29.985215] test_invalid_addr_free+0xdb/0x260 [ 29.985354] kunit_try_run_case+0x1a5/0x480 [ 29.985490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.985876] kthread+0x337/0x6f0 [ 29.986044] ret_from_fork+0x116/0x1d0 [ 29.986245] ret_from_fork_asm+0x1a/0x30 [ 29.986442] [ 29.986590] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.987150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.987335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.987629] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 29.670092] ================================================================== [ 29.670507] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 29.670507] [ 29.670933] Invalid free of 0x(____ptrval____) (in kfence-#100): [ 29.671224] test_double_free+0x1d3/0x260 [ 29.671408] kunit_try_run_case+0x1a5/0x480 [ 29.671612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.671812] kthread+0x337/0x6f0 [ 29.672000] ret_from_fork+0x116/0x1d0 [ 29.672209] ret_from_fork_asm+0x1a/0x30 [ 29.672370] [ 29.672442] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.672442] [ 29.673086] allocated by task 351 on cpu 0 at 29.669840s (0.003243s ago): [ 29.673382] test_alloc+0x364/0x10f0 [ 29.673515] test_double_free+0xdb/0x260 [ 29.673826] kunit_try_run_case+0x1a5/0x480 [ 29.674049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.674230] kthread+0x337/0x6f0 [ 29.674379] ret_from_fork+0x116/0x1d0 [ 29.674589] ret_from_fork_asm+0x1a/0x30 [ 29.674806] [ 29.674901] freed by task 351 on cpu 0 at 29.669901s (0.004997s ago): [ 29.675184] test_double_free+0x1e0/0x260 [ 29.675357] kunit_try_run_case+0x1a5/0x480 [ 29.675504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.675745] kthread+0x337/0x6f0 [ 29.675938] ret_from_fork+0x116/0x1d0 [ 29.676133] ret_from_fork_asm+0x1a/0x30 [ 29.676285] [ 29.676381] CPU: 0 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.677033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.677221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.677601] ================================================================== [ 29.774029] ================================================================== [ 29.774442] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 29.774442] [ 29.774848] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 29.775145] test_double_free+0x112/0x260 [ 29.775368] kunit_try_run_case+0x1a5/0x480 [ 29.775528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.775878] kthread+0x337/0x6f0 [ 29.776077] ret_from_fork+0x116/0x1d0 [ 29.776237] ret_from_fork_asm+0x1a/0x30 [ 29.776456] [ 29.776556] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.776556] [ 29.776960] allocated by task 353 on cpu 1 at 29.773825s (0.003132s ago): [ 29.777189] test_alloc+0x2a6/0x10f0 [ 29.777370] test_double_free+0xdb/0x260 [ 29.777594] kunit_try_run_case+0x1a5/0x480 [ 29.777796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.778044] kthread+0x337/0x6f0 [ 29.778186] ret_from_fork+0x116/0x1d0 [ 29.778363] ret_from_fork_asm+0x1a/0x30 [ 29.778561] [ 29.778655] freed by task 353 on cpu 1 at 29.773880s (0.004773s ago): [ 29.778913] test_double_free+0xfa/0x260 [ 29.779056] kunit_try_run_case+0x1a5/0x480 [ 29.779243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.779495] kthread+0x337/0x6f0 [ 29.779656] ret_from_fork+0x116/0x1d0 [ 29.779820] ret_from_fork_asm+0x1a/0x30 [ 29.780030] [ 29.780122] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.780598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.780817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.781228] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 29.357997] ================================================================== [ 29.358433] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.358433] [ 29.359272] Use-after-free read at 0x(____ptrval____) (in kfence-#97): [ 29.359567] test_use_after_free_read+0x129/0x270 [ 29.360104] kunit_try_run_case+0x1a5/0x480 [ 29.360301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.360610] kthread+0x337/0x6f0 [ 29.360788] ret_from_fork+0x116/0x1d0 [ 29.360982] ret_from_fork_asm+0x1a/0x30 [ 29.361286] [ 29.361389] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.361389] [ 29.361822] allocated by task 345 on cpu 0 at 29.357898s (0.003922s ago): [ 29.362156] test_alloc+0x2a6/0x10f0 [ 29.362360] test_use_after_free_read+0xdc/0x270 [ 29.362607] kunit_try_run_case+0x1a5/0x480 [ 29.362823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.363027] kthread+0x337/0x6f0 [ 29.363223] ret_from_fork+0x116/0x1d0 [ 29.363404] ret_from_fork_asm+0x1a/0x30 [ 29.363605] [ 29.363697] freed by task 345 on cpu 0 at 29.357933s (0.005762s ago): [ 29.364024] test_use_after_free_read+0xfb/0x270 [ 29.364262] kunit_try_run_case+0x1a5/0x480 [ 29.364480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.364768] kthread+0x337/0x6f0 [ 29.364941] ret_from_fork+0x116/0x1d0 [ 29.365215] ret_from_fork_asm+0x1a/0x30 [ 29.365377] [ 29.365472] CPU: 0 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.366202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.366364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.366794] ================================================================== [ 29.254086] ================================================================== [ 29.254560] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 29.254560] [ 29.255035] Use-after-free read at 0x(____ptrval____) (in kfence-#96): [ 29.255283] test_use_after_free_read+0x129/0x270 [ 29.255464] kunit_try_run_case+0x1a5/0x480 [ 29.255667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.255990] kthread+0x337/0x6f0 [ 29.256136] ret_from_fork+0x116/0x1d0 [ 29.256268] ret_from_fork_asm+0x1a/0x30 [ 29.256468] [ 29.256572] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.256572] [ 29.257059] allocated by task 343 on cpu 1 at 29.253868s (0.003188s ago): [ 29.257341] test_alloc+0x364/0x10f0 [ 29.257520] test_use_after_free_read+0xdc/0x270 [ 29.257764] kunit_try_run_case+0x1a5/0x480 [ 29.257961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.258175] kthread+0x337/0x6f0 [ 29.258290] ret_from_fork+0x116/0x1d0 [ 29.258458] ret_from_fork_asm+0x1a/0x30 [ 29.258676] [ 29.258954] freed by task 343 on cpu 1 at 29.253929s (0.004946s ago): [ 29.259270] test_use_after_free_read+0x1e7/0x270 [ 29.259492] kunit_try_run_case+0x1a5/0x480 [ 29.259720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.259892] kthread+0x337/0x6f0 [ 29.260020] ret_from_fork+0x116/0x1d0 [ 29.260204] ret_from_fork_asm+0x1a/0x30 [ 29.260416] [ 29.260509] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.260957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.261155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.261508] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 28.941907] ================================================================== [ 28.942272] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.942272] [ 28.943021] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#93): [ 28.943589] test_out_of_bounds_write+0x10d/0x260 [ 28.943821] kunit_try_run_case+0x1a5/0x480 [ 28.944006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.944465] kthread+0x337/0x6f0 [ 28.944642] ret_from_fork+0x116/0x1d0 [ 28.944837] ret_from_fork_asm+0x1a/0x30 [ 28.945011] [ 28.945106] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.945106] [ 28.945486] allocated by task 339 on cpu 1 at 28.941810s (0.003673s ago): [ 28.946209] test_alloc+0x364/0x10f0 [ 28.946474] test_out_of_bounds_write+0xd4/0x260 [ 28.946675] kunit_try_run_case+0x1a5/0x480 [ 28.946894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.947145] kthread+0x337/0x6f0 [ 28.947285] ret_from_fork+0x116/0x1d0 [ 28.947452] ret_from_fork_asm+0x1a/0x30 [ 28.947692] [ 28.947808] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.948279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.948479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.948915] ================================================================== [ 29.149927] ================================================================== [ 29.150339] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 29.150339] [ 29.150779] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#95): [ 29.151089] test_out_of_bounds_write+0x10d/0x260 [ 29.151340] kunit_try_run_case+0x1a5/0x480 [ 29.151553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.151816] kthread+0x337/0x6f0 [ 29.151978] ret_from_fork+0x116/0x1d0 [ 29.152160] ret_from_fork_asm+0x1a/0x30 [ 29.152337] [ 29.152429] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.152429] [ 29.152822] allocated by task 341 on cpu 0 at 29.149867s (0.002953s ago): [ 29.153167] test_alloc+0x2a6/0x10f0 [ 29.153353] test_out_of_bounds_write+0xd4/0x260 [ 29.153514] kunit_try_run_case+0x1a5/0x480 [ 29.153692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.153972] kthread+0x337/0x6f0 [ 29.154114] ret_from_fork+0x116/0x1d0 [ 29.154251] ret_from_fork_asm+0x1a/0x30 [ 29.154571] [ 29.154717] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 29.155192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.155349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.155935] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 28.422853] ================================================================== [ 28.423316] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.423316] [ 28.423859] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#88): [ 28.424435] test_out_of_bounds_read+0x126/0x4e0 [ 28.424679] kunit_try_run_case+0x1a5/0x480 [ 28.425003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.425297] kthread+0x337/0x6f0 [ 28.425473] ret_from_fork+0x116/0x1d0 [ 28.425689] ret_from_fork_asm+0x1a/0x30 [ 28.425845] [ 28.426055] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.426055] [ 28.426703] allocated by task 335 on cpu 1 at 28.421847s (0.004799s ago): [ 28.427317] test_alloc+0x364/0x10f0 [ 28.427555] test_out_of_bounds_read+0xed/0x4e0 [ 28.427819] kunit_try_run_case+0x1a5/0x480 [ 28.428074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.428331] kthread+0x337/0x6f0 [ 28.428480] ret_from_fork+0x116/0x1d0 [ 28.428694] ret_from_fork_asm+0x1a/0x30 [ 28.429028] [ 28.429195] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.429678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.430009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.430475] ================================================================== [ 28.733928] ================================================================== [ 28.734323] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 28.734323] [ 28.734880] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#91): [ 28.735351] test_out_of_bounds_read+0x126/0x4e0 [ 28.735709] kunit_try_run_case+0x1a5/0x480 [ 28.735948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.736582] kthread+0x337/0x6f0 [ 28.736867] ret_from_fork+0x116/0x1d0 [ 28.737083] ret_from_fork_asm+0x1a/0x30 [ 28.737458] [ 28.737588] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.737588] [ 28.738089] allocated by task 337 on cpu 0 at 28.733863s (0.004222s ago): [ 28.738697] test_alloc+0x2a6/0x10f0 [ 28.738892] test_out_of_bounds_read+0xed/0x4e0 [ 28.739250] kunit_try_run_case+0x1a5/0x480 [ 28.739561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.739827] kthread+0x337/0x6f0 [ 28.740111] ret_from_fork+0x116/0x1d0 [ 28.740391] ret_from_fork_asm+0x1a/0x30 [ 28.740686] [ 28.740823] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.741317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.741503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.742098] ================================================================== [ 28.837911] ================================================================== [ 28.838285] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.838285] [ 28.838848] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#92): [ 28.839182] test_out_of_bounds_read+0x216/0x4e0 [ 28.839350] kunit_try_run_case+0x1a5/0x480 [ 28.839589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.839898] kthread+0x337/0x6f0 [ 28.840053] ret_from_fork+0x116/0x1d0 [ 28.840222] ret_from_fork_asm+0x1a/0x30 [ 28.840445] [ 28.840552] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.840552] [ 28.841006] allocated by task 337 on cpu 0 at 28.837857s (0.003147s ago): [ 28.841321] test_alloc+0x2a6/0x10f0 [ 28.841505] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.841748] kunit_try_run_case+0x1a5/0x480 [ 28.841972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.842232] kthread+0x337/0x6f0 [ 28.842377] ret_from_fork+0x116/0x1d0 [ 28.842512] ret_from_fork_asm+0x1a/0x30 [ 28.842849] [ 28.842967] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.843482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.843685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.844018] ================================================================== [ 28.526086] ================================================================== [ 28.526468] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 28.526468] [ 28.527027] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#89): [ 28.527307] test_out_of_bounds_read+0x216/0x4e0 [ 28.527517] kunit_try_run_case+0x1a5/0x480 [ 28.527685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.527960] kthread+0x337/0x6f0 [ 28.528190] ret_from_fork+0x116/0x1d0 [ 28.528320] ret_from_fork_asm+0x1a/0x30 [ 28.528525] [ 28.528621] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.528621] [ 28.528992] allocated by task 335 on cpu 1 at 28.525900s (0.003090s ago): [ 28.529321] test_alloc+0x364/0x10f0 [ 28.529503] test_out_of_bounds_read+0x1e2/0x4e0 [ 28.529661] kunit_try_run_case+0x1a5/0x480 [ 28.529855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.530113] kthread+0x337/0x6f0 [ 28.530260] ret_from_fork+0x116/0x1d0 [ 28.530388] ret_from_fork_asm+0x1a/0x30 [ 28.530587] [ 28.530773] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.531272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.531459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.531880] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 28.134632] ================================================================== [ 28.134867] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 28.135087] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.135307] [ 28.135385] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.135433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.135447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.135468] Call Trace: [ 28.135484] <TASK> [ 28.135499] dump_stack_lvl+0x73/0xb0 [ 28.135526] print_report+0xd1/0x610 [ 28.135565] ? __virt_addr_valid+0x1db/0x2d0 [ 28.135589] ? strncpy_from_user+0x2e/0x1d0 [ 28.135611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.135638] ? strncpy_from_user+0x2e/0x1d0 [ 28.136044] kasan_report+0x141/0x180 [ 28.136074] ? strncpy_from_user+0x2e/0x1d0 [ 28.136103] kasan_check_range+0x10c/0x1c0 [ 28.136129] __kasan_check_write+0x18/0x20 [ 28.136155] strncpy_from_user+0x2e/0x1d0 [ 28.136180] copy_user_test_oob+0x760/0x10f0 [ 28.136208] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.136232] ? finish_task_switch.isra.0+0x153/0x700 [ 28.136255] ? __switch_to+0x47/0xf80 [ 28.136281] ? __schedule+0x10cc/0x2b60 [ 28.136305] ? __pfx_read_tsc+0x10/0x10 [ 28.136328] ? ktime_get_ts64+0x86/0x230 [ 28.136353] kunit_try_run_case+0x1a5/0x480 [ 28.136378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.136401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.136687] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.136716] ? __kthread_parkme+0x82/0x180 [ 28.136739] ? preempt_count_sub+0x50/0x80 [ 28.136764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.136788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.136815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.136843] kthread+0x337/0x6f0 [ 28.136863] ? trace_preempt_on+0x20/0xc0 [ 28.136888] ? __pfx_kthread+0x10/0x10 [ 28.136910] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.136935] ? calculate_sigpending+0x7b/0xa0 [ 28.136959] ? __pfx_kthread+0x10/0x10 [ 28.136982] ret_from_fork+0x116/0x1d0 [ 28.137002] ? __pfx_kthread+0x10/0x10 [ 28.137023] ret_from_fork_asm+0x1a/0x30 [ 28.137056] </TASK> [ 28.137068] [ 28.146850] Allocated by task 333: [ 28.146978] kasan_save_stack+0x45/0x70 [ 28.147121] kasan_save_track+0x18/0x40 [ 28.147251] kasan_save_alloc_info+0x3b/0x50 [ 28.147395] __kasan_kmalloc+0xb7/0xc0 [ 28.147540] __kmalloc_noprof+0x1c9/0x500 [ 28.147739] kunit_kmalloc_array+0x25/0x60 [ 28.147920] copy_user_test_oob+0xab/0x10f0 [ 28.148102] kunit_try_run_case+0x1a5/0x480 [ 28.148282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.148515] kthread+0x337/0x6f0 [ 28.148685] ret_from_fork+0x116/0x1d0 [ 28.148850] ret_from_fork_asm+0x1a/0x30 [ 28.149020] [ 28.149094] The buggy address belongs to the object at ffff8881060ab300 [ 28.149094] which belongs to the cache kmalloc-128 of size 128 [ 28.149617] The buggy address is located 0 bytes inside of [ 28.149617] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.150075] [ 28.150163] The buggy address belongs to the physical page: [ 28.150375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.150649] flags: 0x200000000000000(node=0|zone=2) [ 28.150811] page_type: f5(slab) [ 28.150973] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.151304] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.151725] page dumped because: kasan: bad access detected [ 28.151974] [ 28.152066] Memory state around the buggy address: [ 28.152253] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.152492] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.152735] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.152984] ^ [ 28.153300] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.153652] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.153959] ================================================================== [ 28.154491] ================================================================== [ 28.154861] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 28.155118] Write of size 1 at addr ffff8881060ab378 by task kunit_try_catch/333 [ 28.155337] [ 28.155430] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.155477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.155491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.155514] Call Trace: [ 28.155528] <TASK> [ 28.155555] dump_stack_lvl+0x73/0xb0 [ 28.155583] print_report+0xd1/0x610 [ 28.155627] ? __virt_addr_valid+0x1db/0x2d0 [ 28.155652] ? strncpy_from_user+0x1a5/0x1d0 [ 28.155674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.155702] ? strncpy_from_user+0x1a5/0x1d0 [ 28.155725] kasan_report+0x141/0x180 [ 28.155748] ? strncpy_from_user+0x1a5/0x1d0 [ 28.155775] __asan_report_store1_noabort+0x1b/0x30 [ 28.155801] strncpy_from_user+0x1a5/0x1d0 [ 28.155826] copy_user_test_oob+0x760/0x10f0 [ 28.155853] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.155877] ? finish_task_switch.isra.0+0x153/0x700 [ 28.155898] ? __switch_to+0x47/0xf80 [ 28.155925] ? __schedule+0x10cc/0x2b60 [ 28.155947] ? __pfx_read_tsc+0x10/0x10 [ 28.155969] ? ktime_get_ts64+0x86/0x230 [ 28.155993] kunit_try_run_case+0x1a5/0x480 [ 28.156018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.156040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.156063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.156086] ? __kthread_parkme+0x82/0x180 [ 28.156107] ? preempt_count_sub+0x50/0x80 [ 28.156132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.156157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.156183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.156210] kthread+0x337/0x6f0 [ 28.156232] ? trace_preempt_on+0x20/0xc0 [ 28.156255] ? __pfx_kthread+0x10/0x10 [ 28.156277] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.156303] ? calculate_sigpending+0x7b/0xa0 [ 28.156327] ? __pfx_kthread+0x10/0x10 [ 28.156351] ret_from_fork+0x116/0x1d0 [ 28.156371] ? __pfx_kthread+0x10/0x10 [ 28.156393] ret_from_fork_asm+0x1a/0x30 [ 28.156426] </TASK> [ 28.156437] [ 28.163345] Allocated by task 333: [ 28.163520] kasan_save_stack+0x45/0x70 [ 28.163751] kasan_save_track+0x18/0x40 [ 28.163891] kasan_save_alloc_info+0x3b/0x50 [ 28.164035] __kasan_kmalloc+0xb7/0xc0 [ 28.164162] __kmalloc_noprof+0x1c9/0x500 [ 28.164317] kunit_kmalloc_array+0x25/0x60 [ 28.164518] copy_user_test_oob+0xab/0x10f0 [ 28.164752] kunit_try_run_case+0x1a5/0x480 [ 28.164956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.165204] kthread+0x337/0x6f0 [ 28.165326] ret_from_fork+0x116/0x1d0 [ 28.165511] ret_from_fork_asm+0x1a/0x30 [ 28.165720] [ 28.165786] The buggy address belongs to the object at ffff8881060ab300 [ 28.165786] which belongs to the cache kmalloc-128 of size 128 [ 28.166184] The buggy address is located 0 bytes to the right of [ 28.166184] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.166771] [ 28.166864] The buggy address belongs to the physical page: [ 28.167119] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.167426] flags: 0x200000000000000(node=0|zone=2) [ 28.167643] page_type: f5(slab) [ 28.167793] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.168035] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.168370] page dumped because: kasan: bad access detected [ 28.168651] [ 28.168718] Memory state around the buggy address: [ 28.168907] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.169189] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.169457] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.169776] ^ [ 28.170039] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.170251] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.170457] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 28.093282] ================================================================== [ 28.093820] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 28.094229] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.094468] [ 28.094567] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.094613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.094627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.094649] Call Trace: [ 28.094663] <TASK> [ 28.094680] dump_stack_lvl+0x73/0xb0 [ 28.094708] print_report+0xd1/0x610 [ 28.094732] ? __virt_addr_valid+0x1db/0x2d0 [ 28.094756] ? copy_user_test_oob+0x557/0x10f0 [ 28.094779] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.094806] ? copy_user_test_oob+0x557/0x10f0 [ 28.094830] kasan_report+0x141/0x180 [ 28.094853] ? copy_user_test_oob+0x557/0x10f0 [ 28.094881] kasan_check_range+0x10c/0x1c0 [ 28.094905] __kasan_check_write+0x18/0x20 [ 28.094929] copy_user_test_oob+0x557/0x10f0 [ 28.094955] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.094979] ? finish_task_switch.isra.0+0x153/0x700 [ 28.095001] ? __switch_to+0x47/0xf80 [ 28.095028] ? __schedule+0x10cc/0x2b60 [ 28.095049] ? __pfx_read_tsc+0x10/0x10 [ 28.095071] ? ktime_get_ts64+0x86/0x230 [ 28.095112] kunit_try_run_case+0x1a5/0x480 [ 28.095138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095160] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.095184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.095207] ? __kthread_parkme+0x82/0x180 [ 28.095228] ? preempt_count_sub+0x50/0x80 [ 28.095278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.095346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.095373] kthread+0x337/0x6f0 [ 28.095408] ? trace_preempt_on+0x20/0xc0 [ 28.095446] ? __pfx_kthread+0x10/0x10 [ 28.095481] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.095521] ? calculate_sigpending+0x7b/0xa0 [ 28.095586] ? __pfx_kthread+0x10/0x10 [ 28.095609] ret_from_fork+0x116/0x1d0 [ 28.095642] ? __pfx_kthread+0x10/0x10 [ 28.095683] ret_from_fork_asm+0x1a/0x30 [ 28.095734] </TASK> [ 28.095748] [ 28.103175] Allocated by task 333: [ 28.103324] kasan_save_stack+0x45/0x70 [ 28.103547] kasan_save_track+0x18/0x40 [ 28.103760] kasan_save_alloc_info+0x3b/0x50 [ 28.103954] __kasan_kmalloc+0xb7/0xc0 [ 28.104153] __kmalloc_noprof+0x1c9/0x500 [ 28.104345] kunit_kmalloc_array+0x25/0x60 [ 28.104553] copy_user_test_oob+0xab/0x10f0 [ 28.104832] kunit_try_run_case+0x1a5/0x480 [ 28.104968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.105134] kthread+0x337/0x6f0 [ 28.105317] ret_from_fork+0x116/0x1d0 [ 28.105497] ret_from_fork_asm+0x1a/0x30 [ 28.105712] [ 28.105910] The buggy address belongs to the object at ffff8881060ab300 [ 28.105910] which belongs to the cache kmalloc-128 of size 128 [ 28.106367] The buggy address is located 0 bytes inside of [ 28.106367] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.107045] [ 28.107136] The buggy address belongs to the physical page: [ 28.107373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.107657] flags: 0x200000000000000(node=0|zone=2) [ 28.107897] page_type: f5(slab) [ 28.108084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.108388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.108714] page dumped because: kasan: bad access detected [ 28.108914] [ 28.108976] Memory state around the buggy address: [ 28.109118] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.109319] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.109519] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.109948] ^ [ 28.110245] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.110593] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.110958] ================================================================== [ 28.074002] ================================================================== [ 28.074454] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 28.075013] Read of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.075321] [ 28.075396] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.075441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.075455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.075475] Call Trace: [ 28.075489] <TASK> [ 28.075504] dump_stack_lvl+0x73/0xb0 [ 28.075544] print_report+0xd1/0x610 [ 28.075569] ? __virt_addr_valid+0x1db/0x2d0 [ 28.075594] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075618] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.075656] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075681] kasan_report+0x141/0x180 [ 28.075704] ? copy_user_test_oob+0x4aa/0x10f0 [ 28.075758] kasan_check_range+0x10c/0x1c0 [ 28.075783] __kasan_check_read+0x15/0x20 [ 28.075807] copy_user_test_oob+0x4aa/0x10f0 [ 28.075834] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.075857] ? finish_task_switch.isra.0+0x153/0x700 [ 28.075880] ? __switch_to+0x47/0xf80 [ 28.075907] ? __schedule+0x10cc/0x2b60 [ 28.075931] ? __pfx_read_tsc+0x10/0x10 [ 28.075952] ? ktime_get_ts64+0x86/0x230 [ 28.075993] kunit_try_run_case+0x1a5/0x480 [ 28.076018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.076090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.076128] ? __kthread_parkme+0x82/0x180 [ 28.076162] ? preempt_count_sub+0x50/0x80 [ 28.076212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.076291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.076331] kthread+0x337/0x6f0 [ 28.076352] ? trace_preempt_on+0x20/0xc0 [ 28.076376] ? __pfx_kthread+0x10/0x10 [ 28.076398] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.076423] ? calculate_sigpending+0x7b/0xa0 [ 28.076448] ? __pfx_kthread+0x10/0x10 [ 28.076471] ret_from_fork+0x116/0x1d0 [ 28.076491] ? __pfx_kthread+0x10/0x10 [ 28.076513] ret_from_fork_asm+0x1a/0x30 [ 28.076556] </TASK> [ 28.076568] [ 28.084862] Allocated by task 333: [ 28.085031] kasan_save_stack+0x45/0x70 [ 28.085223] kasan_save_track+0x18/0x40 [ 28.085405] kasan_save_alloc_info+0x3b/0x50 [ 28.085612] __kasan_kmalloc+0xb7/0xc0 [ 28.085926] __kmalloc_noprof+0x1c9/0x500 [ 28.086062] kunit_kmalloc_array+0x25/0x60 [ 28.086195] copy_user_test_oob+0xab/0x10f0 [ 28.086327] kunit_try_run_case+0x1a5/0x480 [ 28.086461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086815] kthread+0x337/0x6f0 [ 28.086971] ret_from_fork+0x116/0x1d0 [ 28.087095] ret_from_fork_asm+0x1a/0x30 [ 28.087304] [ 28.087395] The buggy address belongs to the object at ffff8881060ab300 [ 28.087395] which belongs to the cache kmalloc-128 of size 128 [ 28.087924] The buggy address is located 0 bytes inside of [ 28.087924] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.088422] [ 28.088508] The buggy address belongs to the physical page: [ 28.088754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.089085] flags: 0x200000000000000(node=0|zone=2) [ 28.089317] page_type: f5(slab) [ 28.089467] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.089788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.090107] page dumped because: kasan: bad access detected [ 28.090346] [ 28.090432] Memory state around the buggy address: [ 28.090681] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.090932] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.091218] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.091528] ^ [ 28.091851] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.092175] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.092547] ================================================================== [ 28.111709] ================================================================== [ 28.112213] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 28.112596] Read of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.112848] [ 28.112950] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.113000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.113013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.113035] Call Trace: [ 28.113052] <TASK> [ 28.113068] dump_stack_lvl+0x73/0xb0 [ 28.113097] print_report+0xd1/0x610 [ 28.113121] ? __virt_addr_valid+0x1db/0x2d0 [ 28.113146] ? copy_user_test_oob+0x604/0x10f0 [ 28.113170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.113197] ? copy_user_test_oob+0x604/0x10f0 [ 28.113222] kasan_report+0x141/0x180 [ 28.113245] ? copy_user_test_oob+0x604/0x10f0 [ 28.113275] kasan_check_range+0x10c/0x1c0 [ 28.113299] __kasan_check_read+0x15/0x20 [ 28.113323] copy_user_test_oob+0x604/0x10f0 [ 28.113351] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.113375] ? finish_task_switch.isra.0+0x153/0x700 [ 28.113398] ? __switch_to+0x47/0xf80 [ 28.113426] ? __schedule+0x10cc/0x2b60 [ 28.113448] ? __pfx_read_tsc+0x10/0x10 [ 28.113470] ? ktime_get_ts64+0x86/0x230 [ 28.113495] kunit_try_run_case+0x1a5/0x480 [ 28.113519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.113551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.113575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.113599] ? __kthread_parkme+0x82/0x180 [ 28.113620] ? preempt_count_sub+0x50/0x80 [ 28.113644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.113668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.113695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.113723] kthread+0x337/0x6f0 [ 28.113743] ? trace_preempt_on+0x20/0xc0 [ 28.113768] ? __pfx_kthread+0x10/0x10 [ 28.113790] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.113816] ? calculate_sigpending+0x7b/0xa0 [ 28.113842] ? __pfx_kthread+0x10/0x10 [ 28.113864] ret_from_fork+0x116/0x1d0 [ 28.113885] ? __pfx_kthread+0x10/0x10 [ 28.113906] ret_from_fork_asm+0x1a/0x30 [ 28.113940] </TASK> [ 28.113951] [ 28.123020] Allocated by task 333: [ 28.123186] kasan_save_stack+0x45/0x70 [ 28.123389] kasan_save_track+0x18/0x40 [ 28.124691] kasan_save_alloc_info+0x3b/0x50 [ 28.124871] __kasan_kmalloc+0xb7/0xc0 [ 28.125004] __kmalloc_noprof+0x1c9/0x500 [ 28.125147] kunit_kmalloc_array+0x25/0x60 [ 28.125284] copy_user_test_oob+0xab/0x10f0 [ 28.125423] kunit_try_run_case+0x1a5/0x480 [ 28.125576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.125758] kthread+0x337/0x6f0 [ 28.125936] ret_from_fork+0x116/0x1d0 [ 28.126122] ret_from_fork_asm+0x1a/0x30 [ 28.126504] [ 28.126719] The buggy address belongs to the object at ffff8881060ab300 [ 28.126719] which belongs to the cache kmalloc-128 of size 128 [ 28.127587] The buggy address is located 0 bytes inside of [ 28.127587] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.128442] [ 28.128570] The buggy address belongs to the physical page: [ 28.129075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.129769] flags: 0x200000000000000(node=0|zone=2) [ 28.130078] page_type: f5(slab) [ 28.130195] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.130421] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.130742] page dumped because: kasan: bad access detected [ 28.130964] [ 28.131033] Memory state around the buggy address: [ 28.131268] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.131512] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.131855] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.132166] ^ [ 28.132463] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.132709] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.133689] ================================================================== [ 28.056507] ================================================================== [ 28.056954] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 28.057288] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.057611] [ 28.057693] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.057761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.057775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.057798] Call Trace: [ 28.057811] <TASK> [ 28.057827] dump_stack_lvl+0x73/0xb0 [ 28.057856] print_report+0xd1/0x610 [ 28.057880] ? __virt_addr_valid+0x1db/0x2d0 [ 28.057903] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.057928] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.057955] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.058000] kasan_report+0x141/0x180 [ 28.058024] ? copy_user_test_oob+0x3fd/0x10f0 [ 28.058053] kasan_check_range+0x10c/0x1c0 [ 28.058078] __kasan_check_write+0x18/0x20 [ 28.058102] copy_user_test_oob+0x3fd/0x10f0 [ 28.058128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.058152] ? finish_task_switch.isra.0+0x153/0x700 [ 28.058175] ? __switch_to+0x47/0xf80 [ 28.058202] ? __schedule+0x10cc/0x2b60 [ 28.058243] ? __pfx_read_tsc+0x10/0x10 [ 28.058266] ? ktime_get_ts64+0x86/0x230 [ 28.058291] kunit_try_run_case+0x1a5/0x480 [ 28.058315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.058360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.058400] ? __kthread_parkme+0x82/0x180 [ 28.058421] ? preempt_count_sub+0x50/0x80 [ 28.058445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.058469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.058502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.058541] kthread+0x337/0x6f0 [ 28.058562] ? trace_preempt_on+0x20/0xc0 [ 28.058586] ? __pfx_kthread+0x10/0x10 [ 28.058608] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.058643] ? calculate_sigpending+0x7b/0xa0 [ 28.058668] ? __pfx_kthread+0x10/0x10 [ 28.058691] ret_from_fork+0x116/0x1d0 [ 28.058711] ? __pfx_kthread+0x10/0x10 [ 28.058733] ret_from_fork_asm+0x1a/0x30 [ 28.058765] </TASK> [ 28.058776] [ 28.066009] Allocated by task 333: [ 28.066207] kasan_save_stack+0x45/0x70 [ 28.066406] kasan_save_track+0x18/0x40 [ 28.066632] kasan_save_alloc_info+0x3b/0x50 [ 28.066840] __kasan_kmalloc+0xb7/0xc0 [ 28.066969] __kmalloc_noprof+0x1c9/0x500 [ 28.067170] kunit_kmalloc_array+0x25/0x60 [ 28.067378] copy_user_test_oob+0xab/0x10f0 [ 28.067613] kunit_try_run_case+0x1a5/0x480 [ 28.067813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.068052] kthread+0x337/0x6f0 [ 28.068189] ret_from_fork+0x116/0x1d0 [ 28.068352] ret_from_fork_asm+0x1a/0x30 [ 28.068542] [ 28.068639] The buggy address belongs to the object at ffff8881060ab300 [ 28.068639] which belongs to the cache kmalloc-128 of size 128 [ 28.069132] The buggy address is located 0 bytes inside of [ 28.069132] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.069612] [ 28.069705] The buggy address belongs to the physical page: [ 28.069895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.070251] flags: 0x200000000000000(node=0|zone=2) [ 28.070439] page_type: f5(slab) [ 28.070613] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.070930] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.071257] page dumped because: kasan: bad access detected [ 28.071445] [ 28.071543] Memory state around the buggy address: [ 28.071817] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.072131] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.072431] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.072697] ^ [ 28.072896] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073202] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073510] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 28.034421] ================================================================== [ 28.034795] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 28.035066] Read of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.035400] [ 28.035512] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.035574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.035589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.035610] Call Trace: [ 28.035646] <TASK> [ 28.035663] dump_stack_lvl+0x73/0xb0 [ 28.035692] print_report+0xd1/0x610 [ 28.035716] ? __virt_addr_valid+0x1db/0x2d0 [ 28.035740] ? _copy_to_user+0x3c/0x70 [ 28.035763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.035808] ? _copy_to_user+0x3c/0x70 [ 28.035832] kasan_report+0x141/0x180 [ 28.035855] ? _copy_to_user+0x3c/0x70 [ 28.035884] kasan_check_range+0x10c/0x1c0 [ 28.035908] __kasan_check_read+0x15/0x20 [ 28.035932] _copy_to_user+0x3c/0x70 [ 28.035977] copy_user_test_oob+0x364/0x10f0 [ 28.036004] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.036043] ? finish_task_switch.isra.0+0x153/0x700 [ 28.036067] ? __switch_to+0x47/0xf80 [ 28.036094] ? __schedule+0x10cc/0x2b60 [ 28.036116] ? __pfx_read_tsc+0x10/0x10 [ 28.036140] ? ktime_get_ts64+0x86/0x230 [ 28.036165] kunit_try_run_case+0x1a5/0x480 [ 28.036189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.036211] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.036233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.036257] ? __kthread_parkme+0x82/0x180 [ 28.036278] ? preempt_count_sub+0x50/0x80 [ 28.036302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.036326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.036353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.036381] kthread+0x337/0x6f0 [ 28.036401] ? trace_preempt_on+0x20/0xc0 [ 28.036425] ? __pfx_kthread+0x10/0x10 [ 28.036446] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.036471] ? calculate_sigpending+0x7b/0xa0 [ 28.036496] ? __pfx_kthread+0x10/0x10 [ 28.036519] ret_from_fork+0x116/0x1d0 [ 28.036551] ? __pfx_kthread+0x10/0x10 [ 28.036573] ret_from_fork_asm+0x1a/0x30 [ 28.036607] </TASK> [ 28.036618] [ 28.044137] Allocated by task 333: [ 28.044294] kasan_save_stack+0x45/0x70 [ 28.044432] kasan_save_track+0x18/0x40 [ 28.044576] kasan_save_alloc_info+0x3b/0x50 [ 28.044721] __kasan_kmalloc+0xb7/0xc0 [ 28.044887] __kmalloc_noprof+0x1c9/0x500 [ 28.045082] kunit_kmalloc_array+0x25/0x60 [ 28.045303] copy_user_test_oob+0xab/0x10f0 [ 28.045503] kunit_try_run_case+0x1a5/0x480 [ 28.045742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.045917] kthread+0x337/0x6f0 [ 28.046032] ret_from_fork+0x116/0x1d0 [ 28.046160] ret_from_fork_asm+0x1a/0x30 [ 28.046315] [ 28.046404] The buggy address belongs to the object at ffff8881060ab300 [ 28.046404] which belongs to the cache kmalloc-128 of size 128 [ 28.047402] The buggy address is located 0 bytes inside of [ 28.047402] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.047977] [ 28.048077] The buggy address belongs to the physical page: [ 28.048599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.048961] flags: 0x200000000000000(node=0|zone=2) [ 28.049190] page_type: f5(slab) [ 28.049356] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.049701] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.049925] page dumped because: kasan: bad access detected [ 28.050090] [ 28.050154] Memory state around the buggy address: [ 28.050303] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.050637] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.050968] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.051296] ^ [ 28.051649] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.051985] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.052315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 28.004933] ================================================================== [ 28.005508] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 28.005947] Write of size 121 at addr ffff8881060ab300 by task kunit_try_catch/333 [ 28.006256] [ 28.006350] CPU: 1 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 28.006404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.006418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.006442] Call Trace: [ 28.006458] <TASK> [ 28.006484] dump_stack_lvl+0x73/0xb0 [ 28.006518] print_report+0xd1/0x610 [ 28.006555] ? __virt_addr_valid+0x1db/0x2d0 [ 28.007022] ? _copy_from_user+0x32/0x90 [ 28.007051] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.007079] ? _copy_from_user+0x32/0x90 [ 28.007104] kasan_report+0x141/0x180 [ 28.007128] ? _copy_from_user+0x32/0x90 [ 28.007157] kasan_check_range+0x10c/0x1c0 [ 28.007182] __kasan_check_write+0x18/0x20 [ 28.007207] _copy_from_user+0x32/0x90 [ 28.007231] copy_user_test_oob+0x2be/0x10f0 [ 28.007259] ? __pfx_copy_user_test_oob+0x10/0x10 [ 28.007283] ? finish_task_switch.isra.0+0x153/0x700 [ 28.007306] ? __switch_to+0x47/0xf80 [ 28.007336] ? __schedule+0x10cc/0x2b60 [ 28.007360] ? __pfx_read_tsc+0x10/0x10 [ 28.007384] ? ktime_get_ts64+0x86/0x230 [ 28.007412] kunit_try_run_case+0x1a5/0x480 [ 28.007436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.007458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.007483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.007507] ? __kthread_parkme+0x82/0x180 [ 28.007541] ? preempt_count_sub+0x50/0x80 [ 28.007589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.007643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.007672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.007700] kthread+0x337/0x6f0 [ 28.007721] ? trace_preempt_on+0x20/0xc0 [ 28.007747] ? __pfx_kthread+0x10/0x10 [ 28.007769] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.007794] ? calculate_sigpending+0x7b/0xa0 [ 28.007820] ? __pfx_kthread+0x10/0x10 [ 28.007843] ret_from_fork+0x116/0x1d0 [ 28.007864] ? __pfx_kthread+0x10/0x10 [ 28.007885] ret_from_fork_asm+0x1a/0x30 [ 28.007919] </TASK> [ 28.007932] [ 28.019137] Allocated by task 333: [ 28.019571] kasan_save_stack+0x45/0x70 [ 28.019940] kasan_save_track+0x18/0x40 [ 28.020122] kasan_save_alloc_info+0x3b/0x50 [ 28.020456] __kasan_kmalloc+0xb7/0xc0 [ 28.020831] __kmalloc_noprof+0x1c9/0x500 [ 28.021211] kunit_kmalloc_array+0x25/0x60 [ 28.021379] copy_user_test_oob+0xab/0x10f0 [ 28.021599] kunit_try_run_case+0x1a5/0x480 [ 28.021804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.022236] kthread+0x337/0x6f0 [ 28.022511] ret_from_fork+0x116/0x1d0 [ 28.022940] ret_from_fork_asm+0x1a/0x30 [ 28.023202] [ 28.023367] The buggy address belongs to the object at ffff8881060ab300 [ 28.023367] which belongs to the cache kmalloc-128 of size 128 [ 28.024170] The buggy address is located 0 bytes inside of [ 28.024170] allocated 120-byte region [ffff8881060ab300, ffff8881060ab378) [ 28.024931] [ 28.025081] The buggy address belongs to the physical page: [ 28.025384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 28.026006] flags: 0x200000000000000(node=0|zone=2) [ 28.026231] page_type: f5(slab) [ 28.026423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.026996] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.027428] page dumped because: kasan: bad access detected [ 28.027860] [ 28.028107] Memory state around the buggy address: [ 28.028377] ffff8881060ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.028892] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.029214] >ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.029648] ^ [ 28.030165] ffff8881060ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.030509] ffff8881060ab400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.030936] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.967751] ================================================================== [ 27.968481] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.968999] Write of size 8 at addr ffff8881060ab278 by task kunit_try_catch/329 [ 27.969508] [ 27.969676] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.969812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.969827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.969848] Call Trace: [ 27.969862] <TASK> [ 27.969878] dump_stack_lvl+0x73/0xb0 [ 27.969908] print_report+0xd1/0x610 [ 27.969932] ? __virt_addr_valid+0x1db/0x2d0 [ 27.969955] ? copy_to_kernel_nofault+0x99/0x260 [ 27.969979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.970007] ? copy_to_kernel_nofault+0x99/0x260 [ 27.970032] kasan_report+0x141/0x180 [ 27.970056] ? copy_to_kernel_nofault+0x99/0x260 [ 27.970085] kasan_check_range+0x10c/0x1c0 [ 27.970110] __kasan_check_write+0x18/0x20 [ 27.970135] copy_to_kernel_nofault+0x99/0x260 [ 27.970162] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.970187] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.970210] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.970235] ? trace_hardirqs_on+0x37/0xe0 [ 27.970267] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.970296] kunit_try_run_case+0x1a5/0x480 [ 27.970320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.970343] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.970366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.970390] ? __kthread_parkme+0x82/0x180 [ 27.970411] ? preempt_count_sub+0x50/0x80 [ 27.970435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.970459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.970495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.970523] kthread+0x337/0x6f0 [ 27.970556] ? trace_preempt_on+0x20/0xc0 [ 27.970588] ? __pfx_kthread+0x10/0x10 [ 27.970610] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.970644] ? calculate_sigpending+0x7b/0xa0 [ 27.970668] ? __pfx_kthread+0x10/0x10 [ 27.970691] ret_from_fork+0x116/0x1d0 [ 27.970711] ? __pfx_kthread+0x10/0x10 [ 27.970732] ret_from_fork_asm+0x1a/0x30 [ 27.970766] </TASK> [ 27.970777] [ 27.979195] Allocated by task 329: [ 27.979325] kasan_save_stack+0x45/0x70 [ 27.979467] kasan_save_track+0x18/0x40 [ 27.981144] kasan_save_alloc_info+0x3b/0x50 [ 27.982361] __kasan_kmalloc+0xb7/0xc0 [ 27.982866] __kmalloc_cache_noprof+0x189/0x420 [ 27.983572] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.984375] kunit_try_run_case+0x1a5/0x480 [ 27.984983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.985269] kthread+0x337/0x6f0 [ 27.985444] ret_from_fork+0x116/0x1d0 [ 27.985627] ret_from_fork_asm+0x1a/0x30 [ 27.985796] [ 27.985895] The buggy address belongs to the object at ffff8881060ab200 [ 27.985895] which belongs to the cache kmalloc-128 of size 128 [ 27.986411] The buggy address is located 0 bytes to the right of [ 27.986411] allocated 120-byte region [ffff8881060ab200, ffff8881060ab278) [ 27.986950] [ 27.987066] The buggy address belongs to the physical page: [ 27.987312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 27.987713] flags: 0x200000000000000(node=0|zone=2) [ 27.987899] page_type: f5(slab) [ 27.988058] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.988353] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.988586] page dumped because: kasan: bad access detected [ 27.989139] [ 27.989228] Memory state around the buggy address: [ 27.989474] ffff8881060ab100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.989904] ffff8881060ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.990188] >ffff8881060ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.990484] ^ [ 27.991399] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.991808] ffff8881060ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.992212] ================================================================== [ 27.943916] ================================================================== [ 27.944713] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.945067] Read of size 8 at addr ffff8881060ab278 by task kunit_try_catch/329 [ 27.945463] [ 27.945575] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.945631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.945646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.945669] Call Trace: [ 27.945683] <TASK> [ 27.945703] dump_stack_lvl+0x73/0xb0 [ 27.945736] print_report+0xd1/0x610 [ 27.945761] ? __virt_addr_valid+0x1db/0x2d0 [ 27.945786] ? copy_to_kernel_nofault+0x225/0x260 [ 27.945810] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.945838] ? copy_to_kernel_nofault+0x225/0x260 [ 27.945862] kasan_report+0x141/0x180 [ 27.945886] ? copy_to_kernel_nofault+0x225/0x260 [ 27.945917] __asan_report_load8_noabort+0x18/0x20 [ 27.945942] copy_to_kernel_nofault+0x225/0x260 [ 27.945969] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.945994] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.946018] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.946044] ? trace_hardirqs_on+0x37/0xe0 [ 27.946077] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.946105] kunit_try_run_case+0x1a5/0x480 [ 27.946131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.946153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.946177] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.946200] ? __kthread_parkme+0x82/0x180 [ 27.946221] ? preempt_count_sub+0x50/0x80 [ 27.946247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.946271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.946299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.946326] kthread+0x337/0x6f0 [ 27.946346] ? trace_preempt_on+0x20/0xc0 [ 27.946370] ? __pfx_kthread+0x10/0x10 [ 27.946391] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.946417] ? calculate_sigpending+0x7b/0xa0 [ 27.946442] ? __pfx_kthread+0x10/0x10 [ 27.946464] ret_from_fork+0x116/0x1d0 [ 27.946491] ? __pfx_kthread+0x10/0x10 [ 27.946514] ret_from_fork_asm+0x1a/0x30 [ 27.946558] </TASK> [ 27.946770] [ 27.956668] Allocated by task 329: [ 27.956833] kasan_save_stack+0x45/0x70 [ 27.956978] kasan_save_track+0x18/0x40 [ 27.957501] kasan_save_alloc_info+0x3b/0x50 [ 27.957785] __kasan_kmalloc+0xb7/0xc0 [ 27.957964] __kmalloc_cache_noprof+0x189/0x420 [ 27.958314] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.958554] kunit_try_run_case+0x1a5/0x480 [ 27.959015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.959238] kthread+0x337/0x6f0 [ 27.959522] ret_from_fork+0x116/0x1d0 [ 27.959748] ret_from_fork_asm+0x1a/0x30 [ 27.960039] [ 27.960114] The buggy address belongs to the object at ffff8881060ab200 [ 27.960114] which belongs to the cache kmalloc-128 of size 128 [ 27.960612] The buggy address is located 0 bytes to the right of [ 27.960612] allocated 120-byte region [ffff8881060ab200, ffff8881060ab278) [ 27.961424] [ 27.961613] The buggy address belongs to the physical page: [ 27.961836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 27.962357] flags: 0x200000000000000(node=0|zone=2) [ 27.962696] page_type: f5(slab) [ 27.962865] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.963328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.963777] page dumped because: kasan: bad access detected [ 27.963966] [ 27.964062] Memory state around the buggy address: [ 27.964385] ffff8881060ab100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.964930] ffff8881060ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.965354] >ffff8881060ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.965660] ^ [ 27.966063] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.966471] ffff8881060ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.966867] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 27.904127] ================================================================== [ 27.904364] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.904805] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.905477] [ 27.905593] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.905688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.905704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.905748] Call Trace: [ 27.905764] <TASK> [ 27.905781] dump_stack_lvl+0x73/0xb0 [ 27.905833] print_report+0xd1/0x610 [ 27.905881] ? __virt_addr_valid+0x1db/0x2d0 [ 27.905912] ? kasan_atomics_helper+0x5115/0x5450 [ 27.905940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.905973] ? kasan_atomics_helper+0x5115/0x5450 [ 27.906002] kasan_report+0x141/0x180 [ 27.906032] ? kasan_atomics_helper+0x5115/0x5450 [ 27.906068] __asan_report_load8_noabort+0x18/0x20 [ 27.906099] kasan_atomics_helper+0x5115/0x5450 [ 27.906129] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.906159] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.906191] ? kasan_atomics+0x152/0x310 [ 27.906244] kasan_atomics+0x1dc/0x310 [ 27.906275] ? __pfx_kasan_atomics+0x10/0x10 [ 27.906307] ? __pfx_read_tsc+0x10/0x10 [ 27.906335] ? ktime_get_ts64+0x86/0x230 [ 27.906367] kunit_try_run_case+0x1a5/0x480 [ 27.906398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.906426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.906455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.906493] ? __kthread_parkme+0x82/0x180 [ 27.906547] ? preempt_count_sub+0x50/0x80 [ 27.906580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.906630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.906664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.906698] kthread+0x337/0x6f0 [ 27.906724] ? trace_preempt_on+0x20/0xc0 [ 27.906773] ? __pfx_kthread+0x10/0x10 [ 27.906801] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.906833] ? calculate_sigpending+0x7b/0xa0 [ 27.906865] ? __pfx_kthread+0x10/0x10 [ 27.906894] ret_from_fork+0x116/0x1d0 [ 27.906939] ? __pfx_kthread+0x10/0x10 [ 27.906967] ret_from_fork_asm+0x1a/0x30 [ 27.907008] </TASK> [ 27.907021] [ 27.914698] Allocated by task 313: [ 27.914864] kasan_save_stack+0x45/0x70 [ 27.915037] kasan_save_track+0x18/0x40 [ 27.915251] kasan_save_alloc_info+0x3b/0x50 [ 27.915509] __kasan_kmalloc+0xb7/0xc0 [ 27.915728] __kmalloc_cache_noprof+0x189/0x420 [ 27.915948] kasan_atomics+0x95/0x310 [ 27.916140] kunit_try_run_case+0x1a5/0x480 [ 27.916355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.916541] kthread+0x337/0x6f0 [ 27.916763] ret_from_fork+0x116/0x1d0 [ 27.916998] ret_from_fork_asm+0x1a/0x30 [ 27.917196] [ 27.917288] The buggy address belongs to the object at ffff888105926b00 [ 27.917288] which belongs to the cache kmalloc-64 of size 64 [ 27.917833] The buggy address is located 0 bytes to the right of [ 27.917833] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.918369] [ 27.918461] The buggy address belongs to the physical page: [ 27.918745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.919004] flags: 0x200000000000000(node=0|zone=2) [ 27.919162] page_type: f5(slab) [ 27.919278] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.919502] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.919754] page dumped because: kasan: bad access detected [ 27.920017] [ 27.920111] Memory state around the buggy address: [ 27.920405] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.920838] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.921206] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.921520] ^ [ 27.921815] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.922161] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.922504] ================================================================== [ 27.429457] ================================================================== [ 27.430092] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 27.430547] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.431161] [ 27.431400] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.431548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.431569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.431595] Call Trace: [ 27.431615] <TASK> [ 27.431636] dump_stack_lvl+0x73/0xb0 [ 27.431673] print_report+0xd1/0x610 [ 27.431703] ? __virt_addr_valid+0x1db/0x2d0 [ 27.431733] ? kasan_atomics_helper+0x164f/0x5450 [ 27.431761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.431795] ? kasan_atomics_helper+0x164f/0x5450 [ 27.431824] kasan_report+0x141/0x180 [ 27.431854] ? kasan_atomics_helper+0x164f/0x5450 [ 27.431889] kasan_check_range+0x10c/0x1c0 [ 27.431920] __kasan_check_write+0x18/0x20 [ 27.431951] kasan_atomics_helper+0x164f/0x5450 [ 27.431982] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.432012] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.432045] ? kasan_atomics+0x152/0x310 [ 27.432080] kasan_atomics+0x1dc/0x310 [ 27.432109] ? __pfx_kasan_atomics+0x10/0x10 [ 27.432141] ? __pfx_read_tsc+0x10/0x10 [ 27.432169] ? ktime_get_ts64+0x86/0x230 [ 27.432201] kunit_try_run_case+0x1a5/0x480 [ 27.432232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.432291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.432321] ? __kthread_parkme+0x82/0x180 [ 27.432348] ? preempt_count_sub+0x50/0x80 [ 27.432380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.432410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.432444] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.432478] kthread+0x337/0x6f0 [ 27.432505] ? trace_preempt_on+0x20/0xc0 [ 27.432546] ? __pfx_kthread+0x10/0x10 [ 27.432574] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.432606] ? calculate_sigpending+0x7b/0xa0 [ 27.432638] ? __pfx_kthread+0x10/0x10 [ 27.432666] ret_from_fork+0x116/0x1d0 [ 27.432693] ? __pfx_kthread+0x10/0x10 [ 27.432721] ret_from_fork_asm+0x1a/0x30 [ 27.432763] </TASK> [ 27.432777] [ 27.443165] Allocated by task 313: [ 27.443339] kasan_save_stack+0x45/0x70 [ 27.443682] kasan_save_track+0x18/0x40 [ 27.443865] kasan_save_alloc_info+0x3b/0x50 [ 27.444224] __kasan_kmalloc+0xb7/0xc0 [ 27.444492] __kmalloc_cache_noprof+0x189/0x420 [ 27.444807] kasan_atomics+0x95/0x310 [ 27.445083] kunit_try_run_case+0x1a5/0x480 [ 27.445253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.445680] kthread+0x337/0x6f0 [ 27.446002] ret_from_fork+0x116/0x1d0 [ 27.446292] ret_from_fork_asm+0x1a/0x30 [ 27.446517] [ 27.446611] The buggy address belongs to the object at ffff888105926b00 [ 27.446611] which belongs to the cache kmalloc-64 of size 64 [ 27.447269] The buggy address is located 0 bytes to the right of [ 27.447269] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.448052] [ 27.448139] The buggy address belongs to the physical page: [ 27.448548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.448960] flags: 0x200000000000000(node=0|zone=2) [ 27.449263] page_type: f5(slab) [ 27.449396] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.449867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.450274] page dumped because: kasan: bad access detected [ 27.450539] [ 27.450615] Memory state around the buggy address: [ 27.451007] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.451329] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.451801] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.452199] ^ [ 27.452402] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.452962] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.453342] ================================================================== [ 27.853186] ================================================================== [ 27.853490] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 27.853860] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.854163] [ 27.854256] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.854307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.854323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.854348] Call Trace: [ 27.854368] <TASK> [ 27.854385] dump_stack_lvl+0x73/0xb0 [ 27.854419] print_report+0xd1/0x610 [ 27.854449] ? __virt_addr_valid+0x1db/0x2d0 [ 27.854486] ? kasan_atomics_helper+0x218a/0x5450 [ 27.854516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.854560] ? kasan_atomics_helper+0x218a/0x5450 [ 27.854590] kasan_report+0x141/0x180 [ 27.854639] ? kasan_atomics_helper+0x218a/0x5450 [ 27.854675] kasan_check_range+0x10c/0x1c0 [ 27.854706] __kasan_check_write+0x18/0x20 [ 27.854737] kasan_atomics_helper+0x218a/0x5450 [ 27.854767] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.854796] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.854828] ? kasan_atomics+0x152/0x310 [ 27.854864] kasan_atomics+0x1dc/0x310 [ 27.854894] ? __pfx_kasan_atomics+0x10/0x10 [ 27.854926] ? __pfx_read_tsc+0x10/0x10 [ 27.854954] ? ktime_get_ts64+0x86/0x230 [ 27.854987] kunit_try_run_case+0x1a5/0x480 [ 27.855017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.855046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.855075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.855106] ? __kthread_parkme+0x82/0x180 [ 27.855133] ? preempt_count_sub+0x50/0x80 [ 27.855165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.855196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.855230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.855264] kthread+0x337/0x6f0 [ 27.855290] ? trace_preempt_on+0x20/0xc0 [ 27.855320] ? __pfx_kthread+0x10/0x10 [ 27.855349] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.855381] ? calculate_sigpending+0x7b/0xa0 [ 27.855412] ? __pfx_kthread+0x10/0x10 [ 27.855441] ret_from_fork+0x116/0x1d0 [ 27.855467] ? __pfx_kthread+0x10/0x10 [ 27.855496] ret_from_fork_asm+0x1a/0x30 [ 27.855547] </TASK> [ 27.855561] [ 27.862458] Allocated by task 313: [ 27.862674] kasan_save_stack+0x45/0x70 [ 27.862876] kasan_save_track+0x18/0x40 [ 27.863073] kasan_save_alloc_info+0x3b/0x50 [ 27.863288] __kasan_kmalloc+0xb7/0xc0 [ 27.863480] __kmalloc_cache_noprof+0x189/0x420 [ 27.863722] kasan_atomics+0x95/0x310 [ 27.863861] kunit_try_run_case+0x1a5/0x480 [ 27.864010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.864191] kthread+0x337/0x6f0 [ 27.864316] ret_from_fork+0x116/0x1d0 [ 27.864451] ret_from_fork_asm+0x1a/0x30 [ 27.864659] [ 27.864752] The buggy address belongs to the object at ffff888105926b00 [ 27.864752] which belongs to the cache kmalloc-64 of size 64 [ 27.865275] The buggy address is located 0 bytes to the right of [ 27.865275] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.865859] [ 27.865954] The buggy address belongs to the physical page: [ 27.866203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.866546] flags: 0x200000000000000(node=0|zone=2) [ 27.866732] page_type: f5(slab) [ 27.866854] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.867137] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.867477] page dumped because: kasan: bad access detected [ 27.867762] [ 27.867856] Memory state around the buggy address: [ 27.868081] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.868376] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.868618] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.868832] ^ [ 27.868988] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.869307] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.869653] ================================================================== [ 27.390210] ================================================================== [ 27.390594] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 27.390925] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.391250] [ 27.391360] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.391415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.391442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.391469] Call Trace: [ 27.391484] <TASK> [ 27.391501] dump_stack_lvl+0x73/0xb0 [ 27.391544] print_report+0xd1/0x610 [ 27.391574] ? __virt_addr_valid+0x1db/0x2d0 [ 27.391613] ? kasan_atomics_helper+0x151d/0x5450 [ 27.391642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.391687] ? kasan_atomics_helper+0x151d/0x5450 [ 27.391716] kasan_report+0x141/0x180 [ 27.391771] ? kasan_atomics_helper+0x151d/0x5450 [ 27.391807] kasan_check_range+0x10c/0x1c0 [ 27.391839] __kasan_check_write+0x18/0x20 [ 27.391869] kasan_atomics_helper+0x151d/0x5450 [ 27.391900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.391931] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.391963] ? kasan_atomics+0x152/0x310 [ 27.391998] kasan_atomics+0x1dc/0x310 [ 27.392028] ? __pfx_kasan_atomics+0x10/0x10 [ 27.392060] ? __pfx_read_tsc+0x10/0x10 [ 27.392088] ? ktime_get_ts64+0x86/0x230 [ 27.392120] kunit_try_run_case+0x1a5/0x480 [ 27.392160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.392188] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.392218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.392259] ? __kthread_parkme+0x82/0x180 [ 27.392287] ? preempt_count_sub+0x50/0x80 [ 27.392318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.392348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.392381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.392414] kthread+0x337/0x6f0 [ 27.392440] ? trace_preempt_on+0x20/0xc0 [ 27.392470] ? __pfx_kthread+0x10/0x10 [ 27.392499] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.392539] ? calculate_sigpending+0x7b/0xa0 [ 27.392570] ? __pfx_kthread+0x10/0x10 [ 27.392599] ret_from_fork+0x116/0x1d0 [ 27.392633] ? __pfx_kthread+0x10/0x10 [ 27.392661] ret_from_fork_asm+0x1a/0x30 [ 27.392704] </TASK> [ 27.392717] [ 27.400451] Allocated by task 313: [ 27.400672] kasan_save_stack+0x45/0x70 [ 27.400853] kasan_save_track+0x18/0x40 [ 27.401060] kasan_save_alloc_info+0x3b/0x50 [ 27.401251] __kasan_kmalloc+0xb7/0xc0 [ 27.401446] __kmalloc_cache_noprof+0x189/0x420 [ 27.401715] kasan_atomics+0x95/0x310 [ 27.401889] kunit_try_run_case+0x1a5/0x480 [ 27.402129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.402363] kthread+0x337/0x6f0 [ 27.402552] ret_from_fork+0x116/0x1d0 [ 27.402820] ret_from_fork_asm+0x1a/0x30 [ 27.403044] [ 27.403115] The buggy address belongs to the object at ffff888105926b00 [ 27.403115] which belongs to the cache kmalloc-64 of size 64 [ 27.403609] The buggy address is located 0 bytes to the right of [ 27.403609] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.404123] [ 27.404194] The buggy address belongs to the physical page: [ 27.404446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.404855] flags: 0x200000000000000(node=0|zone=2) [ 27.405055] page_type: f5(slab) [ 27.405198] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.405468] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.405809] page dumped because: kasan: bad access detected [ 27.406061] [ 27.406157] Memory state around the buggy address: [ 27.406378] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.406685] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.406902] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.407115] ^ [ 27.407270] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.407705] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.408021] ================================================================== [ 26.535344] ================================================================== [ 26.536268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 26.537087] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.537907] [ 26.538247] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.538415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.538432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.538457] Call Trace: [ 26.538481] <TASK> [ 26.538499] dump_stack_lvl+0x73/0xb0 [ 26.538551] print_report+0xd1/0x610 [ 26.538596] ? __virt_addr_valid+0x1db/0x2d0 [ 26.538654] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.538682] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.538713] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.538741] kasan_report+0x141/0x180 [ 26.538770] ? kasan_atomics_helper+0x4bbc/0x5450 [ 26.538803] __asan_report_load4_noabort+0x18/0x20 [ 26.538833] kasan_atomics_helper+0x4bbc/0x5450 [ 26.538861] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.538889] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.538920] ? kasan_atomics+0x152/0x310 [ 26.538954] kasan_atomics+0x1dc/0x310 [ 26.538982] ? __pfx_kasan_atomics+0x10/0x10 [ 26.539012] ? __pfx_read_tsc+0x10/0x10 [ 26.539039] ? ktime_get_ts64+0x86/0x230 [ 26.539072] kunit_try_run_case+0x1a5/0x480 [ 26.539102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.539128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.539157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.539185] ? __kthread_parkme+0x82/0x180 [ 26.539212] ? preempt_count_sub+0x50/0x80 [ 26.539244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.539272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.539305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.539338] kthread+0x337/0x6f0 [ 26.539363] ? trace_preempt_on+0x20/0xc0 [ 26.539392] ? __pfx_kthread+0x10/0x10 [ 26.539419] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.539450] ? calculate_sigpending+0x7b/0xa0 [ 26.539480] ? __pfx_kthread+0x10/0x10 [ 26.539508] ret_from_fork+0x116/0x1d0 [ 26.539543] ? __pfx_kthread+0x10/0x10 [ 26.539570] ret_from_fork_asm+0x1a/0x30 [ 26.539617] </TASK> [ 26.539629] [ 26.557135] Allocated by task 313: [ 26.557616] kasan_save_stack+0x45/0x70 [ 26.557795] kasan_save_track+0x18/0x40 [ 26.558253] kasan_save_alloc_info+0x3b/0x50 [ 26.558750] __kasan_kmalloc+0xb7/0xc0 [ 26.559144] __kmalloc_cache_noprof+0x189/0x420 [ 26.559399] kasan_atomics+0x95/0x310 [ 26.559547] kunit_try_run_case+0x1a5/0x480 [ 26.560029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.560547] kthread+0x337/0x6f0 [ 26.560910] ret_from_fork+0x116/0x1d0 [ 26.561336] ret_from_fork_asm+0x1a/0x30 [ 26.561484] [ 26.561569] The buggy address belongs to the object at ffff888105926b00 [ 26.561569] which belongs to the cache kmalloc-64 of size 64 [ 26.563009] The buggy address is located 0 bytes to the right of [ 26.563009] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.563418] [ 26.563490] The buggy address belongs to the physical page: [ 26.563978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.564888] flags: 0x200000000000000(node=0|zone=2) [ 26.565348] page_type: f5(slab) [ 26.565700] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.566246] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.566487] page dumped because: kasan: bad access detected [ 26.566701] [ 26.566770] Memory state around the buggy address: [ 26.567114] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.567386] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.567833] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.568101] ^ [ 26.568427] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.568719] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.569349] ================================================================== [ 26.625205] ================================================================== [ 26.625515] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 26.625800] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.626298] [ 26.626425] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.626494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.626510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.626552] Call Trace: [ 26.626569] <TASK> [ 26.626587] dump_stack_lvl+0x73/0xb0 [ 26.626686] print_report+0xd1/0x610 [ 26.626718] ? __virt_addr_valid+0x1db/0x2d0 [ 26.626759] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.626788] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.626834] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.626863] kasan_report+0x141/0x180 [ 26.626893] ? kasan_atomics_helper+0x4b6e/0x5450 [ 26.626929] __asan_report_store4_noabort+0x1b/0x30 [ 26.626961] kasan_atomics_helper+0x4b6e/0x5450 [ 26.626991] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.627020] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.627052] ? kasan_atomics+0x152/0x310 [ 26.627097] kasan_atomics+0x1dc/0x310 [ 26.627127] ? __pfx_kasan_atomics+0x10/0x10 [ 26.627172] ? __pfx_read_tsc+0x10/0x10 [ 26.627200] ? ktime_get_ts64+0x86/0x230 [ 26.627233] kunit_try_run_case+0x1a5/0x480 [ 26.627272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.627301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.627341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.627371] ? __kthread_parkme+0x82/0x180 [ 26.627398] ? preempt_count_sub+0x50/0x80 [ 26.627431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.627462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.627496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.627541] kthread+0x337/0x6f0 [ 26.627568] ? trace_preempt_on+0x20/0xc0 [ 26.627598] ? __pfx_kthread+0x10/0x10 [ 26.627698] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.627733] ? calculate_sigpending+0x7b/0xa0 [ 26.627765] ? __pfx_kthread+0x10/0x10 [ 26.627794] ret_from_fork+0x116/0x1d0 [ 26.627821] ? __pfx_kthread+0x10/0x10 [ 26.627850] ret_from_fork_asm+0x1a/0x30 [ 26.627892] </TASK> [ 26.627906] [ 26.636277] Allocated by task 313: [ 26.636409] kasan_save_stack+0x45/0x70 [ 26.636638] kasan_save_track+0x18/0x40 [ 26.636918] kasan_save_alloc_info+0x3b/0x50 [ 26.637170] __kasan_kmalloc+0xb7/0xc0 [ 26.637341] __kmalloc_cache_noprof+0x189/0x420 [ 26.637587] kasan_atomics+0x95/0x310 [ 26.637761] kunit_try_run_case+0x1a5/0x480 [ 26.638026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.638275] kthread+0x337/0x6f0 [ 26.638456] ret_from_fork+0x116/0x1d0 [ 26.638732] ret_from_fork_asm+0x1a/0x30 [ 26.638943] [ 26.639015] The buggy address belongs to the object at ffff888105926b00 [ 26.639015] which belongs to the cache kmalloc-64 of size 64 [ 26.639370] The buggy address is located 0 bytes to the right of [ 26.639370] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.639950] [ 26.640045] The buggy address belongs to the physical page: [ 26.640301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.640742] flags: 0x200000000000000(node=0|zone=2) [ 26.640978] page_type: f5(slab) [ 26.641102] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.641337] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.641697] page dumped because: kasan: bad access detected [ 26.642324] [ 26.642427] Memory state around the buggy address: [ 26.642769] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.642990] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.643401] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.643806] ^ [ 26.644005] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.644303] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.644652] ================================================================== [ 26.750926] ================================================================== [ 26.751259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 26.751659] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.752004] [ 26.752131] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.752197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.752213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.752240] Call Trace: [ 26.752271] <TASK> [ 26.752291] dump_stack_lvl+0x73/0xb0 [ 26.752327] print_report+0xd1/0x610 [ 26.752357] ? __virt_addr_valid+0x1db/0x2d0 [ 26.752388] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.752416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.752448] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.752478] kasan_report+0x141/0x180 [ 26.752507] ? kasan_atomics_helper+0x5fe/0x5450 [ 26.752552] kasan_check_range+0x10c/0x1c0 [ 26.752643] __kasan_check_write+0x18/0x20 [ 26.752677] kasan_atomics_helper+0x5fe/0x5450 [ 26.752727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.752757] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.752790] ? kasan_atomics+0x152/0x310 [ 26.752834] kasan_atomics+0x1dc/0x310 [ 26.752864] ? __pfx_kasan_atomics+0x10/0x10 [ 26.752907] ? __pfx_read_tsc+0x10/0x10 [ 26.752937] ? ktime_get_ts64+0x86/0x230 [ 26.752981] kunit_try_run_case+0x1a5/0x480 [ 26.753013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.753048] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.753092] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.753125] ? __kthread_parkme+0x82/0x180 [ 26.753163] ? preempt_count_sub+0x50/0x80 [ 26.753196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.753227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.753264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.753308] kthread+0x337/0x6f0 [ 26.753336] ? trace_preempt_on+0x20/0xc0 [ 26.753378] ? __pfx_kthread+0x10/0x10 [ 26.753407] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.753440] ? calculate_sigpending+0x7b/0xa0 [ 26.753472] ? __pfx_kthread+0x10/0x10 [ 26.753504] ret_from_fork+0x116/0x1d0 [ 26.753539] ? __pfx_kthread+0x10/0x10 [ 26.753568] ret_from_fork_asm+0x1a/0x30 [ 26.753658] </TASK> [ 26.753673] [ 26.762062] Allocated by task 313: [ 26.762200] kasan_save_stack+0x45/0x70 [ 26.762353] kasan_save_track+0x18/0x40 [ 26.762522] kasan_save_alloc_info+0x3b/0x50 [ 26.762808] __kasan_kmalloc+0xb7/0xc0 [ 26.763023] __kmalloc_cache_noprof+0x189/0x420 [ 26.763251] kasan_atomics+0x95/0x310 [ 26.763469] kunit_try_run_case+0x1a5/0x480 [ 26.763833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.764149] kthread+0x337/0x6f0 [ 26.764320] ret_from_fork+0x116/0x1d0 [ 26.764516] ret_from_fork_asm+0x1a/0x30 [ 26.764863] [ 26.764965] The buggy address belongs to the object at ffff888105926b00 [ 26.764965] which belongs to the cache kmalloc-64 of size 64 [ 26.765471] The buggy address is located 0 bytes to the right of [ 26.765471] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.766085] [ 26.766167] The buggy address belongs to the physical page: [ 26.766350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.766850] flags: 0x200000000000000(node=0|zone=2) [ 26.767086] page_type: f5(slab) [ 26.767253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.767488] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.767929] page dumped because: kasan: bad access detected [ 26.768219] [ 26.768327] Memory state around the buggy address: [ 26.768510] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.768740] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.769141] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.769488] ^ [ 26.769720] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.770067] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.770353] ================================================================== [ 27.622213] ================================================================== [ 27.623063] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 27.623780] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.624419] [ 27.624560] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.624626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.624641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.624666] Call Trace: [ 27.624682] <TASK> [ 27.624700] dump_stack_lvl+0x73/0xb0 [ 27.624734] print_report+0xd1/0x610 [ 27.624765] ? __virt_addr_valid+0x1db/0x2d0 [ 27.624794] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.624822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.624857] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.624887] kasan_report+0x141/0x180 [ 27.624917] ? kasan_atomics_helper+0x1c18/0x5450 [ 27.624951] kasan_check_range+0x10c/0x1c0 [ 27.624982] __kasan_check_write+0x18/0x20 [ 27.625012] kasan_atomics_helper+0x1c18/0x5450 [ 27.625043] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.625072] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.625104] ? kasan_atomics+0x152/0x310 [ 27.625137] kasan_atomics+0x1dc/0x310 [ 27.625167] ? __pfx_kasan_atomics+0x10/0x10 [ 27.625198] ? __pfx_read_tsc+0x10/0x10 [ 27.625226] ? ktime_get_ts64+0x86/0x230 [ 27.625258] kunit_try_run_case+0x1a5/0x480 [ 27.625288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.625317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.625346] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.625375] ? __kthread_parkme+0x82/0x180 [ 27.625402] ? preempt_count_sub+0x50/0x80 [ 27.625434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.625463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.625496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.625542] kthread+0x337/0x6f0 [ 27.625569] ? trace_preempt_on+0x20/0xc0 [ 27.625598] ? __pfx_kthread+0x10/0x10 [ 27.625634] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.625666] ? calculate_sigpending+0x7b/0xa0 [ 27.625697] ? __pfx_kthread+0x10/0x10 [ 27.625725] ret_from_fork+0x116/0x1d0 [ 27.625751] ? __pfx_kthread+0x10/0x10 [ 27.625779] ret_from_fork_asm+0x1a/0x30 [ 27.625821] </TASK> [ 27.625834] [ 27.635643] Allocated by task 313: [ 27.635824] kasan_save_stack+0x45/0x70 [ 27.636029] kasan_save_track+0x18/0x40 [ 27.636230] kasan_save_alloc_info+0x3b/0x50 [ 27.636477] __kasan_kmalloc+0xb7/0xc0 [ 27.636672] __kmalloc_cache_noprof+0x189/0x420 [ 27.636833] kasan_atomics+0x95/0x310 [ 27.636971] kunit_try_run_case+0x1a5/0x480 [ 27.637177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.637460] kthread+0x337/0x6f0 [ 27.637756] ret_from_fork+0x116/0x1d0 [ 27.637911] ret_from_fork_asm+0x1a/0x30 [ 27.638057] [ 27.638126] The buggy address belongs to the object at ffff888105926b00 [ 27.638126] which belongs to the cache kmalloc-64 of size 64 [ 27.638681] The buggy address is located 0 bytes to the right of [ 27.638681] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.639158] [ 27.639253] The buggy address belongs to the physical page: [ 27.639479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.639964] flags: 0x200000000000000(node=0|zone=2) [ 27.640127] page_type: f5(slab) [ 27.640290] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.640663] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.640942] page dumped because: kasan: bad access detected [ 27.641114] [ 27.641208] Memory state around the buggy address: [ 27.641428] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.641743] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.641960] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.642459] ^ [ 27.642766] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.642989] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.643233] ================================================================== [ 27.802097] ================================================================== [ 27.802431] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 27.802739] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.802968] [ 27.803076] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.803128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.803144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.803169] Call Trace: [ 27.803184] <TASK> [ 27.803202] dump_stack_lvl+0x73/0xb0 [ 27.803236] print_report+0xd1/0x610 [ 27.803265] ? __virt_addr_valid+0x1db/0x2d0 [ 27.803296] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.803324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.803357] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.803387] kasan_report+0x141/0x180 [ 27.803417] ? kasan_atomics_helper+0x4f98/0x5450 [ 27.803453] __asan_report_load8_noabort+0x18/0x20 [ 27.803484] kasan_atomics_helper+0x4f98/0x5450 [ 27.803515] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.803556] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.803589] ? kasan_atomics+0x152/0x310 [ 27.803644] kasan_atomics+0x1dc/0x310 [ 27.803675] ? __pfx_kasan_atomics+0x10/0x10 [ 27.803708] ? __pfx_read_tsc+0x10/0x10 [ 27.803736] ? ktime_get_ts64+0x86/0x230 [ 27.803769] kunit_try_run_case+0x1a5/0x480 [ 27.803800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803830] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.803861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.803891] ? __kthread_parkme+0x82/0x180 [ 27.803918] ? preempt_count_sub+0x50/0x80 [ 27.803950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.803982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.804016] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.804049] kthread+0x337/0x6f0 [ 27.804075] ? trace_preempt_on+0x20/0xc0 [ 27.804104] ? __pfx_kthread+0x10/0x10 [ 27.804132] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.804164] ? calculate_sigpending+0x7b/0xa0 [ 27.804195] ? __pfx_kthread+0x10/0x10 [ 27.804225] ret_from_fork+0x116/0x1d0 [ 27.804251] ? __pfx_kthread+0x10/0x10 [ 27.804279] ret_from_fork_asm+0x1a/0x30 [ 27.804320] </TASK> [ 27.804334] [ 27.811385] Allocated by task 313: [ 27.811569] kasan_save_stack+0x45/0x70 [ 27.811789] kasan_save_track+0x18/0x40 [ 27.811977] kasan_save_alloc_info+0x3b/0x50 [ 27.812128] __kasan_kmalloc+0xb7/0xc0 [ 27.812301] __kmalloc_cache_noprof+0x189/0x420 [ 27.812540] kasan_atomics+0x95/0x310 [ 27.812764] kunit_try_run_case+0x1a5/0x480 [ 27.812975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.813186] kthread+0x337/0x6f0 [ 27.813336] ret_from_fork+0x116/0x1d0 [ 27.813539] ret_from_fork_asm+0x1a/0x30 [ 27.813728] [ 27.813800] The buggy address belongs to the object at ffff888105926b00 [ 27.813800] which belongs to the cache kmalloc-64 of size 64 [ 27.814153] The buggy address is located 0 bytes to the right of [ 27.814153] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.814537] [ 27.814626] The buggy address belongs to the physical page: [ 27.814833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.815191] flags: 0x200000000000000(node=0|zone=2) [ 27.815425] page_type: f5(slab) [ 27.815617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.815958] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.816290] page dumped because: kasan: bad access detected [ 27.816550] [ 27.816669] Memory state around the buggy address: [ 27.816890] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.817201] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.817417] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.817663] ^ [ 27.817821] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.818122] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.818447] ================================================================== [ 27.661315] ================================================================== [ 27.661697] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 27.661939] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.662165] [ 27.662247] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.662298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.662314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.662339] Call Trace: [ 27.662355] <TASK> [ 27.662374] dump_stack_lvl+0x73/0xb0 [ 27.662408] print_report+0xd1/0x610 [ 27.662438] ? __virt_addr_valid+0x1db/0x2d0 [ 27.662467] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.662503] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.662547] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.662577] kasan_report+0x141/0x180 [ 27.662607] ? kasan_atomics_helper+0x1ce1/0x5450 [ 27.662641] kasan_check_range+0x10c/0x1c0 [ 27.662672] __kasan_check_write+0x18/0x20 [ 27.662702] kasan_atomics_helper+0x1ce1/0x5450 [ 27.662732] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.662761] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.662793] ? kasan_atomics+0x152/0x310 [ 27.662828] kasan_atomics+0x1dc/0x310 [ 27.662857] ? __pfx_kasan_atomics+0x10/0x10 [ 27.662889] ? __pfx_read_tsc+0x10/0x10 [ 27.662916] ? ktime_get_ts64+0x86/0x230 [ 27.662949] kunit_try_run_case+0x1a5/0x480 [ 27.662980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.663008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.663038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.663067] ? __kthread_parkme+0x82/0x180 [ 27.663094] ? preempt_count_sub+0x50/0x80 [ 27.663125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.663156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.663189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.663223] kthread+0x337/0x6f0 [ 27.663248] ? trace_preempt_on+0x20/0xc0 [ 27.663279] ? __pfx_kthread+0x10/0x10 [ 27.663307] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.663337] ? calculate_sigpending+0x7b/0xa0 [ 27.663369] ? __pfx_kthread+0x10/0x10 [ 27.663398] ret_from_fork+0x116/0x1d0 [ 27.663424] ? __pfx_kthread+0x10/0x10 [ 27.663451] ret_from_fork_asm+0x1a/0x30 [ 27.663493] </TASK> [ 27.663506] [ 27.671382] Allocated by task 313: [ 27.671571] kasan_save_stack+0x45/0x70 [ 27.671783] kasan_save_track+0x18/0x40 [ 27.671980] kasan_save_alloc_info+0x3b/0x50 [ 27.672206] __kasan_kmalloc+0xb7/0xc0 [ 27.672396] __kmalloc_cache_noprof+0x189/0x420 [ 27.672594] kasan_atomics+0x95/0x310 [ 27.672788] kunit_try_run_case+0x1a5/0x480 [ 27.672971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.673191] kthread+0x337/0x6f0 [ 27.673345] ret_from_fork+0x116/0x1d0 [ 27.673514] ret_from_fork_asm+0x1a/0x30 [ 27.673726] [ 27.673797] The buggy address belongs to the object at ffff888105926b00 [ 27.673797] which belongs to the cache kmalloc-64 of size 64 [ 27.674147] The buggy address is located 0 bytes to the right of [ 27.674147] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.674517] [ 27.674617] The buggy address belongs to the physical page: [ 27.674874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.675243] flags: 0x200000000000000(node=0|zone=2) [ 27.675477] page_type: f5(slab) [ 27.675651] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.675991] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.676301] page dumped because: kasan: bad access detected [ 27.676483] [ 27.676560] Memory state around the buggy address: [ 27.676716] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.677248] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.677582] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.678184] ^ [ 27.678342] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.678572] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.678904] ================================================================== [ 27.115319] ================================================================== [ 27.115687] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 27.116269] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.116525] [ 27.116620] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.116692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.116722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.116760] Call Trace: [ 27.116779] <TASK> [ 27.116810] dump_stack_lvl+0x73/0xb0 [ 27.116859] print_report+0xd1/0x610 [ 27.116889] ? __virt_addr_valid+0x1db/0x2d0 [ 27.116921] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.116950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.116984] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.117013] kasan_report+0x141/0x180 [ 27.117044] ? kasan_atomics_helper+0x4a36/0x5450 [ 27.117080] __asan_report_load4_noabort+0x18/0x20 [ 27.117111] kasan_atomics_helper+0x4a36/0x5450 [ 27.117141] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.117171] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.117203] ? kasan_atomics+0x152/0x310 [ 27.117237] kasan_atomics+0x1dc/0x310 [ 27.117267] ? __pfx_kasan_atomics+0x10/0x10 [ 27.117298] ? __pfx_read_tsc+0x10/0x10 [ 27.117326] ? ktime_get_ts64+0x86/0x230 [ 27.117359] kunit_try_run_case+0x1a5/0x480 [ 27.117388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.117416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.117447] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.117477] ? __kthread_parkme+0x82/0x180 [ 27.117505] ? preempt_count_sub+0x50/0x80 [ 27.117546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.117577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.117610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.117678] kthread+0x337/0x6f0 [ 27.117705] ? trace_preempt_on+0x20/0xc0 [ 27.117737] ? __pfx_kthread+0x10/0x10 [ 27.117765] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.117797] ? calculate_sigpending+0x7b/0xa0 [ 27.117829] ? __pfx_kthread+0x10/0x10 [ 27.117859] ret_from_fork+0x116/0x1d0 [ 27.117885] ? __pfx_kthread+0x10/0x10 [ 27.117913] ret_from_fork_asm+0x1a/0x30 [ 27.117956] </TASK> [ 27.117970] [ 27.125729] Allocated by task 313: [ 27.125938] kasan_save_stack+0x45/0x70 [ 27.126082] kasan_save_track+0x18/0x40 [ 27.126221] kasan_save_alloc_info+0x3b/0x50 [ 27.126482] __kasan_kmalloc+0xb7/0xc0 [ 27.126830] __kmalloc_cache_noprof+0x189/0x420 [ 27.127094] kasan_atomics+0x95/0x310 [ 27.127293] kunit_try_run_case+0x1a5/0x480 [ 27.127521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.127828] kthread+0x337/0x6f0 [ 27.128003] ret_from_fork+0x116/0x1d0 [ 27.128190] ret_from_fork_asm+0x1a/0x30 [ 27.128395] [ 27.128480] The buggy address belongs to the object at ffff888105926b00 [ 27.128480] which belongs to the cache kmalloc-64 of size 64 [ 27.129029] The buggy address is located 0 bytes to the right of [ 27.129029] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.129566] [ 27.129690] The buggy address belongs to the physical page: [ 27.129987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.130323] flags: 0x200000000000000(node=0|zone=2) [ 27.130548] page_type: f5(slab) [ 27.130837] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.131097] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.131449] page dumped because: kasan: bad access detected [ 27.131751] [ 27.131847] Memory state around the buggy address: [ 27.132072] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.132415] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.132732] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.133060] ^ [ 27.133294] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.133632] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.133950] ================================================================== [ 27.284678] ================================================================== [ 27.285014] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 27.285350] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.285815] [ 27.285905] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.285957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.285972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.285996] Call Trace: [ 27.286011] <TASK> [ 27.286027] dump_stack_lvl+0x73/0xb0 [ 27.286063] print_report+0xd1/0x610 [ 27.286092] ? __virt_addr_valid+0x1db/0x2d0 [ 27.286122] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.286151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.286185] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.286213] kasan_report+0x141/0x180 [ 27.286243] ? kasan_atomics_helper+0x49ce/0x5450 [ 27.286278] __asan_report_load4_noabort+0x18/0x20 [ 27.286310] kasan_atomics_helper+0x49ce/0x5450 [ 27.286339] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.286368] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.286401] ? kasan_atomics+0x152/0x310 [ 27.286436] kasan_atomics+0x1dc/0x310 [ 27.286465] ? __pfx_kasan_atomics+0x10/0x10 [ 27.286501] ? __pfx_read_tsc+0x10/0x10 [ 27.286541] ? ktime_get_ts64+0x86/0x230 [ 27.286574] kunit_try_run_case+0x1a5/0x480 [ 27.286604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.286633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.286661] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.286690] ? __kthread_parkme+0x82/0x180 [ 27.286717] ? preempt_count_sub+0x50/0x80 [ 27.286749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.286778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.286813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.286846] kthread+0x337/0x6f0 [ 27.286873] ? trace_preempt_on+0x20/0xc0 [ 27.286903] ? __pfx_kthread+0x10/0x10 [ 27.286931] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.286962] ? calculate_sigpending+0x7b/0xa0 [ 27.286993] ? __pfx_kthread+0x10/0x10 [ 27.287022] ret_from_fork+0x116/0x1d0 [ 27.287048] ? __pfx_kthread+0x10/0x10 [ 27.287075] ret_from_fork_asm+0x1a/0x30 [ 27.287118] </TASK> [ 27.287130] [ 27.300153] Allocated by task 313: [ 27.300361] kasan_save_stack+0x45/0x70 [ 27.300514] kasan_save_track+0x18/0x40 [ 27.300675] kasan_save_alloc_info+0x3b/0x50 [ 27.300829] __kasan_kmalloc+0xb7/0xc0 [ 27.301221] __kmalloc_cache_noprof+0x189/0x420 [ 27.301668] kasan_atomics+0x95/0x310 [ 27.302132] kunit_try_run_case+0x1a5/0x480 [ 27.302541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.303087] kthread+0x337/0x6f0 [ 27.303416] ret_from_fork+0x116/0x1d0 [ 27.303853] ret_from_fork_asm+0x1a/0x30 [ 27.304211] [ 27.304314] The buggy address belongs to the object at ffff888105926b00 [ 27.304314] which belongs to the cache kmalloc-64 of size 64 [ 27.304915] The buggy address is located 0 bytes to the right of [ 27.304915] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.305287] [ 27.305359] The buggy address belongs to the physical page: [ 27.305546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.306298] flags: 0x200000000000000(node=0|zone=2) [ 27.306808] page_type: f5(slab) [ 27.307120] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.307800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.308570] page dumped because: kasan: bad access detected [ 27.308979] [ 27.309052] Memory state around the buggy address: [ 27.309210] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.309429] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.309677] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.309974] ^ [ 27.310222] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.310507] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311019] ================================================================== [ 27.051904] ================================================================== [ 27.052543] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 27.052915] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.053246] [ 27.053341] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.053395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.053411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.053436] Call Trace: [ 27.053452] <TASK> [ 27.053470] dump_stack_lvl+0x73/0xb0 [ 27.053505] print_report+0xd1/0x610 [ 27.053547] ? __virt_addr_valid+0x1db/0x2d0 [ 27.053577] ? kasan_atomics_helper+0xe78/0x5450 [ 27.053605] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.053961] ? kasan_atomics_helper+0xe78/0x5450 [ 27.053995] kasan_report+0x141/0x180 [ 27.054027] ? kasan_atomics_helper+0xe78/0x5450 [ 27.054062] kasan_check_range+0x10c/0x1c0 [ 27.054093] __kasan_check_write+0x18/0x20 [ 27.054123] kasan_atomics_helper+0xe78/0x5450 [ 27.054153] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.054183] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.054215] ? kasan_atomics+0x152/0x310 [ 27.054250] kasan_atomics+0x1dc/0x310 [ 27.054280] ? __pfx_kasan_atomics+0x10/0x10 [ 27.054312] ? __pfx_read_tsc+0x10/0x10 [ 27.054340] ? ktime_get_ts64+0x86/0x230 [ 27.054372] kunit_try_run_case+0x1a5/0x480 [ 27.054403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.054432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.054463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.054505] ? __kthread_parkme+0x82/0x180 [ 27.054544] ? preempt_count_sub+0x50/0x80 [ 27.054577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.054607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.054650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.054685] kthread+0x337/0x6f0 [ 27.054711] ? trace_preempt_on+0x20/0xc0 [ 27.054741] ? __pfx_kthread+0x10/0x10 [ 27.054770] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.054802] ? calculate_sigpending+0x7b/0xa0 [ 27.054833] ? __pfx_kthread+0x10/0x10 [ 27.054862] ret_from_fork+0x116/0x1d0 [ 27.054889] ? __pfx_kthread+0x10/0x10 [ 27.054916] ret_from_fork_asm+0x1a/0x30 [ 27.054958] </TASK> [ 27.054972] [ 27.065241] Allocated by task 313: [ 27.065430] kasan_save_stack+0x45/0x70 [ 27.065800] kasan_save_track+0x18/0x40 [ 27.065983] kasan_save_alloc_info+0x3b/0x50 [ 27.066319] __kasan_kmalloc+0xb7/0xc0 [ 27.066618] __kmalloc_cache_noprof+0x189/0x420 [ 27.066884] kasan_atomics+0x95/0x310 [ 27.067177] kunit_try_run_case+0x1a5/0x480 [ 27.067400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.067849] kthread+0x337/0x6f0 [ 27.068096] ret_from_fork+0x116/0x1d0 [ 27.068303] ret_from_fork_asm+0x1a/0x30 [ 27.068626] [ 27.068768] The buggy address belongs to the object at ffff888105926b00 [ 27.068768] which belongs to the cache kmalloc-64 of size 64 [ 27.069438] The buggy address is located 0 bytes to the right of [ 27.069438] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.070169] [ 27.070278] The buggy address belongs to the physical page: [ 27.070650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.071029] flags: 0x200000000000000(node=0|zone=2) [ 27.071254] page_type: f5(slab) [ 27.071411] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.071964] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.072359] page dumped because: kasan: bad access detected [ 27.072703] [ 27.072810] Memory state around the buggy address: [ 27.073147] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.073490] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.074002] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.074396] ^ [ 27.074716] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.075123] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.075430] ================================================================== [ 27.836219] ================================================================== [ 27.836461] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 27.836856] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.837134] [ 27.837221] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.837274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.837289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.837315] Call Trace: [ 27.837331] <TASK> [ 27.837349] dump_stack_lvl+0x73/0xb0 [ 27.837385] print_report+0xd1/0x610 [ 27.837415] ? __virt_addr_valid+0x1db/0x2d0 [ 27.837446] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.837474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.837507] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.837546] kasan_report+0x141/0x180 [ 27.837577] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.837631] __asan_report_load8_noabort+0x18/0x20 [ 27.837663] kasan_atomics_helper+0x4fb2/0x5450 [ 27.837694] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.837723] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.837755] ? kasan_atomics+0x152/0x310 [ 27.837789] kasan_atomics+0x1dc/0x310 [ 27.837820] ? __pfx_kasan_atomics+0x10/0x10 [ 27.837852] ? __pfx_read_tsc+0x10/0x10 [ 27.837879] ? ktime_get_ts64+0x86/0x230 [ 27.837911] kunit_try_run_case+0x1a5/0x480 [ 27.837943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.837972] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.838001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.838032] ? __kthread_parkme+0x82/0x180 [ 27.838059] ? preempt_count_sub+0x50/0x80 [ 27.838091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.838121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.838155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.838188] kthread+0x337/0x6f0 [ 27.838215] ? trace_preempt_on+0x20/0xc0 [ 27.838246] ? __pfx_kthread+0x10/0x10 [ 27.838274] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.838305] ? calculate_sigpending+0x7b/0xa0 [ 27.838336] ? __pfx_kthread+0x10/0x10 [ 27.838366] ret_from_fork+0x116/0x1d0 [ 27.838391] ? __pfx_kthread+0x10/0x10 [ 27.838419] ret_from_fork_asm+0x1a/0x30 [ 27.838461] </TASK> [ 27.838481] [ 27.845599] Allocated by task 313: [ 27.845771] kasan_save_stack+0x45/0x70 [ 27.845974] kasan_save_track+0x18/0x40 [ 27.846120] kasan_save_alloc_info+0x3b/0x50 [ 27.846273] __kasan_kmalloc+0xb7/0xc0 [ 27.846408] __kmalloc_cache_noprof+0x189/0x420 [ 27.846580] kasan_atomics+0x95/0x310 [ 27.846735] kunit_try_run_case+0x1a5/0x480 [ 27.846885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.847066] kthread+0x337/0x6f0 [ 27.847231] ret_from_fork+0x116/0x1d0 [ 27.847420] ret_from_fork_asm+0x1a/0x30 [ 27.847654] [ 27.847746] The buggy address belongs to the object at ffff888105926b00 [ 27.847746] which belongs to the cache kmalloc-64 of size 64 [ 27.848272] The buggy address is located 0 bytes to the right of [ 27.848272] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.848854] [ 27.848952] The buggy address belongs to the physical page: [ 27.849202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.849489] flags: 0x200000000000000(node=0|zone=2) [ 27.849679] page_type: f5(slab) [ 27.849803] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.850039] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.850346] page dumped because: kasan: bad access detected [ 27.850620] [ 27.850718] Memory state around the buggy address: [ 27.850942] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.851263] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.851587] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.851867] ^ [ 27.852062] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.852329] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.852668] ================================================================== [ 27.784981] ================================================================== [ 27.785442] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 27.785804] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.786180] [ 27.786266] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.786318] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.786334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.786359] Call Trace: [ 27.786375] <TASK> [ 27.786390] dump_stack_lvl+0x73/0xb0 [ 27.786424] print_report+0xd1/0x610 [ 27.786453] ? __virt_addr_valid+0x1db/0x2d0 [ 27.786487] ? kasan_atomics_helper+0x2006/0x5450 [ 27.786516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.786559] ? kasan_atomics_helper+0x2006/0x5450 [ 27.786588] kasan_report+0x141/0x180 [ 27.786638] ? kasan_atomics_helper+0x2006/0x5450 [ 27.786673] kasan_check_range+0x10c/0x1c0 [ 27.786705] __kasan_check_write+0x18/0x20 [ 27.786735] kasan_atomics_helper+0x2006/0x5450 [ 27.786766] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.786796] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.786829] ? kasan_atomics+0x152/0x310 [ 27.786864] kasan_atomics+0x1dc/0x310 [ 27.786896] ? __pfx_kasan_atomics+0x10/0x10 [ 27.786929] ? __pfx_read_tsc+0x10/0x10 [ 27.786957] ? ktime_get_ts64+0x86/0x230 [ 27.786990] kunit_try_run_case+0x1a5/0x480 [ 27.787021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.787050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.787080] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.787112] ? __kthread_parkme+0x82/0x180 [ 27.787138] ? preempt_count_sub+0x50/0x80 [ 27.787169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.787199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.787232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.787266] kthread+0x337/0x6f0 [ 27.787292] ? trace_preempt_on+0x20/0xc0 [ 27.787321] ? __pfx_kthread+0x10/0x10 [ 27.787350] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.787380] ? calculate_sigpending+0x7b/0xa0 [ 27.787412] ? __pfx_kthread+0x10/0x10 [ 27.787441] ret_from_fork+0x116/0x1d0 [ 27.787468] ? __pfx_kthread+0x10/0x10 [ 27.787495] ret_from_fork_asm+0x1a/0x30 [ 27.787544] </TASK> [ 27.787558] [ 27.794526] Allocated by task 313: [ 27.794713] kasan_save_stack+0x45/0x70 [ 27.794914] kasan_save_track+0x18/0x40 [ 27.795081] kasan_save_alloc_info+0x3b/0x50 [ 27.795263] __kasan_kmalloc+0xb7/0xc0 [ 27.795460] __kmalloc_cache_noprof+0x189/0x420 [ 27.795690] kasan_atomics+0x95/0x310 [ 27.795861] kunit_try_run_case+0x1a5/0x480 [ 27.796068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.796282] kthread+0x337/0x6f0 [ 27.796456] ret_from_fork+0x116/0x1d0 [ 27.796620] ret_from_fork_asm+0x1a/0x30 [ 27.796789] [ 27.796881] The buggy address belongs to the object at ffff888105926b00 [ 27.796881] which belongs to the cache kmalloc-64 of size 64 [ 27.797332] The buggy address is located 0 bytes to the right of [ 27.797332] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.797882] [ 27.797980] The buggy address belongs to the physical page: [ 27.798215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.798494] flags: 0x200000000000000(node=0|zone=2) [ 27.798760] page_type: f5(slab) [ 27.798903] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.799221] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.799499] page dumped because: kasan: bad access detected [ 27.799702] [ 27.799772] Memory state around the buggy address: [ 27.799928] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.800144] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.800429] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.800772] ^ [ 27.800997] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.801312] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.801665] ================================================================== [ 26.730780] ================================================================== [ 26.731131] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 26.731579] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.732028] [ 26.732155] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.732221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.732239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.732264] Call Trace: [ 26.732281] <TASK> [ 26.732299] dump_stack_lvl+0x73/0xb0 [ 26.732344] print_report+0xd1/0x610 [ 26.732374] ? __virt_addr_valid+0x1db/0x2d0 [ 26.732417] ? kasan_atomics_helper+0x565/0x5450 [ 26.732444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.732477] ? kasan_atomics_helper+0x565/0x5450 [ 26.732506] kasan_report+0x141/0x180 [ 26.732546] ? kasan_atomics_helper+0x565/0x5450 [ 26.732582] kasan_check_range+0x10c/0x1c0 [ 26.732613] __kasan_check_write+0x18/0x20 [ 26.732643] kasan_atomics_helper+0x565/0x5450 [ 26.732672] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.732702] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.732735] ? kasan_atomics+0x152/0x310 [ 26.732778] kasan_atomics+0x1dc/0x310 [ 26.732807] ? __pfx_kasan_atomics+0x10/0x10 [ 26.732849] ? __pfx_read_tsc+0x10/0x10 [ 26.732877] ? ktime_get_ts64+0x86/0x230 [ 26.732909] kunit_try_run_case+0x1a5/0x480 [ 26.732940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.732969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.732997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.733027] ? __kthread_parkme+0x82/0x180 [ 26.733054] ? preempt_count_sub+0x50/0x80 [ 26.733085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.733136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.733170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.733204] kthread+0x337/0x6f0 [ 26.733230] ? trace_preempt_on+0x20/0xc0 [ 26.733260] ? __pfx_kthread+0x10/0x10 [ 26.733345] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.733390] ? calculate_sigpending+0x7b/0xa0 [ 26.733431] ? __pfx_kthread+0x10/0x10 [ 26.733460] ret_from_fork+0x116/0x1d0 [ 26.733497] ? __pfx_kthread+0x10/0x10 [ 26.733534] ret_from_fork_asm+0x1a/0x30 [ 26.733577] </TASK> [ 26.733630] [ 26.741697] Allocated by task 313: [ 26.741886] kasan_save_stack+0x45/0x70 [ 26.742088] kasan_save_track+0x18/0x40 [ 26.742283] kasan_save_alloc_info+0x3b/0x50 [ 26.742493] __kasan_kmalloc+0xb7/0xc0 [ 26.742713] __kmalloc_cache_noprof+0x189/0x420 [ 26.742958] kasan_atomics+0x95/0x310 [ 26.743097] kunit_try_run_case+0x1a5/0x480 [ 26.743335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.743626] kthread+0x337/0x6f0 [ 26.743801] ret_from_fork+0x116/0x1d0 [ 26.743941] ret_from_fork_asm+0x1a/0x30 [ 26.744085] [ 26.744156] The buggy address belongs to the object at ffff888105926b00 [ 26.744156] which belongs to the cache kmalloc-64 of size 64 [ 26.744610] The buggy address is located 0 bytes to the right of [ 26.744610] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.745290] [ 26.745366] The buggy address belongs to the physical page: [ 26.745549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.745789] flags: 0x200000000000000(node=0|zone=2) [ 26.746169] page_type: f5(slab) [ 26.746578] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.747061] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.747455] page dumped because: kasan: bad access detected [ 26.747816] [ 26.747891] Memory state around the buggy address: [ 26.748053] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.748392] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.748949] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.749329] ^ [ 26.749566] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.750029] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.750336] ================================================================== [ 27.096779] ================================================================== [ 27.097077] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 27.097410] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.098194] [ 27.098321] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.098376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.098408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.098434] Call Trace: [ 27.098454] <TASK> [ 27.098479] dump_stack_lvl+0x73/0xb0 [ 27.098516] print_report+0xd1/0x610 [ 27.098558] ? __virt_addr_valid+0x1db/0x2d0 [ 27.098589] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.098617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.098651] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.098680] kasan_report+0x141/0x180 [ 27.098711] ? kasan_atomics_helper+0xfa9/0x5450 [ 27.098746] kasan_check_range+0x10c/0x1c0 [ 27.098777] __kasan_check_write+0x18/0x20 [ 27.098807] kasan_atomics_helper+0xfa9/0x5450 [ 27.098837] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.098868] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.098900] ? kasan_atomics+0x152/0x310 [ 27.098934] kasan_atomics+0x1dc/0x310 [ 27.098964] ? __pfx_kasan_atomics+0x10/0x10 [ 27.098995] ? __pfx_read_tsc+0x10/0x10 [ 27.099024] ? ktime_get_ts64+0x86/0x230 [ 27.099056] kunit_try_run_case+0x1a5/0x480 [ 27.099087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099116] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.099146] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.099176] ? __kthread_parkme+0x82/0x180 [ 27.099203] ? preempt_count_sub+0x50/0x80 [ 27.099236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.099267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.099301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.099334] kthread+0x337/0x6f0 [ 27.099361] ? trace_preempt_on+0x20/0xc0 [ 27.099391] ? __pfx_kthread+0x10/0x10 [ 27.099420] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.099451] ? calculate_sigpending+0x7b/0xa0 [ 27.099482] ? __pfx_kthread+0x10/0x10 [ 27.099511] ret_from_fork+0x116/0x1d0 [ 27.099546] ? __pfx_kthread+0x10/0x10 [ 27.099574] ret_from_fork_asm+0x1a/0x30 [ 27.099616] </TASK> [ 27.099631] [ 27.107057] Allocated by task 313: [ 27.107254] kasan_save_stack+0x45/0x70 [ 27.107478] kasan_save_track+0x18/0x40 [ 27.107766] kasan_save_alloc_info+0x3b/0x50 [ 27.107995] __kasan_kmalloc+0xb7/0xc0 [ 27.108174] __kmalloc_cache_noprof+0x189/0x420 [ 27.108346] kasan_atomics+0x95/0x310 [ 27.108479] kunit_try_run_case+0x1a5/0x480 [ 27.108753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.109027] kthread+0x337/0x6f0 [ 27.109196] ret_from_fork+0x116/0x1d0 [ 27.109388] ret_from_fork_asm+0x1a/0x30 [ 27.109626] [ 27.109700] The buggy address belongs to the object at ffff888105926b00 [ 27.109700] which belongs to the cache kmalloc-64 of size 64 [ 27.110065] The buggy address is located 0 bytes to the right of [ 27.110065] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.110467] [ 27.110591] The buggy address belongs to the physical page: [ 27.110862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.111420] flags: 0x200000000000000(node=0|zone=2) [ 27.111696] page_type: f5(slab) [ 27.111880] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.112200] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.112577] page dumped because: kasan: bad access detected [ 27.112823] [ 27.112914] Memory state around the buggy address: [ 27.113142] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.113419] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.113701] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.114021] ^ [ 27.114261] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.114591] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.114814] ================================================================== [ 27.716682] ================================================================== [ 27.716920] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 27.720271] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.720601] [ 27.722157] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.722218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.722236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.722262] Call Trace: [ 27.722280] <TASK> [ 27.722301] dump_stack_lvl+0x73/0xb0 [ 27.722338] print_report+0xd1/0x610 [ 27.722368] ? __virt_addr_valid+0x1db/0x2d0 [ 27.722398] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.722426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.722460] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.722496] kasan_report+0x141/0x180 [ 27.722526] ? kasan_atomics_helper+0x1eaa/0x5450 [ 27.722575] kasan_check_range+0x10c/0x1c0 [ 27.722888] __kasan_check_write+0x18/0x20 [ 27.722936] kasan_atomics_helper+0x1eaa/0x5450 [ 27.722972] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.723003] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.723038] ? kasan_atomics+0x152/0x310 [ 27.723075] kasan_atomics+0x1dc/0x310 [ 27.723107] ? __pfx_kasan_atomics+0x10/0x10 [ 27.723141] ? __pfx_read_tsc+0x10/0x10 [ 27.723168] ? ktime_get_ts64+0x86/0x230 [ 27.723202] kunit_try_run_case+0x1a5/0x480 [ 27.723232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.723260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.723291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.723322] ? __kthread_parkme+0x82/0x180 [ 27.723350] ? preempt_count_sub+0x50/0x80 [ 27.723383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.723415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.723450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.723483] kthread+0x337/0x6f0 [ 27.723509] ? trace_preempt_on+0x20/0xc0 [ 27.723554] ? __pfx_kthread+0x10/0x10 [ 27.723582] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.723620] ? calculate_sigpending+0x7b/0xa0 [ 27.723651] ? __pfx_kthread+0x10/0x10 [ 27.723680] ret_from_fork+0x116/0x1d0 [ 27.723706] ? __pfx_kthread+0x10/0x10 [ 27.723734] ret_from_fork_asm+0x1a/0x30 [ 27.723775] </TASK> [ 27.723789] [ 27.735822] Allocated by task 313: [ 27.736021] kasan_save_stack+0x45/0x70 [ 27.736328] kasan_save_track+0x18/0x40 [ 27.736555] kasan_save_alloc_info+0x3b/0x50 [ 27.736909] __kasan_kmalloc+0xb7/0xc0 [ 27.737195] __kmalloc_cache_noprof+0x189/0x420 [ 27.737489] kasan_atomics+0x95/0x310 [ 27.737813] kunit_try_run_case+0x1a5/0x480 [ 27.737985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.738378] kthread+0x337/0x6f0 [ 27.738583] ret_from_fork+0x116/0x1d0 [ 27.738808] ret_from_fork_asm+0x1a/0x30 [ 27.738999] [ 27.739084] The buggy address belongs to the object at ffff888105926b00 [ 27.739084] which belongs to the cache kmalloc-64 of size 64 [ 27.739928] The buggy address is located 0 bytes to the right of [ 27.739928] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.740891] [ 27.741152] The buggy address belongs to the physical page: [ 27.741574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.741820] flags: 0x200000000000000(node=0|zone=2) [ 27.741981] page_type: f5(slab) [ 27.742099] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.742324] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.742598] page dumped because: kasan: bad access detected [ 27.743065] [ 27.743176] Memory state around the buggy address: [ 27.743405] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.744017] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.744422] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.744999] ^ [ 27.745672] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.746356] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.746599] ================================================================== [ 27.311645] ================================================================== [ 27.312063] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 27.312412] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.312765] [ 27.312899] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.312952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.312967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.312992] Call Trace: [ 27.313009] <TASK> [ 27.313036] dump_stack_lvl+0x73/0xb0 [ 27.313071] print_report+0xd1/0x610 [ 27.313112] ? __virt_addr_valid+0x1db/0x2d0 [ 27.313144] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.313172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.313214] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.313243] kasan_report+0x141/0x180 [ 27.313272] ? kasan_atomics_helper+0x13b5/0x5450 [ 27.313320] kasan_check_range+0x10c/0x1c0 [ 27.313350] __kasan_check_read+0x15/0x20 [ 27.313390] kasan_atomics_helper+0x13b5/0x5450 [ 27.313421] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.313450] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.313493] ? kasan_atomics+0x152/0x310 [ 27.313537] kasan_atomics+0x1dc/0x310 [ 27.313567] ? __pfx_kasan_atomics+0x10/0x10 [ 27.313599] ? __pfx_read_tsc+0x10/0x10 [ 27.313638] ? ktime_get_ts64+0x86/0x230 [ 27.313671] kunit_try_run_case+0x1a5/0x480 [ 27.313701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.313730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.313759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.313788] ? __kthread_parkme+0x82/0x180 [ 27.313815] ? preempt_count_sub+0x50/0x80 [ 27.313847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.313876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.313911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.313945] kthread+0x337/0x6f0 [ 27.313981] ? trace_preempt_on+0x20/0xc0 [ 27.314011] ? __pfx_kthread+0x10/0x10 [ 27.314050] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.314082] ? calculate_sigpending+0x7b/0xa0 [ 27.314113] ? __pfx_kthread+0x10/0x10 [ 27.314142] ret_from_fork+0x116/0x1d0 [ 27.314167] ? __pfx_kthread+0x10/0x10 [ 27.314195] ret_from_fork_asm+0x1a/0x30 [ 27.314238] </TASK> [ 27.314252] [ 27.322042] Allocated by task 313: [ 27.322167] kasan_save_stack+0x45/0x70 [ 27.322491] kasan_save_track+0x18/0x40 [ 27.322876] kasan_save_alloc_info+0x3b/0x50 [ 27.323093] __kasan_kmalloc+0xb7/0xc0 [ 27.323282] __kmalloc_cache_noprof+0x189/0x420 [ 27.323479] kasan_atomics+0x95/0x310 [ 27.323648] kunit_try_run_case+0x1a5/0x480 [ 27.323867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.324147] kthread+0x337/0x6f0 [ 27.324284] ret_from_fork+0x116/0x1d0 [ 27.324422] ret_from_fork_asm+0x1a/0x30 [ 27.324576] [ 27.324667] The buggy address belongs to the object at ffff888105926b00 [ 27.324667] which belongs to the cache kmalloc-64 of size 64 [ 27.325218] The buggy address is located 0 bytes to the right of [ 27.325218] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.326192] [ 27.326293] The buggy address belongs to the physical page: [ 27.326535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.326780] flags: 0x200000000000000(node=0|zone=2) [ 27.326941] page_type: f5(slab) [ 27.327208] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.327585] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.327929] page dumped because: kasan: bad access detected [ 27.328204] [ 27.328280] Memory state around the buggy address: [ 27.328435] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.328870] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.329187] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.329458] ^ [ 27.329662] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.329985] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.330312] ================================================================== [ 27.175032] ================================================================== [ 27.175466] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 27.175854] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.176186] [ 27.176302] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.176358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.176373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.176398] Call Trace: [ 27.176418] <TASK> [ 27.176437] dump_stack_lvl+0x73/0xb0 [ 27.176473] print_report+0xd1/0x610 [ 27.176502] ? __virt_addr_valid+0x1db/0x2d0 [ 27.176546] ? kasan_atomics_helper+0x1148/0x5450 [ 27.176575] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.176607] ? kasan_atomics_helper+0x1148/0x5450 [ 27.176648] kasan_report+0x141/0x180 [ 27.176698] ? kasan_atomics_helper+0x1148/0x5450 [ 27.176761] kasan_check_range+0x10c/0x1c0 [ 27.176806] __kasan_check_write+0x18/0x20 [ 27.176862] kasan_atomics_helper+0x1148/0x5450 [ 27.176907] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.176936] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.176967] ? kasan_atomics+0x152/0x310 [ 27.177003] kasan_atomics+0x1dc/0x310 [ 27.177033] ? __pfx_kasan_atomics+0x10/0x10 [ 27.177064] ? __pfx_read_tsc+0x10/0x10 [ 27.177092] ? ktime_get_ts64+0x86/0x230 [ 27.177125] kunit_try_run_case+0x1a5/0x480 [ 27.177155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.177185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.177215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.177245] ? __kthread_parkme+0x82/0x180 [ 27.177273] ? preempt_count_sub+0x50/0x80 [ 27.177305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.177336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.177369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.177405] kthread+0x337/0x6f0 [ 27.177449] ? trace_preempt_on+0x20/0xc0 [ 27.177482] ? __pfx_kthread+0x10/0x10 [ 27.177525] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.177580] ? calculate_sigpending+0x7b/0xa0 [ 27.177626] ? __pfx_kthread+0x10/0x10 [ 27.177656] ret_from_fork+0x116/0x1d0 [ 27.177696] ? __pfx_kthread+0x10/0x10 [ 27.177736] ret_from_fork_asm+0x1a/0x30 [ 27.177779] </TASK> [ 27.177793] [ 27.185300] Allocated by task 313: [ 27.185491] kasan_save_stack+0x45/0x70 [ 27.185803] kasan_save_track+0x18/0x40 [ 27.185990] kasan_save_alloc_info+0x3b/0x50 [ 27.186186] __kasan_kmalloc+0xb7/0xc0 [ 27.186365] __kmalloc_cache_noprof+0x189/0x420 [ 27.186606] kasan_atomics+0x95/0x310 [ 27.186787] kunit_try_run_case+0x1a5/0x480 [ 27.186986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.187242] kthread+0x337/0x6f0 [ 27.187395] ret_from_fork+0x116/0x1d0 [ 27.187608] ret_from_fork_asm+0x1a/0x30 [ 27.187782] [ 27.187894] The buggy address belongs to the object at ffff888105926b00 [ 27.187894] which belongs to the cache kmalloc-64 of size 64 [ 27.188344] The buggy address is located 0 bytes to the right of [ 27.188344] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.188906] [ 27.189023] The buggy address belongs to the physical page: [ 27.189286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.189589] flags: 0x200000000000000(node=0|zone=2) [ 27.189812] page_type: f5(slab) [ 27.189989] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.190293] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.190639] page dumped because: kasan: bad access detected [ 27.190807] [ 27.190875] Memory state around the buggy address: [ 27.191060] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.191374] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.191891] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.192103] ^ [ 27.192257] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192576] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.193202] ================================================================== [ 26.810692] ================================================================== [ 26.811043] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.811368] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.811918] [ 26.812060] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.812128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.812144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.812182] Call Trace: [ 26.812203] <TASK> [ 26.812223] dump_stack_lvl+0x73/0xb0 [ 26.812271] print_report+0xd1/0x610 [ 26.812301] ? __virt_addr_valid+0x1db/0x2d0 [ 26.812344] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.812372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.812413] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.812442] kasan_report+0x141/0x180 [ 26.812471] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.812516] kasan_check_range+0x10c/0x1c0 [ 26.812557] __kasan_check_write+0x18/0x20 [ 26.812641] kasan_atomics_helper+0x7c7/0x5450 [ 26.812671] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.812851] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.812884] ? kasan_atomics+0x152/0x310 [ 26.813013] kasan_atomics+0x1dc/0x310 [ 26.813044] ? __pfx_kasan_atomics+0x10/0x10 [ 26.813167] ? __pfx_read_tsc+0x10/0x10 [ 26.813194] ? ktime_get_ts64+0x86/0x230 [ 26.813228] kunit_try_run_case+0x1a5/0x480 [ 26.813260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.813289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.813320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.813350] ? __kthread_parkme+0x82/0x180 [ 26.813377] ? preempt_count_sub+0x50/0x80 [ 26.813410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.813441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.813475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.813508] kthread+0x337/0x6f0 [ 26.813546] ? trace_preempt_on+0x20/0xc0 [ 26.813578] ? __pfx_kthread+0x10/0x10 [ 26.813605] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.814021] ? calculate_sigpending+0x7b/0xa0 [ 26.814070] ? __pfx_kthread+0x10/0x10 [ 26.814099] ret_from_fork+0x116/0x1d0 [ 26.814126] ? __pfx_kthread+0x10/0x10 [ 26.814154] ret_from_fork_asm+0x1a/0x30 [ 26.814197] </TASK> [ 26.814211] [ 26.823037] Allocated by task 313: [ 26.823164] kasan_save_stack+0x45/0x70 [ 26.823376] kasan_save_track+0x18/0x40 [ 26.823597] kasan_save_alloc_info+0x3b/0x50 [ 26.823816] __kasan_kmalloc+0xb7/0xc0 [ 26.824009] __kmalloc_cache_noprof+0x189/0x420 [ 26.824193] kasan_atomics+0x95/0x310 [ 26.824367] kunit_try_run_case+0x1a5/0x480 [ 26.824674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.825000] kthread+0x337/0x6f0 [ 26.825159] ret_from_fork+0x116/0x1d0 [ 26.825351] ret_from_fork_asm+0x1a/0x30 [ 26.825562] [ 26.825689] The buggy address belongs to the object at ffff888105926b00 [ 26.825689] which belongs to the cache kmalloc-64 of size 64 [ 26.826049] The buggy address is located 0 bytes to the right of [ 26.826049] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.826564] [ 26.826730] The buggy address belongs to the physical page: [ 26.826993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.827359] flags: 0x200000000000000(node=0|zone=2) [ 26.827585] page_type: f5(slab) [ 26.827930] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.828291] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.828540] page dumped because: kasan: bad access detected [ 26.828718] [ 26.828859] Memory state around the buggy address: [ 26.829253] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.829588] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.829991] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.830318] ^ [ 26.830538] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.830821] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.831271] ================================================================== [ 27.371169] ================================================================== [ 27.371661] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 27.372057] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.372771] [ 27.373004] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.373076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.373093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.373118] Call Trace: [ 27.373163] <TASK> [ 27.373182] dump_stack_lvl+0x73/0xb0 [ 27.373219] print_report+0xd1/0x610 [ 27.373250] ? __virt_addr_valid+0x1db/0x2d0 [ 27.373280] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.373309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.373343] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.373372] kasan_report+0x141/0x180 [ 27.373402] ? kasan_atomics_helper+0x50d4/0x5450 [ 27.373437] __asan_report_store8_noabort+0x1b/0x30 [ 27.373469] kasan_atomics_helper+0x50d4/0x5450 [ 27.373500] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.373540] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.373573] ? kasan_atomics+0x152/0x310 [ 27.373608] kasan_atomics+0x1dc/0x310 [ 27.373646] ? __pfx_kasan_atomics+0x10/0x10 [ 27.373679] ? __pfx_read_tsc+0x10/0x10 [ 27.373707] ? ktime_get_ts64+0x86/0x230 [ 27.373740] kunit_try_run_case+0x1a5/0x480 [ 27.373770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.373799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.373829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.373859] ? __kthread_parkme+0x82/0x180 [ 27.373887] ? preempt_count_sub+0x50/0x80 [ 27.373920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.373951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.373984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.374018] kthread+0x337/0x6f0 [ 27.374044] ? trace_preempt_on+0x20/0xc0 [ 27.374074] ? __pfx_kthread+0x10/0x10 [ 27.374102] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.374134] ? calculate_sigpending+0x7b/0xa0 [ 27.374165] ? __pfx_kthread+0x10/0x10 [ 27.374193] ret_from_fork+0x116/0x1d0 [ 27.374218] ? __pfx_kthread+0x10/0x10 [ 27.374246] ret_from_fork_asm+0x1a/0x30 [ 27.374289] </TASK> [ 27.374303] [ 27.381615] Allocated by task 313: [ 27.381815] kasan_save_stack+0x45/0x70 [ 27.381962] kasan_save_track+0x18/0x40 [ 27.382103] kasan_save_alloc_info+0x3b/0x50 [ 27.382576] __kasan_kmalloc+0xb7/0xc0 [ 27.382776] __kmalloc_cache_noprof+0x189/0x420 [ 27.383004] kasan_atomics+0x95/0x310 [ 27.383205] kunit_try_run_case+0x1a5/0x480 [ 27.383378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.383661] kthread+0x337/0x6f0 [ 27.383819] ret_from_fork+0x116/0x1d0 [ 27.384001] ret_from_fork_asm+0x1a/0x30 [ 27.384204] [ 27.384302] The buggy address belongs to the object at ffff888105926b00 [ 27.384302] which belongs to the cache kmalloc-64 of size 64 [ 27.384953] The buggy address is located 0 bytes to the right of [ 27.384953] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.385443] [ 27.385517] The buggy address belongs to the physical page: [ 27.385699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.385990] flags: 0x200000000000000(node=0|zone=2) [ 27.386247] page_type: f5(slab) [ 27.386414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.386769] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.387256] page dumped because: kasan: bad access detected [ 27.387428] [ 27.387497] Memory state around the buggy address: [ 27.387662] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.387999] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.388345] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.388779] ^ [ 27.389023] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.389339] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.389591] ================================================================== [ 26.600786] ================================================================== [ 26.601081] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 26.601367] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.601719] [ 26.601896] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.601955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.601971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.601998] Call Trace: [ 26.602021] <TASK> [ 26.602042] dump_stack_lvl+0x73/0xb0 [ 26.602078] print_report+0xd1/0x610 [ 26.602108] ? __virt_addr_valid+0x1db/0x2d0 [ 26.602138] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.602167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.602200] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.602230] kasan_report+0x141/0x180 [ 26.602260] ? kasan_atomics_helper+0x4b88/0x5450 [ 26.602295] __asan_report_load4_noabort+0x18/0x20 [ 26.602326] kasan_atomics_helper+0x4b88/0x5450 [ 26.602356] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.602386] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.602418] ? kasan_atomics+0x152/0x310 [ 26.602452] kasan_atomics+0x1dc/0x310 [ 26.602489] ? __pfx_kasan_atomics+0x10/0x10 [ 26.602521] ? __pfx_read_tsc+0x10/0x10 [ 26.602562] ? ktime_get_ts64+0x86/0x230 [ 26.602595] kunit_try_run_case+0x1a5/0x480 [ 26.602627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.602685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.602715] ? __kthread_parkme+0x82/0x180 [ 26.602741] ? preempt_count_sub+0x50/0x80 [ 26.602773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.602903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.602937] kthread+0x337/0x6f0 [ 26.602964] ? trace_preempt_on+0x20/0xc0 [ 26.602995] ? __pfx_kthread+0x10/0x10 [ 26.603023] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.603055] ? calculate_sigpending+0x7b/0xa0 [ 26.603088] ? __pfx_kthread+0x10/0x10 [ 26.603118] ret_from_fork+0x116/0x1d0 [ 26.603144] ? __pfx_kthread+0x10/0x10 [ 26.603172] ret_from_fork_asm+0x1a/0x30 [ 26.603215] </TASK> [ 26.603228] [ 26.612498] Allocated by task 313: [ 26.612826] kasan_save_stack+0x45/0x70 [ 26.613031] kasan_save_track+0x18/0x40 [ 26.613213] kasan_save_alloc_info+0x3b/0x50 [ 26.613412] __kasan_kmalloc+0xb7/0xc0 [ 26.613630] __kmalloc_cache_noprof+0x189/0x420 [ 26.613839] kasan_atomics+0x95/0x310 [ 26.614008] kunit_try_run_case+0x1a5/0x480 [ 26.614200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.614436] kthread+0x337/0x6f0 [ 26.615085] ret_from_fork+0x116/0x1d0 [ 26.615590] ret_from_fork_asm+0x1a/0x30 [ 26.615926] [ 26.616007] The buggy address belongs to the object at ffff888105926b00 [ 26.616007] which belongs to the cache kmalloc-64 of size 64 [ 26.616364] The buggy address is located 0 bytes to the right of [ 26.616364] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.617685] [ 26.617792] The buggy address belongs to the physical page: [ 26.618007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.618305] flags: 0x200000000000000(node=0|zone=2) [ 26.618506] page_type: f5(slab) [ 26.618806] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.619115] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.619419] page dumped because: kasan: bad access detected [ 26.620180] [ 26.620369] Memory state around the buggy address: [ 26.620824] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.621781] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.622238] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.622767] ^ [ 26.623277] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.624119] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.624559] ================================================================== [ 27.480197] ================================================================== [ 27.480959] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 27.481323] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.481880] [ 27.481999] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.482286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.482305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.482332] Call Trace: [ 27.482350] <TASK> [ 27.482370] dump_stack_lvl+0x73/0xb0 [ 27.482405] print_report+0xd1/0x610 [ 27.482436] ? __virt_addr_valid+0x1db/0x2d0 [ 27.482466] ? kasan_atomics_helper+0x177f/0x5450 [ 27.482501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.482546] ? kasan_atomics_helper+0x177f/0x5450 [ 27.482574] kasan_report+0x141/0x180 [ 27.482603] ? kasan_atomics_helper+0x177f/0x5450 [ 27.482649] kasan_check_range+0x10c/0x1c0 [ 27.482681] __kasan_check_write+0x18/0x20 [ 27.482710] kasan_atomics_helper+0x177f/0x5450 [ 27.482743] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.482774] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.482807] ? kasan_atomics+0x152/0x310 [ 27.482842] kasan_atomics+0x1dc/0x310 [ 27.482872] ? __pfx_kasan_atomics+0x10/0x10 [ 27.482904] ? __pfx_read_tsc+0x10/0x10 [ 27.482932] ? ktime_get_ts64+0x86/0x230 [ 27.482964] kunit_try_run_case+0x1a5/0x480 [ 27.482995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.483023] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.483053] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.483082] ? __kthread_parkme+0x82/0x180 [ 27.483109] ? preempt_count_sub+0x50/0x80 [ 27.483141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.483172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.483206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.483240] kthread+0x337/0x6f0 [ 27.483266] ? trace_preempt_on+0x20/0xc0 [ 27.483296] ? __pfx_kthread+0x10/0x10 [ 27.483324] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.483355] ? calculate_sigpending+0x7b/0xa0 [ 27.483386] ? __pfx_kthread+0x10/0x10 [ 27.483416] ret_from_fork+0x116/0x1d0 [ 27.483441] ? __pfx_kthread+0x10/0x10 [ 27.483469] ret_from_fork_asm+0x1a/0x30 [ 27.483511] </TASK> [ 27.483525] [ 27.493619] Allocated by task 313: [ 27.493825] kasan_save_stack+0x45/0x70 [ 27.494247] kasan_save_track+0x18/0x40 [ 27.494455] kasan_save_alloc_info+0x3b/0x50 [ 27.494868] __kasan_kmalloc+0xb7/0xc0 [ 27.495126] __kmalloc_cache_noprof+0x189/0x420 [ 27.495459] kasan_atomics+0x95/0x310 [ 27.495792] kunit_try_run_case+0x1a5/0x480 [ 27.496022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.496389] kthread+0x337/0x6f0 [ 27.496579] ret_from_fork+0x116/0x1d0 [ 27.496912] ret_from_fork_asm+0x1a/0x30 [ 27.497094] [ 27.497182] The buggy address belongs to the object at ffff888105926b00 [ 27.497182] which belongs to the cache kmalloc-64 of size 64 [ 27.498002] The buggy address is located 0 bytes to the right of [ 27.498002] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.498673] [ 27.498777] The buggy address belongs to the physical page: [ 27.499164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.499595] flags: 0x200000000000000(node=0|zone=2) [ 27.499878] page_type: f5(slab) [ 27.500148] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.500556] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.501078] page dumped because: kasan: bad access detected [ 27.501286] [ 27.501513] Memory state around the buggy address: [ 27.501820] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.502177] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.502514] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.503075] ^ [ 27.503363] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.503800] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.504212] ================================================================== [ 26.770817] ================================================================== [ 26.771248] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 26.771641] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.772002] [ 26.772196] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.772252] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.772279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.772304] Call Trace: [ 26.772322] <TASK> [ 26.772350] dump_stack_lvl+0x73/0xb0 [ 26.772386] print_report+0xd1/0x610 [ 26.772414] ? __virt_addr_valid+0x1db/0x2d0 [ 26.772454] ? kasan_atomics_helper+0x697/0x5450 [ 26.772482] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.772537] ? kasan_atomics_helper+0x697/0x5450 [ 26.772566] kasan_report+0x141/0x180 [ 26.772651] ? kasan_atomics_helper+0x697/0x5450 [ 26.772688] kasan_check_range+0x10c/0x1c0 [ 26.772732] __kasan_check_write+0x18/0x20 [ 26.772762] kasan_atomics_helper+0x697/0x5450 [ 26.772792] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.772830] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.772863] ? kasan_atomics+0x152/0x310 [ 26.772909] kasan_atomics+0x1dc/0x310 [ 26.772939] ? __pfx_kasan_atomics+0x10/0x10 [ 26.772970] ? __pfx_read_tsc+0x10/0x10 [ 26.772998] ? ktime_get_ts64+0x86/0x230 [ 26.773030] kunit_try_run_case+0x1a5/0x480 [ 26.773061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.773089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.773126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.773156] ? __kthread_parkme+0x82/0x180 [ 26.773193] ? preempt_count_sub+0x50/0x80 [ 26.773225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.773255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.773290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.773323] kthread+0x337/0x6f0 [ 26.773350] ? trace_preempt_on+0x20/0xc0 [ 26.773380] ? __pfx_kthread+0x10/0x10 [ 26.773409] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.773441] ? calculate_sigpending+0x7b/0xa0 [ 26.773480] ? __pfx_kthread+0x10/0x10 [ 26.773510] ret_from_fork+0x116/0x1d0 [ 26.773552] ? __pfx_kthread+0x10/0x10 [ 26.773630] ret_from_fork_asm+0x1a/0x30 [ 26.773674] </TASK> [ 26.773699] [ 26.781769] Allocated by task 313: [ 26.781973] kasan_save_stack+0x45/0x70 [ 26.782179] kasan_save_track+0x18/0x40 [ 26.782372] kasan_save_alloc_info+0x3b/0x50 [ 26.782876] __kasan_kmalloc+0xb7/0xc0 [ 26.783033] __kmalloc_cache_noprof+0x189/0x420 [ 26.783262] kasan_atomics+0x95/0x310 [ 26.783454] kunit_try_run_case+0x1a5/0x480 [ 26.783769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.783962] kthread+0x337/0x6f0 [ 26.784087] ret_from_fork+0x116/0x1d0 [ 26.784244] ret_from_fork_asm+0x1a/0x30 [ 26.784473] [ 26.784578] The buggy address belongs to the object at ffff888105926b00 [ 26.784578] which belongs to the cache kmalloc-64 of size 64 [ 26.785118] The buggy address is located 0 bytes to the right of [ 26.785118] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.785582] [ 26.785748] The buggy address belongs to the physical page: [ 26.786005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.786322] flags: 0x200000000000000(node=0|zone=2) [ 26.786593] page_type: f5(slab) [ 26.786782] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.787028] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.787346] page dumped because: kasan: bad access detected [ 26.787725] [ 26.787842] Memory state around the buggy address: [ 26.788106] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.788354] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.788772] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.789079] ^ [ 26.789276] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.789594] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.790053] ================================================================== [ 27.601155] ================================================================== [ 27.601589] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 27.601932] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.602400] [ 27.602518] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.602580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.602595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.602620] Call Trace: [ 27.602647] <TASK> [ 27.602664] dump_stack_lvl+0x73/0xb0 [ 27.602697] print_report+0xd1/0x610 [ 27.602726] ? __virt_addr_valid+0x1db/0x2d0 [ 27.602757] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.602785] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.602818] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.602846] kasan_report+0x141/0x180 [ 27.602876] ? kasan_atomics_helper+0x1b22/0x5450 [ 27.602912] kasan_check_range+0x10c/0x1c0 [ 27.602942] __kasan_check_write+0x18/0x20 [ 27.602972] kasan_atomics_helper+0x1b22/0x5450 [ 27.603002] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.603030] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.603062] ? kasan_atomics+0x152/0x310 [ 27.603097] kasan_atomics+0x1dc/0x310 [ 27.603127] ? __pfx_kasan_atomics+0x10/0x10 [ 27.603158] ? __pfx_read_tsc+0x10/0x10 [ 27.603186] ? ktime_get_ts64+0x86/0x230 [ 27.603218] kunit_try_run_case+0x1a5/0x480 [ 27.603248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.603276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.603305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.603335] ? __kthread_parkme+0x82/0x180 [ 27.603361] ? preempt_count_sub+0x50/0x80 [ 27.603394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.603423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.603457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.603489] kthread+0x337/0x6f0 [ 27.603516] ? trace_preempt_on+0x20/0xc0 [ 27.603557] ? __pfx_kthread+0x10/0x10 [ 27.603584] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.603614] ? calculate_sigpending+0x7b/0xa0 [ 27.603656] ? __pfx_kthread+0x10/0x10 [ 27.603686] ret_from_fork+0x116/0x1d0 [ 27.603712] ? __pfx_kthread+0x10/0x10 [ 27.603740] ret_from_fork_asm+0x1a/0x30 [ 27.603782] </TASK> [ 27.603795] [ 27.610809] Allocated by task 313: [ 27.610951] kasan_save_stack+0x45/0x70 [ 27.611092] kasan_save_track+0x18/0x40 [ 27.611226] kasan_save_alloc_info+0x3b/0x50 [ 27.611376] __kasan_kmalloc+0xb7/0xc0 [ 27.611584] __kmalloc_cache_noprof+0x189/0x420 [ 27.611812] kasan_atomics+0x95/0x310 [ 27.612009] kunit_try_run_case+0x1a5/0x480 [ 27.612222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.612487] kthread+0x337/0x6f0 [ 27.612669] ret_from_fork+0x116/0x1d0 [ 27.612863] ret_from_fork_asm+0x1a/0x30 [ 27.613067] [ 27.613137] The buggy address belongs to the object at ffff888105926b00 [ 27.613137] which belongs to the cache kmalloc-64 of size 64 [ 27.613491] The buggy address is located 0 bytes to the right of [ 27.613491] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.615088] [ 27.615177] The buggy address belongs to the physical page: [ 27.615358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.615649] flags: 0x200000000000000(node=0|zone=2) [ 27.615868] page_type: f5(slab) [ 27.616030] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.616343] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.617112] page dumped because: kasan: bad access detected [ 27.617436] [ 27.617800] Memory state around the buggy address: [ 27.618242] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.618967] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.619418] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.620108] ^ [ 27.620473] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.621194] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.621609] ================================================================== [ 27.870098] ================================================================== [ 27.870712] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.871001] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.871229] [ 27.871310] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.871361] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.871377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.871401] Call Trace: [ 27.871417] <TASK> [ 27.871434] dump_stack_lvl+0x73/0xb0 [ 27.871468] print_report+0xd1/0x610 [ 27.871498] ? __virt_addr_valid+0x1db/0x2d0 [ 27.871527] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.871566] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.871620] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.871649] kasan_report+0x141/0x180 [ 27.871680] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.871715] __asan_report_load8_noabort+0x18/0x20 [ 27.871747] kasan_atomics_helper+0x4fa5/0x5450 [ 27.871777] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.871806] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.871838] ? kasan_atomics+0x152/0x310 [ 27.871874] kasan_atomics+0x1dc/0x310 [ 27.871904] ? __pfx_kasan_atomics+0x10/0x10 [ 27.871936] ? __pfx_read_tsc+0x10/0x10 [ 27.871964] ? ktime_get_ts64+0x86/0x230 [ 27.871997] kunit_try_run_case+0x1a5/0x480 [ 27.872027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.872055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.872084] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.872114] ? __kthread_parkme+0x82/0x180 [ 27.872142] ? preempt_count_sub+0x50/0x80 [ 27.872174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.872205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.872239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.872273] kthread+0x337/0x6f0 [ 27.872299] ? trace_preempt_on+0x20/0xc0 [ 27.872329] ? __pfx_kthread+0x10/0x10 [ 27.872357] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.872389] ? calculate_sigpending+0x7b/0xa0 [ 27.872420] ? __pfx_kthread+0x10/0x10 [ 27.872449] ret_from_fork+0x116/0x1d0 [ 27.872475] ? __pfx_kthread+0x10/0x10 [ 27.872504] ret_from_fork_asm+0x1a/0x30 [ 27.872553] </TASK> [ 27.872567] [ 27.879575] Allocated by task 313: [ 27.879760] kasan_save_stack+0x45/0x70 [ 27.879952] kasan_save_track+0x18/0x40 [ 27.880124] kasan_save_alloc_info+0x3b/0x50 [ 27.880299] __kasan_kmalloc+0xb7/0xc0 [ 27.880485] __kmalloc_cache_noprof+0x189/0x420 [ 27.880720] kasan_atomics+0x95/0x310 [ 27.880900] kunit_try_run_case+0x1a5/0x480 [ 27.881068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.881301] kthread+0x337/0x6f0 [ 27.881427] ret_from_fork+0x116/0x1d0 [ 27.881574] ret_from_fork_asm+0x1a/0x30 [ 27.881738] [ 27.881808] The buggy address belongs to the object at ffff888105926b00 [ 27.881808] which belongs to the cache kmalloc-64 of size 64 [ 27.882159] The buggy address is located 0 bytes to the right of [ 27.882159] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.882620] [ 27.882712] The buggy address belongs to the physical page: [ 27.882963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.883314] flags: 0x200000000000000(node=0|zone=2) [ 27.883551] page_type: f5(slab) [ 27.883741] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.884077] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.884304] page dumped because: kasan: bad access detected [ 27.884475] [ 27.884553] Memory state around the buggy address: [ 27.884730] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.884949] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.885164] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.885483] ^ [ 27.885740] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.886061] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.886374] ================================================================== [ 27.076207] ================================================================== [ 27.076873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 27.077243] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.077827] [ 27.077940] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.078015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.078031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.078114] Call Trace: [ 27.078133] <TASK> [ 27.078151] dump_stack_lvl+0x73/0xb0 [ 27.078189] print_report+0xd1/0x610 [ 27.078220] ? __virt_addr_valid+0x1db/0x2d0 [ 27.078251] ? kasan_atomics_helper+0xf10/0x5450 [ 27.078279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.078312] ? kasan_atomics_helper+0xf10/0x5450 [ 27.078341] kasan_report+0x141/0x180 [ 27.078371] ? kasan_atomics_helper+0xf10/0x5450 [ 27.078406] kasan_check_range+0x10c/0x1c0 [ 27.078438] __kasan_check_write+0x18/0x20 [ 27.078468] kasan_atomics_helper+0xf10/0x5450 [ 27.078506] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.078546] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.078580] ? kasan_atomics+0x152/0x310 [ 27.078615] kasan_atomics+0x1dc/0x310 [ 27.078645] ? __pfx_kasan_atomics+0x10/0x10 [ 27.078677] ? __pfx_read_tsc+0x10/0x10 [ 27.078706] ? ktime_get_ts64+0x86/0x230 [ 27.078739] kunit_try_run_case+0x1a5/0x480 [ 27.078773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.078802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.078833] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.078864] ? __kthread_parkme+0x82/0x180 [ 27.078892] ? preempt_count_sub+0x50/0x80 [ 27.078924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.078955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.078990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.079025] kthread+0x337/0x6f0 [ 27.079052] ? trace_preempt_on+0x20/0xc0 [ 27.079083] ? __pfx_kthread+0x10/0x10 [ 27.079111] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.079142] ? calculate_sigpending+0x7b/0xa0 [ 27.079174] ? __pfx_kthread+0x10/0x10 [ 27.079203] ret_from_fork+0x116/0x1d0 [ 27.079229] ? __pfx_kthread+0x10/0x10 [ 27.079258] ret_from_fork_asm+0x1a/0x30 [ 27.079301] </TASK> [ 27.079315] [ 27.086717] Allocated by task 313: [ 27.086896] kasan_save_stack+0x45/0x70 [ 27.087136] kasan_save_track+0x18/0x40 [ 27.087333] kasan_save_alloc_info+0x3b/0x50 [ 27.087568] __kasan_kmalloc+0xb7/0xc0 [ 27.087900] __kmalloc_cache_noprof+0x189/0x420 [ 27.088065] kasan_atomics+0x95/0x310 [ 27.088260] kunit_try_run_case+0x1a5/0x480 [ 27.088406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.088671] kthread+0x337/0x6f0 [ 27.088856] ret_from_fork+0x116/0x1d0 [ 27.089072] ret_from_fork_asm+0x1a/0x30 [ 27.089259] [ 27.089329] The buggy address belongs to the object at ffff888105926b00 [ 27.089329] which belongs to the cache kmalloc-64 of size 64 [ 27.089979] The buggy address is located 0 bytes to the right of [ 27.089979] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.090422] [ 27.090496] The buggy address belongs to the physical page: [ 27.090686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.091057] flags: 0x200000000000000(node=0|zone=2) [ 27.091320] page_type: f5(slab) [ 27.091512] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.091992] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.092312] page dumped because: kasan: bad access detected [ 27.092524] [ 27.092604] Memory state around the buggy address: [ 27.092755] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.093097] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.093428] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.093819] ^ [ 27.094272] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.095323] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.095896] ================================================================== [ 27.680695] ================================================================== [ 27.681059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 27.681375] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.681745] [ 27.681859] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.681914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.681930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.681956] Call Trace: [ 27.681977] <TASK> [ 27.681998] dump_stack_lvl+0x73/0xb0 [ 27.682030] print_report+0xd1/0x610 [ 27.682060] ? __virt_addr_valid+0x1db/0x2d0 [ 27.682091] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.682119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.682152] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.682180] kasan_report+0x141/0x180 [ 27.682209] ? kasan_atomics_helper+0x1d7a/0x5450 [ 27.682244] kasan_check_range+0x10c/0x1c0 [ 27.682275] __kasan_check_write+0x18/0x20 [ 27.682305] kasan_atomics_helper+0x1d7a/0x5450 [ 27.682335] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.682364] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.682397] ? kasan_atomics+0x152/0x310 [ 27.682435] kasan_atomics+0x1dc/0x310 [ 27.682465] ? __pfx_kasan_atomics+0x10/0x10 [ 27.682501] ? __pfx_read_tsc+0x10/0x10 [ 27.682542] ? ktime_get_ts64+0x86/0x230 [ 27.682574] kunit_try_run_case+0x1a5/0x480 [ 27.682603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.682651] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.682681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.682710] ? __kthread_parkme+0x82/0x180 [ 27.682737] ? preempt_count_sub+0x50/0x80 [ 27.682769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.682799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.682833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.682867] kthread+0x337/0x6f0 [ 27.682893] ? trace_preempt_on+0x20/0xc0 [ 27.682923] ? __pfx_kthread+0x10/0x10 [ 27.682950] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.682982] ? calculate_sigpending+0x7b/0xa0 [ 27.683012] ? __pfx_kthread+0x10/0x10 [ 27.683041] ret_from_fork+0x116/0x1d0 [ 27.683066] ? __pfx_kthread+0x10/0x10 [ 27.683093] ret_from_fork_asm+0x1a/0x30 [ 27.683136] </TASK> [ 27.683149] [ 27.690949] Allocated by task 313: [ 27.691126] kasan_save_stack+0x45/0x70 [ 27.691333] kasan_save_track+0x18/0x40 [ 27.691521] kasan_save_alloc_info+0x3b/0x50 [ 27.691740] __kasan_kmalloc+0xb7/0xc0 [ 27.691939] __kmalloc_cache_noprof+0x189/0x420 [ 27.692156] kasan_atomics+0x95/0x310 [ 27.692290] kunit_try_run_case+0x1a5/0x480 [ 27.692436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.692737] kthread+0x337/0x6f0 [ 27.692910] ret_from_fork+0x116/0x1d0 [ 27.693126] ret_from_fork_asm+0x1a/0x30 [ 27.693347] [ 27.693464] The buggy address belongs to the object at ffff888105926b00 [ 27.693464] which belongs to the cache kmalloc-64 of size 64 [ 27.693907] The buggy address is located 0 bytes to the right of [ 27.693907] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.694367] [ 27.694463] The buggy address belongs to the physical page: [ 27.694906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.695248] flags: 0x200000000000000(node=0|zone=2) [ 27.695494] page_type: f5(slab) [ 27.695664] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.695979] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.696320] page dumped because: kasan: bad access detected [ 27.696549] [ 27.696658] Memory state around the buggy address: [ 27.696860] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.697169] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.697462] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.697832] ^ [ 27.698028] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.698354] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.698693] ================================================================== [ 27.563073] ================================================================== [ 27.563812] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 27.564161] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.564396] [ 27.564487] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.564571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.564587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.564613] Call Trace: [ 27.564641] <TASK> [ 27.564676] dump_stack_lvl+0x73/0xb0 [ 27.564728] print_report+0xd1/0x610 [ 27.564758] ? __virt_addr_valid+0x1db/0x2d0 [ 27.564788] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.564817] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.564851] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.564879] kasan_report+0x141/0x180 [ 27.564909] ? kasan_atomics_helper+0x19e3/0x5450 [ 27.564960] kasan_check_range+0x10c/0x1c0 [ 27.564991] __kasan_check_write+0x18/0x20 [ 27.565035] kasan_atomics_helper+0x19e3/0x5450 [ 27.565065] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.565095] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.565125] ? kasan_atomics+0x152/0x310 [ 27.565160] kasan_atomics+0x1dc/0x310 [ 27.565189] ? __pfx_kasan_atomics+0x10/0x10 [ 27.565221] ? __pfx_read_tsc+0x10/0x10 [ 27.565248] ? ktime_get_ts64+0x86/0x230 [ 27.565280] kunit_try_run_case+0x1a5/0x480 [ 27.565310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.565356] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.565385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.565415] ? __kthread_parkme+0x82/0x180 [ 27.565441] ? preempt_count_sub+0x50/0x80 [ 27.565473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.565519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.565576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.565632] kthread+0x337/0x6f0 [ 27.565658] ? trace_preempt_on+0x20/0xc0 [ 27.565690] ? __pfx_kthread+0x10/0x10 [ 27.565717] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.565749] ? calculate_sigpending+0x7b/0xa0 [ 27.565780] ? __pfx_kthread+0x10/0x10 [ 27.565809] ret_from_fork+0x116/0x1d0 [ 27.565834] ? __pfx_kthread+0x10/0x10 [ 27.565863] ret_from_fork_asm+0x1a/0x30 [ 27.565922] </TASK> [ 27.565936] [ 27.573699] Allocated by task 313: [ 27.573866] kasan_save_stack+0x45/0x70 [ 27.574063] kasan_save_track+0x18/0x40 [ 27.574308] kasan_save_alloc_info+0x3b/0x50 [ 27.574469] __kasan_kmalloc+0xb7/0xc0 [ 27.574625] __kmalloc_cache_noprof+0x189/0x420 [ 27.574849] kasan_atomics+0x95/0x310 [ 27.575036] kunit_try_run_case+0x1a5/0x480 [ 27.575242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.575504] kthread+0x337/0x6f0 [ 27.575702] ret_from_fork+0x116/0x1d0 [ 27.575890] ret_from_fork_asm+0x1a/0x30 [ 27.576087] [ 27.576179] The buggy address belongs to the object at ffff888105926b00 [ 27.576179] which belongs to the cache kmalloc-64 of size 64 [ 27.576581] The buggy address is located 0 bytes to the right of [ 27.576581] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.576935] [ 27.577004] The buggy address belongs to the physical page: [ 27.577476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.578137] flags: 0x200000000000000(node=0|zone=2) [ 27.578392] page_type: f5(slab) [ 27.578593] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.578980] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.579324] page dumped because: kasan: bad access detected [ 27.579576] [ 27.579702] Memory state around the buggy address: [ 27.579858] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.580091] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.580432] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.580901] ^ [ 27.581082] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.581385] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.581711] ================================================================== [ 26.689967] ================================================================== [ 26.690312] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 26.690731] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.691083] [ 26.691201] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.691268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.691285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.691323] Call Trace: [ 26.691345] <TASK> [ 26.691364] dump_stack_lvl+0x73/0xb0 [ 26.691400] print_report+0xd1/0x610 [ 26.691440] ? __virt_addr_valid+0x1db/0x2d0 [ 26.691472] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.691511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.691561] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.691648] kasan_report+0x141/0x180 [ 26.691680] ? kasan_atomics_helper+0x4a0/0x5450 [ 26.691729] kasan_check_range+0x10c/0x1c0 [ 26.691761] __kasan_check_write+0x18/0x20 [ 26.691792] kasan_atomics_helper+0x4a0/0x5450 [ 26.691823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.691851] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.691884] ? kasan_atomics+0x152/0x310 [ 26.691919] kasan_atomics+0x1dc/0x310 [ 26.691948] ? __pfx_kasan_atomics+0x10/0x10 [ 26.691990] ? __pfx_read_tsc+0x10/0x10 [ 26.692020] ? ktime_get_ts64+0x86/0x230 [ 26.692063] kunit_try_run_case+0x1a5/0x480 [ 26.692094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.692123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.692162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.692192] ? __kthread_parkme+0x82/0x180 [ 26.692230] ? preempt_count_sub+0x50/0x80 [ 26.692264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.692295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.692328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.692361] kthread+0x337/0x6f0 [ 26.692388] ? trace_preempt_on+0x20/0xc0 [ 26.692419] ? __pfx_kthread+0x10/0x10 [ 26.692447] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.692479] ? calculate_sigpending+0x7b/0xa0 [ 26.692518] ? __pfx_kthread+0x10/0x10 [ 26.692567] ret_from_fork+0x116/0x1d0 [ 26.692637] ? __pfx_kthread+0x10/0x10 [ 26.692666] ret_from_fork_asm+0x1a/0x30 [ 26.692708] </TASK> [ 26.692723] [ 26.701328] Allocated by task 313: [ 26.701509] kasan_save_stack+0x45/0x70 [ 26.702064] kasan_save_track+0x18/0x40 [ 26.702250] kasan_save_alloc_info+0x3b/0x50 [ 26.702464] __kasan_kmalloc+0xb7/0xc0 [ 26.702768] __kmalloc_cache_noprof+0x189/0x420 [ 26.702930] kasan_atomics+0x95/0x310 [ 26.703077] kunit_try_run_case+0x1a5/0x480 [ 26.703521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.703940] kthread+0x337/0x6f0 [ 26.704070] ret_from_fork+0x116/0x1d0 [ 26.704207] ret_from_fork_asm+0x1a/0x30 [ 26.704348] [ 26.704442] The buggy address belongs to the object at ffff888105926b00 [ 26.704442] which belongs to the cache kmalloc-64 of size 64 [ 26.705105] The buggy address is located 0 bytes to the right of [ 26.705105] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.705591] [ 26.705662] The buggy address belongs to the physical page: [ 26.706000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.706394] flags: 0x200000000000000(node=0|zone=2) [ 26.706795] page_type: f5(slab) [ 26.707082] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.707438] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.707835] page dumped because: kasan: bad access detected [ 26.708084] [ 26.708200] Memory state around the buggy address: [ 26.708398] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.708779] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.709087] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.709305] ^ [ 26.709461] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.709804] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.710120] ================================================================== [ 27.455216] ================================================================== [ 27.455590] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 27.455989] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.456226] [ 27.456311] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.456365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.456382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.456405] Call Trace: [ 27.456423] <TASK> [ 27.456441] dump_stack_lvl+0x73/0xb0 [ 27.456476] print_report+0xd1/0x610 [ 27.456505] ? __virt_addr_valid+0x1db/0x2d0 [ 27.456548] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.456578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.456612] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.456653] kasan_report+0x141/0x180 [ 27.456683] ? kasan_atomics_helper+0x16e7/0x5450 [ 27.456718] kasan_check_range+0x10c/0x1c0 [ 27.456749] __kasan_check_write+0x18/0x20 [ 27.456780] kasan_atomics_helper+0x16e7/0x5450 [ 27.456810] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.456839] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.456871] ? kasan_atomics+0x152/0x310 [ 27.456906] kasan_atomics+0x1dc/0x310 [ 27.456936] ? __pfx_kasan_atomics+0x10/0x10 [ 27.456967] ? __pfx_read_tsc+0x10/0x10 [ 27.456995] ? ktime_get_ts64+0x86/0x230 [ 27.457027] kunit_try_run_case+0x1a5/0x480 [ 27.457568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.457650] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.457681] ? __kthread_parkme+0x82/0x180 [ 27.457708] ? preempt_count_sub+0x50/0x80 [ 27.457740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.457771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.457804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.457839] kthread+0x337/0x6f0 [ 27.457865] ? trace_preempt_on+0x20/0xc0 [ 27.457895] ? __pfx_kthread+0x10/0x10 [ 27.457923] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.457955] ? calculate_sigpending+0x7b/0xa0 [ 27.457986] ? __pfx_kthread+0x10/0x10 [ 27.458015] ret_from_fork+0x116/0x1d0 [ 27.458041] ? __pfx_kthread+0x10/0x10 [ 27.458069] ret_from_fork_asm+0x1a/0x30 [ 27.458111] </TASK> [ 27.458124] [ 27.469578] Allocated by task 313: [ 27.469920] kasan_save_stack+0x45/0x70 [ 27.470123] kasan_save_track+0x18/0x40 [ 27.470305] kasan_save_alloc_info+0x3b/0x50 [ 27.470507] __kasan_kmalloc+0xb7/0xc0 [ 27.470731] __kmalloc_cache_noprof+0x189/0x420 [ 27.470893] kasan_atomics+0x95/0x310 [ 27.471124] kunit_try_run_case+0x1a5/0x480 [ 27.471338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.471583] kthread+0x337/0x6f0 [ 27.471781] ret_from_fork+0x116/0x1d0 [ 27.471939] ret_from_fork_asm+0x1a/0x30 [ 27.472093] [ 27.472188] The buggy address belongs to the object at ffff888105926b00 [ 27.472188] which belongs to the cache kmalloc-64 of size 64 [ 27.472961] The buggy address is located 0 bytes to the right of [ 27.472961] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.473881] [ 27.473981] The buggy address belongs to the physical page: [ 27.474378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.474917] flags: 0x200000000000000(node=0|zone=2) [ 27.475129] page_type: f5(slab) [ 27.475428] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.475895] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.476236] page dumped because: kasan: bad access detected [ 27.476481] [ 27.476580] Memory state around the buggy address: [ 27.477079] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.477459] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.477942] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.478377] ^ [ 27.478593] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.479033] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.479344] ================================================================== [ 27.218231] ================================================================== [ 27.218564] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 27.218872] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.219201] [ 27.219311] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.219363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.219380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.219404] Call Trace: [ 27.219421] <TASK> [ 27.219438] dump_stack_lvl+0x73/0xb0 [ 27.219471] print_report+0xd1/0x610 [ 27.219501] ? __virt_addr_valid+0x1db/0x2d0 [ 27.219543] ? kasan_atomics_helper+0x1217/0x5450 [ 27.219571] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.219605] ? kasan_atomics_helper+0x1217/0x5450 [ 27.219646] kasan_report+0x141/0x180 [ 27.219677] ? kasan_atomics_helper+0x1217/0x5450 [ 27.219712] kasan_check_range+0x10c/0x1c0 [ 27.219743] __kasan_check_write+0x18/0x20 [ 27.219772] kasan_atomics_helper+0x1217/0x5450 [ 27.219804] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.219833] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.219863] ? kasan_atomics+0x152/0x310 [ 27.219898] kasan_atomics+0x1dc/0x310 [ 27.219928] ? __pfx_kasan_atomics+0x10/0x10 [ 27.219959] ? __pfx_read_tsc+0x10/0x10 [ 27.219987] ? ktime_get_ts64+0x86/0x230 [ 27.220019] kunit_try_run_case+0x1a5/0x480 [ 27.220049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.220078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.220107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.220138] ? __kthread_parkme+0x82/0x180 [ 27.220165] ? preempt_count_sub+0x50/0x80 [ 27.220197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.220227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.220261] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.220295] kthread+0x337/0x6f0 [ 27.220321] ? trace_preempt_on+0x20/0xc0 [ 27.220351] ? __pfx_kthread+0x10/0x10 [ 27.220379] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.220410] ? calculate_sigpending+0x7b/0xa0 [ 27.220440] ? __pfx_kthread+0x10/0x10 [ 27.220470] ret_from_fork+0x116/0x1d0 [ 27.220495] ? __pfx_kthread+0x10/0x10 [ 27.220523] ret_from_fork_asm+0x1a/0x30 [ 27.220574] </TASK> [ 27.220588] [ 27.228304] Allocated by task 313: [ 27.228489] kasan_save_stack+0x45/0x70 [ 27.228809] kasan_save_track+0x18/0x40 [ 27.228954] kasan_save_alloc_info+0x3b/0x50 [ 27.229154] __kasan_kmalloc+0xb7/0xc0 [ 27.229332] __kmalloc_cache_noprof+0x189/0x420 [ 27.230047] kasan_atomics+0x95/0x310 [ 27.230365] kunit_try_run_case+0x1a5/0x480 [ 27.230705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.231163] kthread+0x337/0x6f0 [ 27.231447] ret_from_fork+0x116/0x1d0 [ 27.231767] ret_from_fork_asm+0x1a/0x30 [ 27.232153] [ 27.232395] The buggy address belongs to the object at ffff888105926b00 [ 27.232395] which belongs to the cache kmalloc-64 of size 64 [ 27.232970] The buggy address is located 0 bytes to the right of [ 27.232970] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.233469] [ 27.233572] The buggy address belongs to the physical page: [ 27.234170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.234876] flags: 0x200000000000000(node=0|zone=2) [ 27.235326] page_type: f5(slab) [ 27.235581] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.236083] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.236415] page dumped because: kasan: bad access detected [ 27.236852] [ 27.236940] Memory state around the buggy address: [ 27.237381] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.237889] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.238194] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.238492] ^ [ 27.238802] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.239095] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.239379] ================================================================== [ 27.408707] ================================================================== [ 27.408998] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 27.409348] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.409680] [ 27.409775] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.409829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.409844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.409878] Call Trace: [ 27.409895] <TASK> [ 27.409913] dump_stack_lvl+0x73/0xb0 [ 27.409948] print_report+0xd1/0x610 [ 27.409978] ? __virt_addr_valid+0x1db/0x2d0 [ 27.410009] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.410038] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.410083] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.410113] kasan_report+0x141/0x180 [ 27.410142] ? kasan_atomics_helper+0x15b6/0x5450 [ 27.410190] kasan_check_range+0x10c/0x1c0 [ 27.410221] __kasan_check_write+0x18/0x20 [ 27.410251] kasan_atomics_helper+0x15b6/0x5450 [ 27.410282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.410311] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.410344] ? kasan_atomics+0x152/0x310 [ 27.410379] kasan_atomics+0x1dc/0x310 [ 27.410408] ? __pfx_kasan_atomics+0x10/0x10 [ 27.410440] ? __pfx_read_tsc+0x10/0x10 [ 27.410469] ? ktime_get_ts64+0x86/0x230 [ 27.410509] kunit_try_run_case+0x1a5/0x480 [ 27.410559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.410588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.410641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.410672] ? __kthread_parkme+0x82/0x180 [ 27.410700] ? preempt_count_sub+0x50/0x80 [ 27.410732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.410771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.410806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.410850] kthread+0x337/0x6f0 [ 27.410876] ? trace_preempt_on+0x20/0xc0 [ 27.410915] ? __pfx_kthread+0x10/0x10 [ 27.410943] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.410985] ? calculate_sigpending+0x7b/0xa0 [ 27.411018] ? __pfx_kthread+0x10/0x10 [ 27.411047] ret_from_fork+0x116/0x1d0 [ 27.411082] ? __pfx_kthread+0x10/0x10 [ 27.411111] ret_from_fork_asm+0x1a/0x30 [ 27.411164] </TASK> [ 27.411178] [ 27.419089] Allocated by task 313: [ 27.419285] kasan_save_stack+0x45/0x70 [ 27.419487] kasan_save_track+0x18/0x40 [ 27.419708] kasan_save_alloc_info+0x3b/0x50 [ 27.419911] __kasan_kmalloc+0xb7/0xc0 [ 27.420102] __kmalloc_cache_noprof+0x189/0x420 [ 27.420265] kasan_atomics+0x95/0x310 [ 27.420402] kunit_try_run_case+0x1a5/0x480 [ 27.420561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.420742] kthread+0x337/0x6f0 [ 27.420864] ret_from_fork+0x116/0x1d0 [ 27.421028] ret_from_fork_asm+0x1a/0x30 [ 27.421258] [ 27.421352] The buggy address belongs to the object at ffff888105926b00 [ 27.421352] which belongs to the cache kmalloc-64 of size 64 [ 27.422110] The buggy address is located 0 bytes to the right of [ 27.422110] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.423022] [ 27.423104] The buggy address belongs to the physical page: [ 27.423282] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.423535] flags: 0x200000000000000(node=0|zone=2) [ 27.423700] page_type: f5(slab) [ 27.423912] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.424259] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.424640] page dumped because: kasan: bad access detected [ 27.424905] [ 27.425001] Memory state around the buggy address: [ 27.425233] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.425519] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.427014] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.427623] ^ [ 27.427930] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.428287] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.428687] ================================================================== [ 27.193770] ================================================================== [ 27.194112] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 27.194423] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.194657] [ 27.196636] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.196697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.196716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.196741] Call Trace: [ 27.196761] <TASK> [ 27.196779] dump_stack_lvl+0x73/0xb0 [ 27.196816] print_report+0xd1/0x610 [ 27.196846] ? __virt_addr_valid+0x1db/0x2d0 [ 27.196878] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.196908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.196942] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.196971] kasan_report+0x141/0x180 [ 27.197001] ? kasan_atomics_helper+0x4a02/0x5450 [ 27.197038] __asan_report_load4_noabort+0x18/0x20 [ 27.197069] kasan_atomics_helper+0x4a02/0x5450 [ 27.197099] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.197129] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.197161] ? kasan_atomics+0x152/0x310 [ 27.197195] kasan_atomics+0x1dc/0x310 [ 27.197225] ? __pfx_kasan_atomics+0x10/0x10 [ 27.197257] ? __pfx_read_tsc+0x10/0x10 [ 27.197286] ? ktime_get_ts64+0x86/0x230 [ 27.197317] kunit_try_run_case+0x1a5/0x480 [ 27.197348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.197376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.197406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.197435] ? __kthread_parkme+0x82/0x180 [ 27.197463] ? preempt_count_sub+0x50/0x80 [ 27.197495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.197540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.197575] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.197610] kthread+0x337/0x6f0 [ 27.197649] ? trace_preempt_on+0x20/0xc0 [ 27.197681] ? __pfx_kthread+0x10/0x10 [ 27.197708] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.197740] ? calculate_sigpending+0x7b/0xa0 [ 27.197772] ? __pfx_kthread+0x10/0x10 [ 27.197801] ret_from_fork+0x116/0x1d0 [ 27.197827] ? __pfx_kthread+0x10/0x10 [ 27.197855] ret_from_fork_asm+0x1a/0x30 [ 27.197896] </TASK> [ 27.197911] [ 27.209589] Allocated by task 313: [ 27.209889] kasan_save_stack+0x45/0x70 [ 27.210104] kasan_save_track+0x18/0x40 [ 27.210290] kasan_save_alloc_info+0x3b/0x50 [ 27.210492] __kasan_kmalloc+0xb7/0xc0 [ 27.210683] __kmalloc_cache_noprof+0x189/0x420 [ 27.210842] kasan_atomics+0x95/0x310 [ 27.211131] kunit_try_run_case+0x1a5/0x480 [ 27.211327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.211556] kthread+0x337/0x6f0 [ 27.211859] ret_from_fork+0x116/0x1d0 [ 27.212024] ret_from_fork_asm+0x1a/0x30 [ 27.212213] [ 27.212285] The buggy address belongs to the object at ffff888105926b00 [ 27.212285] which belongs to the cache kmalloc-64 of size 64 [ 27.212786] The buggy address is located 0 bytes to the right of [ 27.212786] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.213271] [ 27.213371] The buggy address belongs to the physical page: [ 27.213613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.213909] flags: 0x200000000000000(node=0|zone=2) [ 27.214145] page_type: f5(slab) [ 27.214297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.214602] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.214930] page dumped because: kasan: bad access detected [ 27.215148] [ 27.215218] Memory state around the buggy address: [ 27.215373] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.215677] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.216010] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.216225] ^ [ 27.216428] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.216942] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.217224] ================================================================== [ 27.330804] ================================================================== [ 27.331426] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 27.331852] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.332141] [ 27.332271] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.332324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.332341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.332365] Call Trace: [ 27.332381] <TASK> [ 27.332409] dump_stack_lvl+0x73/0xb0 [ 27.332443] print_report+0xd1/0x610 [ 27.332486] ? __virt_addr_valid+0x1db/0x2d0 [ 27.332517] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.332556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.332597] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.332626] kasan_report+0x141/0x180 [ 27.332675] ? kasan_atomics_helper+0x4eae/0x5450 [ 27.332710] __asan_report_load8_noabort+0x18/0x20 [ 27.332741] kasan_atomics_helper+0x4eae/0x5450 [ 27.332782] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.332811] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.332855] ? kasan_atomics+0x152/0x310 [ 27.332890] kasan_atomics+0x1dc/0x310 [ 27.332929] ? __pfx_kasan_atomics+0x10/0x10 [ 27.332961] ? __pfx_read_tsc+0x10/0x10 [ 27.332999] ? ktime_get_ts64+0x86/0x230 [ 27.333032] kunit_try_run_case+0x1a5/0x480 [ 27.333072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333100] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.333130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.333170] ? __kthread_parkme+0x82/0x180 [ 27.333198] ? preempt_count_sub+0x50/0x80 [ 27.333239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.333270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.333313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.333347] kthread+0x337/0x6f0 [ 27.333373] ? trace_preempt_on+0x20/0xc0 [ 27.333413] ? __pfx_kthread+0x10/0x10 [ 27.333441] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.333483] ? calculate_sigpending+0x7b/0xa0 [ 27.333515] ? __pfx_kthread+0x10/0x10 [ 27.333554] ret_from_fork+0x116/0x1d0 [ 27.333580] ? __pfx_kthread+0x10/0x10 [ 27.333608] ret_from_fork_asm+0x1a/0x30 [ 27.333670] </TASK> [ 27.333685] [ 27.341095] Allocated by task 313: [ 27.341339] kasan_save_stack+0x45/0x70 [ 27.341736] kasan_save_track+0x18/0x40 [ 27.342006] kasan_save_alloc_info+0x3b/0x50 [ 27.342232] __kasan_kmalloc+0xb7/0xc0 [ 27.342426] __kmalloc_cache_noprof+0x189/0x420 [ 27.342649] kasan_atomics+0x95/0x310 [ 27.342862] kunit_try_run_case+0x1a5/0x480 [ 27.343058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.343300] kthread+0x337/0x6f0 [ 27.343496] ret_from_fork+0x116/0x1d0 [ 27.343720] ret_from_fork_asm+0x1a/0x30 [ 27.343928] [ 27.344003] The buggy address belongs to the object at ffff888105926b00 [ 27.344003] which belongs to the cache kmalloc-64 of size 64 [ 27.344481] The buggy address is located 0 bytes to the right of [ 27.344481] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.345061] [ 27.345136] The buggy address belongs to the physical page: [ 27.345309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.345563] flags: 0x200000000000000(node=0|zone=2) [ 27.345793] page_type: f5(slab) [ 27.345970] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.346333] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.346683] page dumped because: kasan: bad access detected [ 27.346938] [ 27.347106] Memory state around the buggy address: [ 27.347328] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.347554] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.348130] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.348442] ^ [ 27.348706] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.348923] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.349184] ================================================================== [ 27.267277] ================================================================== [ 27.267760] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 27.268130] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.268425] [ 27.268540] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.268596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.268611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.268638] Call Trace: [ 27.268657] <TASK> [ 27.268675] dump_stack_lvl+0x73/0xb0 [ 27.268709] print_report+0xd1/0x610 [ 27.268739] ? __virt_addr_valid+0x1db/0x2d0 [ 27.268769] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.268807] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.268839] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.268868] kasan_report+0x141/0x180 [ 27.268898] ? kasan_atomics_helper+0x12e6/0x5450 [ 27.268933] kasan_check_range+0x10c/0x1c0 [ 27.268963] __kasan_check_write+0x18/0x20 [ 27.268993] kasan_atomics_helper+0x12e6/0x5450 [ 27.269023] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.269052] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.269084] ? kasan_atomics+0x152/0x310 [ 27.269120] kasan_atomics+0x1dc/0x310 [ 27.269149] ? __pfx_kasan_atomics+0x10/0x10 [ 27.269183] ? __pfx_read_tsc+0x10/0x10 [ 27.269211] ? ktime_get_ts64+0x86/0x230 [ 27.269243] kunit_try_run_case+0x1a5/0x480 [ 27.269274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.269302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.269331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.269361] ? __kthread_parkme+0x82/0x180 [ 27.269388] ? preempt_count_sub+0x50/0x80 [ 27.269420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.269450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.269484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.269517] kthread+0x337/0x6f0 [ 27.269555] ? trace_preempt_on+0x20/0xc0 [ 27.269584] ? __pfx_kthread+0x10/0x10 [ 27.269612] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.269653] ? calculate_sigpending+0x7b/0xa0 [ 27.269684] ? __pfx_kthread+0x10/0x10 [ 27.269714] ret_from_fork+0x116/0x1d0 [ 27.269739] ? __pfx_kthread+0x10/0x10 [ 27.269767] ret_from_fork_asm+0x1a/0x30 [ 27.269809] </TASK> [ 27.269823] [ 27.276843] Allocated by task 313: [ 27.277024] kasan_save_stack+0x45/0x70 [ 27.277234] kasan_save_track+0x18/0x40 [ 27.277430] kasan_save_alloc_info+0x3b/0x50 [ 27.277709] __kasan_kmalloc+0xb7/0xc0 [ 27.277891] __kmalloc_cache_noprof+0x189/0x420 [ 27.278128] kasan_atomics+0x95/0x310 [ 27.278276] kunit_try_run_case+0x1a5/0x480 [ 27.278425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.278662] kthread+0x337/0x6f0 [ 27.278832] ret_from_fork+0x116/0x1d0 [ 27.279026] ret_from_fork_asm+0x1a/0x30 [ 27.279331] [ 27.279437] The buggy address belongs to the object at ffff888105926b00 [ 27.279437] which belongs to the cache kmalloc-64 of size 64 [ 27.279888] The buggy address is located 0 bytes to the right of [ 27.279888] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.280407] [ 27.280505] The buggy address belongs to the physical page: [ 27.280857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.281172] flags: 0x200000000000000(node=0|zone=2) [ 27.281358] page_type: f5(slab) [ 27.281478] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.281815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.282192] page dumped because: kasan: bad access detected [ 27.282385] [ 27.282453] Memory state around the buggy address: [ 27.282744] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.283033] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.283312] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.283609] ^ [ 27.283796] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.284100] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.284315] ================================================================== [ 26.969320] ================================================================== [ 26.969690] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.969969] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.970294] [ 26.970402] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.970454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.970469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.970500] Call Trace: [ 26.970517] <TASK> [ 26.970544] dump_stack_lvl+0x73/0xb0 [ 26.970579] print_report+0xd1/0x610 [ 26.970608] ? __virt_addr_valid+0x1db/0x2d0 [ 26.970639] ? kasan_atomics_helper+0xc70/0x5450 [ 26.970667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.970700] ? kasan_atomics_helper+0xc70/0x5450 [ 26.970728] kasan_report+0x141/0x180 [ 26.970758] ? kasan_atomics_helper+0xc70/0x5450 [ 26.970804] kasan_check_range+0x10c/0x1c0 [ 26.970835] __kasan_check_write+0x18/0x20 [ 26.970865] kasan_atomics_helper+0xc70/0x5450 [ 26.970918] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.970947] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.970979] ? kasan_atomics+0x152/0x310 [ 26.971014] kasan_atomics+0x1dc/0x310 [ 26.971061] ? __pfx_kasan_atomics+0x10/0x10 [ 26.971093] ? __pfx_read_tsc+0x10/0x10 [ 26.971120] ? ktime_get_ts64+0x86/0x230 [ 26.971154] kunit_try_run_case+0x1a5/0x480 [ 26.971184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.971227] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.971257] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.971287] ? __kthread_parkme+0x82/0x180 [ 26.971314] ? preempt_count_sub+0x50/0x80 [ 26.971346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.971376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.971409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.971461] kthread+0x337/0x6f0 [ 26.971487] ? trace_preempt_on+0x20/0xc0 [ 26.971517] ? __pfx_kthread+0x10/0x10 [ 26.971556] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.971587] ? calculate_sigpending+0x7b/0xa0 [ 26.971644] ? __pfx_kthread+0x10/0x10 [ 26.971674] ret_from_fork+0x116/0x1d0 [ 26.971699] ? __pfx_kthread+0x10/0x10 [ 26.971727] ret_from_fork_asm+0x1a/0x30 [ 26.971770] </TASK> [ 26.971783] [ 26.979082] Allocated by task 313: [ 26.979260] kasan_save_stack+0x45/0x70 [ 26.979464] kasan_save_track+0x18/0x40 [ 26.979778] kasan_save_alloc_info+0x3b/0x50 [ 26.979962] __kasan_kmalloc+0xb7/0xc0 [ 26.980116] __kmalloc_cache_noprof+0x189/0x420 [ 26.980336] kasan_atomics+0x95/0x310 [ 26.980514] kunit_try_run_case+0x1a5/0x480 [ 26.980812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.981057] kthread+0x337/0x6f0 [ 26.981209] ret_from_fork+0x116/0x1d0 [ 26.981421] ret_from_fork_asm+0x1a/0x30 [ 26.981614] [ 26.981713] The buggy address belongs to the object at ffff888105926b00 [ 26.981713] which belongs to the cache kmalloc-64 of size 64 [ 26.982187] The buggy address is located 0 bytes to the right of [ 26.982187] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.982664] [ 26.982775] The buggy address belongs to the physical page: [ 26.983063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.983486] flags: 0x200000000000000(node=0|zone=2) [ 26.983833] page_type: f5(slab) [ 26.984126] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.984458] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.984692] page dumped because: kasan: bad access detected [ 26.984858] [ 26.984924] Memory state around the buggy address: [ 26.985074] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.985284] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.985786] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.986104] ^ [ 26.986351] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.986743] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.987096] ================================================================== [ 26.918883] ================================================================== [ 26.919239] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.919843] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.920171] [ 26.920290] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.920354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.920370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.920395] Call Trace: [ 26.920423] <TASK> [ 26.920442] dump_stack_lvl+0x73/0xb0 [ 26.920478] print_report+0xd1/0x610 [ 26.920507] ? __virt_addr_valid+0x1db/0x2d0 [ 26.920549] ? kasan_atomics_helper+0xac7/0x5450 [ 26.920587] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.920631] ? kasan_atomics_helper+0xac7/0x5450 [ 26.920661] kasan_report+0x141/0x180 [ 26.920700] ? kasan_atomics_helper+0xac7/0x5450 [ 26.920735] kasan_check_range+0x10c/0x1c0 [ 26.920776] __kasan_check_write+0x18/0x20 [ 26.920807] kasan_atomics_helper+0xac7/0x5450 [ 26.920836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.920875] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.920911] ? kasan_atomics+0x152/0x310 [ 26.920958] kasan_atomics+0x1dc/0x310 [ 26.920987] ? __pfx_kasan_atomics+0x10/0x10 [ 26.921029] ? __pfx_read_tsc+0x10/0x10 [ 26.921061] ? ktime_get_ts64+0x86/0x230 [ 26.921104] kunit_try_run_case+0x1a5/0x480 [ 26.921137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.921166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.921197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.921230] ? __kthread_parkme+0x82/0x180 [ 26.921258] ? preempt_count_sub+0x50/0x80 [ 26.921290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.921323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.921358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.921393] kthread+0x337/0x6f0 [ 26.921419] ? trace_preempt_on+0x20/0xc0 [ 26.921460] ? __pfx_kthread+0x10/0x10 [ 26.921488] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.921539] ? calculate_sigpending+0x7b/0xa0 [ 26.921571] ? __pfx_kthread+0x10/0x10 [ 26.921600] ret_from_fork+0x116/0x1d0 [ 26.921635] ? __pfx_kthread+0x10/0x10 [ 26.921672] ret_from_fork_asm+0x1a/0x30 [ 26.921726] </TASK> [ 26.921740] [ 26.929412] Allocated by task 313: [ 26.929620] kasan_save_stack+0x45/0x70 [ 26.929824] kasan_save_track+0x18/0x40 [ 26.929997] kasan_save_alloc_info+0x3b/0x50 [ 26.930219] __kasan_kmalloc+0xb7/0xc0 [ 26.930426] __kmalloc_cache_noprof+0x189/0x420 [ 26.930644] kasan_atomics+0x95/0x310 [ 26.930851] kunit_try_run_case+0x1a5/0x480 [ 26.931064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.931248] kthread+0x337/0x6f0 [ 26.931500] ret_from_fork+0x116/0x1d0 [ 26.931708] ret_from_fork_asm+0x1a/0x30 [ 26.932029] [ 26.932117] The buggy address belongs to the object at ffff888105926b00 [ 26.932117] which belongs to the cache kmalloc-64 of size 64 [ 26.932575] The buggy address is located 0 bytes to the right of [ 26.932575] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.933110] [ 26.933200] The buggy address belongs to the physical page: [ 26.933460] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.933868] flags: 0x200000000000000(node=0|zone=2) [ 26.934096] page_type: f5(slab) [ 26.934274] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.934628] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.934956] page dumped because: kasan: bad access detected [ 26.935196] [ 26.935292] Memory state around the buggy address: [ 26.935501] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.935741] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.938313] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.939384] ^ [ 26.940160] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.941226] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.941952] ================================================================== [ 27.887020] ================================================================== [ 27.887368] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.887856] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.888196] [ 27.888310] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.888363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.888379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.888403] Call Trace: [ 27.888418] <TASK> [ 27.888435] dump_stack_lvl+0x73/0xb0 [ 27.888469] print_report+0xd1/0x610 [ 27.888499] ? __virt_addr_valid+0x1db/0x2d0 [ 27.888539] ? kasan_atomics_helper+0x224c/0x5450 [ 27.888568] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.888621] ? kasan_atomics_helper+0x224c/0x5450 [ 27.888651] kasan_report+0x141/0x180 [ 27.888680] ? kasan_atomics_helper+0x224c/0x5450 [ 27.888716] kasan_check_range+0x10c/0x1c0 [ 27.888747] __kasan_check_write+0x18/0x20 [ 27.888778] kasan_atomics_helper+0x224c/0x5450 [ 27.888808] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.888838] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.888870] ? kasan_atomics+0x152/0x310 [ 27.888906] kasan_atomics+0x1dc/0x310 [ 27.888936] ? __pfx_kasan_atomics+0x10/0x10 [ 27.888968] ? __pfx_read_tsc+0x10/0x10 [ 27.888997] ? ktime_get_ts64+0x86/0x230 [ 27.889029] kunit_try_run_case+0x1a5/0x480 [ 27.889059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.889088] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.889117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.889148] ? __kthread_parkme+0x82/0x180 [ 27.889176] ? preempt_count_sub+0x50/0x80 [ 27.889208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.889239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.889273] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.889306] kthread+0x337/0x6f0 [ 27.889333] ? trace_preempt_on+0x20/0xc0 [ 27.889363] ? __pfx_kthread+0x10/0x10 [ 27.889392] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.889423] ? calculate_sigpending+0x7b/0xa0 [ 27.889454] ? __pfx_kthread+0x10/0x10 [ 27.889484] ret_from_fork+0x116/0x1d0 [ 27.889511] ? __pfx_kthread+0x10/0x10 [ 27.889546] ret_from_fork_asm+0x1a/0x30 [ 27.889619] </TASK> [ 27.889633] [ 27.896575] Allocated by task 313: [ 27.896770] kasan_save_stack+0x45/0x70 [ 27.896971] kasan_save_track+0x18/0x40 [ 27.897167] kasan_save_alloc_info+0x3b/0x50 [ 27.897381] __kasan_kmalloc+0xb7/0xc0 [ 27.897547] __kmalloc_cache_noprof+0x189/0x420 [ 27.897731] kasan_atomics+0x95/0x310 [ 27.897871] kunit_try_run_case+0x1a5/0x480 [ 27.898021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.898202] kthread+0x337/0x6f0 [ 27.898372] ret_from_fork+0x116/0x1d0 [ 27.898577] ret_from_fork_asm+0x1a/0x30 [ 27.898795] [ 27.898891] The buggy address belongs to the object at ffff888105926b00 [ 27.898891] which belongs to the cache kmalloc-64 of size 64 [ 27.899433] The buggy address is located 0 bytes to the right of [ 27.899433] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.900015] [ 27.900110] The buggy address belongs to the physical page: [ 27.900319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.900572] flags: 0x200000000000000(node=0|zone=2) [ 27.900754] page_type: f5(slab) [ 27.900874] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.901109] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.901335] page dumped because: kasan: bad access detected [ 27.901579] [ 27.901698] Memory state around the buggy address: [ 27.901920] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.902229] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.902548] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.902886] ^ [ 27.903112] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.903426] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.903732] ================================================================== [ 26.900155] ================================================================== [ 26.900454] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.900915] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.901242] [ 26.901344] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.901405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.901421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.901446] Call Trace: [ 26.901473] <TASK> [ 26.901492] dump_stack_lvl+0x73/0xb0 [ 26.901536] print_report+0xd1/0x610 [ 26.901566] ? __virt_addr_valid+0x1db/0x2d0 [ 26.901690] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.901718] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.901752] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.901901] kasan_report+0x141/0x180 [ 26.901933] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.902039] kasan_check_range+0x10c/0x1c0 [ 26.902070] __kasan_check_write+0x18/0x20 [ 26.902101] kasan_atomics_helper+0xa2b/0x5450 [ 26.902131] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.902161] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.902193] ? kasan_atomics+0x152/0x310 [ 26.902228] kasan_atomics+0x1dc/0x310 [ 26.902257] ? __pfx_kasan_atomics+0x10/0x10 [ 26.902289] ? __pfx_read_tsc+0x10/0x10 [ 26.902318] ? ktime_get_ts64+0x86/0x230 [ 26.902350] kunit_try_run_case+0x1a5/0x480 [ 26.902381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.902409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.902438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.902468] ? __kthread_parkme+0x82/0x180 [ 26.902500] ? preempt_count_sub+0x50/0x80 [ 26.902543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.902575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.902608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.902653] kthread+0x337/0x6f0 [ 26.902680] ? trace_preempt_on+0x20/0xc0 [ 26.902711] ? __pfx_kthread+0x10/0x10 [ 26.902739] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.902772] ? calculate_sigpending+0x7b/0xa0 [ 26.902803] ? __pfx_kthread+0x10/0x10 [ 26.902832] ret_from_fork+0x116/0x1d0 [ 26.902858] ? __pfx_kthread+0x10/0x10 [ 26.902886] ret_from_fork_asm+0x1a/0x30 [ 26.902929] </TASK> [ 26.902943] [ 26.910429] Allocated by task 313: [ 26.910635] kasan_save_stack+0x45/0x70 [ 26.910866] kasan_save_track+0x18/0x40 [ 26.911091] kasan_save_alloc_info+0x3b/0x50 [ 26.911331] __kasan_kmalloc+0xb7/0xc0 [ 26.911539] __kmalloc_cache_noprof+0x189/0x420 [ 26.911821] kasan_atomics+0x95/0x310 [ 26.911958] kunit_try_run_case+0x1a5/0x480 [ 26.912205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.912445] kthread+0x337/0x6f0 [ 26.912582] ret_from_fork+0x116/0x1d0 [ 26.912723] ret_from_fork_asm+0x1a/0x30 [ 26.912867] [ 26.912938] The buggy address belongs to the object at ffff888105926b00 [ 26.912938] which belongs to the cache kmalloc-64 of size 64 [ 26.913541] The buggy address is located 0 bytes to the right of [ 26.913541] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.914086] [ 26.914179] The buggy address belongs to the physical page: [ 26.914378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.914632] flags: 0x200000000000000(node=0|zone=2) [ 26.914885] page_type: f5(slab) [ 26.915055] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.915476] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.915851] page dumped because: kasan: bad access detected [ 26.916102] [ 26.916196] Memory state around the buggy address: [ 26.916403] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.916652] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.917032] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.917347] ^ [ 26.917503] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.917981] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.918276] ================================================================== [ 26.710541] ================================================================== [ 26.711244] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 26.711598] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.712107] [ 26.712236] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.712300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.712316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.712341] Call Trace: [ 26.712368] <TASK> [ 26.712385] dump_stack_lvl+0x73/0xb0 [ 26.712420] print_report+0xd1/0x610 [ 26.712450] ? __virt_addr_valid+0x1db/0x2d0 [ 26.712481] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.712508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.712554] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.712583] kasan_report+0x141/0x180 [ 26.712612] ? kasan_atomics_helper+0x4b3a/0x5450 [ 26.712649] __asan_report_store4_noabort+0x1b/0x30 [ 26.712737] kasan_atomics_helper+0x4b3a/0x5450 [ 26.712769] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.712809] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.712841] ? kasan_atomics+0x152/0x310 [ 26.712896] kasan_atomics+0x1dc/0x310 [ 26.712926] ? __pfx_kasan_atomics+0x10/0x10 [ 26.712958] ? __pfx_read_tsc+0x10/0x10 [ 26.712996] ? ktime_get_ts64+0x86/0x230 [ 26.713029] kunit_try_run_case+0x1a5/0x480 [ 26.713059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.713087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.713118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.713147] ? __kthread_parkme+0x82/0x180 [ 26.713174] ? preempt_count_sub+0x50/0x80 [ 26.713206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.713235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.713269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.713302] kthread+0x337/0x6f0 [ 26.713329] ? trace_preempt_on+0x20/0xc0 [ 26.713360] ? __pfx_kthread+0x10/0x10 [ 26.713388] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.713418] ? calculate_sigpending+0x7b/0xa0 [ 26.713459] ? __pfx_kthread+0x10/0x10 [ 26.713489] ret_from_fork+0x116/0x1d0 [ 26.713536] ? __pfx_kthread+0x10/0x10 [ 26.713564] ret_from_fork_asm+0x1a/0x30 [ 26.713607] </TASK> [ 26.713620] [ 26.721699] Allocated by task 313: [ 26.721883] kasan_save_stack+0x45/0x70 [ 26.722180] kasan_save_track+0x18/0x40 [ 26.722405] kasan_save_alloc_info+0x3b/0x50 [ 26.722581] __kasan_kmalloc+0xb7/0xc0 [ 26.722720] __kmalloc_cache_noprof+0x189/0x420 [ 26.723038] kasan_atomics+0x95/0x310 [ 26.723391] kunit_try_run_case+0x1a5/0x480 [ 26.723624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.723934] kthread+0x337/0x6f0 [ 26.724100] ret_from_fork+0x116/0x1d0 [ 26.724309] ret_from_fork_asm+0x1a/0x30 [ 26.724524] [ 26.724687] The buggy address belongs to the object at ffff888105926b00 [ 26.724687] which belongs to the cache kmalloc-64 of size 64 [ 26.725187] The buggy address is located 0 bytes to the right of [ 26.725187] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.725583] [ 26.725806] The buggy address belongs to the physical page: [ 26.726115] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.726467] flags: 0x200000000000000(node=0|zone=2) [ 26.726867] page_type: f5(slab) [ 26.727035] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.727271] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.727621] page dumped because: kasan: bad access detected [ 26.727878] [ 26.728160] Memory state around the buggy address: [ 26.728421] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.728805] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.729128] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.729438] ^ [ 26.729741] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.730069] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.730380] ================================================================== [ 27.544338] ================================================================== [ 27.544872] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 27.545205] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.545514] [ 27.545605] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.545668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.545684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.545708] Call Trace: [ 27.545723] <TASK> [ 27.545740] dump_stack_lvl+0x73/0xb0 [ 27.545799] print_report+0xd1/0x610 [ 27.545830] ? __virt_addr_valid+0x1db/0x2d0 [ 27.545860] ? kasan_atomics_helper+0x194a/0x5450 [ 27.545887] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.545920] ? kasan_atomics_helper+0x194a/0x5450 [ 27.545949] kasan_report+0x141/0x180 [ 27.545978] ? kasan_atomics_helper+0x194a/0x5450 [ 27.546014] kasan_check_range+0x10c/0x1c0 [ 27.546044] __kasan_check_write+0x18/0x20 [ 27.546074] kasan_atomics_helper+0x194a/0x5450 [ 27.546103] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.546132] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.546164] ? kasan_atomics+0x152/0x310 [ 27.546198] kasan_atomics+0x1dc/0x310 [ 27.546247] ? __pfx_kasan_atomics+0x10/0x10 [ 27.546278] ? __pfx_read_tsc+0x10/0x10 [ 27.546322] ? ktime_get_ts64+0x86/0x230 [ 27.546367] kunit_try_run_case+0x1a5/0x480 [ 27.546412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.546452] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.546511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.546567] ? __kthread_parkme+0x82/0x180 [ 27.546596] ? preempt_count_sub+0x50/0x80 [ 27.546642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.546674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.546709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.546742] kthread+0x337/0x6f0 [ 27.546769] ? trace_preempt_on+0x20/0xc0 [ 27.546799] ? __pfx_kthread+0x10/0x10 [ 27.546827] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.546859] ? calculate_sigpending+0x7b/0xa0 [ 27.546889] ? __pfx_kthread+0x10/0x10 [ 27.546919] ret_from_fork+0x116/0x1d0 [ 27.546944] ? __pfx_kthread+0x10/0x10 [ 27.546972] ret_from_fork_asm+0x1a/0x30 [ 27.547014] </TASK> [ 27.547028] [ 27.554895] Allocated by task 313: [ 27.555067] kasan_save_stack+0x45/0x70 [ 27.555224] kasan_save_track+0x18/0x40 [ 27.555385] kasan_save_alloc_info+0x3b/0x50 [ 27.555634] __kasan_kmalloc+0xb7/0xc0 [ 27.555822] __kmalloc_cache_noprof+0x189/0x420 [ 27.556036] kasan_atomics+0x95/0x310 [ 27.556237] kunit_try_run_case+0x1a5/0x480 [ 27.556441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.556701] kthread+0x337/0x6f0 [ 27.556862] ret_from_fork+0x116/0x1d0 [ 27.557069] ret_from_fork_asm+0x1a/0x30 [ 27.557248] [ 27.557361] The buggy address belongs to the object at ffff888105926b00 [ 27.557361] which belongs to the cache kmalloc-64 of size 64 [ 27.557841] The buggy address is located 0 bytes to the right of [ 27.557841] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.558398] [ 27.558495] The buggy address belongs to the physical page: [ 27.558752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.559069] flags: 0x200000000000000(node=0|zone=2) [ 27.559337] page_type: f5(slab) [ 27.559557] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.559896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.560230] page dumped because: kasan: bad access detected [ 27.560479] [ 27.560593] Memory state around the buggy address: [ 27.560815] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.561028] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.561239] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.561481] ^ [ 27.561822] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.562166] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.562489] ================================================================== [ 27.766709] ================================================================== [ 27.767089] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 27.767460] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.767837] [ 27.767952] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.768015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.768031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.768068] Call Trace: [ 27.768088] <TASK> [ 27.768106] dump_stack_lvl+0x73/0xb0 [ 27.768150] print_report+0xd1/0x610 [ 27.768181] ? __virt_addr_valid+0x1db/0x2d0 [ 27.768211] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.768250] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.768284] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.768314] kasan_report+0x141/0x180 [ 27.768344] ? kasan_atomics_helper+0x4f71/0x5450 [ 27.768380] __asan_report_load8_noabort+0x18/0x20 [ 27.768411] kasan_atomics_helper+0x4f71/0x5450 [ 27.768442] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.768471] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.768502] ? kasan_atomics+0x152/0x310 [ 27.768552] kasan_atomics+0x1dc/0x310 [ 27.768582] ? __pfx_kasan_atomics+0x10/0x10 [ 27.768639] ? __pfx_read_tsc+0x10/0x10 [ 27.768669] ? ktime_get_ts64+0x86/0x230 [ 27.768703] kunit_try_run_case+0x1a5/0x480 [ 27.768744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.768772] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.768811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.768841] ? __kthread_parkme+0x82/0x180 [ 27.768869] ? preempt_count_sub+0x50/0x80 [ 27.768901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.768933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.768966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.769000] kthread+0x337/0x6f0 [ 27.769027] ? trace_preempt_on+0x20/0xc0 [ 27.769057] ? __pfx_kthread+0x10/0x10 [ 27.769094] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.769126] ? calculate_sigpending+0x7b/0xa0 [ 27.769157] ? __pfx_kthread+0x10/0x10 [ 27.769197] ret_from_fork+0x116/0x1d0 [ 27.769224] ? __pfx_kthread+0x10/0x10 [ 27.769263] ret_from_fork_asm+0x1a/0x30 [ 27.769305] </TASK> [ 27.769330] [ 27.776504] Allocated by task 313: [ 27.776737] kasan_save_stack+0x45/0x70 [ 27.776941] kasan_save_track+0x18/0x40 [ 27.777153] kasan_save_alloc_info+0x3b/0x50 [ 27.777381] __kasan_kmalloc+0xb7/0xc0 [ 27.777585] __kmalloc_cache_noprof+0x189/0x420 [ 27.777804] kasan_atomics+0x95/0x310 [ 27.777945] kunit_try_run_case+0x1a5/0x480 [ 27.778092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.778377] kthread+0x337/0x6f0 [ 27.778588] ret_from_fork+0x116/0x1d0 [ 27.778801] ret_from_fork_asm+0x1a/0x30 [ 27.779025] [ 27.779123] The buggy address belongs to the object at ffff888105926b00 [ 27.779123] which belongs to the cache kmalloc-64 of size 64 [ 27.779638] The buggy address is located 0 bytes to the right of [ 27.779638] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.780158] [ 27.780276] The buggy address belongs to the physical page: [ 27.780504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.780865] flags: 0x200000000000000(node=0|zone=2) [ 27.781086] page_type: f5(slab) [ 27.781207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.781444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.781708] page dumped because: kasan: bad access detected [ 27.781988] [ 27.782080] Memory state around the buggy address: [ 27.782301] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.782655] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.782960] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.783174] ^ [ 27.783331] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.783556] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.783927] ================================================================== [ 26.853001] ================================================================== [ 26.853321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.853737] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.854084] [ 26.854258] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.854328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.854346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.854371] Call Trace: [ 26.854421] <TASK> [ 26.854441] dump_stack_lvl+0x73/0xb0 [ 26.854495] print_report+0xd1/0x610 [ 26.854536] ? __virt_addr_valid+0x1db/0x2d0 [ 26.854566] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.854636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.854670] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.854698] kasan_report+0x141/0x180 [ 26.854763] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.854810] kasan_check_range+0x10c/0x1c0 [ 26.854842] __kasan_check_write+0x18/0x20 [ 26.854873] kasan_atomics_helper+0x8f9/0x5450 [ 26.854904] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.854934] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.854995] ? kasan_atomics+0x152/0x310 [ 26.855040] kasan_atomics+0x1dc/0x310 [ 26.855071] ? __pfx_kasan_atomics+0x10/0x10 [ 26.855103] ? __pfx_read_tsc+0x10/0x10 [ 26.855131] ? ktime_get_ts64+0x86/0x230 [ 26.855165] kunit_try_run_case+0x1a5/0x480 [ 26.855194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.855222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.855252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.855282] ? __kthread_parkme+0x82/0x180 [ 26.855310] ? preempt_count_sub+0x50/0x80 [ 26.855341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.855371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.855404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.855438] kthread+0x337/0x6f0 [ 26.855464] ? trace_preempt_on+0x20/0xc0 [ 26.855494] ? __pfx_kthread+0x10/0x10 [ 26.855521] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.855564] ? calculate_sigpending+0x7b/0xa0 [ 26.855640] ? __pfx_kthread+0x10/0x10 [ 26.855669] ret_from_fork+0x116/0x1d0 [ 26.855696] ? __pfx_kthread+0x10/0x10 [ 26.855724] ret_from_fork_asm+0x1a/0x30 [ 26.855766] </TASK> [ 26.855780] [ 26.864346] Allocated by task 313: [ 26.864479] kasan_save_stack+0x45/0x70 [ 26.864938] kasan_save_track+0x18/0x40 [ 26.865127] kasan_save_alloc_info+0x3b/0x50 [ 26.865320] __kasan_kmalloc+0xb7/0xc0 [ 26.865484] __kmalloc_cache_noprof+0x189/0x420 [ 26.866306] kasan_atomics+0x95/0x310 [ 26.866466] kunit_try_run_case+0x1a5/0x480 [ 26.866803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.867360] kthread+0x337/0x6f0 [ 26.867914] ret_from_fork+0x116/0x1d0 [ 26.868136] ret_from_fork_asm+0x1a/0x30 [ 26.868323] [ 26.868410] The buggy address belongs to the object at ffff888105926b00 [ 26.868410] which belongs to the cache kmalloc-64 of size 64 [ 26.869571] The buggy address is located 0 bytes to the right of [ 26.869571] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.870705] [ 26.870895] The buggy address belongs to the physical page: [ 26.871397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.872040] flags: 0x200000000000000(node=0|zone=2) [ 26.872407] page_type: f5(slab) [ 26.872763] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.873103] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.873411] page dumped because: kasan: bad access detected [ 26.873767] [ 26.873857] Memory state around the buggy address: [ 26.874064] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.874359] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.875213] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.876168] ^ [ 26.876540] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.877117] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.877763] ================================================================== [ 26.570021] ================================================================== [ 26.570339] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 26.570698] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.571165] [ 26.571264] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.571339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.571353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.571377] Call Trace: [ 26.571391] <TASK> [ 26.571410] dump_stack_lvl+0x73/0xb0 [ 26.571444] print_report+0xd1/0x610 [ 26.571493] ? __virt_addr_valid+0x1db/0x2d0 [ 26.571524] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.571562] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.571867] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.571897] kasan_report+0x141/0x180 [ 26.571926] ? kasan_atomics_helper+0x4ba2/0x5450 [ 26.571960] __asan_report_store4_noabort+0x1b/0x30 [ 26.572010] kasan_atomics_helper+0x4ba2/0x5450 [ 26.572039] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.572067] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.572099] ? kasan_atomics+0x152/0x310 [ 26.572132] kasan_atomics+0x1dc/0x310 [ 26.572161] ? __pfx_kasan_atomics+0x10/0x10 [ 26.572191] ? __pfx_read_tsc+0x10/0x10 [ 26.572219] ? ktime_get_ts64+0x86/0x230 [ 26.572251] kunit_try_run_case+0x1a5/0x480 [ 26.572281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.572308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.572357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.572386] ? __kthread_parkme+0x82/0x180 [ 26.572413] ? preempt_count_sub+0x50/0x80 [ 26.572443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.572472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.572505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.572550] kthread+0x337/0x6f0 [ 26.572575] ? trace_preempt_on+0x20/0xc0 [ 26.572607] ? __pfx_kthread+0x10/0x10 [ 26.572633] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.572664] ? calculate_sigpending+0x7b/0xa0 [ 26.572695] ? __pfx_kthread+0x10/0x10 [ 26.572722] ret_from_fork+0x116/0x1d0 [ 26.572748] ? __pfx_kthread+0x10/0x10 [ 26.572774] ret_from_fork_asm+0x1a/0x30 [ 26.572815] </TASK> [ 26.572828] [ 26.585958] Allocated by task 313: [ 26.586298] kasan_save_stack+0x45/0x70 [ 26.586669] kasan_save_track+0x18/0x40 [ 26.587257] kasan_save_alloc_info+0x3b/0x50 [ 26.587690] __kasan_kmalloc+0xb7/0xc0 [ 26.588138] __kmalloc_cache_noprof+0x189/0x420 [ 26.588549] kasan_atomics+0x95/0x310 [ 26.588961] kunit_try_run_case+0x1a5/0x480 [ 26.589349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.589871] kthread+0x337/0x6f0 [ 26.590171] ret_from_fork+0x116/0x1d0 [ 26.590540] ret_from_fork_asm+0x1a/0x30 [ 26.590938] [ 26.591095] The buggy address belongs to the object at ffff888105926b00 [ 26.591095] which belongs to the cache kmalloc-64 of size 64 [ 26.592004] The buggy address is located 0 bytes to the right of [ 26.592004] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.592962] [ 26.593131] The buggy address belongs to the physical page: [ 26.593629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.593988] flags: 0x200000000000000(node=0|zone=2) [ 26.594155] page_type: f5(slab) [ 26.594278] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.594521] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.595289] page dumped because: kasan: bad access detected [ 26.595828] [ 26.595984] Memory state around the buggy address: [ 26.596394] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.597484] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.598234] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.598650] ^ [ 26.599163] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.599671] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.600294] ================================================================== [ 26.878460] ================================================================== [ 26.879056] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.879375] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.879813] [ 26.879917] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.879970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.879987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.880011] Call Trace: [ 26.880028] <TASK> [ 26.880046] dump_stack_lvl+0x73/0xb0 [ 26.880080] print_report+0xd1/0x610 [ 26.880110] ? __virt_addr_valid+0x1db/0x2d0 [ 26.880141] ? kasan_atomics_helper+0x992/0x5450 [ 26.880169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.880202] ? kasan_atomics_helper+0x992/0x5450 [ 26.880232] kasan_report+0x141/0x180 [ 26.880262] ? kasan_atomics_helper+0x992/0x5450 [ 26.880297] kasan_check_range+0x10c/0x1c0 [ 26.880328] __kasan_check_write+0x18/0x20 [ 26.880359] kasan_atomics_helper+0x992/0x5450 [ 26.880390] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.880419] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.880453] ? kasan_atomics+0x152/0x310 [ 26.880488] kasan_atomics+0x1dc/0x310 [ 26.880518] ? __pfx_kasan_atomics+0x10/0x10 [ 26.880611] ? __pfx_read_tsc+0x10/0x10 [ 26.880640] ? ktime_get_ts64+0x86/0x230 [ 26.880673] kunit_try_run_case+0x1a5/0x480 [ 26.880704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.880732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.880762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.880792] ? __kthread_parkme+0x82/0x180 [ 26.880820] ? preempt_count_sub+0x50/0x80 [ 26.880852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.880883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.880916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.880950] kthread+0x337/0x6f0 [ 26.880977] ? trace_preempt_on+0x20/0xc0 [ 26.881007] ? __pfx_kthread+0x10/0x10 [ 26.881051] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.881094] ? calculate_sigpending+0x7b/0xa0 [ 26.881125] ? __pfx_kthread+0x10/0x10 [ 26.881167] ret_from_fork+0x116/0x1d0 [ 26.881193] ? __pfx_kthread+0x10/0x10 [ 26.881221] ret_from_fork_asm+0x1a/0x30 [ 26.881263] </TASK> [ 26.881278] [ 26.889270] Allocated by task 313: [ 26.889480] kasan_save_stack+0x45/0x70 [ 26.889689] kasan_save_track+0x18/0x40 [ 26.889886] kasan_save_alloc_info+0x3b/0x50 [ 26.890117] __kasan_kmalloc+0xb7/0xc0 [ 26.890400] __kmalloc_cache_noprof+0x189/0x420 [ 26.890583] kasan_atomics+0x95/0x310 [ 26.890958] kunit_try_run_case+0x1a5/0x480 [ 26.891175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.891433] kthread+0x337/0x6f0 [ 26.891696] ret_from_fork+0x116/0x1d0 [ 26.891882] ret_from_fork_asm+0x1a/0x30 [ 26.892031] [ 26.892103] The buggy address belongs to the object at ffff888105926b00 [ 26.892103] which belongs to the cache kmalloc-64 of size 64 [ 26.892550] The buggy address is located 0 bytes to the right of [ 26.892550] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.893303] [ 26.893490] The buggy address belongs to the physical page: [ 26.893771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.894026] flags: 0x200000000000000(node=0|zone=2) [ 26.894263] page_type: f5(slab) [ 26.894460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.894999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.895330] page dumped because: kasan: bad access detected [ 26.895585] [ 26.895690] Memory state around the buggy address: [ 26.896033] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.896262] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.896643] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.897126] ^ [ 26.897301] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.897518] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.898133] ================================================================== [ 27.023987] ================================================================== [ 27.024515] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 27.024768] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.025319] [ 27.025444] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.025499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.025515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.025550] Call Trace: [ 27.025568] <TASK> [ 27.025585] dump_stack_lvl+0x73/0xb0 [ 27.025619] print_report+0xd1/0x610 [ 27.025651] ? __virt_addr_valid+0x1db/0x2d0 [ 27.025682] ? kasan_atomics_helper+0xde0/0x5450 [ 27.025736] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.025771] ? kasan_atomics_helper+0xde0/0x5450 [ 27.025801] kasan_report+0x141/0x180 [ 27.025849] ? kasan_atomics_helper+0xde0/0x5450 [ 27.025885] kasan_check_range+0x10c/0x1c0 [ 27.025932] __kasan_check_write+0x18/0x20 [ 27.025968] kasan_atomics_helper+0xde0/0x5450 [ 27.026016] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.026046] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.026095] ? kasan_atomics+0x152/0x310 [ 27.026130] kasan_atomics+0x1dc/0x310 [ 27.026160] ? __pfx_kasan_atomics+0x10/0x10 [ 27.026192] ? __pfx_read_tsc+0x10/0x10 [ 27.026221] ? ktime_get_ts64+0x86/0x230 [ 27.026272] kunit_try_run_case+0x1a5/0x480 [ 27.026303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.026331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.026360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.026408] ? __kthread_parkme+0x82/0x180 [ 27.026435] ? preempt_count_sub+0x50/0x80 [ 27.026468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.026502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.026546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.026598] kthread+0x337/0x6f0 [ 27.026632] ? trace_preempt_on+0x20/0xc0 [ 27.026661] ? __pfx_kthread+0x10/0x10 [ 27.026689] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.026720] ? calculate_sigpending+0x7b/0xa0 [ 27.026766] ? __pfx_kthread+0x10/0x10 [ 27.026810] ret_from_fork+0x116/0x1d0 [ 27.026861] ? __pfx_kthread+0x10/0x10 [ 27.026903] ret_from_fork_asm+0x1a/0x30 [ 27.026970] </TASK> [ 27.026997] [ 27.040925] Allocated by task 313: [ 27.041061] kasan_save_stack+0x45/0x70 [ 27.041210] kasan_save_track+0x18/0x40 [ 27.041345] kasan_save_alloc_info+0x3b/0x50 [ 27.041496] __kasan_kmalloc+0xb7/0xc0 [ 27.041801] __kmalloc_cache_noprof+0x189/0x420 [ 27.042305] kasan_atomics+0x95/0x310 [ 27.042588] kunit_try_run_case+0x1a5/0x480 [ 27.042835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.043086] kthread+0x337/0x6f0 [ 27.043425] ret_from_fork+0x116/0x1d0 [ 27.043712] ret_from_fork_asm+0x1a/0x30 [ 27.044043] [ 27.044282] The buggy address belongs to the object at ffff888105926b00 [ 27.044282] which belongs to the cache kmalloc-64 of size 64 [ 27.044941] The buggy address is located 0 bytes to the right of [ 27.044941] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.045592] [ 27.045725] The buggy address belongs to the physical page: [ 27.046155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.046508] flags: 0x200000000000000(node=0|zone=2) [ 27.046909] page_type: f5(slab) [ 27.047175] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.047493] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.048078] page dumped because: kasan: bad access detected [ 27.048389] [ 27.048514] Memory state around the buggy address: [ 27.048906] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.049225] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.049693] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.050092] ^ [ 27.050408] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.050863] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.051145] ================================================================== [ 26.831701] ================================================================== [ 26.832225] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.832658] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.833019] [ 26.833123] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.833179] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.833195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.833222] Call Trace: [ 26.833276] <TASK> [ 26.833294] dump_stack_lvl+0x73/0xb0 [ 26.833343] print_report+0xd1/0x610 [ 26.833402] ? __virt_addr_valid+0x1db/0x2d0 [ 26.833434] ? kasan_atomics_helper+0x860/0x5450 [ 26.833473] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.833506] ? kasan_atomics_helper+0x860/0x5450 [ 26.833544] kasan_report+0x141/0x180 [ 26.833611] ? kasan_atomics_helper+0x860/0x5450 [ 26.833683] kasan_check_range+0x10c/0x1c0 [ 26.833715] __kasan_check_write+0x18/0x20 [ 26.833756] kasan_atomics_helper+0x860/0x5450 [ 26.833786] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.833815] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.833849] ? kasan_atomics+0x152/0x310 [ 26.833883] kasan_atomics+0x1dc/0x310 [ 26.833943] ? __pfx_kasan_atomics+0x10/0x10 [ 26.833975] ? __pfx_read_tsc+0x10/0x10 [ 26.834014] ? ktime_get_ts64+0x86/0x230 [ 26.834048] kunit_try_run_case+0x1a5/0x480 [ 26.834079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.834107] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.834137] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.834167] ? __kthread_parkme+0x82/0x180 [ 26.834194] ? preempt_count_sub+0x50/0x80 [ 26.834226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.834257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.834290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.834324] kthread+0x337/0x6f0 [ 26.834350] ? trace_preempt_on+0x20/0xc0 [ 26.834382] ? __pfx_kthread+0x10/0x10 [ 26.834411] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.834442] ? calculate_sigpending+0x7b/0xa0 [ 26.834480] ? __pfx_kthread+0x10/0x10 [ 26.834509] ret_from_fork+0x116/0x1d0 [ 26.834544] ? __pfx_kthread+0x10/0x10 [ 26.834571] ret_from_fork_asm+0x1a/0x30 [ 26.834662] </TASK> [ 26.834676] [ 26.843581] Allocated by task 313: [ 26.843859] kasan_save_stack+0x45/0x70 [ 26.844073] kasan_save_track+0x18/0x40 [ 26.844239] kasan_save_alloc_info+0x3b/0x50 [ 26.844439] __kasan_kmalloc+0xb7/0xc0 [ 26.844734] __kmalloc_cache_noprof+0x189/0x420 [ 26.844902] kasan_atomics+0x95/0x310 [ 26.845096] kunit_try_run_case+0x1a5/0x480 [ 26.845357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.845789] kthread+0x337/0x6f0 [ 26.845950] ret_from_fork+0x116/0x1d0 [ 26.846090] ret_from_fork_asm+0x1a/0x30 [ 26.846296] [ 26.846391] The buggy address belongs to the object at ffff888105926b00 [ 26.846391] which belongs to the cache kmalloc-64 of size 64 [ 26.847154] The buggy address is located 0 bytes to the right of [ 26.847154] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.847559] [ 26.847895] The buggy address belongs to the physical page: [ 26.848227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.848591] flags: 0x200000000000000(node=0|zone=2) [ 26.848779] page_type: f5(slab) [ 26.848944] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.849283] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.849585] page dumped because: kasan: bad access detected [ 26.849904] [ 26.849980] Memory state around the buggy address: [ 26.850161] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.850484] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.850921] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.851263] ^ [ 26.851437] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.852019] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.852330] ================================================================== [ 26.943422] ================================================================== [ 26.944240] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.944496] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.945230] [ 26.945337] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.945396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.945413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.945439] Call Trace: [ 26.945461] <TASK> [ 26.945484] dump_stack_lvl+0x73/0xb0 [ 26.945523] print_report+0xd1/0x610 [ 26.945565] ? __virt_addr_valid+0x1db/0x2d0 [ 26.945603] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.945880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.945917] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.945947] kasan_report+0x141/0x180 [ 26.945979] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.946014] kasan_check_range+0x10c/0x1c0 [ 26.946047] __kasan_check_write+0x18/0x20 [ 26.946076] kasan_atomics_helper+0xb6a/0x5450 [ 26.946105] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.946135] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.946167] ? kasan_atomics+0x152/0x310 [ 26.946201] kasan_atomics+0x1dc/0x310 [ 26.946232] ? __pfx_kasan_atomics+0x10/0x10 [ 26.946264] ? __pfx_read_tsc+0x10/0x10 [ 26.946292] ? ktime_get_ts64+0x86/0x230 [ 26.946325] kunit_try_run_case+0x1a5/0x480 [ 26.946356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.946384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.946414] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.946444] ? __kthread_parkme+0x82/0x180 [ 26.946477] ? preempt_count_sub+0x50/0x80 [ 26.946509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.946553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.946586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.946634] kthread+0x337/0x6f0 [ 26.946661] ? trace_preempt_on+0x20/0xc0 [ 26.946692] ? __pfx_kthread+0x10/0x10 [ 26.946720] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.946752] ? calculate_sigpending+0x7b/0xa0 [ 26.946784] ? __pfx_kthread+0x10/0x10 [ 26.946813] ret_from_fork+0x116/0x1d0 [ 26.946839] ? __pfx_kthread+0x10/0x10 [ 26.946867] ret_from_fork_asm+0x1a/0x30 [ 26.946911] </TASK> [ 26.946926] [ 26.960619] Allocated by task 313: [ 26.961050] kasan_save_stack+0x45/0x70 [ 26.961206] kasan_save_track+0x18/0x40 [ 26.961343] kasan_save_alloc_info+0x3b/0x50 [ 26.961492] __kasan_kmalloc+0xb7/0xc0 [ 26.961681] __kmalloc_cache_noprof+0x189/0x420 [ 26.961948] kasan_atomics+0x95/0x310 [ 26.962134] kunit_try_run_case+0x1a5/0x480 [ 26.962341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.962540] kthread+0x337/0x6f0 [ 26.962722] ret_from_fork+0x116/0x1d0 [ 26.963083] ret_from_fork_asm+0x1a/0x30 [ 26.963236] [ 26.963333] The buggy address belongs to the object at ffff888105926b00 [ 26.963333] which belongs to the cache kmalloc-64 of size 64 [ 26.963864] The buggy address is located 0 bytes to the right of [ 26.963864] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.964360] [ 26.964430] The buggy address belongs to the physical page: [ 26.964609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.965067] flags: 0x200000000000000(node=0|zone=2) [ 26.965333] page_type: f5(slab) [ 26.965545] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.965911] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.966210] page dumped because: kasan: bad access detected [ 26.966382] [ 26.966480] Memory state around the buggy address: [ 26.966728] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.967069] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.967391] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.967763] ^ [ 26.967963] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.968171] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.968482] ================================================================== [ 27.643787] ================================================================== [ 27.644131] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 27.644467] Read of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.644792] [ 27.644893] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.644945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.644961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.644986] Call Trace: [ 27.645001] <TASK> [ 27.645019] dump_stack_lvl+0x73/0xb0 [ 27.645051] print_report+0xd1/0x610 [ 27.645079] ? __virt_addr_valid+0x1db/0x2d0 [ 27.645110] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.645137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.645170] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.645199] kasan_report+0x141/0x180 [ 27.645229] ? kasan_atomics_helper+0x4f30/0x5450 [ 27.645264] __asan_report_load8_noabort+0x18/0x20 [ 27.645295] kasan_atomics_helper+0x4f30/0x5450 [ 27.645324] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.645353] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.645385] ? kasan_atomics+0x152/0x310 [ 27.645420] kasan_atomics+0x1dc/0x310 [ 27.645451] ? __pfx_kasan_atomics+0x10/0x10 [ 27.645481] ? __pfx_read_tsc+0x10/0x10 [ 27.645509] ? ktime_get_ts64+0x86/0x230 [ 27.645554] kunit_try_run_case+0x1a5/0x480 [ 27.645584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.645612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.645642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.645671] ? __kthread_parkme+0x82/0x180 [ 27.645698] ? preempt_count_sub+0x50/0x80 [ 27.645730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.645759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.645793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.645826] kthread+0x337/0x6f0 [ 27.645852] ? trace_preempt_on+0x20/0xc0 [ 27.645882] ? __pfx_kthread+0x10/0x10 [ 27.645910] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.645941] ? calculate_sigpending+0x7b/0xa0 [ 27.645971] ? __pfx_kthread+0x10/0x10 [ 27.645999] ret_from_fork+0x116/0x1d0 [ 27.646025] ? __pfx_kthread+0x10/0x10 [ 27.646053] ret_from_fork_asm+0x1a/0x30 [ 27.646094] </TASK> [ 27.646107] [ 27.653337] Allocated by task 313: [ 27.653496] kasan_save_stack+0x45/0x70 [ 27.653718] kasan_save_track+0x18/0x40 [ 27.653904] kasan_save_alloc_info+0x3b/0x50 [ 27.654090] __kasan_kmalloc+0xb7/0xc0 [ 27.654225] __kmalloc_cache_noprof+0x189/0x420 [ 27.654382] kasan_atomics+0x95/0x310 [ 27.654541] kunit_try_run_case+0x1a5/0x480 [ 27.654814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.655075] kthread+0x337/0x6f0 [ 27.655244] ret_from_fork+0x116/0x1d0 [ 27.655403] ret_from_fork_asm+0x1a/0x30 [ 27.655552] [ 27.655623] The buggy address belongs to the object at ffff888105926b00 [ 27.655623] which belongs to the cache kmalloc-64 of size 64 [ 27.656165] The buggy address is located 0 bytes to the right of [ 27.656165] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.656677] [ 27.656771] The buggy address belongs to the physical page: [ 27.657005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.657284] flags: 0x200000000000000(node=0|zone=2) [ 27.657506] page_type: f5(slab) [ 27.657659] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.658000] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.658240] page dumped because: kasan: bad access detected [ 27.658497] [ 27.658579] Memory state around the buggy address: [ 27.658868] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.659139] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.659364] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.659911] ^ [ 27.660123] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.660410] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.660765] ================================================================== [ 26.790559] ================================================================== [ 26.790965] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 26.791277] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.791720] [ 26.791818] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.791877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.791893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.791921] Call Trace: [ 26.791937] <TASK> [ 26.791953] dump_stack_lvl+0x73/0xb0 [ 26.791997] print_report+0xd1/0x610 [ 26.792027] ? __virt_addr_valid+0x1db/0x2d0 [ 26.792058] ? kasan_atomics_helper+0x72f/0x5450 [ 26.792088] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.792135] ? kasan_atomics_helper+0x72f/0x5450 [ 26.792165] kasan_report+0x141/0x180 [ 26.792195] ? kasan_atomics_helper+0x72f/0x5450 [ 26.792243] kasan_check_range+0x10c/0x1c0 [ 26.792275] __kasan_check_write+0x18/0x20 [ 26.792306] kasan_atomics_helper+0x72f/0x5450 [ 26.792338] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.792369] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.792401] ? kasan_atomics+0x152/0x310 [ 26.792437] kasan_atomics+0x1dc/0x310 [ 26.792467] ? __pfx_kasan_atomics+0x10/0x10 [ 26.792507] ? __pfx_read_tsc+0x10/0x10 [ 26.792552] ? ktime_get_ts64+0x86/0x230 [ 26.792638] kunit_try_run_case+0x1a5/0x480 [ 26.792671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.792701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.792733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.792764] ? __kthread_parkme+0x82/0x180 [ 26.792792] ? preempt_count_sub+0x50/0x80 [ 26.792825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.792857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.792891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.792927] kthread+0x337/0x6f0 [ 26.792953] ? trace_preempt_on+0x20/0xc0 [ 26.792984] ? __pfx_kthread+0x10/0x10 [ 26.793013] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.793045] ? calculate_sigpending+0x7b/0xa0 [ 26.793075] ? __pfx_kthread+0x10/0x10 [ 26.793106] ret_from_fork+0x116/0x1d0 [ 26.793133] ? __pfx_kthread+0x10/0x10 [ 26.793171] ret_from_fork_asm+0x1a/0x30 [ 26.793214] </TASK> [ 26.793228] [ 26.801468] Allocated by task 313: [ 26.801771] kasan_save_stack+0x45/0x70 [ 26.801982] kasan_save_track+0x18/0x40 [ 26.802127] kasan_save_alloc_info+0x3b/0x50 [ 26.802280] __kasan_kmalloc+0xb7/0xc0 [ 26.802488] __kmalloc_cache_noprof+0x189/0x420 [ 26.802733] kasan_atomics+0x95/0x310 [ 26.802930] kunit_try_run_case+0x1a5/0x480 [ 26.803291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.803482] kthread+0x337/0x6f0 [ 26.803788] ret_from_fork+0x116/0x1d0 [ 26.803980] ret_from_fork_asm+0x1a/0x30 [ 26.804241] [ 26.804346] The buggy address belongs to the object at ffff888105926b00 [ 26.804346] which belongs to the cache kmalloc-64 of size 64 [ 26.804942] The buggy address is located 0 bytes to the right of [ 26.804942] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.805491] [ 26.805597] The buggy address belongs to the physical page: [ 26.806163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.806461] flags: 0x200000000000000(node=0|zone=2) [ 26.806782] page_type: f5(slab) [ 26.807014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.807338] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.807790] page dumped because: kasan: bad access detected [ 26.808077] [ 26.808199] Memory state around the buggy address: [ 26.808381] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.808777] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.809073] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.809293] ^ [ 26.809452] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.809786] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.810128] ================================================================== [ 27.134578] ================================================================== [ 27.135103] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 27.135492] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.135739] [ 27.135825] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.135890] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.135907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.135933] Call Trace: [ 27.135949] <TASK> [ 27.135967] dump_stack_lvl+0x73/0xb0 [ 27.136070] print_report+0xd1/0x610 [ 27.136129] ? __virt_addr_valid+0x1db/0x2d0 [ 27.136185] ? kasan_atomics_helper+0x1079/0x5450 [ 27.136241] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.136274] ? kasan_atomics_helper+0x1079/0x5450 [ 27.136304] kasan_report+0x141/0x180 [ 27.136334] ? kasan_atomics_helper+0x1079/0x5450 [ 27.136369] kasan_check_range+0x10c/0x1c0 [ 27.136400] __kasan_check_write+0x18/0x20 [ 27.136431] kasan_atomics_helper+0x1079/0x5450 [ 27.136461] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.136491] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.136558] ? kasan_atomics+0x152/0x310 [ 27.136595] kasan_atomics+0x1dc/0x310 [ 27.136635] ? __pfx_kasan_atomics+0x10/0x10 [ 27.136668] ? __pfx_read_tsc+0x10/0x10 [ 27.136696] ? ktime_get_ts64+0x86/0x230 [ 27.136730] kunit_try_run_case+0x1a5/0x480 [ 27.136761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.136822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.136854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.136884] ? __kthread_parkme+0x82/0x180 [ 27.136911] ? preempt_count_sub+0x50/0x80 [ 27.136974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.137005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.137039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.137104] kthread+0x337/0x6f0 [ 27.137134] ? trace_preempt_on+0x20/0xc0 [ 27.137165] ? __pfx_kthread+0x10/0x10 [ 27.137192] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.137255] ? calculate_sigpending+0x7b/0xa0 [ 27.137287] ? __pfx_kthread+0x10/0x10 [ 27.137318] ret_from_fork+0x116/0x1d0 [ 27.137373] ? __pfx_kthread+0x10/0x10 [ 27.137403] ret_from_fork_asm+0x1a/0x30 [ 27.137444] </TASK> [ 27.137458] [ 27.145080] Allocated by task 313: [ 27.145242] kasan_save_stack+0x45/0x70 [ 27.145390] kasan_save_track+0x18/0x40 [ 27.145540] kasan_save_alloc_info+0x3b/0x50 [ 27.145893] __kasan_kmalloc+0xb7/0xc0 [ 27.146131] __kmalloc_cache_noprof+0x189/0x420 [ 27.146385] kasan_atomics+0x95/0x310 [ 27.146596] kunit_try_run_case+0x1a5/0x480 [ 27.146826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.147067] kthread+0x337/0x6f0 [ 27.147191] ret_from_fork+0x116/0x1d0 [ 27.147325] ret_from_fork_asm+0x1a/0x30 [ 27.147471] [ 27.147578] The buggy address belongs to the object at ffff888105926b00 [ 27.147578] which belongs to the cache kmalloc-64 of size 64 [ 27.148146] The buggy address is located 0 bytes to the right of [ 27.148146] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.148738] [ 27.148835] The buggy address belongs to the physical page: [ 27.149092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.149473] flags: 0x200000000000000(node=0|zone=2) [ 27.149768] page_type: f5(slab) [ 27.149935] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.150288] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.150615] page dumped because: kasan: bad access detected [ 27.150889] [ 27.150995] Memory state around the buggy address: [ 27.151199] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.151552] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.151901] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.152198] ^ [ 27.152413] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.152634] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.152839] ================================================================== [ 26.987746] ================================================================== [ 26.988111] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.988393] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.988621] [ 26.988714] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.988787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.988804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.988828] Call Trace: [ 26.988844] <TASK> [ 26.988878] dump_stack_lvl+0x73/0xb0 [ 26.988914] print_report+0xd1/0x610 [ 26.988944] ? __virt_addr_valid+0x1db/0x2d0 [ 26.988975] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.989003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.989035] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.989065] kasan_report+0x141/0x180 [ 26.989094] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.989147] __asan_report_load4_noabort+0x18/0x20 [ 26.989178] kasan_atomics_helper+0x4a84/0x5450 [ 26.989208] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.989236] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.989268] ? kasan_atomics+0x152/0x310 [ 26.989304] kasan_atomics+0x1dc/0x310 [ 26.989333] ? __pfx_kasan_atomics+0x10/0x10 [ 26.989364] ? __pfx_read_tsc+0x10/0x10 [ 26.989392] ? ktime_get_ts64+0x86/0x230 [ 26.989424] kunit_try_run_case+0x1a5/0x480 [ 26.989454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989483] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.989514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.989553] ? __kthread_parkme+0x82/0x180 [ 26.989581] ? preempt_count_sub+0x50/0x80 [ 26.989613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.989696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.989728] kthread+0x337/0x6f0 [ 26.989754] ? trace_preempt_on+0x20/0xc0 [ 26.989785] ? __pfx_kthread+0x10/0x10 [ 26.989813] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.989843] ? calculate_sigpending+0x7b/0xa0 [ 26.989876] ? __pfx_kthread+0x10/0x10 [ 26.989905] ret_from_fork+0x116/0x1d0 [ 26.989931] ? __pfx_kthread+0x10/0x10 [ 26.989959] ret_from_fork_asm+0x1a/0x30 [ 26.990002] </TASK> [ 26.990016] [ 26.997458] Allocated by task 313: [ 26.997621] kasan_save_stack+0x45/0x70 [ 26.997844] kasan_save_track+0x18/0x40 [ 26.997997] kasan_save_alloc_info+0x3b/0x50 [ 26.998216] __kasan_kmalloc+0xb7/0xc0 [ 26.998424] __kmalloc_cache_noprof+0x189/0x420 [ 26.998628] kasan_atomics+0x95/0x310 [ 26.998834] kunit_try_run_case+0x1a5/0x480 [ 26.999035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.999245] kthread+0x337/0x6f0 [ 26.999430] ret_from_fork+0x116/0x1d0 [ 26.999652] ret_from_fork_asm+0x1a/0x30 [ 26.999803] [ 26.999897] The buggy address belongs to the object at ffff888105926b00 [ 26.999897] which belongs to the cache kmalloc-64 of size 64 [ 27.000412] The buggy address is located 0 bytes to the right of [ 27.000412] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.001010] [ 27.001106] The buggy address belongs to the physical page: [ 27.001315] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.001594] flags: 0x200000000000000(node=0|zone=2) [ 27.001858] page_type: f5(slab) [ 27.002043] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.002382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.002722] page dumped because: kasan: bad access detected [ 27.002970] [ 27.003061] Memory state around the buggy address: [ 27.003246] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.003514] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.003979] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.004350] ^ [ 27.004585] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.004899] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.005226] ================================================================== [ 27.504977] ================================================================== [ 27.505600] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 27.505963] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.506440] [ 27.506806] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.506885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.506902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.506929] Call Trace: [ 27.506946] <TASK> [ 27.506966] dump_stack_lvl+0x73/0xb0 [ 27.507002] print_report+0xd1/0x610 [ 27.507033] ? __virt_addr_valid+0x1db/0x2d0 [ 27.507063] ? kasan_atomics_helper+0x1818/0x5450 [ 27.507092] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.507125] ? kasan_atomics_helper+0x1818/0x5450 [ 27.507154] kasan_report+0x141/0x180 [ 27.507183] ? kasan_atomics_helper+0x1818/0x5450 [ 27.507219] kasan_check_range+0x10c/0x1c0 [ 27.507250] __kasan_check_write+0x18/0x20 [ 27.507280] kasan_atomics_helper+0x1818/0x5450 [ 27.507311] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.507342] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.507373] ? kasan_atomics+0x152/0x310 [ 27.507409] kasan_atomics+0x1dc/0x310 [ 27.507438] ? __pfx_kasan_atomics+0x10/0x10 [ 27.507469] ? __pfx_read_tsc+0x10/0x10 [ 27.507497] ? ktime_get_ts64+0x86/0x230 [ 27.507540] kunit_try_run_case+0x1a5/0x480 [ 27.507571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.507598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.507638] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.507668] ? __kthread_parkme+0x82/0x180 [ 27.507696] ? preempt_count_sub+0x50/0x80 [ 27.507728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.507759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.507792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.507825] kthread+0x337/0x6f0 [ 27.507852] ? trace_preempt_on+0x20/0xc0 [ 27.507882] ? __pfx_kthread+0x10/0x10 [ 27.507910] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.507942] ? calculate_sigpending+0x7b/0xa0 [ 27.507974] ? __pfx_kthread+0x10/0x10 [ 27.508003] ret_from_fork+0x116/0x1d0 [ 27.508028] ? __pfx_kthread+0x10/0x10 [ 27.508057] ret_from_fork_asm+0x1a/0x30 [ 27.508099] </TASK> [ 27.508112] [ 27.517120] Allocated by task 313: [ 27.517287] kasan_save_stack+0x45/0x70 [ 27.517485] kasan_save_track+0x18/0x40 [ 27.517690] kasan_save_alloc_info+0x3b/0x50 [ 27.517896] __kasan_kmalloc+0xb7/0xc0 [ 27.518086] __kmalloc_cache_noprof+0x189/0x420 [ 27.518292] kasan_atomics+0x95/0x310 [ 27.518512] kunit_try_run_case+0x1a5/0x480 [ 27.518747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.519016] kthread+0x337/0x6f0 [ 27.519184] ret_from_fork+0x116/0x1d0 [ 27.519388] ret_from_fork_asm+0x1a/0x30 [ 27.519538] [ 27.519640] The buggy address belongs to the object at ffff888105926b00 [ 27.519640] which belongs to the cache kmalloc-64 of size 64 [ 27.520188] The buggy address is located 0 bytes to the right of [ 27.520188] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.520749] [ 27.520827] The buggy address belongs to the physical page: [ 27.521072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.521390] flags: 0x200000000000000(node=0|zone=2) [ 27.521642] page_type: f5(slab) [ 27.521814] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.522142] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.522457] page dumped because: kasan: bad access detected [ 27.522718] [ 27.522890] Memory state around the buggy address: [ 27.523110] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.523409] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.523755] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.524018] ^ [ 27.524212] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.524526] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.524883] ================================================================== [ 26.645217] ================================================================== [ 26.645577] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 26.646024] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.646358] [ 26.646465] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.646522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.646549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.646574] Call Trace: [ 26.646604] <TASK> [ 26.646622] dump_stack_lvl+0x73/0xb0 [ 26.646656] print_report+0xd1/0x610 [ 26.646686] ? __virt_addr_valid+0x1db/0x2d0 [ 26.646716] ? kasan_atomics_helper+0x3df/0x5450 [ 26.646743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.646777] ? kasan_atomics_helper+0x3df/0x5450 [ 26.646806] kasan_report+0x141/0x180 [ 26.646836] ? kasan_atomics_helper+0x3df/0x5450 [ 26.646872] kasan_check_range+0x10c/0x1c0 [ 26.646903] __kasan_check_read+0x15/0x20 [ 26.646932] kasan_atomics_helper+0x3df/0x5450 [ 26.646962] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.646992] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.647025] ? kasan_atomics+0x152/0x310 [ 26.647060] kasan_atomics+0x1dc/0x310 [ 26.647090] ? __pfx_kasan_atomics+0x10/0x10 [ 26.647122] ? __pfx_read_tsc+0x10/0x10 [ 26.647148] ? ktime_get_ts64+0x86/0x230 [ 26.647181] kunit_try_run_case+0x1a5/0x480 [ 26.647211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.647240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.647270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.647300] ? __kthread_parkme+0x82/0x180 [ 26.647326] ? preempt_count_sub+0x50/0x80 [ 26.647358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.647389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.647422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.647455] kthread+0x337/0x6f0 [ 26.647482] ? trace_preempt_on+0x20/0xc0 [ 26.647511] ? __pfx_kthread+0x10/0x10 [ 26.647551] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.647582] ? calculate_sigpending+0x7b/0xa0 [ 26.647614] ? __pfx_kthread+0x10/0x10 [ 26.647642] ret_from_fork+0x116/0x1d0 [ 26.647668] ? __pfx_kthread+0x10/0x10 [ 26.647696] ret_from_fork_asm+0x1a/0x30 [ 26.647738] </TASK> [ 26.647752] [ 26.655829] Allocated by task 313: [ 26.656066] kasan_save_stack+0x45/0x70 [ 26.656272] kasan_save_track+0x18/0x40 [ 26.656467] kasan_save_alloc_info+0x3b/0x50 [ 26.656692] __kasan_kmalloc+0xb7/0xc0 [ 26.657001] __kmalloc_cache_noprof+0x189/0x420 [ 26.657177] kasan_atomics+0x95/0x310 [ 26.657369] kunit_try_run_case+0x1a5/0x480 [ 26.657628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.658046] kthread+0x337/0x6f0 [ 26.658224] ret_from_fork+0x116/0x1d0 [ 26.658426] ret_from_fork_asm+0x1a/0x30 [ 26.658734] [ 26.658842] The buggy address belongs to the object at ffff888105926b00 [ 26.658842] which belongs to the cache kmalloc-64 of size 64 [ 26.659266] The buggy address is located 0 bytes to the right of [ 26.659266] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.659730] [ 26.659824] The buggy address belongs to the physical page: [ 26.660075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.660424] flags: 0x200000000000000(node=0|zone=2) [ 26.660750] page_type: f5(slab) [ 26.660875] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.661160] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.661614] page dumped because: kasan: bad access detected [ 26.661893] [ 26.661991] Memory state around the buggy address: [ 26.662180] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.662486] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.662886] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.663210] ^ [ 26.663425] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.663901] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.664242] ================================================================== [ 27.350264] ================================================================== [ 27.350641] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 27.350964] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.351250] [ 27.351383] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.351436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.351451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.351476] Call Trace: [ 27.351504] <TASK> [ 27.351521] dump_stack_lvl+0x73/0xb0 [ 27.351573] print_report+0xd1/0x610 [ 27.351605] ? __virt_addr_valid+0x1db/0x2d0 [ 27.351645] ? kasan_atomics_helper+0x1467/0x5450 [ 27.351674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.351709] ? kasan_atomics_helper+0x1467/0x5450 [ 27.351739] kasan_report+0x141/0x180 [ 27.351769] ? kasan_atomics_helper+0x1467/0x5450 [ 27.351805] kasan_check_range+0x10c/0x1c0 [ 27.351836] __kasan_check_write+0x18/0x20 [ 27.351867] kasan_atomics_helper+0x1467/0x5450 [ 27.351897] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.351927] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.351959] ? kasan_atomics+0x152/0x310 [ 27.351994] kasan_atomics+0x1dc/0x310 [ 27.352033] ? __pfx_kasan_atomics+0x10/0x10 [ 27.352066] ? __pfx_read_tsc+0x10/0x10 [ 27.352104] ? ktime_get_ts64+0x86/0x230 [ 27.352137] kunit_try_run_case+0x1a5/0x480 [ 27.352168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.352225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.352255] ? __kthread_parkme+0x82/0x180 [ 27.352283] ? preempt_count_sub+0x50/0x80 [ 27.352314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.352379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.352412] kthread+0x337/0x6f0 [ 27.352439] ? trace_preempt_on+0x20/0xc0 [ 27.352469] ? __pfx_kthread+0x10/0x10 [ 27.352497] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.352545] ? calculate_sigpending+0x7b/0xa0 [ 27.352576] ? __pfx_kthread+0x10/0x10 [ 27.352617] ret_from_fork+0x116/0x1d0 [ 27.352651] ? __pfx_kthread+0x10/0x10 [ 27.352680] ret_from_fork_asm+0x1a/0x30 [ 27.352731] </TASK> [ 27.352745] [ 27.360467] Allocated by task 313: [ 27.360643] kasan_save_stack+0x45/0x70 [ 27.360863] kasan_save_track+0x18/0x40 [ 27.361057] kasan_save_alloc_info+0x3b/0x50 [ 27.361286] __kasan_kmalloc+0xb7/0xc0 [ 27.361424] __kmalloc_cache_noprof+0x189/0x420 [ 27.361595] kasan_atomics+0x95/0x310 [ 27.361783] kunit_try_run_case+0x1a5/0x480 [ 27.362097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.362332] kthread+0x337/0x6f0 [ 27.362455] ret_from_fork+0x116/0x1d0 [ 27.362609] ret_from_fork_asm+0x1a/0x30 [ 27.362999] [ 27.363102] The buggy address belongs to the object at ffff888105926b00 [ 27.363102] which belongs to the cache kmalloc-64 of size 64 [ 27.363584] The buggy address is located 0 bytes to the right of [ 27.363584] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.364081] [ 27.364165] The buggy address belongs to the physical page: [ 27.364398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.365608] flags: 0x200000000000000(node=0|zone=2) [ 27.365786] page_type: f5(slab) [ 27.366201] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.366754] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.367064] page dumped because: kasan: bad access detected [ 27.367298] [ 27.367388] Memory state around the buggy address: [ 27.367856] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.368476] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.368803] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.369095] ^ [ 27.369302] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.369597] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.369881] ================================================================== [ 27.005767] ================================================================== [ 27.006106] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 27.006487] Write of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.006731] [ 27.006817] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.006867] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.006883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.006908] Call Trace: [ 27.006927] <TASK> [ 27.006945] dump_stack_lvl+0x73/0xb0 [ 27.006979] print_report+0xd1/0x610 [ 27.007008] ? __virt_addr_valid+0x1db/0x2d0 [ 27.007037] ? kasan_atomics_helper+0xd47/0x5450 [ 27.007065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.007098] ? kasan_atomics_helper+0xd47/0x5450 [ 27.007126] kasan_report+0x141/0x180 [ 27.007155] ? kasan_atomics_helper+0xd47/0x5450 [ 27.007189] kasan_check_range+0x10c/0x1c0 [ 27.007220] __kasan_check_write+0x18/0x20 [ 27.007276] kasan_atomics_helper+0xd47/0x5450 [ 27.007309] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.007338] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.007369] ? kasan_atomics+0x152/0x310 [ 27.007404] kasan_atomics+0x1dc/0x310 [ 27.007433] ? __pfx_kasan_atomics+0x10/0x10 [ 27.007464] ? __pfx_read_tsc+0x10/0x10 [ 27.007493] ? ktime_get_ts64+0x86/0x230 [ 27.007524] kunit_try_run_case+0x1a5/0x480 [ 27.007566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.007594] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.007638] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.007668] ? __kthread_parkme+0x82/0x180 [ 27.007694] ? preempt_count_sub+0x50/0x80 [ 27.007726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.007757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.007790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.007824] kthread+0x337/0x6f0 [ 27.007849] ? trace_preempt_on+0x20/0xc0 [ 27.007880] ? __pfx_kthread+0x10/0x10 [ 27.007907] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.007939] ? calculate_sigpending+0x7b/0xa0 [ 27.007970] ? __pfx_kthread+0x10/0x10 [ 27.007999] ret_from_fork+0x116/0x1d0 [ 27.008025] ? __pfx_kthread+0x10/0x10 [ 27.008052] ret_from_fork_asm+0x1a/0x30 [ 27.008094] </TASK> [ 27.008107] [ 27.015693] Allocated by task 313: [ 27.015833] kasan_save_stack+0x45/0x70 [ 27.016058] kasan_save_track+0x18/0x40 [ 27.016233] kasan_save_alloc_info+0x3b/0x50 [ 27.016445] __kasan_kmalloc+0xb7/0xc0 [ 27.016659] __kmalloc_cache_noprof+0x189/0x420 [ 27.016880] kasan_atomics+0x95/0x310 [ 27.017060] kunit_try_run_case+0x1a5/0x480 [ 27.017294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.017563] kthread+0x337/0x6f0 [ 27.017744] ret_from_fork+0x116/0x1d0 [ 27.017929] ret_from_fork_asm+0x1a/0x30 [ 27.018148] [ 27.018217] The buggy address belongs to the object at ffff888105926b00 [ 27.018217] which belongs to the cache kmalloc-64 of size 64 [ 27.018763] The buggy address is located 0 bytes to the right of [ 27.018763] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.019276] [ 27.019379] The buggy address belongs to the physical page: [ 27.019611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.019951] flags: 0x200000000000000(node=0|zone=2) [ 27.020161] page_type: f5(slab) [ 27.020322] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.020685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.020971] page dumped because: kasan: bad access detected [ 27.021214] [ 27.021297] Memory state around the buggy address: [ 27.021448] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.021737] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.022065] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.022371] ^ [ 27.022619] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.022987] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.023416] ================================================================== [ 27.525337] ================================================================== [ 27.525867] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 27.526189] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.526544] [ 27.526656] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.526748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.526776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.526802] Call Trace: [ 27.526823] <TASK> [ 27.526840] dump_stack_lvl+0x73/0xb0 [ 27.526876] print_report+0xd1/0x610 [ 27.526905] ? __virt_addr_valid+0x1db/0x2d0 [ 27.526938] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.526966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.526999] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.527029] kasan_report+0x141/0x180 [ 27.527058] ? kasan_atomics_helper+0x18b1/0x5450 [ 27.527093] kasan_check_range+0x10c/0x1c0 [ 27.527125] __kasan_check_write+0x18/0x20 [ 27.527154] kasan_atomics_helper+0x18b1/0x5450 [ 27.527184] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.527212] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.527244] ? kasan_atomics+0x152/0x310 [ 27.527286] kasan_atomics+0x1dc/0x310 [ 27.527316] ? __pfx_kasan_atomics+0x10/0x10 [ 27.527348] ? __pfx_read_tsc+0x10/0x10 [ 27.527378] ? ktime_get_ts64+0x86/0x230 [ 27.527412] kunit_try_run_case+0x1a5/0x480 [ 27.527442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.527470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.527499] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.527540] ? __kthread_parkme+0x82/0x180 [ 27.527569] ? preempt_count_sub+0x50/0x80 [ 27.527600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.527638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.527672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.527725] kthread+0x337/0x6f0 [ 27.527753] ? trace_preempt_on+0x20/0xc0 [ 27.527797] ? __pfx_kthread+0x10/0x10 [ 27.527826] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.527858] ? calculate_sigpending+0x7b/0xa0 [ 27.527889] ? __pfx_kthread+0x10/0x10 [ 27.527920] ret_from_fork+0x116/0x1d0 [ 27.527946] ? __pfx_kthread+0x10/0x10 [ 27.527973] ret_from_fork_asm+0x1a/0x30 [ 27.528016] </TASK> [ 27.528029] [ 27.535602] Allocated by task 313: [ 27.535781] kasan_save_stack+0x45/0x70 [ 27.536003] kasan_save_track+0x18/0x40 [ 27.536182] kasan_save_alloc_info+0x3b/0x50 [ 27.536429] __kasan_kmalloc+0xb7/0xc0 [ 27.536701] __kmalloc_cache_noprof+0x189/0x420 [ 27.536935] kasan_atomics+0x95/0x310 [ 27.537130] kunit_try_run_case+0x1a5/0x480 [ 27.537329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.537504] kthread+0x337/0x6f0 [ 27.537683] ret_from_fork+0x116/0x1d0 [ 27.537879] ret_from_fork_asm+0x1a/0x30 [ 27.538103] [ 27.538214] The buggy address belongs to the object at ffff888105926b00 [ 27.538214] which belongs to the cache kmalloc-64 of size 64 [ 27.538918] The buggy address is located 0 bytes to the right of [ 27.538918] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.539305] [ 27.539372] The buggy address belongs to the physical page: [ 27.539639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.540151] flags: 0x200000000000000(node=0|zone=2) [ 27.540392] page_type: f5(slab) [ 27.540563] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.541010] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.541289] page dumped because: kasan: bad access detected [ 27.541575] [ 27.541698] Memory state around the buggy address: [ 27.541912] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.542160] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.542455] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.542795] ^ [ 27.543015] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543386] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.543777] ================================================================== [ 27.747982] ================================================================== [ 27.748688] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 27.749173] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.749655] [ 27.749828] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.749892] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.749908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.749933] Call Trace: [ 27.749950] <TASK> [ 27.749981] dump_stack_lvl+0x73/0xb0 [ 27.750016] print_report+0xd1/0x610 [ 27.750047] ? __virt_addr_valid+0x1db/0x2d0 [ 27.750087] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.750116] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.750160] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.750189] kasan_report+0x141/0x180 [ 27.750219] ? kasan_atomics_helper+0x1f43/0x5450 [ 27.750255] kasan_check_range+0x10c/0x1c0 [ 27.750286] __kasan_check_write+0x18/0x20 [ 27.750317] kasan_atomics_helper+0x1f43/0x5450 [ 27.750347] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.750376] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.750409] ? kasan_atomics+0x152/0x310 [ 27.750445] kasan_atomics+0x1dc/0x310 [ 27.750479] ? __pfx_kasan_atomics+0x10/0x10 [ 27.750510] ? __pfx_read_tsc+0x10/0x10 [ 27.750547] ? ktime_get_ts64+0x86/0x230 [ 27.750579] kunit_try_run_case+0x1a5/0x480 [ 27.750629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.750659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.750689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.750717] ? __kthread_parkme+0x82/0x180 [ 27.750745] ? preempt_count_sub+0x50/0x80 [ 27.750777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.750807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.750840] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.750874] kthread+0x337/0x6f0 [ 27.750901] ? trace_preempt_on+0x20/0xc0 [ 27.750932] ? __pfx_kthread+0x10/0x10 [ 27.750960] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.750991] ? calculate_sigpending+0x7b/0xa0 [ 27.751022] ? __pfx_kthread+0x10/0x10 [ 27.751051] ret_from_fork+0x116/0x1d0 [ 27.751076] ? __pfx_kthread+0x10/0x10 [ 27.751104] ret_from_fork_asm+0x1a/0x30 [ 27.751146] </TASK> [ 27.751159] [ 27.758367] Allocated by task 313: [ 27.758580] kasan_save_stack+0x45/0x70 [ 27.758799] kasan_save_track+0x18/0x40 [ 27.759023] kasan_save_alloc_info+0x3b/0x50 [ 27.759181] __kasan_kmalloc+0xb7/0xc0 [ 27.759317] __kmalloc_cache_noprof+0x189/0x420 [ 27.759475] kasan_atomics+0x95/0x310 [ 27.759675] kunit_try_run_case+0x1a5/0x480 [ 27.759915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.760204] kthread+0x337/0x6f0 [ 27.760396] ret_from_fork+0x116/0x1d0 [ 27.760643] ret_from_fork_asm+0x1a/0x30 [ 27.760877] [ 27.760974] The buggy address belongs to the object at ffff888105926b00 [ 27.760974] which belongs to the cache kmalloc-64 of size 64 [ 27.761536] The buggy address is located 0 bytes to the right of [ 27.761536] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.762087] [ 27.762184] The buggy address belongs to the physical page: [ 27.762458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.762839] flags: 0x200000000000000(node=0|zone=2) [ 27.763070] page_type: f5(slab) [ 27.763241] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.763551] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.763787] page dumped because: kasan: bad access detected [ 27.763959] [ 27.764027] Memory state around the buggy address: [ 27.764208] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.764553] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.764898] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.765212] ^ [ 27.765434] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.765789] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.766052] ================================================================== [ 27.818991] ================================================================== [ 27.819458] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 27.819831] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.820132] [ 27.820237] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.820289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.820304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.820330] Call Trace: [ 27.820345] <TASK> [ 27.820363] dump_stack_lvl+0x73/0xb0 [ 27.820396] print_report+0xd1/0x610 [ 27.820425] ? __virt_addr_valid+0x1db/0x2d0 [ 27.820455] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.820485] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.820519] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.820559] kasan_report+0x141/0x180 [ 27.820589] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.820644] kasan_check_range+0x10c/0x1c0 [ 27.820676] __kasan_check_write+0x18/0x20 [ 27.820707] kasan_atomics_helper+0x20c8/0x5450 [ 27.820737] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.820767] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.820801] ? kasan_atomics+0x152/0x310 [ 27.820835] kasan_atomics+0x1dc/0x310 [ 27.820865] ? __pfx_kasan_atomics+0x10/0x10 [ 27.820899] ? __pfx_read_tsc+0x10/0x10 [ 27.820928] ? ktime_get_ts64+0x86/0x230 [ 27.820960] kunit_try_run_case+0x1a5/0x480 [ 27.820991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.821020] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.821050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.821080] ? __kthread_parkme+0x82/0x180 [ 27.821108] ? preempt_count_sub+0x50/0x80 [ 27.821140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.821170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.821204] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.821238] kthread+0x337/0x6f0 [ 27.821265] ? trace_preempt_on+0x20/0xc0 [ 27.821296] ? __pfx_kthread+0x10/0x10 [ 27.821323] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.821354] ? calculate_sigpending+0x7b/0xa0 [ 27.821385] ? __pfx_kthread+0x10/0x10 [ 27.821414] ret_from_fork+0x116/0x1d0 [ 27.821439] ? __pfx_kthread+0x10/0x10 [ 27.821467] ret_from_fork_asm+0x1a/0x30 [ 27.821510] </TASK> [ 27.821523] [ 27.828347] Allocated by task 313: [ 27.828472] kasan_save_stack+0x45/0x70 [ 27.828703] kasan_save_track+0x18/0x40 [ 27.828900] kasan_save_alloc_info+0x3b/0x50 [ 27.829114] __kasan_kmalloc+0xb7/0xc0 [ 27.829302] __kmalloc_cache_noprof+0x189/0x420 [ 27.829524] kasan_atomics+0x95/0x310 [ 27.829749] kunit_try_run_case+0x1a5/0x480 [ 27.829965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.830219] kthread+0x337/0x6f0 [ 27.830391] ret_from_fork+0x116/0x1d0 [ 27.830621] ret_from_fork_asm+0x1a/0x30 [ 27.830825] [ 27.830918] The buggy address belongs to the object at ffff888105926b00 [ 27.830918] which belongs to the cache kmalloc-64 of size 64 [ 27.831334] The buggy address is located 0 bytes to the right of [ 27.831334] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.831730] [ 27.831801] The buggy address belongs to the physical page: [ 27.832018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.832377] flags: 0x200000000000000(node=0|zone=2) [ 27.832654] page_type: f5(slab) [ 27.832828] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.833170] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.833511] page dumped because: kasan: bad access detected [ 27.833795] [ 27.833889] Memory state around the buggy address: [ 27.834109] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.834331] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.834691] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.834986] ^ [ 27.835175] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.835458] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.835780] ================================================================== [ 27.153331] ================================================================== [ 27.153679] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 27.154012] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.154614] [ 27.154720] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.154772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.154787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.154811] Call Trace: [ 27.154828] <TASK> [ 27.154846] dump_stack_lvl+0x73/0xb0 [ 27.154880] print_report+0xd1/0x610 [ 27.154910] ? __virt_addr_valid+0x1db/0x2d0 [ 27.154942] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.154972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.155005] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.155034] kasan_report+0x141/0x180 [ 27.155064] ? kasan_atomics_helper+0x4a1c/0x5450 [ 27.155099] __asan_report_load4_noabort+0x18/0x20 [ 27.155131] kasan_atomics_helper+0x4a1c/0x5450 [ 27.155162] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.155235] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.155270] ? kasan_atomics+0x152/0x310 [ 27.155305] kasan_atomics+0x1dc/0x310 [ 27.155336] ? __pfx_kasan_atomics+0x10/0x10 [ 27.155401] ? __pfx_read_tsc+0x10/0x10 [ 27.155430] ? ktime_get_ts64+0x86/0x230 [ 27.155463] kunit_try_run_case+0x1a5/0x480 [ 27.155524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.155566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.155597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.155637] ? __kthread_parkme+0x82/0x180 [ 27.155664] ? preempt_count_sub+0x50/0x80 [ 27.155730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.155761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.155795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.155860] kthread+0x337/0x6f0 [ 27.155887] ? trace_preempt_on+0x20/0xc0 [ 27.155919] ? __pfx_kthread+0x10/0x10 [ 27.155948] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.156010] ? calculate_sigpending+0x7b/0xa0 [ 27.156043] ? __pfx_kthread+0x10/0x10 [ 27.156072] ret_from_fork+0x116/0x1d0 [ 27.156099] ? __pfx_kthread+0x10/0x10 [ 27.156159] ret_from_fork_asm+0x1a/0x30 [ 27.156203] </TASK> [ 27.156217] [ 27.166550] Allocated by task 313: [ 27.166849] kasan_save_stack+0x45/0x70 [ 27.167057] kasan_save_track+0x18/0x40 [ 27.167268] kasan_save_alloc_info+0x3b/0x50 [ 27.167482] __kasan_kmalloc+0xb7/0xc0 [ 27.167657] __kmalloc_cache_noprof+0x189/0x420 [ 27.167813] kasan_atomics+0x95/0x310 [ 27.167989] kunit_try_run_case+0x1a5/0x480 [ 27.168195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.168456] kthread+0x337/0x6f0 [ 27.168673] ret_from_fork+0x116/0x1d0 [ 27.168865] ret_from_fork_asm+0x1a/0x30 [ 27.169063] [ 27.169142] The buggy address belongs to the object at ffff888105926b00 [ 27.169142] which belongs to the cache kmalloc-64 of size 64 [ 27.169629] The buggy address is located 0 bytes to the right of [ 27.169629] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.170145] [ 27.170233] The buggy address belongs to the physical page: [ 27.170494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.171074] flags: 0x200000000000000(node=0|zone=2) [ 27.171316] page_type: f5(slab) [ 27.171489] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.171862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.172143] page dumped because: kasan: bad access detected [ 27.172310] [ 27.172385] Memory state around the buggy address: [ 27.172636] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.172990] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.173338] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.173676] ^ [ 27.173854] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.174153] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.174456] ================================================================== [ 27.582290] ================================================================== [ 27.582635] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 27.582975] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.583342] [ 27.583457] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.583509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.583524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.583558] Call Trace: [ 27.583573] <TASK> [ 27.583590] dump_stack_lvl+0x73/0xb0 [ 27.583625] print_report+0xd1/0x610 [ 27.583654] ? __virt_addr_valid+0x1db/0x2d0 [ 27.583685] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.583721] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.583754] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.583783] kasan_report+0x141/0x180 [ 27.583836] ? kasan_atomics_helper+0x1a7f/0x5450 [ 27.583885] kasan_check_range+0x10c/0x1c0 [ 27.583930] __kasan_check_write+0x18/0x20 [ 27.583972] kasan_atomics_helper+0x1a7f/0x5450 [ 27.584029] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.584072] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.584130] ? kasan_atomics+0x152/0x310 [ 27.584190] kasan_atomics+0x1dc/0x310 [ 27.584246] ? __pfx_kasan_atomics+0x10/0x10 [ 27.584291] ? __pfx_read_tsc+0x10/0x10 [ 27.584345] ? ktime_get_ts64+0x86/0x230 [ 27.584405] kunit_try_run_case+0x1a5/0x480 [ 27.584461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.584504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.584542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.584573] ? __kthread_parkme+0x82/0x180 [ 27.584600] ? preempt_count_sub+0x50/0x80 [ 27.584632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.584662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.584695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.584728] kthread+0x337/0x6f0 [ 27.584754] ? trace_preempt_on+0x20/0xc0 [ 27.584785] ? __pfx_kthread+0x10/0x10 [ 27.584814] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.584845] ? calculate_sigpending+0x7b/0xa0 [ 27.584878] ? __pfx_kthread+0x10/0x10 [ 27.584907] ret_from_fork+0x116/0x1d0 [ 27.584932] ? __pfx_kthread+0x10/0x10 [ 27.584960] ret_from_fork_asm+0x1a/0x30 [ 27.585003] </TASK> [ 27.585016] [ 27.592820] Allocated by task 313: [ 27.592979] kasan_save_stack+0x45/0x70 [ 27.593197] kasan_save_track+0x18/0x40 [ 27.593416] kasan_save_alloc_info+0x3b/0x50 [ 27.593733] __kasan_kmalloc+0xb7/0xc0 [ 27.593928] __kmalloc_cache_noprof+0x189/0x420 [ 27.594114] kasan_atomics+0x95/0x310 [ 27.594282] kunit_try_run_case+0x1a5/0x480 [ 27.594455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.594721] kthread+0x337/0x6f0 [ 27.594925] ret_from_fork+0x116/0x1d0 [ 27.595136] ret_from_fork_asm+0x1a/0x30 [ 27.595339] [ 27.595425] The buggy address belongs to the object at ffff888105926b00 [ 27.595425] which belongs to the cache kmalloc-64 of size 64 [ 27.596059] The buggy address is located 0 bytes to the right of [ 27.596059] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.596505] [ 27.596596] The buggy address belongs to the physical page: [ 27.596822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.597074] flags: 0x200000000000000(node=0|zone=2) [ 27.597232] page_type: f5(slab) [ 27.597351] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.597586] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.598086] page dumped because: kasan: bad access detected [ 27.598333] [ 27.598424] Memory state around the buggy address: [ 27.598745] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.599104] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.599350] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.599580] ^ [ 27.600063] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.600335] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.600609] ================================================================== [ 27.699279] ================================================================== [ 27.699685] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 27.699995] Write of size 8 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.700277] [ 27.700359] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.700411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.700427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.700452] Call Trace: [ 27.700469] <TASK> [ 27.700487] dump_stack_lvl+0x73/0xb0 [ 27.700521] print_report+0xd1/0x610 [ 27.700562] ? __virt_addr_valid+0x1db/0x2d0 [ 27.700592] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.700620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.700654] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.700684] kasan_report+0x141/0x180 [ 27.700715] ? kasan_atomics_helper+0x1e12/0x5450 [ 27.700750] kasan_check_range+0x10c/0x1c0 [ 27.700781] __kasan_check_write+0x18/0x20 [ 27.700811] kasan_atomics_helper+0x1e12/0x5450 [ 27.700841] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.700870] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.700901] ? kasan_atomics+0x152/0x310 [ 27.700936] kasan_atomics+0x1dc/0x310 [ 27.700965] ? __pfx_kasan_atomics+0x10/0x10 [ 27.700997] ? __pfx_read_tsc+0x10/0x10 [ 27.701025] ? ktime_get_ts64+0x86/0x230 [ 27.701057] kunit_try_run_case+0x1a5/0x480 [ 27.701086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.701115] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.701143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.701172] ? __kthread_parkme+0x82/0x180 [ 27.701200] ? preempt_count_sub+0x50/0x80 [ 27.701232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.701261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.701294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.701327] kthread+0x337/0x6f0 [ 27.701353] ? trace_preempt_on+0x20/0xc0 [ 27.701383] ? __pfx_kthread+0x10/0x10 [ 27.701411] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.701443] ? calculate_sigpending+0x7b/0xa0 [ 27.701473] ? __pfx_kthread+0x10/0x10 [ 27.701502] ret_from_fork+0x116/0x1d0 [ 27.701536] ? __pfx_kthread+0x10/0x10 [ 27.701565] ret_from_fork_asm+0x1a/0x30 [ 27.701606] </TASK> [ 27.701619] [ 27.708544] Allocated by task 313: [ 27.708670] kasan_save_stack+0x45/0x70 [ 27.708814] kasan_save_track+0x18/0x40 [ 27.708975] kasan_save_alloc_info+0x3b/0x50 [ 27.709190] __kasan_kmalloc+0xb7/0xc0 [ 27.709384] __kmalloc_cache_noprof+0x189/0x420 [ 27.709613] kasan_atomics+0x95/0x310 [ 27.709802] kunit_try_run_case+0x1a5/0x480 [ 27.710017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.710272] kthread+0x337/0x6f0 [ 27.710566] ret_from_fork+0x116/0x1d0 [ 27.710779] ret_from_fork_asm+0x1a/0x30 [ 27.710925] [ 27.710996] The buggy address belongs to the object at ffff888105926b00 [ 27.710996] which belongs to the cache kmalloc-64 of size 64 [ 27.711347] The buggy address is located 0 bytes to the right of [ 27.711347] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.712254] [ 27.712348] The buggy address belongs to the physical page: [ 27.712612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.712976] flags: 0x200000000000000(node=0|zone=2) [ 27.713176] page_type: f5(slab) [ 27.713316] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.713648] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.713948] page dumped because: kasan: bad access detected [ 27.714159] [ 27.714249] Memory state around the buggy address: [ 27.714441] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.714775] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.715057] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.715297] ^ [ 27.715452] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.715921] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.716205] ================================================================== [ 27.240449] ================================================================== [ 27.241093] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 27.241699] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 27.242134] [ 27.242347] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 27.242406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.242422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.242456] Call Trace: [ 27.242480] <TASK> [ 27.242498] dump_stack_lvl+0x73/0xb0 [ 27.242548] print_report+0xd1/0x610 [ 27.242579] ? __virt_addr_valid+0x1db/0x2d0 [ 27.242613] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.242644] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.242676] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.242707] kasan_report+0x141/0x180 [ 27.242736] ? kasan_atomics_helper+0x49e8/0x5450 [ 27.242771] __asan_report_load4_noabort+0x18/0x20 [ 27.242803] kasan_atomics_helper+0x49e8/0x5450 [ 27.242832] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.242862] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.242895] ? kasan_atomics+0x152/0x310 [ 27.242929] kasan_atomics+0x1dc/0x310 [ 27.242959] ? __pfx_kasan_atomics+0x10/0x10 [ 27.242990] ? __pfx_read_tsc+0x10/0x10 [ 27.243018] ? ktime_get_ts64+0x86/0x230 [ 27.243051] kunit_try_run_case+0x1a5/0x480 [ 27.243083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.243112] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.243143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.243174] ? __kthread_parkme+0x82/0x180 [ 27.243202] ? preempt_count_sub+0x50/0x80 [ 27.243235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.243266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.243299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.243333] kthread+0x337/0x6f0 [ 27.243360] ? trace_preempt_on+0x20/0xc0 [ 27.243390] ? __pfx_kthread+0x10/0x10 [ 27.243419] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.243451] ? calculate_sigpending+0x7b/0xa0 [ 27.243482] ? __pfx_kthread+0x10/0x10 [ 27.243512] ret_from_fork+0x116/0x1d0 [ 27.243651] ? __pfx_kthread+0x10/0x10 [ 27.243686] ret_from_fork_asm+0x1a/0x30 [ 27.243731] </TASK> [ 27.243746] [ 27.255233] Allocated by task 313: [ 27.255517] kasan_save_stack+0x45/0x70 [ 27.255918] kasan_save_track+0x18/0x40 [ 27.256216] kasan_save_alloc_info+0x3b/0x50 [ 27.256438] __kasan_kmalloc+0xb7/0xc0 [ 27.256661] __kmalloc_cache_noprof+0x189/0x420 [ 27.256885] kasan_atomics+0x95/0x310 [ 27.257062] kunit_try_run_case+0x1a5/0x480 [ 27.257259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.257485] kthread+0x337/0x6f0 [ 27.257981] ret_from_fork+0x116/0x1d0 [ 27.258292] ret_from_fork_asm+0x1a/0x30 [ 27.258614] [ 27.258838] The buggy address belongs to the object at ffff888105926b00 [ 27.258838] which belongs to the cache kmalloc-64 of size 64 [ 27.259702] The buggy address is located 0 bytes to the right of [ 27.259702] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 27.260520] [ 27.260635] The buggy address belongs to the physical page: [ 27.260879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 27.261210] flags: 0x200000000000000(node=0|zone=2) [ 27.261425] page_type: f5(slab) [ 27.261584] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.261896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.262201] page dumped because: kasan: bad access detected [ 27.262430] [ 27.262517] Memory state around the buggy address: [ 27.263212] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.263665] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.264158] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.264660] ^ [ 27.265081] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.265574] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.266066] ================================================================== [ 26.664713] ================================================================== [ 26.665054] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 26.665393] Read of size 4 at addr ffff888105926b30 by task kunit_try_catch/313 [ 26.665838] [ 26.665932] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.665997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.666014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.666039] Call Trace: [ 26.666067] <TASK> [ 26.666085] dump_stack_lvl+0x73/0xb0 [ 26.666120] print_report+0xd1/0x610 [ 26.666150] ? __virt_addr_valid+0x1db/0x2d0 [ 26.666181] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.666209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.666242] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.666271] kasan_report+0x141/0x180 [ 26.666301] ? kasan_atomics_helper+0x4b54/0x5450 [ 26.666344] __asan_report_load4_noabort+0x18/0x20 [ 26.666376] kasan_atomics_helper+0x4b54/0x5450 [ 26.666417] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.666447] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.666486] ? kasan_atomics+0x152/0x310 [ 26.666521] kasan_atomics+0x1dc/0x310 [ 26.666560] ? __pfx_kasan_atomics+0x10/0x10 [ 26.666591] ? __pfx_read_tsc+0x10/0x10 [ 26.666619] ? ktime_get_ts64+0x86/0x230 [ 26.666651] kunit_try_run_case+0x1a5/0x480 [ 26.666681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.666711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.666740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.666770] ? __kthread_parkme+0x82/0x180 [ 26.666798] ? preempt_count_sub+0x50/0x80 [ 26.666829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.666919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.666953] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.666988] kthread+0x337/0x6f0 [ 26.667014] ? trace_preempt_on+0x20/0xc0 [ 26.667045] ? __pfx_kthread+0x10/0x10 [ 26.667073] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.667104] ? calculate_sigpending+0x7b/0xa0 [ 26.667137] ? __pfx_kthread+0x10/0x10 [ 26.667166] ret_from_fork+0x116/0x1d0 [ 26.667191] ? __pfx_kthread+0x10/0x10 [ 26.667219] ret_from_fork_asm+0x1a/0x30 [ 26.667261] </TASK> [ 26.667275] [ 26.677995] Allocated by task 313: [ 26.678145] kasan_save_stack+0x45/0x70 [ 26.678303] kasan_save_track+0x18/0x40 [ 26.678444] kasan_save_alloc_info+0x3b/0x50 [ 26.678620] __kasan_kmalloc+0xb7/0xc0 [ 26.678758] __kmalloc_cache_noprof+0x189/0x420 [ 26.678920] kasan_atomics+0x95/0x310 [ 26.679056] kunit_try_run_case+0x1a5/0x480 [ 26.679205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.679389] kthread+0x337/0x6f0 [ 26.679513] ret_from_fork+0x116/0x1d0 [ 26.681437] ret_from_fork_asm+0x1a/0x30 [ 26.682047] [ 26.682557] The buggy address belongs to the object at ffff888105926b00 [ 26.682557] which belongs to the cache kmalloc-64 of size 64 [ 26.684047] The buggy address is located 0 bytes to the right of [ 26.684047] allocated 48-byte region [ffff888105926b00, ffff888105926b30) [ 26.684649] [ 26.684756] The buggy address belongs to the physical page: [ 26.685016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 26.685375] flags: 0x200000000000000(node=0|zone=2) [ 26.685715] page_type: f5(slab) [ 26.685875] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.686215] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.686572] page dumped because: kasan: bad access detected [ 26.686843] [ 26.687135] Memory state around the buggy address: [ 26.687378] ffff888105926a00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.687821] ffff888105926a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.688104] >ffff888105926b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.688418] ^ [ 26.688745] ffff888105926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.689013] ffff888105926c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.689363] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 26.373675] ================================================================== [ 26.373987] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.374367] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.374878] [ 26.375030] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.375102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.375117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.375142] Call Trace: [ 26.375156] <TASK> [ 26.375172] dump_stack_lvl+0x73/0xb0 [ 26.375204] print_report+0xd1/0x610 [ 26.375230] ? __virt_addr_valid+0x1db/0x2d0 [ 26.375258] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.375290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.375321] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.375380] kasan_report+0x141/0x180 [ 26.375407] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.375470] kasan_check_range+0x10c/0x1c0 [ 26.375509] __kasan_check_write+0x18/0x20 [ 26.375546] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 26.375580] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.375614] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.375644] ? trace_hardirqs_on+0x37/0xe0 [ 26.375670] ? kasan_bitops_generic+0x92/0x1c0 [ 26.375704] kasan_bitops_generic+0x121/0x1c0 [ 26.375732] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.375940] ? __pfx_read_tsc+0x10/0x10 [ 26.375967] ? ktime_get_ts64+0x86/0x230 [ 26.375998] kunit_try_run_case+0x1a5/0x480 [ 26.376027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.376053] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.376081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.376109] ? __kthread_parkme+0x82/0x180 [ 26.376134] ? preempt_count_sub+0x50/0x80 [ 26.376163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.376192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.376224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.376256] kthread+0x337/0x6f0 [ 26.376280] ? trace_preempt_on+0x20/0xc0 [ 26.376308] ? __pfx_kthread+0x10/0x10 [ 26.376333] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.376363] ? calculate_sigpending+0x7b/0xa0 [ 26.376392] ? __pfx_kthread+0x10/0x10 [ 26.376418] ret_from_fork+0x116/0x1d0 [ 26.376442] ? __pfx_kthread+0x10/0x10 [ 26.376467] ret_from_fork_asm+0x1a/0x30 [ 26.376507] </TASK> [ 26.376521] [ 26.386126] Allocated by task 309: [ 26.386293] kasan_save_stack+0x45/0x70 [ 26.386728] kasan_save_track+0x18/0x40 [ 26.386959] kasan_save_alloc_info+0x3b/0x50 [ 26.387199] __kasan_kmalloc+0xb7/0xc0 [ 26.387416] __kmalloc_cache_noprof+0x189/0x420 [ 26.387760] kasan_bitops_generic+0x92/0x1c0 [ 26.387925] kunit_try_run_case+0x1a5/0x480 [ 26.388076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.388289] kthread+0x337/0x6f0 [ 26.388511] ret_from_fork+0x116/0x1d0 [ 26.388721] ret_from_fork_asm+0x1a/0x30 [ 26.388926] [ 26.389020] The buggy address belongs to the object at ffff888104884680 [ 26.389020] which belongs to the cache kmalloc-16 of size 16 [ 26.390019] The buggy address is located 8 bytes inside of [ 26.390019] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.390562] [ 26.390687] The buggy address belongs to the physical page: [ 26.390957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.391423] flags: 0x200000000000000(node=0|zone=2) [ 26.391725] page_type: f5(slab) [ 26.391995] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.392499] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.392959] page dumped because: kasan: bad access detected [ 26.393235] [ 26.393314] Memory state around the buggy address: [ 26.393588] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.393831] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.394158] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.394439] ^ [ 26.394853] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.395102] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.395471] ================================================================== [ 26.328048] ================================================================== [ 26.328460] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.328967] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.329639] [ 26.329869] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.329942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.329957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.329983] Call Trace: [ 26.329999] <TASK> [ 26.330015] dump_stack_lvl+0x73/0xb0 [ 26.330050] print_report+0xd1/0x610 [ 26.330078] ? __virt_addr_valid+0x1db/0x2d0 [ 26.330137] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.330170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.330214] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.330247] kasan_report+0x141/0x180 [ 26.330275] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.330315] kasan_check_range+0x10c/0x1c0 [ 26.330343] __kasan_check_write+0x18/0x20 [ 26.330372] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 26.330406] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.330440] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.330473] ? trace_hardirqs_on+0x37/0xe0 [ 26.330500] ? kasan_bitops_generic+0x92/0x1c0 [ 26.330543] kasan_bitops_generic+0x121/0x1c0 [ 26.330571] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.330620] ? __pfx_read_tsc+0x10/0x10 [ 26.330645] ? ktime_get_ts64+0x86/0x230 [ 26.330675] kunit_try_run_case+0x1a5/0x480 [ 26.330704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.330730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.330758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.330786] ? __kthread_parkme+0x82/0x180 [ 26.330811] ? preempt_count_sub+0x50/0x80 [ 26.330841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.330869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.330901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.330934] kthread+0x337/0x6f0 [ 26.330957] ? trace_preempt_on+0x20/0xc0 [ 26.330985] ? __pfx_kthread+0x10/0x10 [ 26.331011] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.331040] ? calculate_sigpending+0x7b/0xa0 [ 26.331070] ? __pfx_kthread+0x10/0x10 [ 26.331097] ret_from_fork+0x116/0x1d0 [ 26.331119] ? __pfx_kthread+0x10/0x10 [ 26.331145] ret_from_fork_asm+0x1a/0x30 [ 26.331185] </TASK> [ 26.331198] [ 26.341404] Allocated by task 309: [ 26.341563] kasan_save_stack+0x45/0x70 [ 26.342031] kasan_save_track+0x18/0x40 [ 26.342241] kasan_save_alloc_info+0x3b/0x50 [ 26.342413] __kasan_kmalloc+0xb7/0xc0 [ 26.342600] __kmalloc_cache_noprof+0x189/0x420 [ 26.342857] kasan_bitops_generic+0x92/0x1c0 [ 26.343115] kunit_try_run_case+0x1a5/0x480 [ 26.343392] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.343775] kthread+0x337/0x6f0 [ 26.343902] ret_from_fork+0x116/0x1d0 [ 26.344040] ret_from_fork_asm+0x1a/0x30 [ 26.344275] [ 26.344577] The buggy address belongs to the object at ffff888104884680 [ 26.344577] which belongs to the cache kmalloc-16 of size 16 [ 26.345129] The buggy address is located 8 bytes inside of [ 26.345129] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.345694] [ 26.345801] The buggy address belongs to the physical page: [ 26.346047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.346297] flags: 0x200000000000000(node=0|zone=2) [ 26.346549] page_type: f5(slab) [ 26.346873] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.347252] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.347788] page dumped because: kasan: bad access detected [ 26.348082] [ 26.348156] Memory state around the buggy address: [ 26.348315] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.348809] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.349197] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.349634] ^ [ 26.349832] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.350086] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.350457] ================================================================== [ 26.503797] ================================================================== [ 26.504148] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.504517] Read of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.504875] [ 26.504992] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.505047] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.505063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.505088] Call Trace: [ 26.505107] <TASK> [ 26.505125] dump_stack_lvl+0x73/0xb0 [ 26.505155] print_report+0xd1/0x610 [ 26.505182] ? __virt_addr_valid+0x1db/0x2d0 [ 26.505209] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.505240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.505272] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.505305] kasan_report+0x141/0x180 [ 26.505332] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.505373] __asan_report_load8_noabort+0x18/0x20 [ 26.505402] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 26.505435] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.505470] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.505498] ? trace_hardirqs_on+0x37/0xe0 [ 26.506513] ? kasan_bitops_generic+0x92/0x1c0 [ 26.506654] kasan_bitops_generic+0x121/0x1c0 [ 26.506689] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.506721] ? __pfx_read_tsc+0x10/0x10 [ 26.506747] ? ktime_get_ts64+0x86/0x230 [ 26.506777] kunit_try_run_case+0x1a5/0x480 [ 26.506806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.506832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.506860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.506889] ? __kthread_parkme+0x82/0x180 [ 26.506914] ? preempt_count_sub+0x50/0x80 [ 26.506944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.506972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.507004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.507037] kthread+0x337/0x6f0 [ 26.507060] ? trace_preempt_on+0x20/0xc0 [ 26.507088] ? __pfx_kthread+0x10/0x10 [ 26.507113] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.507143] ? calculate_sigpending+0x7b/0xa0 [ 26.507172] ? __pfx_kthread+0x10/0x10 [ 26.507198] ret_from_fork+0x116/0x1d0 [ 26.507221] ? __pfx_kthread+0x10/0x10 [ 26.507247] ret_from_fork_asm+0x1a/0x30 [ 26.507287] </TASK> [ 26.507302] [ 26.518970] Allocated by task 309: [ 26.519237] kasan_save_stack+0x45/0x70 [ 26.519421] kasan_save_track+0x18/0x40 [ 26.519712] kasan_save_alloc_info+0x3b/0x50 [ 26.519919] __kasan_kmalloc+0xb7/0xc0 [ 26.520084] __kmalloc_cache_noprof+0x189/0x420 [ 26.520316] kasan_bitops_generic+0x92/0x1c0 [ 26.520493] kunit_try_run_case+0x1a5/0x480 [ 26.520781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.520998] kthread+0x337/0x6f0 [ 26.521163] ret_from_fork+0x116/0x1d0 [ 26.521358] ret_from_fork_asm+0x1a/0x30 [ 26.521512] [ 26.521818] The buggy address belongs to the object at ffff888104884680 [ 26.521818] which belongs to the cache kmalloc-16 of size 16 [ 26.522318] The buggy address is located 8 bytes inside of [ 26.522318] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.522900] [ 26.523003] The buggy address belongs to the physical page: [ 26.523224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.523652] flags: 0x200000000000000(node=0|zone=2) [ 26.523882] page_type: f5(slab) [ 26.524008] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.524360] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.524737] page dumped because: kasan: bad access detected [ 26.524966] [ 26.525057] Memory state around the buggy address: [ 26.525233] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.525523] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.526044] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.526352] ^ [ 26.526518] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.526928] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.527200] ================================================================== [ 26.482413] ================================================================== [ 26.483067] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.483474] Read of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.483882] [ 26.483985] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.484039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.484054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.484079] Call Trace: [ 26.484095] <TASK> [ 26.484111] dump_stack_lvl+0x73/0xb0 [ 26.484144] print_report+0xd1/0x610 [ 26.484172] ? __virt_addr_valid+0x1db/0x2d0 [ 26.484200] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.484233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.484265] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.484299] kasan_report+0x141/0x180 [ 26.484326] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.484366] kasan_check_range+0x10c/0x1c0 [ 26.484395] __kasan_check_read+0x15/0x20 [ 26.484422] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 26.484456] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.484492] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.484521] ? trace_hardirqs_on+0x37/0xe0 [ 26.484560] ? kasan_bitops_generic+0x92/0x1c0 [ 26.484642] kasan_bitops_generic+0x121/0x1c0 [ 26.484671] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.484702] ? __pfx_read_tsc+0x10/0x10 [ 26.484728] ? ktime_get_ts64+0x86/0x230 [ 26.484758] kunit_try_run_case+0x1a5/0x480 [ 26.484788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.484814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.484843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.484873] ? __kthread_parkme+0x82/0x180 [ 26.484899] ? preempt_count_sub+0x50/0x80 [ 26.484929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.484958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.484990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.485023] kthread+0x337/0x6f0 [ 26.485045] ? trace_preempt_on+0x20/0xc0 [ 26.485073] ? __pfx_kthread+0x10/0x10 [ 26.485099] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.485129] ? calculate_sigpending+0x7b/0xa0 [ 26.485159] ? __pfx_kthread+0x10/0x10 [ 26.485185] ret_from_fork+0x116/0x1d0 [ 26.485209] ? __pfx_kthread+0x10/0x10 [ 26.485235] ret_from_fork_asm+0x1a/0x30 [ 26.485276] </TASK> [ 26.485289] [ 26.493713] Allocated by task 309: [ 26.493905] kasan_save_stack+0x45/0x70 [ 26.494105] kasan_save_track+0x18/0x40 [ 26.494302] kasan_save_alloc_info+0x3b/0x50 [ 26.494535] __kasan_kmalloc+0xb7/0xc0 [ 26.494904] __kmalloc_cache_noprof+0x189/0x420 [ 26.495412] kasan_bitops_generic+0x92/0x1c0 [ 26.495816] kunit_try_run_case+0x1a5/0x480 [ 26.496014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.496245] kthread+0x337/0x6f0 [ 26.496403] ret_from_fork+0x116/0x1d0 [ 26.496556] ret_from_fork_asm+0x1a/0x30 [ 26.497025] [ 26.497121] The buggy address belongs to the object at ffff888104884680 [ 26.497121] which belongs to the cache kmalloc-16 of size 16 [ 26.497612] The buggy address is located 8 bytes inside of [ 26.497612] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.498107] [ 26.498187] The buggy address belongs to the physical page: [ 26.498420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.498816] flags: 0x200000000000000(node=0|zone=2) [ 26.499018] page_type: f5(slab) [ 26.499143] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.499384] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.499838] page dumped because: kasan: bad access detected [ 26.500096] [ 26.500188] Memory state around the buggy address: [ 26.500357] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.500757] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.501097] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.501435] ^ [ 26.501651] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.501982] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.502315] ================================================================== [ 26.419858] ================================================================== [ 26.421962] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.422276] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.422706] [ 26.422806] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.422903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.422920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.422947] Call Trace: [ 26.423023] <TASK> [ 26.423044] dump_stack_lvl+0x73/0xb0 [ 26.423079] print_report+0xd1/0x610 [ 26.423116] ? __virt_addr_valid+0x1db/0x2d0 [ 26.423145] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.423178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.423221] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.423254] kasan_report+0x141/0x180 [ 26.423281] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.423321] kasan_check_range+0x10c/0x1c0 [ 26.423350] __kasan_check_write+0x18/0x20 [ 26.423378] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 26.423411] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.423446] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.423473] ? trace_hardirqs_on+0x37/0xe0 [ 26.423500] ? kasan_bitops_generic+0x92/0x1c0 [ 26.423552] kasan_bitops_generic+0x121/0x1c0 [ 26.423579] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.423620] ? __pfx_read_tsc+0x10/0x10 [ 26.423648] ? ktime_get_ts64+0x86/0x230 [ 26.423677] kunit_try_run_case+0x1a5/0x480 [ 26.423724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.423806] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.423836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.423864] ? __kthread_parkme+0x82/0x180 [ 26.424422] ? preempt_count_sub+0x50/0x80 [ 26.424455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.424484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.424517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.424896] kthread+0x337/0x6f0 [ 26.424923] ? trace_preempt_on+0x20/0xc0 [ 26.424953] ? __pfx_kthread+0x10/0x10 [ 26.424979] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.425011] ? calculate_sigpending+0x7b/0xa0 [ 26.425040] ? __pfx_kthread+0x10/0x10 [ 26.425067] ret_from_fork+0x116/0x1d0 [ 26.425091] ? __pfx_kthread+0x10/0x10 [ 26.425116] ret_from_fork_asm+0x1a/0x30 [ 26.425156] </TASK> [ 26.425171] [ 26.433933] Allocated by task 309: [ 26.434116] kasan_save_stack+0x45/0x70 [ 26.434320] kasan_save_track+0x18/0x40 [ 26.434733] kasan_save_alloc_info+0x3b/0x50 [ 26.434917] __kasan_kmalloc+0xb7/0xc0 [ 26.435057] __kmalloc_cache_noprof+0x189/0x420 [ 26.435218] kasan_bitops_generic+0x92/0x1c0 [ 26.435420] kunit_try_run_case+0x1a5/0x480 [ 26.435777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.436054] kthread+0x337/0x6f0 [ 26.436225] ret_from_fork+0x116/0x1d0 [ 26.436376] ret_from_fork_asm+0x1a/0x30 [ 26.436565] [ 26.436706] The buggy address belongs to the object at ffff888104884680 [ 26.436706] which belongs to the cache kmalloc-16 of size 16 [ 26.437177] The buggy address is located 8 bytes inside of [ 26.437177] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.437777] [ 26.437869] The buggy address belongs to the physical page: [ 26.438061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.438312] flags: 0x200000000000000(node=0|zone=2) [ 26.438554] page_type: f5(slab) [ 26.438726] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.439255] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.439614] page dumped because: kasan: bad access detected [ 26.439825] [ 26.439895] Memory state around the buggy address: [ 26.440054] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.440334] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.440619] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.440892] ^ [ 26.441048] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.441320] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.442477] ================================================================== [ 26.443330] ================================================================== [ 26.443726] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.444111] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.444398] [ 26.444500] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.444567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.444582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.444607] Call Trace: [ 26.444622] <TASK> [ 26.444638] dump_stack_lvl+0x73/0xb0 [ 26.444670] print_report+0xd1/0x610 [ 26.444696] ? __virt_addr_valid+0x1db/0x2d0 [ 26.444724] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.444756] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.444788] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.444823] kasan_report+0x141/0x180 [ 26.444849] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.444956] kasan_check_range+0x10c/0x1c0 [ 26.444987] __kasan_check_write+0x18/0x20 [ 26.445016] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 26.445051] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.445086] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.445115] ? trace_hardirqs_on+0x37/0xe0 [ 26.445140] ? kasan_bitops_generic+0x92/0x1c0 [ 26.445175] kasan_bitops_generic+0x121/0x1c0 [ 26.445202] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.445234] ? __pfx_read_tsc+0x10/0x10 [ 26.445258] ? ktime_get_ts64+0x86/0x230 [ 26.445288] kunit_try_run_case+0x1a5/0x480 [ 26.445316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.445342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.445369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.445397] ? __kthread_parkme+0x82/0x180 [ 26.445422] ? preempt_count_sub+0x50/0x80 [ 26.445452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.445481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.445513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.445559] kthread+0x337/0x6f0 [ 26.445583] ? trace_preempt_on+0x20/0xc0 [ 26.445762] ? __pfx_kthread+0x10/0x10 [ 26.445789] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.445818] ? calculate_sigpending+0x7b/0xa0 [ 26.445848] ? __pfx_kthread+0x10/0x10 [ 26.445876] ret_from_fork+0x116/0x1d0 [ 26.445899] ? __pfx_kthread+0x10/0x10 [ 26.445925] ret_from_fork_asm+0x1a/0x30 [ 26.445966] </TASK> [ 26.445979] [ 26.454319] Allocated by task 309: [ 26.454458] kasan_save_stack+0x45/0x70 [ 26.454885] kasan_save_track+0x18/0x40 [ 26.455072] kasan_save_alloc_info+0x3b/0x50 [ 26.455262] __kasan_kmalloc+0xb7/0xc0 [ 26.455448] __kmalloc_cache_noprof+0x189/0x420 [ 26.455750] kasan_bitops_generic+0x92/0x1c0 [ 26.455973] kunit_try_run_case+0x1a5/0x480 [ 26.456175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.456412] kthread+0x337/0x6f0 [ 26.456548] ret_from_fork+0x116/0x1d0 [ 26.456686] ret_from_fork_asm+0x1a/0x30 [ 26.456828] [ 26.456901] The buggy address belongs to the object at ffff888104884680 [ 26.456901] which belongs to the cache kmalloc-16 of size 16 [ 26.457480] The buggy address is located 8 bytes inside of [ 26.457480] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.457888] [ 26.457958] The buggy address belongs to the physical page: [ 26.458136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.458398] flags: 0x200000000000000(node=0|zone=2) [ 26.458731] page_type: f5(slab) [ 26.458904] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.459257] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.459609] page dumped because: kasan: bad access detected [ 26.459869] [ 26.460019] Memory state around the buggy address: [ 26.460253] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.460697] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.460970] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.461290] ^ [ 26.461456] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.461957] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.462185] ================================================================== [ 26.396076] ================================================================== [ 26.396426] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.396943] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.397265] [ 26.397434] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.397490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.397506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.397542] Call Trace: [ 26.397557] <TASK> [ 26.397574] dump_stack_lvl+0x73/0xb0 [ 26.397621] print_report+0xd1/0x610 [ 26.397647] ? __virt_addr_valid+0x1db/0x2d0 [ 26.397675] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.397803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.397837] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.397872] kasan_report+0x141/0x180 [ 26.397899] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.397971] kasan_check_range+0x10c/0x1c0 [ 26.398001] __kasan_check_write+0x18/0x20 [ 26.398039] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 26.398074] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.398108] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.398137] ? trace_hardirqs_on+0x37/0xe0 [ 26.398163] ? kasan_bitops_generic+0x92/0x1c0 [ 26.398226] kasan_bitops_generic+0x121/0x1c0 [ 26.398256] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.398308] ? __pfx_read_tsc+0x10/0x10 [ 26.398334] ? ktime_get_ts64+0x86/0x230 [ 26.398363] kunit_try_run_case+0x1a5/0x480 [ 26.398392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.398418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.398446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.398477] ? __kthread_parkme+0x82/0x180 [ 26.398502] ? preempt_count_sub+0x50/0x80 [ 26.398541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.398569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.398737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.398771] kthread+0x337/0x6f0 [ 26.398795] ? trace_preempt_on+0x20/0xc0 [ 26.398824] ? __pfx_kthread+0x10/0x10 [ 26.398849] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.398878] ? calculate_sigpending+0x7b/0xa0 [ 26.398908] ? __pfx_kthread+0x10/0x10 [ 26.398935] ret_from_fork+0x116/0x1d0 [ 26.398959] ? __pfx_kthread+0x10/0x10 [ 26.398984] ret_from_fork_asm+0x1a/0x30 [ 26.399024] </TASK> [ 26.399038] [ 26.408652] Allocated by task 309: [ 26.408956] kasan_save_stack+0x45/0x70 [ 26.409275] kasan_save_track+0x18/0x40 [ 26.409456] kasan_save_alloc_info+0x3b/0x50 [ 26.409794] __kasan_kmalloc+0xb7/0xc0 [ 26.410057] __kmalloc_cache_noprof+0x189/0x420 [ 26.410222] kasan_bitops_generic+0x92/0x1c0 [ 26.410378] kunit_try_run_case+0x1a5/0x480 [ 26.410673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.410999] kthread+0x337/0x6f0 [ 26.411177] ret_from_fork+0x116/0x1d0 [ 26.411345] ret_from_fork_asm+0x1a/0x30 [ 26.411628] [ 26.411725] The buggy address belongs to the object at ffff888104884680 [ 26.411725] which belongs to the cache kmalloc-16 of size 16 [ 26.412487] The buggy address is located 8 bytes inside of [ 26.412487] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.413019] [ 26.413093] The buggy address belongs to the physical page: [ 26.413477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.414115] flags: 0x200000000000000(node=0|zone=2) [ 26.414303] page_type: f5(slab) [ 26.414429] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.416401] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.416919] page dumped because: kasan: bad access detected [ 26.417198] [ 26.417299] Memory state around the buggy address: [ 26.417493] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.417743] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.417966] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.418322] ^ [ 26.418490] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.418816] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.419063] ================================================================== [ 26.351099] ================================================================== [ 26.351455] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.352061] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.352409] [ 26.352522] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.352591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.352606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.352630] Call Trace: [ 26.352649] <TASK> [ 26.352771] dump_stack_lvl+0x73/0xb0 [ 26.352837] print_report+0xd1/0x610 [ 26.352865] ? __virt_addr_valid+0x1db/0x2d0 [ 26.352902] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.352935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.352966] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.352999] kasan_report+0x141/0x180 [ 26.353027] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.353068] kasan_check_range+0x10c/0x1c0 [ 26.353097] __kasan_check_write+0x18/0x20 [ 26.353125] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 26.353159] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.353225] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.353277] ? trace_hardirqs_on+0x37/0xe0 [ 26.353304] ? kasan_bitops_generic+0x92/0x1c0 [ 26.353339] kasan_bitops_generic+0x121/0x1c0 [ 26.353367] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.353398] ? __pfx_read_tsc+0x10/0x10 [ 26.353423] ? ktime_get_ts64+0x86/0x230 [ 26.353454] kunit_try_run_case+0x1a5/0x480 [ 26.353482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.353508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.353544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.353572] ? __kthread_parkme+0x82/0x180 [ 26.353638] ? preempt_count_sub+0x50/0x80 [ 26.353669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.353698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.353730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.353763] kthread+0x337/0x6f0 [ 26.353785] ? trace_preempt_on+0x20/0xc0 [ 26.353814] ? __pfx_kthread+0x10/0x10 [ 26.353840] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.353869] ? calculate_sigpending+0x7b/0xa0 [ 26.353898] ? __pfx_kthread+0x10/0x10 [ 26.353925] ret_from_fork+0x116/0x1d0 [ 26.353948] ? __pfx_kthread+0x10/0x10 [ 26.353973] ret_from_fork_asm+0x1a/0x30 [ 26.354014] </TASK> [ 26.354027] [ 26.364086] Allocated by task 309: [ 26.364222] kasan_save_stack+0x45/0x70 [ 26.364427] kasan_save_track+0x18/0x40 [ 26.364864] kasan_save_alloc_info+0x3b/0x50 [ 26.365085] __kasan_kmalloc+0xb7/0xc0 [ 26.365346] __kmalloc_cache_noprof+0x189/0x420 [ 26.365513] kasan_bitops_generic+0x92/0x1c0 [ 26.365678] kunit_try_run_case+0x1a5/0x480 [ 26.365889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.366272] kthread+0x337/0x6f0 [ 26.366610] ret_from_fork+0x116/0x1d0 [ 26.366809] ret_from_fork_asm+0x1a/0x30 [ 26.367008] [ 26.367205] The buggy address belongs to the object at ffff888104884680 [ 26.367205] which belongs to the cache kmalloc-16 of size 16 [ 26.367772] The buggy address is located 8 bytes inside of [ 26.367772] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.368278] [ 26.368425] The buggy address belongs to the physical page: [ 26.368623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.369182] flags: 0x200000000000000(node=0|zone=2) [ 26.369375] page_type: f5(slab) [ 26.369558] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.370106] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.370451] page dumped because: kasan: bad access detected [ 26.370865] [ 26.370959] Memory state around the buggy address: [ 26.371158] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.371459] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.371864] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.372182] ^ [ 26.372352] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.372883] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.373245] ================================================================== [ 26.462711] ================================================================== [ 26.463033] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.463314] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.463735] [ 26.463852] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.463908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.463923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.463949] Call Trace: [ 26.463964] <TASK> [ 26.463980] dump_stack_lvl+0x73/0xb0 [ 26.464010] print_report+0xd1/0x610 [ 26.464037] ? __virt_addr_valid+0x1db/0x2d0 [ 26.464064] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.464097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.464128] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.464162] kasan_report+0x141/0x180 [ 26.464189] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.464229] kasan_check_range+0x10c/0x1c0 [ 26.464257] __kasan_check_write+0x18/0x20 [ 26.464285] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 26.464320] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 26.464353] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.464382] ? trace_hardirqs_on+0x37/0xe0 [ 26.464408] ? kasan_bitops_generic+0x92/0x1c0 [ 26.464442] kasan_bitops_generic+0x121/0x1c0 [ 26.464470] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.464502] ? __pfx_read_tsc+0x10/0x10 [ 26.464539] ? ktime_get_ts64+0x86/0x230 [ 26.464570] kunit_try_run_case+0x1a5/0x480 [ 26.464774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.464802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.464830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.464859] ? __kthread_parkme+0x82/0x180 [ 26.464884] ? preempt_count_sub+0x50/0x80 [ 26.464914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.464942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.464975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.465008] kthread+0x337/0x6f0 [ 26.465031] ? trace_preempt_on+0x20/0xc0 [ 26.465059] ? __pfx_kthread+0x10/0x10 [ 26.465085] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.465114] ? calculate_sigpending+0x7b/0xa0 [ 26.465143] ? __pfx_kthread+0x10/0x10 [ 26.465170] ret_from_fork+0x116/0x1d0 [ 26.465192] ? __pfx_kthread+0x10/0x10 [ 26.465218] ret_from_fork_asm+0x1a/0x30 [ 26.465258] </TASK> [ 26.465271] [ 26.473839] Allocated by task 309: [ 26.474023] kasan_save_stack+0x45/0x70 [ 26.474229] kasan_save_track+0x18/0x40 [ 26.474424] kasan_save_alloc_info+0x3b/0x50 [ 26.474750] __kasan_kmalloc+0xb7/0xc0 [ 26.474905] __kmalloc_cache_noprof+0x189/0x420 [ 26.475131] kasan_bitops_generic+0x92/0x1c0 [ 26.475286] kunit_try_run_case+0x1a5/0x480 [ 26.475497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.475867] kthread+0x337/0x6f0 [ 26.476013] ret_from_fork+0x116/0x1d0 [ 26.476190] ret_from_fork_asm+0x1a/0x30 [ 26.476375] [ 26.476466] The buggy address belongs to the object at ffff888104884680 [ 26.476466] which belongs to the cache kmalloc-16 of size 16 [ 26.477008] The buggy address is located 8 bytes inside of [ 26.477008] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.477509] [ 26.477887] The buggy address belongs to the physical page: [ 26.478124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.478399] flags: 0x200000000000000(node=0|zone=2) [ 26.478742] page_type: f5(slab) [ 26.479027] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.479269] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.479502] page dumped because: kasan: bad access detected [ 26.479704] [ 26.479798] Memory state around the buggy address: [ 26.480073] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.480405] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.480738] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.481145] ^ [ 26.481323] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.481604] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.482066] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 26.106107] ================================================================== [ 26.106509] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.107020] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.107266] [ 26.107357] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.107416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.107432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.107458] Call Trace: [ 26.107475] <TASK> [ 26.107494] dump_stack_lvl+0x73/0xb0 [ 26.107939] print_report+0xd1/0x610 [ 26.107983] ? __virt_addr_valid+0x1db/0x2d0 [ 26.108014] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.108046] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.108249] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.108284] kasan_report+0x141/0x180 [ 26.108313] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.108352] kasan_check_range+0x10c/0x1c0 [ 26.108382] __kasan_check_write+0x18/0x20 [ 26.108410] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 26.108441] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.108474] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.108504] ? trace_hardirqs_on+0x37/0xe0 [ 26.108544] ? kasan_bitops_generic+0x92/0x1c0 [ 26.108644] kasan_bitops_generic+0x116/0x1c0 [ 26.108673] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.108705] ? __pfx_read_tsc+0x10/0x10 [ 26.108730] ? ktime_get_ts64+0x86/0x230 [ 26.108759] kunit_try_run_case+0x1a5/0x480 [ 26.108788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.108813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.108839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.108868] ? __kthread_parkme+0x82/0x180 [ 26.108892] ? preempt_count_sub+0x50/0x80 [ 26.108922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.108950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.108983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.109015] kthread+0x337/0x6f0 [ 26.109038] ? trace_preempt_on+0x20/0xc0 [ 26.109065] ? __pfx_kthread+0x10/0x10 [ 26.109090] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.109119] ? calculate_sigpending+0x7b/0xa0 [ 26.109148] ? __pfx_kthread+0x10/0x10 [ 26.109174] ret_from_fork+0x116/0x1d0 [ 26.109197] ? __pfx_kthread+0x10/0x10 [ 26.109222] ret_from_fork_asm+0x1a/0x30 [ 26.109262] </TASK> [ 26.109275] [ 26.126493] Allocated by task 309: [ 26.126856] kasan_save_stack+0x45/0x70 [ 26.127360] kasan_save_track+0x18/0x40 [ 26.127512] kasan_save_alloc_info+0x3b/0x50 [ 26.128193] __kasan_kmalloc+0xb7/0xc0 [ 26.128777] __kmalloc_cache_noprof+0x189/0x420 [ 26.129328] kasan_bitops_generic+0x92/0x1c0 [ 26.129500] kunit_try_run_case+0x1a5/0x480 [ 26.129667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.130090] kthread+0x337/0x6f0 [ 26.130472] ret_from_fork+0x116/0x1d0 [ 26.130914] ret_from_fork_asm+0x1a/0x30 [ 26.131372] [ 26.131541] The buggy address belongs to the object at ffff888104884680 [ 26.131541] which belongs to the cache kmalloc-16 of size 16 [ 26.132821] The buggy address is located 8 bytes inside of [ 26.132821] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.133201] [ 26.133274] The buggy address belongs to the physical page: [ 26.133454] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.133843] flags: 0x200000000000000(node=0|zone=2) [ 26.134012] page_type: f5(slab) [ 26.134259] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.135016] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.135251] page dumped because: kasan: bad access detected [ 26.135479] [ 26.135568] Memory state around the buggy address: [ 26.135892] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.136361] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.136879] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.137169] ^ [ 26.137304] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.137790] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.138152] ================================================================== [ 26.248481] ================================================================== [ 26.249720] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.250719] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.251260] [ 26.251453] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.251513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.251541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.251566] Call Trace: [ 26.251586] <TASK> [ 26.251606] dump_stack_lvl+0x73/0xb0 [ 26.251651] print_report+0xd1/0x610 [ 26.251678] ? __virt_addr_valid+0x1db/0x2d0 [ 26.251746] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.251805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.251851] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.251883] kasan_report+0x141/0x180 [ 26.251911] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.251949] kasan_check_range+0x10c/0x1c0 [ 26.251980] __kasan_check_write+0x18/0x20 [ 26.252007] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 26.252039] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.252071] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.252111] ? trace_hardirqs_on+0x37/0xe0 [ 26.252138] ? kasan_bitops_generic+0x92/0x1c0 [ 26.252192] kasan_bitops_generic+0x116/0x1c0 [ 26.252221] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.252251] ? __pfx_read_tsc+0x10/0x10 [ 26.252277] ? ktime_get_ts64+0x86/0x230 [ 26.252306] kunit_try_run_case+0x1a5/0x480 [ 26.252334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.252359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.252387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.252415] ? __kthread_parkme+0x82/0x180 [ 26.252439] ? preempt_count_sub+0x50/0x80 [ 26.252468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.252497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.252538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.252569] kthread+0x337/0x6f0 [ 26.252608] ? trace_preempt_on+0x20/0xc0 [ 26.252635] ? __pfx_kthread+0x10/0x10 [ 26.252660] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.252689] ? calculate_sigpending+0x7b/0xa0 [ 26.252718] ? __pfx_kthread+0x10/0x10 [ 26.252745] ret_from_fork+0x116/0x1d0 [ 26.252767] ? __pfx_kthread+0x10/0x10 [ 26.252793] ret_from_fork_asm+0x1a/0x30 [ 26.252832] </TASK> [ 26.252846] [ 26.269212] Allocated by task 309: [ 26.269349] kasan_save_stack+0x45/0x70 [ 26.269505] kasan_save_track+0x18/0x40 [ 26.270062] kasan_save_alloc_info+0x3b/0x50 [ 26.270640] __kasan_kmalloc+0xb7/0xc0 [ 26.271130] __kmalloc_cache_noprof+0x189/0x420 [ 26.271645] kasan_bitops_generic+0x92/0x1c0 [ 26.272075] kunit_try_run_case+0x1a5/0x480 [ 26.272488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.273203] kthread+0x337/0x6f0 [ 26.273387] ret_from_fork+0x116/0x1d0 [ 26.273540] ret_from_fork_asm+0x1a/0x30 [ 26.274049] [ 26.274212] The buggy address belongs to the object at ffff888104884680 [ 26.274212] which belongs to the cache kmalloc-16 of size 16 [ 26.275379] The buggy address is located 8 bytes inside of [ 26.275379] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.276338] [ 26.276550] The buggy address belongs to the physical page: [ 26.277064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.277331] flags: 0x200000000000000(node=0|zone=2) [ 26.277503] page_type: f5(slab) [ 26.277884] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.278754] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.279514] page dumped because: kasan: bad access detected [ 26.280108] [ 26.280270] Memory state around the buggy address: [ 26.280954] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.281477] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.282138] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.282477] ^ [ 26.282737] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.283417] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284151] ================================================================== [ 26.284925] ================================================================== [ 26.285157] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.285411] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.285666] [ 26.285899] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.286010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.286028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.286053] Call Trace: [ 26.286069] <TASK> [ 26.286085] dump_stack_lvl+0x73/0xb0 [ 26.286118] print_report+0xd1/0x610 [ 26.286145] ? __virt_addr_valid+0x1db/0x2d0 [ 26.286172] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.286204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.286235] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.286266] kasan_report+0x141/0x180 [ 26.286292] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.286330] kasan_check_range+0x10c/0x1c0 [ 26.286359] __kasan_check_write+0x18/0x20 [ 26.286385] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 26.286417] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.286449] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.286481] ? trace_hardirqs_on+0x37/0xe0 [ 26.286507] ? kasan_bitops_generic+0x92/0x1c0 [ 26.286554] kasan_bitops_generic+0x116/0x1c0 [ 26.286653] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.286729] ? __pfx_read_tsc+0x10/0x10 [ 26.286754] ? ktime_get_ts64+0x86/0x230 [ 26.286784] kunit_try_run_case+0x1a5/0x480 [ 26.286813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.286838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.286866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.286894] ? __kthread_parkme+0x82/0x180 [ 26.286919] ? preempt_count_sub+0x50/0x80 [ 26.286949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.286978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.287009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.287041] kthread+0x337/0x6f0 [ 26.287065] ? trace_preempt_on+0x20/0xc0 [ 26.287091] ? __pfx_kthread+0x10/0x10 [ 26.287117] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.287146] ? calculate_sigpending+0x7b/0xa0 [ 26.287175] ? __pfx_kthread+0x10/0x10 [ 26.287201] ret_from_fork+0x116/0x1d0 [ 26.287223] ? __pfx_kthread+0x10/0x10 [ 26.287249] ret_from_fork_asm+0x1a/0x30 [ 26.287288] </TASK> [ 26.287303] [ 26.295991] Allocated by task 309: [ 26.296118] kasan_save_stack+0x45/0x70 [ 26.296261] kasan_save_track+0x18/0x40 [ 26.296399] kasan_save_alloc_info+0x3b/0x50 [ 26.296638] __kasan_kmalloc+0xb7/0xc0 [ 26.296950] __kmalloc_cache_noprof+0x189/0x420 [ 26.297182] kasan_bitops_generic+0x92/0x1c0 [ 26.297398] kunit_try_run_case+0x1a5/0x480 [ 26.297659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.298118] kthread+0x337/0x6f0 [ 26.298276] ret_from_fork+0x116/0x1d0 [ 26.298461] ret_from_fork_asm+0x1a/0x30 [ 26.298757] [ 26.298903] The buggy address belongs to the object at ffff888104884680 [ 26.298903] which belongs to the cache kmalloc-16 of size 16 [ 26.299321] The buggy address is located 8 bytes inside of [ 26.299321] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.300200] [ 26.300478] The buggy address belongs to the physical page: [ 26.300704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.301339] flags: 0x200000000000000(node=0|zone=2) [ 26.301537] page_type: f5(slab) [ 26.301846] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.302297] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.302629] page dumped because: kasan: bad access detected [ 26.302804] [ 26.302873] Memory state around the buggy address: [ 26.303203] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.303545] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.304152] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.304442] ^ [ 26.304662] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305010] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305385] ================================================================== [ 26.139057] ================================================================== [ 26.139421] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.139772] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.140275] [ 26.140386] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.140443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.140459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.140486] Call Trace: [ 26.140500] <TASK> [ 26.140518] dump_stack_lvl+0x73/0xb0 [ 26.140562] print_report+0xd1/0x610 [ 26.140893] ? __virt_addr_valid+0x1db/0x2d0 [ 26.140925] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.141011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.141044] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.141076] kasan_report+0x141/0x180 [ 26.141114] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.141152] kasan_check_range+0x10c/0x1c0 [ 26.141192] __kasan_check_write+0x18/0x20 [ 26.141220] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 26.141251] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.141285] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.141314] ? trace_hardirqs_on+0x37/0xe0 [ 26.141340] ? kasan_bitops_generic+0x92/0x1c0 [ 26.141374] kasan_bitops_generic+0x116/0x1c0 [ 26.141403] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.141434] ? __pfx_read_tsc+0x10/0x10 [ 26.141460] ? ktime_get_ts64+0x86/0x230 [ 26.141490] kunit_try_run_case+0x1a5/0x480 [ 26.141518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.141554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.141647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.141678] ? __kthread_parkme+0x82/0x180 [ 26.141703] ? preempt_count_sub+0x50/0x80 [ 26.141732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.141761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.141792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.141824] kthread+0x337/0x6f0 [ 26.141848] ? trace_preempt_on+0x20/0xc0 [ 26.141876] ? __pfx_kthread+0x10/0x10 [ 26.141900] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.141930] ? calculate_sigpending+0x7b/0xa0 [ 26.141958] ? __pfx_kthread+0x10/0x10 [ 26.141985] ret_from_fork+0x116/0x1d0 [ 26.142007] ? __pfx_kthread+0x10/0x10 [ 26.142033] ret_from_fork_asm+0x1a/0x30 [ 26.142074] </TASK> [ 26.142087] [ 26.151387] Allocated by task 309: [ 26.151564] kasan_save_stack+0x45/0x70 [ 26.151843] kasan_save_track+0x18/0x40 [ 26.152019] kasan_save_alloc_info+0x3b/0x50 [ 26.152183] __kasan_kmalloc+0xb7/0xc0 [ 26.152398] __kmalloc_cache_noprof+0x189/0x420 [ 26.152634] kasan_bitops_generic+0x92/0x1c0 [ 26.152888] kunit_try_run_case+0x1a5/0x480 [ 26.153302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.153574] kthread+0x337/0x6f0 [ 26.153702] ret_from_fork+0x116/0x1d0 [ 26.153841] ret_from_fork_asm+0x1a/0x30 [ 26.153986] [ 26.154077] The buggy address belongs to the object at ffff888104884680 [ 26.154077] which belongs to the cache kmalloc-16 of size 16 [ 26.154656] The buggy address is located 8 bytes inside of [ 26.154656] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.155047] [ 26.155117] The buggy address belongs to the physical page: [ 26.157621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.158438] flags: 0x200000000000000(node=0|zone=2) [ 26.159055] page_type: f5(slab) [ 26.159194] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.159436] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.160810] page dumped because: kasan: bad access detected [ 26.161699] [ 26.162173] Memory state around the buggy address: [ 26.163186] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.163990] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.164237] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.164472] ^ [ 26.164715] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.165812] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.166657] ================================================================== [ 26.226186] ================================================================== [ 26.226494] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.227026] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.227344] [ 26.227455] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.227512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.227540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.227644] Call Trace: [ 26.227663] <TASK> [ 26.227680] dump_stack_lvl+0x73/0xb0 [ 26.227713] print_report+0xd1/0x610 [ 26.227741] ? __virt_addr_valid+0x1db/0x2d0 [ 26.227768] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.227798] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.227830] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.227862] kasan_report+0x141/0x180 [ 26.227888] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.227926] kasan_check_range+0x10c/0x1c0 [ 26.227955] __kasan_check_write+0x18/0x20 [ 26.227983] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 26.228014] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.228047] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.228075] ? trace_hardirqs_on+0x37/0xe0 [ 26.228101] ? kasan_bitops_generic+0x92/0x1c0 [ 26.228136] kasan_bitops_generic+0x116/0x1c0 [ 26.228164] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.228195] ? __pfx_read_tsc+0x10/0x10 [ 26.228220] ? ktime_get_ts64+0x86/0x230 [ 26.228249] kunit_try_run_case+0x1a5/0x480 [ 26.228277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.228302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.228330] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.228358] ? __kthread_parkme+0x82/0x180 [ 26.228383] ? preempt_count_sub+0x50/0x80 [ 26.228412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.228440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.228472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.228504] kthread+0x337/0x6f0 [ 26.228537] ? trace_preempt_on+0x20/0xc0 [ 26.228630] ? __pfx_kthread+0x10/0x10 [ 26.228659] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.228688] ? calculate_sigpending+0x7b/0xa0 [ 26.228716] ? __pfx_kthread+0x10/0x10 [ 26.228742] ret_from_fork+0x116/0x1d0 [ 26.228766] ? __pfx_kthread+0x10/0x10 [ 26.228791] ret_from_fork_asm+0x1a/0x30 [ 26.228832] </TASK> [ 26.228846] [ 26.237294] Allocated by task 309: [ 26.237465] kasan_save_stack+0x45/0x70 [ 26.237717] kasan_save_track+0x18/0x40 [ 26.237889] kasan_save_alloc_info+0x3b/0x50 [ 26.238104] __kasan_kmalloc+0xb7/0xc0 [ 26.238300] __kmalloc_cache_noprof+0x189/0x420 [ 26.238537] kasan_bitops_generic+0x92/0x1c0 [ 26.238918] kunit_try_run_case+0x1a5/0x480 [ 26.239103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.239344] kthread+0x337/0x6f0 [ 26.239517] ret_from_fork+0x116/0x1d0 [ 26.239806] ret_from_fork_asm+0x1a/0x30 [ 26.239983] [ 26.240077] The buggy address belongs to the object at ffff888104884680 [ 26.240077] which belongs to the cache kmalloc-16 of size 16 [ 26.240653] The buggy address is located 8 bytes inside of [ 26.240653] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.241134] [ 26.241216] The buggy address belongs to the physical page: [ 26.241447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.241873] flags: 0x200000000000000(node=0|zone=2) [ 26.242082] page_type: f5(slab) [ 26.242253] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.242742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.243057] page dumped because: kasan: bad access detected [ 26.243283] [ 26.243369] Memory state around the buggy address: [ 26.243671] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.243973] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.244218] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.244440] ^ [ 26.245457] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.246607] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.247522] ================================================================== [ 26.305965] ================================================================== [ 26.306324] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.306890] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.307155] [ 26.307266] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.307322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.307375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.307400] Call Trace: [ 26.307416] <TASK> [ 26.307471] dump_stack_lvl+0x73/0xb0 [ 26.307538] print_report+0xd1/0x610 [ 26.307566] ? __virt_addr_valid+0x1db/0x2d0 [ 26.307593] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.307623] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.307655] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.307687] kasan_report+0x141/0x180 [ 26.307715] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.307753] kasan_check_range+0x10c/0x1c0 [ 26.307781] __kasan_check_write+0x18/0x20 [ 26.307837] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 26.307869] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.308010] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.308041] ? trace_hardirqs_on+0x37/0xe0 [ 26.308068] ? kasan_bitops_generic+0x92/0x1c0 [ 26.308102] kasan_bitops_generic+0x116/0x1c0 [ 26.308130] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.308161] ? __pfx_read_tsc+0x10/0x10 [ 26.308185] ? ktime_get_ts64+0x86/0x230 [ 26.308215] kunit_try_run_case+0x1a5/0x480 [ 26.308242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.308269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.308296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.308324] ? __kthread_parkme+0x82/0x180 [ 26.308347] ? preempt_count_sub+0x50/0x80 [ 26.308377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.308405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.308436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.308469] kthread+0x337/0x6f0 [ 26.308493] ? trace_preempt_on+0x20/0xc0 [ 26.308521] ? __pfx_kthread+0x10/0x10 [ 26.308555] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.308585] ? calculate_sigpending+0x7b/0xa0 [ 26.308613] ? __pfx_kthread+0x10/0x10 [ 26.308639] ret_from_fork+0x116/0x1d0 [ 26.308697] ? __pfx_kthread+0x10/0x10 [ 26.308765] ret_from_fork_asm+0x1a/0x30 [ 26.308805] </TASK> [ 26.308818] [ 26.317744] Allocated by task 309: [ 26.318077] kasan_save_stack+0x45/0x70 [ 26.318306] kasan_save_track+0x18/0x40 [ 26.318513] kasan_save_alloc_info+0x3b/0x50 [ 26.318777] __kasan_kmalloc+0xb7/0xc0 [ 26.318917] __kmalloc_cache_noprof+0x189/0x420 [ 26.319078] kasan_bitops_generic+0x92/0x1c0 [ 26.319263] kunit_try_run_case+0x1a5/0x480 [ 26.319479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.319853] kthread+0x337/0x6f0 [ 26.320238] ret_from_fork+0x116/0x1d0 [ 26.320469] ret_from_fork_asm+0x1a/0x30 [ 26.320654] [ 26.320733] The buggy address belongs to the object at ffff888104884680 [ 26.320733] which belongs to the cache kmalloc-16 of size 16 [ 26.321298] The buggy address is located 8 bytes inside of [ 26.321298] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.321811] [ 26.322033] The buggy address belongs to the physical page: [ 26.322342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.322719] flags: 0x200000000000000(node=0|zone=2) [ 26.323041] page_type: f5(slab) [ 26.323191] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.323787] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.324114] page dumped because: kasan: bad access detected [ 26.324368] [ 26.324506] Memory state around the buggy address: [ 26.324826] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.325172] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.325441] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326006] ^ [ 26.326196] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.326636] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.327068] ================================================================== [ 26.199729] ================================================================== [ 26.200011] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.200347] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.201715] [ 26.201981] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.202165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.202184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.202210] Call Trace: [ 26.202227] <TASK> [ 26.202243] dump_stack_lvl+0x73/0xb0 [ 26.202277] print_report+0xd1/0x610 [ 26.202304] ? __virt_addr_valid+0x1db/0x2d0 [ 26.202332] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.202362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.202393] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.202426] kasan_report+0x141/0x180 [ 26.202453] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.202496] kasan_check_range+0x10c/0x1c0 [ 26.202535] __kasan_check_write+0x18/0x20 [ 26.202563] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 26.202662] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.202695] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.202724] ? trace_hardirqs_on+0x37/0xe0 [ 26.202751] ? kasan_bitops_generic+0x92/0x1c0 [ 26.202786] kasan_bitops_generic+0x116/0x1c0 [ 26.202814] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.202845] ? __pfx_read_tsc+0x10/0x10 [ 26.202869] ? ktime_get_ts64+0x86/0x230 [ 26.202901] kunit_try_run_case+0x1a5/0x480 [ 26.202929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.202956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.202983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.203011] ? __kthread_parkme+0x82/0x180 [ 26.203036] ? preempt_count_sub+0x50/0x80 [ 26.203067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.203095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.203129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.203161] kthread+0x337/0x6f0 [ 26.203184] ? trace_preempt_on+0x20/0xc0 [ 26.203212] ? __pfx_kthread+0x10/0x10 [ 26.203236] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.203266] ? calculate_sigpending+0x7b/0xa0 [ 26.203294] ? __pfx_kthread+0x10/0x10 [ 26.203321] ret_from_fork+0x116/0x1d0 [ 26.203343] ? __pfx_kthread+0x10/0x10 [ 26.203369] ret_from_fork_asm+0x1a/0x30 [ 26.203408] </TASK> [ 26.203422] [ 26.216996] Allocated by task 309: [ 26.217179] kasan_save_stack+0x45/0x70 [ 26.217368] kasan_save_track+0x18/0x40 [ 26.218089] kasan_save_alloc_info+0x3b/0x50 [ 26.218277] __kasan_kmalloc+0xb7/0xc0 [ 26.218418] __kmalloc_cache_noprof+0x189/0x420 [ 26.218984] kasan_bitops_generic+0x92/0x1c0 [ 26.219388] kunit_try_run_case+0x1a5/0x480 [ 26.219570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.219766] kthread+0x337/0x6f0 [ 26.219893] ret_from_fork+0x116/0x1d0 [ 26.220030] ret_from_fork_asm+0x1a/0x30 [ 26.220173] [ 26.220245] The buggy address belongs to the object at ffff888104884680 [ 26.220245] which belongs to the cache kmalloc-16 of size 16 [ 26.220665] The buggy address is located 8 bytes inside of [ 26.220665] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.221215] [ 26.221318] The buggy address belongs to the physical page: [ 26.221651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.222016] flags: 0x200000000000000(node=0|zone=2) [ 26.222254] page_type: f5(slab) [ 26.222427] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.222969] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.223214] page dumped because: kasan: bad access detected [ 26.223444] [ 26.223555] Memory state around the buggy address: [ 26.223872] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.224202] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.224499] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224874] ^ [ 26.225059] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.225374] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.225771] ================================================================== [ 26.168393] ================================================================== [ 26.168999] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.169275] Write of size 8 at addr ffff888104884688 by task kunit_try_catch/309 [ 26.169515] [ 26.169628] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.169687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.169703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.169729] Call Trace: [ 26.169749] <TASK> [ 26.169769] dump_stack_lvl+0x73/0xb0 [ 26.169861] print_report+0xd1/0x610 [ 26.169890] ? __virt_addr_valid+0x1db/0x2d0 [ 26.170128] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.170161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.170195] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.170227] kasan_report+0x141/0x180 [ 26.170256] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.170295] kasan_check_range+0x10c/0x1c0 [ 26.170325] __kasan_check_write+0x18/0x20 [ 26.170352] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 26.170384] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 26.170417] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.170446] ? trace_hardirqs_on+0x37/0xe0 [ 26.170482] ? kasan_bitops_generic+0x92/0x1c0 [ 26.170517] kasan_bitops_generic+0x116/0x1c0 [ 26.170558] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 26.170867] ? __pfx_read_tsc+0x10/0x10 [ 26.170897] ? ktime_get_ts64+0x86/0x230 [ 26.170930] kunit_try_run_case+0x1a5/0x480 [ 26.170960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.170988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.171017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.171045] ? __kthread_parkme+0x82/0x180 [ 26.171070] ? preempt_count_sub+0x50/0x80 [ 26.171100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.171128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.171161] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.171194] kthread+0x337/0x6f0 [ 26.171217] ? trace_preempt_on+0x20/0xc0 [ 26.171245] ? __pfx_kthread+0x10/0x10 [ 26.171269] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.171297] ? calculate_sigpending+0x7b/0xa0 [ 26.171329] ? __pfx_kthread+0x10/0x10 [ 26.171355] ret_from_fork+0x116/0x1d0 [ 26.171377] ? __pfx_kthread+0x10/0x10 [ 26.171403] ret_from_fork_asm+0x1a/0x30 [ 26.171443] </TASK> [ 26.171457] [ 26.189364] Allocated by task 309: [ 26.189500] kasan_save_stack+0x45/0x70 [ 26.189667] kasan_save_track+0x18/0x40 [ 26.189835] kasan_save_alloc_info+0x3b/0x50 [ 26.190157] __kasan_kmalloc+0xb7/0xc0 [ 26.190316] __kmalloc_cache_noprof+0x189/0x420 [ 26.190482] kasan_bitops_generic+0x92/0x1c0 [ 26.190924] kunit_try_run_case+0x1a5/0x480 [ 26.191333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.191705] kthread+0x337/0x6f0 [ 26.191917] ret_from_fork+0x116/0x1d0 [ 26.192129] ret_from_fork_asm+0x1a/0x30 [ 26.192329] [ 26.192462] The buggy address belongs to the object at ffff888104884680 [ 26.192462] which belongs to the cache kmalloc-16 of size 16 [ 26.193224] The buggy address is located 8 bytes inside of [ 26.193224] allocated 9-byte region [ffff888104884680, ffff888104884689) [ 26.193894] [ 26.194112] The buggy address belongs to the physical page: [ 26.194304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 26.194692] flags: 0x200000000000000(node=0|zone=2) [ 26.195197] page_type: f5(slab) [ 26.195379] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.195710] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.196033] page dumped because: kasan: bad access detected [ 26.196466] [ 26.196612] Memory state around the buggy address: [ 26.196815] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.197236] ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.197576] >ffff888104884680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.198282] ^ [ 26.198453] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.198912] ffff888104884780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.199233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 26.076830] ================================================================== [ 26.077174] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 26.077458] Read of size 1 at addr ffff88810591fe50 by task kunit_try_catch/307 [ 26.078193] [ 26.078298] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.078347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.078360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.078384] Call Trace: [ 26.078400] <TASK> [ 26.078416] dump_stack_lvl+0x73/0xb0 [ 26.078447] print_report+0xd1/0x610 [ 26.078480] ? __virt_addr_valid+0x1db/0x2d0 [ 26.078508] ? strnlen+0x73/0x80 [ 26.078543] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.078575] ? strnlen+0x73/0x80 [ 26.078600] kasan_report+0x141/0x180 [ 26.078628] ? strnlen+0x73/0x80 [ 26.078661] __asan_report_load1_noabort+0x18/0x20 [ 26.078690] strnlen+0x73/0x80 [ 26.078717] kasan_strings+0x615/0xe80 [ 26.078741] ? trace_hardirqs_on+0x37/0xe0 [ 26.078769] ? __pfx_kasan_strings+0x10/0x10 [ 26.078794] ? finish_task_switch.isra.0+0x153/0x700 [ 26.078820] ? __switch_to+0x47/0xf80 [ 26.078852] ? __schedule+0x10cc/0x2b60 [ 26.078878] ? __pfx_read_tsc+0x10/0x10 [ 26.078904] ? ktime_get_ts64+0x86/0x230 [ 26.078987] kunit_try_run_case+0x1a5/0x480 [ 26.079017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.079044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.079072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.079099] ? __kthread_parkme+0x82/0x180 [ 26.079135] ? preempt_count_sub+0x50/0x80 [ 26.079164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.079203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.079236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.079267] kthread+0x337/0x6f0 [ 26.079291] ? trace_preempt_on+0x20/0xc0 [ 26.079319] ? __pfx_kthread+0x10/0x10 [ 26.079344] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.079374] ? calculate_sigpending+0x7b/0xa0 [ 26.079412] ? __pfx_kthread+0x10/0x10 [ 26.079440] ret_from_fork+0x116/0x1d0 [ 26.079473] ? __pfx_kthread+0x10/0x10 [ 26.079499] ret_from_fork_asm+0x1a/0x30 [ 26.079547] </TASK> [ 26.079560] [ 26.087403] Allocated by task 307: [ 26.087554] kasan_save_stack+0x45/0x70 [ 26.087705] kasan_save_track+0x18/0x40 [ 26.088064] kasan_save_alloc_info+0x3b/0x50 [ 26.088291] __kasan_kmalloc+0xb7/0xc0 [ 26.088671] __kmalloc_cache_noprof+0x189/0x420 [ 26.089139] kasan_strings+0xc0/0xe80 [ 26.089288] kunit_try_run_case+0x1a5/0x480 [ 26.089435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.089827] kthread+0x337/0x6f0 [ 26.090065] ret_from_fork+0x116/0x1d0 [ 26.090280] ret_from_fork_asm+0x1a/0x30 [ 26.090449] [ 26.090572] Freed by task 307: [ 26.090748] kasan_save_stack+0x45/0x70 [ 26.090951] kasan_save_track+0x18/0x40 [ 26.091126] kasan_save_free_info+0x3f/0x60 [ 26.091332] __kasan_slab_free+0x56/0x70 [ 26.091540] kfree+0x222/0x3f0 [ 26.091745] kasan_strings+0x2aa/0xe80 [ 26.091953] kunit_try_run_case+0x1a5/0x480 [ 26.092156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.092388] kthread+0x337/0x6f0 [ 26.092510] ret_from_fork+0x116/0x1d0 [ 26.092654] ret_from_fork_asm+0x1a/0x30 [ 26.092794] [ 26.092861] The buggy address belongs to the object at ffff88810591fe40 [ 26.092861] which belongs to the cache kmalloc-32 of size 32 [ 26.093449] The buggy address is located 16 bytes inside of [ 26.093449] freed 32-byte region [ffff88810591fe40, ffff88810591fe60) [ 26.093966] [ 26.094057] The buggy address belongs to the physical page: [ 26.094435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591f [ 26.094992] flags: 0x200000000000000(node=0|zone=2) [ 26.095184] page_type: f5(slab) [ 26.095303] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.096149] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 26.096758] page dumped because: kasan: bad access detected [ 26.097146] [ 26.097231] Memory state around the buggy address: [ 26.097437] ffff88810591fd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.098240] ffff88810591fd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.099014] >ffff88810591fe00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.099330] ^ [ 26.099828] ffff88810591fe80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.100287] ffff88810591ff00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.101001] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 26.054264] ================================================================== [ 26.054642] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 26.054846] Read of size 1 at addr ffff88810591fe50 by task kunit_try_catch/307 [ 26.055070] [ 26.055150] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.055200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.055215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.055239] Call Trace: [ 26.055254] <TASK> [ 26.055270] dump_stack_lvl+0x73/0xb0 [ 26.055299] print_report+0xd1/0x610 [ 26.055326] ? __virt_addr_valid+0x1db/0x2d0 [ 26.055354] ? strlen+0x8f/0xb0 [ 26.055380] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.055411] ? strlen+0x8f/0xb0 [ 26.055437] kasan_report+0x141/0x180 [ 26.055465] ? strlen+0x8f/0xb0 [ 26.055498] __asan_report_load1_noabort+0x18/0x20 [ 26.055541] strlen+0x8f/0xb0 [ 26.055568] kasan_strings+0x57b/0xe80 [ 26.055593] ? trace_hardirqs_on+0x37/0xe0 [ 26.055621] ? __pfx_kasan_strings+0x10/0x10 [ 26.055646] ? finish_task_switch.isra.0+0x153/0x700 [ 26.055672] ? __switch_to+0x47/0xf80 [ 26.055704] ? __schedule+0x10cc/0x2b60 [ 26.055731] ? __pfx_read_tsc+0x10/0x10 [ 26.055757] ? ktime_get_ts64+0x86/0x230 [ 26.055787] kunit_try_run_case+0x1a5/0x480 [ 26.055816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.055843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.055869] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.055897] ? __kthread_parkme+0x82/0x180 [ 26.055921] ? preempt_count_sub+0x50/0x80 [ 26.055950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.056013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.056058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.056099] kthread+0x337/0x6f0 [ 26.056123] ? trace_preempt_on+0x20/0xc0 [ 26.056169] ? __pfx_kthread+0x10/0x10 [ 26.056195] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.056225] ? calculate_sigpending+0x7b/0xa0 [ 26.056264] ? __pfx_kthread+0x10/0x10 [ 26.056291] ret_from_fork+0x116/0x1d0 [ 26.056314] ? __pfx_kthread+0x10/0x10 [ 26.056340] ret_from_fork_asm+0x1a/0x30 [ 26.056389] </TASK> [ 26.056402] [ 26.065160] Allocated by task 307: [ 26.065340] kasan_save_stack+0x45/0x70 [ 26.065555] kasan_save_track+0x18/0x40 [ 26.065970] kasan_save_alloc_info+0x3b/0x50 [ 26.066262] __kasan_kmalloc+0xb7/0xc0 [ 26.066460] __kmalloc_cache_noprof+0x189/0x420 [ 26.066786] kasan_strings+0xc0/0xe80 [ 26.066978] kunit_try_run_case+0x1a5/0x480 [ 26.067129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.067311] kthread+0x337/0x6f0 [ 26.067434] ret_from_fork+0x116/0x1d0 [ 26.067662] ret_from_fork_asm+0x1a/0x30 [ 26.067928] [ 26.068043] Freed by task 307: [ 26.068224] kasan_save_stack+0x45/0x70 [ 26.068442] kasan_save_track+0x18/0x40 [ 26.068720] kasan_save_free_info+0x3f/0x60 [ 26.068994] __kasan_slab_free+0x56/0x70 [ 26.069193] kfree+0x222/0x3f0 [ 26.069371] kasan_strings+0x2aa/0xe80 [ 26.069522] kunit_try_run_case+0x1a5/0x480 [ 26.069861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.070052] kthread+0x337/0x6f0 [ 26.070174] ret_from_fork+0x116/0x1d0 [ 26.070330] ret_from_fork_asm+0x1a/0x30 [ 26.070729] [ 26.070823] The buggy address belongs to the object at ffff88810591fe40 [ 26.070823] which belongs to the cache kmalloc-32 of size 32 [ 26.071345] The buggy address is located 16 bytes inside of [ 26.071345] freed 32-byte region [ffff88810591fe40, ffff88810591fe60) [ 26.071902] [ 26.072000] The buggy address belongs to the physical page: [ 26.072252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591f [ 26.072592] flags: 0x200000000000000(node=0|zone=2) [ 26.072927] page_type: f5(slab) [ 26.073124] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.073445] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 26.073876] page dumped because: kasan: bad access detected [ 26.074124] [ 26.074230] Memory state around the buggy address: [ 26.074406] ffff88810591fd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.074852] ffff88810591fd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.075130] >ffff88810591fe00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.075381] ^ [ 26.075808] ffff88810591fe80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.076168] ffff88810591ff00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.076459] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 26.032345] ================================================================== [ 26.032710] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 26.033084] Read of size 1 at addr ffff88810591fe50 by task kunit_try_catch/307 [ 26.033387] [ 26.033492] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 26.033565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.033582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.033605] Call Trace: [ 26.033668] <TASK> [ 26.033684] dump_stack_lvl+0x73/0xb0 [ 26.033716] print_report+0xd1/0x610 [ 26.033754] ? __virt_addr_valid+0x1db/0x2d0 [ 26.033783] ? kasan_strings+0xcbc/0xe80 [ 26.033819] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.033852] ? kasan_strings+0xcbc/0xe80 [ 26.033879] kasan_report+0x141/0x180 [ 26.033916] ? kasan_strings+0xcbc/0xe80 [ 26.033948] __asan_report_load1_noabort+0x18/0x20 [ 26.033988] kasan_strings+0xcbc/0xe80 [ 26.034012] ? trace_hardirqs_on+0x37/0xe0 [ 26.034040] ? __pfx_kasan_strings+0x10/0x10 [ 26.034074] ? finish_task_switch.isra.0+0x153/0x700 [ 26.034100] ? __switch_to+0x47/0xf80 [ 26.034141] ? __schedule+0x10cc/0x2b60 [ 26.034169] ? __pfx_read_tsc+0x10/0x10 [ 26.034194] ? ktime_get_ts64+0x86/0x230 [ 26.034225] kunit_try_run_case+0x1a5/0x480 [ 26.034254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.034280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.034306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.034333] ? __kthread_parkme+0x82/0x180 [ 26.034357] ? preempt_count_sub+0x50/0x80 [ 26.034387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.034415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.034446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.034490] kthread+0x337/0x6f0 [ 26.034514] ? trace_preempt_on+0x20/0xc0 [ 26.034556] ? __pfx_kthread+0x10/0x10 [ 26.034627] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.034658] ? calculate_sigpending+0x7b/0xa0 [ 26.034686] ? __pfx_kthread+0x10/0x10 [ 26.034713] ret_from_fork+0x116/0x1d0 [ 26.034737] ? __pfx_kthread+0x10/0x10 [ 26.034765] ret_from_fork_asm+0x1a/0x30 [ 26.034803] </TASK> [ 26.034816] [ 26.042512] Allocated by task 307: [ 26.042754] kasan_save_stack+0x45/0x70 [ 26.042943] kasan_save_track+0x18/0x40 [ 26.043080] kasan_save_alloc_info+0x3b/0x50 [ 26.043296] __kasan_kmalloc+0xb7/0xc0 [ 26.043508] __kmalloc_cache_noprof+0x189/0x420 [ 26.043797] kasan_strings+0xc0/0xe80 [ 26.043938] kunit_try_run_case+0x1a5/0x480 [ 26.044176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.044449] kthread+0x337/0x6f0 [ 26.044777] ret_from_fork+0x116/0x1d0 [ 26.044935] ret_from_fork_asm+0x1a/0x30 [ 26.045126] [ 26.045236] Freed by task 307: [ 26.045396] kasan_save_stack+0x45/0x70 [ 26.045597] kasan_save_track+0x18/0x40 [ 26.045853] kasan_save_free_info+0x3f/0x60 [ 26.046067] __kasan_slab_free+0x56/0x70 [ 26.046258] kfree+0x222/0x3f0 [ 26.046422] kasan_strings+0x2aa/0xe80 [ 26.046681] kunit_try_run_case+0x1a5/0x480 [ 26.046876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.047114] kthread+0x337/0x6f0 [ 26.047237] ret_from_fork+0x116/0x1d0 [ 26.047371] ret_from_fork_asm+0x1a/0x30 [ 26.047512] [ 26.047589] The buggy address belongs to the object at ffff88810591fe40 [ 26.047589] which belongs to the cache kmalloc-32 of size 32 [ 26.048044] The buggy address is located 16 bytes inside of [ 26.048044] freed 32-byte region [ffff88810591fe40, ffff88810591fe60) [ 26.048847] [ 26.048924] The buggy address belongs to the physical page: [ 26.049095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591f [ 26.049332] flags: 0x200000000000000(node=0|zone=2) [ 26.049489] page_type: f5(slab) [ 26.049757] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.050140] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 26.050510] page dumped because: kasan: bad access detected [ 26.051053] [ 26.051146] Memory state around the buggy address: [ 26.051564] ffff88810591fd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.051950] ffff88810591fd80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 26.052295] >ffff88810591fe00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.052633] ^ [ 26.052919] ffff88810591fe80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.053237] ffff88810591ff00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.053459] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.845382] ================================================================== [ 25.847009] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.847282] Read of size 1 at addr ffffffffbe0c2f8d by task kunit_try_catch/293 [ 25.847508] [ 25.848441] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.848507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.848786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.848824] Call Trace: [ 25.848880] <TASK> [ 25.848903] dump_stack_lvl+0x73/0xb0 [ 25.848942] print_report+0xd1/0x610 [ 25.848971] ? __virt_addr_valid+0x1db/0x2d0 [ 25.849003] ? kasan_global_oob_right+0x286/0x2d0 [ 25.849030] ? kasan_addr_to_slab+0x11/0xa0 [ 25.849056] ? kasan_global_oob_right+0x286/0x2d0 [ 25.849083] kasan_report+0x141/0x180 [ 25.849110] ? kasan_global_oob_right+0x286/0x2d0 [ 25.849144] __asan_report_load1_noabort+0x18/0x20 [ 25.849173] kasan_global_oob_right+0x286/0x2d0 [ 25.849200] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.849231] ? __schedule+0x10cc/0x2b60 [ 25.849259] ? __pfx_read_tsc+0x10/0x10 [ 25.849286] ? ktime_get_ts64+0x86/0x230 [ 25.849318] kunit_try_run_case+0x1a5/0x480 [ 25.849347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.849375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.849402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.849430] ? __kthread_parkme+0x82/0x180 [ 25.849457] ? preempt_count_sub+0x50/0x80 [ 25.849488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.849517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.849788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.849820] kthread+0x337/0x6f0 [ 25.849845] ? trace_preempt_on+0x20/0xc0 [ 25.849875] ? __pfx_kthread+0x10/0x10 [ 25.849901] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.849932] ? calculate_sigpending+0x7b/0xa0 [ 25.849960] ? __pfx_kthread+0x10/0x10 [ 25.849987] ret_from_fork+0x116/0x1d0 [ 25.850011] ? __pfx_kthread+0x10/0x10 [ 25.850036] ret_from_fork_asm+0x1a/0x30 [ 25.850075] </TASK> [ 25.850088] [ 25.863736] The buggy address belongs to the variable: [ 25.863909] global_array+0xd/0x40 [ 25.864056] [ 25.864144] The buggy address belongs to the physical page: [ 25.864315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x122ac2 [ 25.864598] flags: 0x200000000002000(reserved|node=0|zone=2) [ 25.865022] raw: 0200000000002000 ffffea00048ab088 ffffea00048ab088 0000000000000000 [ 25.866077] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.866514] page dumped because: kasan: bad access detected [ 25.867235] [ 25.867422] Memory state around the buggy address: [ 25.867918] ffffffffbe0c2e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.868712] ffffffffbe0c2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.869203] >ffffffffbe0c2f80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 25.869557] ^ [ 25.870171] ffffffffbe0c3000: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 25.870818] ffffffffbe0c3080: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 25.871036] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.821394] ================================================================== [ 25.822048] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.822361] Free of addr ffff888106228001 by task kunit_try_catch/291 [ 25.822730] [ 25.822899] CPU: 0 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.823015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.823032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.823058] Call Trace: [ 25.823074] <TASK> [ 25.823096] dump_stack_lvl+0x73/0xb0 [ 25.823134] print_report+0xd1/0x610 [ 25.823187] ? __virt_addr_valid+0x1db/0x2d0 [ 25.823219] ? kasan_addr_to_slab+0x11/0xa0 [ 25.823245] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.823277] kasan_report_invalid_free+0x10a/0x130 [ 25.823307] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.823341] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.823371] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.823401] mempool_free+0x2ec/0x380 [ 25.823434] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.823465] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.823496] ? dequeue_entities+0x23f/0x1630 [ 25.823555] ? __kasan_check_write+0x18/0x20 [ 25.823631] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.823659] ? finish_task_switch.isra.0+0x153/0x700 [ 25.823695] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.823738] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.823772] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.823800] ? __pfx_mempool_kfree+0x10/0x10 [ 25.823831] ? __pfx_read_tsc+0x10/0x10 [ 25.823858] ? ktime_get_ts64+0x86/0x230 [ 25.823889] kunit_try_run_case+0x1a5/0x480 [ 25.823919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.823946] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.823975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.824003] ? __kthread_parkme+0x82/0x180 [ 25.824030] ? preempt_count_sub+0x50/0x80 [ 25.824058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.824086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.824118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.824149] kthread+0x337/0x6f0 [ 25.824175] ? trace_preempt_on+0x20/0xc0 [ 25.824204] ? __pfx_kthread+0x10/0x10 [ 25.824230] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.824259] ? calculate_sigpending+0x7b/0xa0 [ 25.824289] ? __pfx_kthread+0x10/0x10 [ 25.824317] ret_from_fork+0x116/0x1d0 [ 25.824341] ? __pfx_kthread+0x10/0x10 [ 25.824367] ret_from_fork_asm+0x1a/0x30 [ 25.824409] </TASK> [ 25.824422] [ 25.834342] The buggy address belongs to the physical page: [ 25.834619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 25.834985] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.835330] flags: 0x200000000000040(head|node=0|zone=2) [ 25.835540] page_type: f8(unknown) [ 25.835674] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.836250] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.836587] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.836820] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.837518] head: 0200000000000002 ffffea0004188a01 00000000ffffffff 00000000ffffffff [ 25.838072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.838696] page dumped because: kasan: bad access detected [ 25.838936] [ 25.839032] Memory state around the buggy address: [ 25.839251] ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.839562] ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.839913] >ffff888106228000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.840165] ^ [ 25.840334] ffff888106228080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.840710] ffff888106228100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.841106] ================================================================== [ 25.788746] ================================================================== [ 25.789371] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.789918] Free of addr ffff888105922501 by task kunit_try_catch/289 [ 25.790312] [ 25.790780] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.790844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.790860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.790887] Call Trace: [ 25.790903] <TASK> [ 25.790925] dump_stack_lvl+0x73/0xb0 [ 25.790962] print_report+0xd1/0x610 [ 25.790992] ? __virt_addr_valid+0x1db/0x2d0 [ 25.791025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.791056] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.791087] kasan_report_invalid_free+0x10a/0x130 [ 25.791118] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.791151] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.791181] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.791210] check_slab_allocation+0x11f/0x130 [ 25.791238] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.791268] mempool_free+0x2ec/0x380 [ 25.791301] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.791332] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.791364] ? kasan_save_track+0x18/0x40 [ 25.791387] ? kasan_save_alloc_info+0x3b/0x50 [ 25.791416] ? kasan_save_stack+0x45/0x70 [ 25.791442] ? mempool_alloc_preallocated+0x5b/0x90 [ 25.791475] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.791503] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.791550] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.791627] ? __pfx_mempool_kfree+0x10/0x10 [ 25.791660] ? __pfx_read_tsc+0x10/0x10 [ 25.791688] ? ktime_get_ts64+0x86/0x230 [ 25.791719] kunit_try_run_case+0x1a5/0x480 [ 25.791752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.791780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.791809] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.791838] ? __kthread_parkme+0x82/0x180 [ 25.791864] ? preempt_count_sub+0x50/0x80 [ 25.791895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.791924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.791988] kthread+0x337/0x6f0 [ 25.792013] ? trace_preempt_on+0x20/0xc0 [ 25.792042] ? __pfx_kthread+0x10/0x10 [ 25.792068] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.792098] ? calculate_sigpending+0x7b/0xa0 [ 25.792128] ? __pfx_kthread+0x10/0x10 [ 25.792155] ret_from_fork+0x116/0x1d0 [ 25.792180] ? __pfx_kthread+0x10/0x10 [ 25.792205] ret_from_fork_asm+0x1a/0x30 [ 25.792246] </TASK> [ 25.792259] [ 25.805635] Allocated by task 289: [ 25.806043] kasan_save_stack+0x45/0x70 [ 25.806254] kasan_save_track+0x18/0x40 [ 25.806454] kasan_save_alloc_info+0x3b/0x50 [ 25.806926] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.807143] remove_element+0x11e/0x190 [ 25.807454] mempool_alloc_preallocated+0x4d/0x90 [ 25.807893] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.808260] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.808627] kunit_try_run_case+0x1a5/0x480 [ 25.808963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.809313] kthread+0x337/0x6f0 [ 25.809450] ret_from_fork+0x116/0x1d0 [ 25.809929] ret_from_fork_asm+0x1a/0x30 [ 25.810092] [ 25.810190] The buggy address belongs to the object at ffff888105922500 [ 25.810190] which belongs to the cache kmalloc-128 of size 128 [ 25.810764] The buggy address is located 1 bytes inside of [ 25.810764] 128-byte region [ffff888105922500, ffff888105922580) [ 25.811831] [ 25.811949] The buggy address belongs to the physical page: [ 25.812291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105922 [ 25.812775] flags: 0x200000000000000(node=0|zone=2) [ 25.813096] page_type: f5(slab) [ 25.813225] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.813798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.814121] page dumped because: kasan: bad access detected [ 25.814353] [ 25.814431] Memory state around the buggy address: [ 25.814649] ffff888105922400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.815276] ffff888105922480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.815617] >ffff888105922500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.816398] ^ [ 25.816572] ffff888105922580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.817174] ffff888105922600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.817751] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 25.727541] ================================================================== [ 25.729012] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.729266] Free of addr ffff888106228000 by task kunit_try_catch/285 [ 25.729468] [ 25.729571] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.729658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.729673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.729699] Call Trace: [ 25.729714] <TASK> [ 25.729736] dump_stack_lvl+0x73/0xb0 [ 25.729772] print_report+0xd1/0x610 [ 25.729800] ? __virt_addr_valid+0x1db/0x2d0 [ 25.729831] ? kasan_addr_to_slab+0x11/0xa0 [ 25.729857] ? mempool_double_free_helper+0x184/0x370 [ 25.729946] kasan_report_invalid_free+0x10a/0x130 [ 25.729990] ? mempool_double_free_helper+0x184/0x370 [ 25.730024] ? mempool_double_free_helper+0x184/0x370 [ 25.730052] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 25.730081] mempool_free+0x2ec/0x380 [ 25.730116] mempool_double_free_helper+0x184/0x370 [ 25.730145] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.730175] ? dequeue_entities+0x23f/0x1630 [ 25.730206] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.730251] ? finish_task_switch.isra.0+0x153/0x700 [ 25.730283] mempool_kmalloc_large_double_free+0xed/0x140 [ 25.730314] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 25.730348] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.730376] ? __pfx_mempool_kfree+0x10/0x10 [ 25.730407] ? __pfx_read_tsc+0x10/0x10 [ 25.730435] ? ktime_get_ts64+0x86/0x230 [ 25.730480] kunit_try_run_case+0x1a5/0x480 [ 25.730550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.730639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.730667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.730695] ? __kthread_parkme+0x82/0x180 [ 25.730720] ? preempt_count_sub+0x50/0x80 [ 25.730749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.730778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.730809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.730841] kthread+0x337/0x6f0 [ 25.730866] ? trace_preempt_on+0x20/0xc0 [ 25.730896] ? __pfx_kthread+0x10/0x10 [ 25.730922] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.730951] ? calculate_sigpending+0x7b/0xa0 [ 25.730981] ? __pfx_kthread+0x10/0x10 [ 25.731007] ret_from_fork+0x116/0x1d0 [ 25.731031] ? __pfx_kthread+0x10/0x10 [ 25.731057] ret_from_fork_asm+0x1a/0x30 [ 25.731098] </TASK> [ 25.731112] [ 25.749892] The buggy address belongs to the physical page: [ 25.750098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 25.750354] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.751179] flags: 0x200000000000040(head|node=0|zone=2) [ 25.751791] page_type: f8(unknown) [ 25.752205] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.753047] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.753751] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.754601] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.755245] head: 0200000000000002 ffffea0004188a01 00000000ffffffff 00000000ffffffff [ 25.755809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.756266] page dumped because: kasan: bad access detected [ 25.756440] [ 25.756507] Memory state around the buggy address: [ 25.756698] ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.757376] ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.758115] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.758515] ^ [ 25.758921] ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.759573] ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.759811] ================================================================== [ 25.689391] ================================================================== [ 25.690188] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.690789] Free of addr ffff8881060ab000 by task kunit_try_catch/283 [ 25.691378] [ 25.691496] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.691564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.692607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.692638] Call Trace: [ 25.692654] <TASK> [ 25.692677] dump_stack_lvl+0x73/0xb0 [ 25.692714] print_report+0xd1/0x610 [ 25.692739] ? __virt_addr_valid+0x1db/0x2d0 [ 25.692766] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.692792] ? mempool_double_free_helper+0x184/0x370 [ 25.692817] kasan_report_invalid_free+0x10a/0x130 [ 25.692843] ? mempool_double_free_helper+0x184/0x370 [ 25.692870] ? mempool_double_free_helper+0x184/0x370 [ 25.692892] ? mempool_double_free_helper+0x184/0x370 [ 25.692915] check_slab_allocation+0x101/0x130 [ 25.692937] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.692962] mempool_free+0x2ec/0x380 [ 25.692989] mempool_double_free_helper+0x184/0x370 [ 25.693013] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.693037] ? dequeue_entities+0x23f/0x1630 [ 25.693062] ? __kasan_check_write+0x18/0x20 [ 25.693086] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.693315] ? finish_task_switch.isra.0+0x153/0x700 [ 25.693343] mempool_kmalloc_double_free+0xed/0x140 [ 25.693368] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 25.693395] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.693418] ? __pfx_mempool_kfree+0x10/0x10 [ 25.693442] ? __pfx_read_tsc+0x10/0x10 [ 25.693465] ? ktime_get_ts64+0x86/0x230 [ 25.693491] kunit_try_run_case+0x1a5/0x480 [ 25.693517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.693553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.693576] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.693600] ? __kthread_parkme+0x82/0x180 [ 25.693633] ? preempt_count_sub+0x50/0x80 [ 25.693679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.693703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.693730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.693757] kthread+0x337/0x6f0 [ 25.693776] ? trace_preempt_on+0x20/0xc0 [ 25.693801] ? __pfx_kthread+0x10/0x10 [ 25.693822] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.693848] ? calculate_sigpending+0x7b/0xa0 [ 25.693873] ? __pfx_kthread+0x10/0x10 [ 25.693895] ret_from_fork+0x116/0x1d0 [ 25.693915] ? __pfx_kthread+0x10/0x10 [ 25.693935] ret_from_fork_asm+0x1a/0x30 [ 25.693969] </TASK> [ 25.693982] [ 25.709722] Allocated by task 283: [ 25.709937] kasan_save_stack+0x45/0x70 [ 25.710114] kasan_save_track+0x18/0x40 [ 25.710248] kasan_save_alloc_info+0x3b/0x50 [ 25.710393] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.710629] remove_element+0x11e/0x190 [ 25.710842] mempool_alloc_preallocated+0x4d/0x90 [ 25.710997] mempool_double_free_helper+0x8a/0x370 [ 25.711406] mempool_kmalloc_double_free+0xed/0x140 [ 25.711882] kunit_try_run_case+0x1a5/0x480 [ 25.712412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.712979] kthread+0x337/0x6f0 [ 25.713166] ret_from_fork+0x116/0x1d0 [ 25.713302] ret_from_fork_asm+0x1a/0x30 [ 25.713440] [ 25.713507] Freed by task 283: [ 25.713994] kasan_save_stack+0x45/0x70 [ 25.714459] kasan_save_track+0x18/0x40 [ 25.714830] kasan_save_free_info+0x3f/0x60 [ 25.715267] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.715853] mempool_free+0x2ec/0x380 [ 25.716209] mempool_double_free_helper+0x109/0x370 [ 25.716695] mempool_kmalloc_double_free+0xed/0x140 [ 25.716893] kunit_try_run_case+0x1a5/0x480 [ 25.717037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.717206] kthread+0x337/0x6f0 [ 25.717319] ret_from_fork+0x116/0x1d0 [ 25.717447] ret_from_fork_asm+0x1a/0x30 [ 25.717605] [ 25.717690] The buggy address belongs to the object at ffff8881060ab000 [ 25.717690] which belongs to the cache kmalloc-128 of size 128 [ 25.718418] The buggy address is located 0 bytes inside of [ 25.718418] 128-byte region [ffff8881060ab000, ffff8881060ab080) [ 25.718966] [ 25.719068] The buggy address belongs to the physical page: [ 25.719256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 25.719561] flags: 0x200000000000000(node=0|zone=2) [ 25.719728] page_type: f5(slab) [ 25.719910] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.720243] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.720555] page dumped because: kasan: bad access detected [ 25.721047] [ 25.721131] Memory state around the buggy address: [ 25.721352] ffff8881060aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.721720] ffff8881060aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.721986] >ffff8881060ab000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.722241] ^ [ 25.722401] ffff8881060ab080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.722699] ffff8881060ab100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.723002] ================================================================== [ 25.764043] ================================================================== [ 25.764601] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.764937] Free of addr ffff888106128000 by task kunit_try_catch/287 [ 25.765222] [ 25.765315] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.765368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.765381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.765404] Call Trace: [ 25.765419] <TASK> [ 25.765439] dump_stack_lvl+0x73/0xb0 [ 25.765471] print_report+0xd1/0x610 [ 25.765495] ? __virt_addr_valid+0x1db/0x2d0 [ 25.765971] ? kasan_addr_to_slab+0x11/0xa0 [ 25.766008] ? mempool_double_free_helper+0x184/0x370 [ 25.766037] kasan_report_invalid_free+0x10a/0x130 [ 25.766066] ? mempool_double_free_helper+0x184/0x370 [ 25.766093] ? mempool_double_free_helper+0x184/0x370 [ 25.766116] __kasan_mempool_poison_pages+0x115/0x130 [ 25.766141] mempool_free+0x290/0x380 [ 25.766170] mempool_double_free_helper+0x184/0x370 [ 25.766194] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.766219] ? dequeue_entities+0x23f/0x1630 [ 25.766244] ? __kasan_check_write+0x18/0x20 [ 25.766268] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.766290] ? finish_task_switch.isra.0+0x153/0x700 [ 25.766318] mempool_page_alloc_double_free+0xe8/0x140 [ 25.766343] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.766371] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.766394] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.766420] ? __pfx_read_tsc+0x10/0x10 [ 25.766443] ? ktime_get_ts64+0x86/0x230 [ 25.766478] kunit_try_run_case+0x1a5/0x480 [ 25.766505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.766541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.766589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.766647] ? __kthread_parkme+0x82/0x180 [ 25.766668] ? preempt_count_sub+0x50/0x80 [ 25.766692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.766715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.766741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.766768] kthread+0x337/0x6f0 [ 25.766787] ? trace_preempt_on+0x20/0xc0 [ 25.766812] ? __pfx_kthread+0x10/0x10 [ 25.766835] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.766861] ? calculate_sigpending+0x7b/0xa0 [ 25.766886] ? __pfx_kthread+0x10/0x10 [ 25.766908] ret_from_fork+0x116/0x1d0 [ 25.766927] ? __pfx_kthread+0x10/0x10 [ 25.766948] ret_from_fork_asm+0x1a/0x30 [ 25.766981] </TASK> [ 25.766994] [ 25.779290] The buggy address belongs to the physical page: [ 25.779818] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106128 [ 25.780177] flags: 0x200000000000000(node=0|zone=2) [ 25.780636] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.781081] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.781489] page dumped because: kasan: bad access detected [ 25.781981] [ 25.782128] Memory state around the buggy address: [ 25.782547] ffff888106127f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.782954] ffff888106127f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.783342] >ffff888106128000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.783824] ^ [ 25.783997] ffff888106128080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.784507] ffff888106128100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.784958] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 25.592211] ================================================================== [ 25.592637] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.592939] Read of size 1 at addr ffff888106128000 by task kunit_try_catch/277 [ 25.593225] [ 25.593335] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.593387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.593400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.593423] Call Trace: [ 25.593436] <TASK> [ 25.593455] dump_stack_lvl+0x73/0xb0 [ 25.593487] print_report+0xd1/0x610 [ 25.593510] ? __virt_addr_valid+0x1db/0x2d0 [ 25.593549] ? mempool_uaf_helper+0x392/0x400 [ 25.593571] ? kasan_addr_to_slab+0x11/0xa0 [ 25.593592] ? mempool_uaf_helper+0x392/0x400 [ 25.593614] kasan_report+0x141/0x180 [ 25.593636] ? mempool_uaf_helper+0x392/0x400 [ 25.593664] __asan_report_load1_noabort+0x18/0x20 [ 25.593688] mempool_uaf_helper+0x392/0x400 [ 25.593711] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.593734] ? dequeue_entities+0x23f/0x1630 [ 25.593760] ? __kasan_check_write+0x18/0x20 [ 25.593784] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.593807] ? finish_task_switch.isra.0+0x153/0x700 [ 25.593834] mempool_kmalloc_large_uaf+0xef/0x140 [ 25.593858] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 25.593884] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.593908] ? __pfx_mempool_kfree+0x10/0x10 [ 25.593933] ? __pfx_read_tsc+0x10/0x10 [ 25.593956] ? ktime_get_ts64+0x86/0x230 [ 25.593983] kunit_try_run_case+0x1a5/0x480 [ 25.594009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594049] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.594071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.594094] ? __kthread_parkme+0x82/0x180 [ 25.594116] ? preempt_count_sub+0x50/0x80 [ 25.594140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.594164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.594190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.594217] kthread+0x337/0x6f0 [ 25.594237] ? trace_preempt_on+0x20/0xc0 [ 25.594261] ? __pfx_kthread+0x10/0x10 [ 25.594282] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.594308] ? calculate_sigpending+0x7b/0xa0 [ 25.594333] ? __pfx_kthread+0x10/0x10 [ 25.594355] ret_from_fork+0x116/0x1d0 [ 25.594375] ? __pfx_kthread+0x10/0x10 [ 25.594395] ret_from_fork_asm+0x1a/0x30 [ 25.594428] </TASK> [ 25.594440] [ 25.604690] The buggy address belongs to the physical page: [ 25.605356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106128 [ 25.606073] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.606936] flags: 0x200000000000040(head|node=0|zone=2) [ 25.607452] page_type: f8(unknown) [ 25.607809] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.608775] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.609452] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.610250] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.611056] head: 0200000000000002 ffffea0004184a01 00000000ffffffff 00000000ffffffff [ 25.611861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.612500] page dumped because: kasan: bad access detected [ 25.613063] [ 25.613239] Memory state around the buggy address: [ 25.613735] ffff888106127f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.614048] ffff888106127f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.614263] >ffff888106128000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.614476] ^ [ 25.614662] ffff888106128080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.614955] ffff888106128100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.615237] ================================================================== [ 25.667825] ================================================================== [ 25.668286] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.668704] Read of size 1 at addr ffff888106228000 by task kunit_try_catch/281 [ 25.669009] [ 25.669128] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.669188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.669203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.669229] Call Trace: [ 25.669245] <TASK> [ 25.669268] dump_stack_lvl+0x73/0xb0 [ 25.669307] print_report+0xd1/0x610 [ 25.669335] ? __virt_addr_valid+0x1db/0x2d0 [ 25.669367] ? mempool_uaf_helper+0x392/0x400 [ 25.669416] ? kasan_addr_to_slab+0x11/0xa0 [ 25.669443] ? mempool_uaf_helper+0x392/0x400 [ 25.669471] kasan_report+0x141/0x180 [ 25.669500] ? mempool_uaf_helper+0x392/0x400 [ 25.669562] __asan_report_load1_noabort+0x18/0x20 [ 25.669594] mempool_uaf_helper+0x392/0x400 [ 25.669624] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.669652] ? dequeue_entities+0x23f/0x1630 [ 25.669702] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.669743] ? finish_task_switch.isra.0+0x153/0x700 [ 25.669776] mempool_page_alloc_uaf+0xed/0x140 [ 25.669806] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 25.669838] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.669870] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.669902] ? __pfx_read_tsc+0x10/0x10 [ 25.669929] ? ktime_get_ts64+0x86/0x230 [ 25.669962] kunit_try_run_case+0x1a5/0x480 [ 25.669993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.670019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.670048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.670076] ? __kthread_parkme+0x82/0x180 [ 25.670103] ? preempt_count_sub+0x50/0x80 [ 25.670132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.670160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.670193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.670225] kthread+0x337/0x6f0 [ 25.670250] ? trace_preempt_on+0x20/0xc0 [ 25.670279] ? __pfx_kthread+0x10/0x10 [ 25.670304] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.670335] ? calculate_sigpending+0x7b/0xa0 [ 25.670364] ? __pfx_kthread+0x10/0x10 [ 25.670391] ret_from_fork+0x116/0x1d0 [ 25.670416] ? __pfx_kthread+0x10/0x10 [ 25.670441] ret_from_fork_asm+0x1a/0x30 [ 25.670751] </TASK> [ 25.670764] [ 25.681055] The buggy address belongs to the physical page: [ 25.681428] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 25.682001] flags: 0x200000000000000(node=0|zone=2) [ 25.682235] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.682759] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.683262] page dumped because: kasan: bad access detected [ 25.683510] [ 25.683605] Memory state around the buggy address: [ 25.683814] ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.684096] ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.684378] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.685077] ^ [ 25.685378] ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.685935] ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.686167] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 25.565536] ================================================================== [ 25.566132] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.566417] Read of size 1 at addr ffff888105922100 by task kunit_try_catch/275 [ 25.566785] [ 25.566891] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.566964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.566980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.567007] Call Trace: [ 25.567022] <TASK> [ 25.567042] dump_stack_lvl+0x73/0xb0 [ 25.567081] print_report+0xd1/0x610 [ 25.567110] ? __virt_addr_valid+0x1db/0x2d0 [ 25.567143] ? mempool_uaf_helper+0x392/0x400 [ 25.567171] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.567202] ? mempool_uaf_helper+0x392/0x400 [ 25.567230] kasan_report+0x141/0x180 [ 25.567258] ? mempool_uaf_helper+0x392/0x400 [ 25.567292] __asan_report_load1_noabort+0x18/0x20 [ 25.567321] mempool_uaf_helper+0x392/0x400 [ 25.567350] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.567383] ? finish_task_switch.isra.0+0x153/0x700 [ 25.567416] mempool_kmalloc_uaf+0xef/0x140 [ 25.567444] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 25.567475] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.567505] ? __pfx_mempool_kfree+0x10/0x10 [ 25.567551] ? __pfx_read_tsc+0x10/0x10 [ 25.567578] ? ktime_get_ts64+0x86/0x230 [ 25.567610] kunit_try_run_case+0x1a5/0x480 [ 25.567656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.567684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.567712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.567742] ? __kthread_parkme+0x82/0x180 [ 25.567770] ? preempt_count_sub+0x50/0x80 [ 25.567800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.567830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.567863] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.567895] kthread+0x337/0x6f0 [ 25.567920] ? trace_preempt_on+0x20/0xc0 [ 25.567951] ? __pfx_kthread+0x10/0x10 [ 25.567976] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.568007] ? calculate_sigpending+0x7b/0xa0 [ 25.568036] ? __pfx_kthread+0x10/0x10 [ 25.568065] ret_from_fork+0x116/0x1d0 [ 25.568089] ? __pfx_kthread+0x10/0x10 [ 25.568115] ret_from_fork_asm+0x1a/0x30 [ 25.568158] </TASK> [ 25.568171] [ 25.575518] Allocated by task 275: [ 25.575699] kasan_save_stack+0x45/0x70 [ 25.575872] kasan_save_track+0x18/0x40 [ 25.576068] kasan_save_alloc_info+0x3b/0x50 [ 25.576258] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.576512] remove_element+0x11e/0x190 [ 25.576782] mempool_alloc_preallocated+0x4d/0x90 [ 25.576999] mempool_uaf_helper+0x96/0x400 [ 25.577187] mempool_kmalloc_uaf+0xef/0x140 [ 25.577365] kunit_try_run_case+0x1a5/0x480 [ 25.577573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.577848] kthread+0x337/0x6f0 [ 25.578020] ret_from_fork+0x116/0x1d0 [ 25.578208] ret_from_fork_asm+0x1a/0x30 [ 25.578421] [ 25.578531] Freed by task 275: [ 25.578649] kasan_save_stack+0x45/0x70 [ 25.578856] kasan_save_track+0x18/0x40 [ 25.578998] kasan_save_free_info+0x3f/0x60 [ 25.579146] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.579382] mempool_free+0x2ec/0x380 [ 25.579577] mempool_uaf_helper+0x11a/0x400 [ 25.579829] mempool_kmalloc_uaf+0xef/0x140 [ 25.580011] kunit_try_run_case+0x1a5/0x480 [ 25.580158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.580403] kthread+0x337/0x6f0 [ 25.580585] ret_from_fork+0x116/0x1d0 [ 25.580778] ret_from_fork_asm+0x1a/0x30 [ 25.580953] [ 25.581031] The buggy address belongs to the object at ffff888105922100 [ 25.581031] which belongs to the cache kmalloc-128 of size 128 [ 25.581391] The buggy address is located 0 bytes inside of [ 25.581391] freed 128-byte region [ffff888105922100, ffff888105922180) [ 25.581749] [ 25.581821] The buggy address belongs to the physical page: [ 25.582038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105922 [ 25.582398] flags: 0x200000000000000(node=0|zone=2) [ 25.582644] page_type: f5(slab) [ 25.582812] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.583153] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.583482] page dumped because: kasan: bad access detected [ 25.583706] [ 25.583773] Memory state around the buggy address: [ 25.583929] ffff888105922000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.584143] ffff888105922080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.584358] >ffff888105922100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.584645] ^ [ 25.584824] ffff888105922180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.585146] ffff888105922200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.585465] ================================================================== [ 25.620468] ================================================================== [ 25.621078] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 25.621913] Read of size 1 at addr ffff888105926240 by task kunit_try_catch/279 [ 25.622574] [ 25.622819] CPU: 0 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.622887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.622902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.622929] Call Trace: [ 25.622945] <TASK> [ 25.622966] dump_stack_lvl+0x73/0xb0 [ 25.623005] print_report+0xd1/0x610 [ 25.623035] ? __virt_addr_valid+0x1db/0x2d0 [ 25.623066] ? mempool_uaf_helper+0x392/0x400 [ 25.623094] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.623126] ? mempool_uaf_helper+0x392/0x400 [ 25.623154] kasan_report+0x141/0x180 [ 25.623181] ? mempool_uaf_helper+0x392/0x400 [ 25.623216] __asan_report_load1_noabort+0x18/0x20 [ 25.623245] mempool_uaf_helper+0x392/0x400 [ 25.623273] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 25.623306] ? finish_task_switch.isra.0+0x153/0x700 [ 25.623340] mempool_slab_uaf+0xea/0x140 [ 25.623368] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 25.623400] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.623431] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.623462] ? __pfx_read_tsc+0x10/0x10 [ 25.623490] ? ktime_get_ts64+0x86/0x230 [ 25.623534] kunit_try_run_case+0x1a5/0x480 [ 25.623565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.623592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.623767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.623798] ? __kthread_parkme+0x82/0x180 [ 25.623826] ? preempt_count_sub+0x50/0x80 [ 25.623856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.623885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.623917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.623950] kthread+0x337/0x6f0 [ 25.623975] ? trace_preempt_on+0x20/0xc0 [ 25.624005] ? __pfx_kthread+0x10/0x10 [ 25.624031] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.624062] ? calculate_sigpending+0x7b/0xa0 [ 25.624092] ? __pfx_kthread+0x10/0x10 [ 25.624119] ret_from_fork+0x116/0x1d0 [ 25.624144] ? __pfx_kthread+0x10/0x10 [ 25.624170] ret_from_fork_asm+0x1a/0x30 [ 25.624213] </TASK> [ 25.624228] [ 25.634665] Allocated by task 279: [ 25.635761] kasan_save_stack+0x45/0x70 [ 25.635938] kasan_save_track+0x18/0x40 [ 25.637175] kasan_save_alloc_info+0x3b/0x50 [ 25.638162] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.638694] remove_element+0x11e/0x190 [ 25.639084] mempool_alloc_preallocated+0x4d/0x90 [ 25.639255] mempool_uaf_helper+0x96/0x400 [ 25.639403] mempool_slab_uaf+0xea/0x140 [ 25.639558] kunit_try_run_case+0x1a5/0x480 [ 25.640371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.641993] kthread+0x337/0x6f0 [ 25.642310] ret_from_fork+0x116/0x1d0 [ 25.642493] ret_from_fork_asm+0x1a/0x30 [ 25.643090] [ 25.643275] Freed by task 279: [ 25.643561] kasan_save_stack+0x45/0x70 [ 25.643985] kasan_save_track+0x18/0x40 [ 25.644561] kasan_save_free_info+0x3f/0x60 [ 25.645021] __kasan_mempool_poison_object+0x131/0x1d0 [ 25.645481] mempool_free+0x2ec/0x380 [ 25.645848] mempool_uaf_helper+0x11a/0x400 [ 25.646197] mempool_slab_uaf+0xea/0x140 [ 25.646341] kunit_try_run_case+0x1a5/0x480 [ 25.646497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.647025] kthread+0x337/0x6f0 [ 25.647390] ret_from_fork+0x116/0x1d0 [ 25.647789] ret_from_fork_asm+0x1a/0x30 [ 25.648165] [ 25.648319] The buggy address belongs to the object at ffff888105926240 [ 25.648319] which belongs to the cache test_cache of size 123 [ 25.649107] The buggy address is located 0 bytes inside of [ 25.649107] freed 123-byte region [ffff888105926240, ffff8881059262bb) [ 25.649468] [ 25.649567] The buggy address belongs to the physical page: [ 25.649890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105926 [ 25.650652] flags: 0x200000000000000(node=0|zone=2) [ 25.651129] page_type: f5(slab) [ 25.651270] raw: 0200000000000000 ffff888105920140 dead000000000122 0000000000000000 [ 25.651503] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.652137] page dumped because: kasan: bad access detected [ 25.652639] [ 25.652849] Memory state around the buggy address: [ 25.653359] ffff888105926100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.653998] ffff888105926180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.654227] >ffff888105926200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.654442] ^ [ 25.654825] ffff888105926280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.655101] ffff888105926300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.655361] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 25.534495] ================================================================== [ 25.535076] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.535402] Read of size 1 at addr ffff8881059222bb by task kunit_try_catch/273 [ 25.535703] [ 25.535812] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.536087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.536102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.536124] Call Trace: [ 25.536138] <TASK> [ 25.536155] dump_stack_lvl+0x73/0xb0 [ 25.536188] print_report+0xd1/0x610 [ 25.536217] ? __virt_addr_valid+0x1db/0x2d0 [ 25.536247] ? mempool_oob_right_helper+0x318/0x380 [ 25.536275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.536306] ? mempool_oob_right_helper+0x318/0x380 [ 25.536336] kasan_report+0x141/0x180 [ 25.536364] ? mempool_oob_right_helper+0x318/0x380 [ 25.536399] __asan_report_load1_noabort+0x18/0x20 [ 25.536427] mempool_oob_right_helper+0x318/0x380 [ 25.536458] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.536491] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.536518] ? finish_task_switch.isra.0+0x153/0x700 [ 25.536561] mempool_slab_oob_right+0xed/0x140 [ 25.536600] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 25.536633] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 25.536662] ? __pfx_mempool_free_slab+0x10/0x10 [ 25.536693] ? __pfx_read_tsc+0x10/0x10 [ 25.536720] ? ktime_get_ts64+0x86/0x230 [ 25.536751] kunit_try_run_case+0x1a5/0x480 [ 25.536781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.536815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.536844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.536872] ? __kthread_parkme+0x82/0x180 [ 25.536897] ? preempt_count_sub+0x50/0x80 [ 25.536927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.536956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.536989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.537023] kthread+0x337/0x6f0 [ 25.537049] ? trace_preempt_on+0x20/0xc0 [ 25.537077] ? __pfx_kthread+0x10/0x10 [ 25.537102] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.537132] ? calculate_sigpending+0x7b/0xa0 [ 25.537161] ? __pfx_kthread+0x10/0x10 [ 25.537188] ret_from_fork+0x116/0x1d0 [ 25.537211] ? __pfx_kthread+0x10/0x10 [ 25.537237] ret_from_fork_asm+0x1a/0x30 [ 25.537277] </TASK> [ 25.537289] [ 25.545133] Allocated by task 273: [ 25.545292] kasan_save_stack+0x45/0x70 [ 25.545441] kasan_save_track+0x18/0x40 [ 25.545612] kasan_save_alloc_info+0x3b/0x50 [ 25.545884] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 25.546142] remove_element+0x11e/0x190 [ 25.546348] mempool_alloc_preallocated+0x4d/0x90 [ 25.546605] mempool_oob_right_helper+0x8a/0x380 [ 25.546851] mempool_slab_oob_right+0xed/0x140 [ 25.547042] kunit_try_run_case+0x1a5/0x480 [ 25.547254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.547532] kthread+0x337/0x6f0 [ 25.547657] ret_from_fork+0x116/0x1d0 [ 25.547929] ret_from_fork_asm+0x1a/0x30 [ 25.548118] [ 25.548212] The buggy address belongs to the object at ffff888105922240 [ 25.548212] which belongs to the cache test_cache of size 123 [ 25.548724] The buggy address is located 0 bytes to the right of [ 25.548724] allocated 123-byte region [ffff888105922240, ffff8881059222bb) [ 25.549232] [ 25.549311] The buggy address belongs to the physical page: [ 25.549531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105922 [ 25.549992] flags: 0x200000000000000(node=0|zone=2) [ 25.550206] page_type: f5(slab) [ 25.550349] raw: 0200000000000000 ffff888105920000 dead000000000122 0000000000000000 [ 25.550663] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 25.550893] page dumped because: kasan: bad access detected [ 25.551064] [ 25.551131] Memory state around the buggy address: [ 25.551286] ffff888105922180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.551662] ffff888105922200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.552003] >ffff888105922280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 25.552316] ^ [ 25.552538] ffff888105922300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552949] ffff888105922380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.553166] ================================================================== [ 25.512881] ================================================================== [ 25.513689] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.514098] Read of size 1 at addr ffff888106126001 by task kunit_try_catch/271 [ 25.514329] [ 25.514416] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.514475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.514488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.514511] Call Trace: [ 25.514536] <TASK> [ 25.514552] dump_stack_lvl+0x73/0xb0 [ 25.514585] print_report+0xd1/0x610 [ 25.514607] ? __virt_addr_valid+0x1db/0x2d0 [ 25.514633] ? mempool_oob_right_helper+0x318/0x380 [ 25.514656] ? kasan_addr_to_slab+0x11/0xa0 [ 25.514676] ? mempool_oob_right_helper+0x318/0x380 [ 25.514700] kasan_report+0x141/0x180 [ 25.514808] ? mempool_oob_right_helper+0x318/0x380 [ 25.514839] __asan_report_load1_noabort+0x18/0x20 [ 25.514864] mempool_oob_right_helper+0x318/0x380 [ 25.514889] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.514913] ? dequeue_entities+0x23f/0x1630 [ 25.514939] ? __kasan_check_write+0x18/0x20 [ 25.514963] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.514985] ? finish_task_switch.isra.0+0x153/0x700 [ 25.515010] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 25.515035] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 25.515062] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.515086] ? __pfx_mempool_kfree+0x10/0x10 [ 25.515110] ? __pfx_read_tsc+0x10/0x10 [ 25.515132] ? ktime_get_ts64+0x86/0x230 [ 25.515158] kunit_try_run_case+0x1a5/0x480 [ 25.515182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.515204] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.515227] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.515248] ? __kthread_parkme+0x82/0x180 [ 25.515270] ? preempt_count_sub+0x50/0x80 [ 25.515292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.515315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.515342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.515368] kthread+0x337/0x6f0 [ 25.515387] ? trace_preempt_on+0x20/0xc0 [ 25.515411] ? __pfx_kthread+0x10/0x10 [ 25.515432] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.515457] ? calculate_sigpending+0x7b/0xa0 [ 25.515480] ? __pfx_kthread+0x10/0x10 [ 25.515502] ret_from_fork+0x116/0x1d0 [ 25.515534] ? __pfx_kthread+0x10/0x10 [ 25.515555] ret_from_fork_asm+0x1a/0x30 [ 25.515718] </TASK> [ 25.515733] [ 25.523669] The buggy address belongs to the physical page: [ 25.523936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106124 [ 25.524299] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.524783] flags: 0x200000000000040(head|node=0|zone=2) [ 25.525040] page_type: f8(unknown) [ 25.525163] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.525385] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.525695] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.526032] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.526726] head: 0200000000000002 ffffea0004184901 00000000ffffffff 00000000ffffffff [ 25.526965] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.527187] page dumped because: kasan: bad access detected [ 25.527413] [ 25.527502] Memory state around the buggy address: [ 25.527842] ffff888106125f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.528155] ffff888106125f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.528441] >ffff888106126000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.528878] ^ [ 25.529010] ffff888106126080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.529317] ffff888106126100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.529605] ================================================================== [ 25.486225] ================================================================== [ 25.486793] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 25.487131] Read of size 1 at addr ffff8881041b9d73 by task kunit_try_catch/269 [ 25.487465] [ 25.487587] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 25.487746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.487762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.487788] Call Trace: [ 25.487810] <TASK> [ 25.487832] dump_stack_lvl+0x73/0xb0 [ 25.487871] print_report+0xd1/0x610 [ 25.487901] ? __virt_addr_valid+0x1db/0x2d0 [ 25.487934] ? mempool_oob_right_helper+0x318/0x380 [ 25.487962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.487993] ? mempool_oob_right_helper+0x318/0x380 [ 25.488023] kasan_report+0x141/0x180 [ 25.488051] ? mempool_oob_right_helper+0x318/0x380 [ 25.488086] __asan_report_load1_noabort+0x18/0x20 [ 25.488116] mempool_oob_right_helper+0x318/0x380 [ 25.488146] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 25.488180] ? finish_task_switch.isra.0+0x153/0x700 [ 25.488214] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.488243] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 25.488276] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.488308] ? __pfx_mempool_kfree+0x10/0x10 [ 25.488340] ? __pfx_read_tsc+0x10/0x10 [ 25.488368] ? ktime_get_ts64+0x86/0x230 [ 25.488400] kunit_try_run_case+0x1a5/0x480 [ 25.488431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.488458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.488486] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.488515] ? __kthread_parkme+0x82/0x180 [ 25.488553] ? preempt_count_sub+0x50/0x80 [ 25.488583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.488612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.488644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.488677] kthread+0x337/0x6f0 [ 25.488702] ? trace_preempt_on+0x20/0xc0 [ 25.488732] ? __pfx_kthread+0x10/0x10 [ 25.488759] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.488789] ? calculate_sigpending+0x7b/0xa0 [ 25.488820] ? __pfx_kthread+0x10/0x10 [ 25.488847] ret_from_fork+0x116/0x1d0 [ 25.488871] ? __pfx_kthread+0x10/0x10 [ 25.488897] ret_from_fork_asm+0x1a/0x30 [ 25.488939] </TASK> [ 25.488952] [ 25.498719] Allocated by task 269: [ 25.498892] kasan_save_stack+0x45/0x70 [ 25.499081] kasan_save_track+0x18/0x40 [ 25.499257] kasan_save_alloc_info+0x3b/0x50 [ 25.499460] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.500104] remove_element+0x11e/0x190 [ 25.500306] mempool_alloc_preallocated+0x4d/0x90 [ 25.500673] mempool_oob_right_helper+0x8a/0x380 [ 25.500979] mempool_kmalloc_oob_right+0xf2/0x150 [ 25.501173] kunit_try_run_case+0x1a5/0x480 [ 25.501473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.501780] kthread+0x337/0x6f0 [ 25.502068] ret_from_fork+0x116/0x1d0 [ 25.502266] ret_from_fork_asm+0x1a/0x30 [ 25.502611] [ 25.502761] The buggy address belongs to the object at ffff8881041b9d00 [ 25.502761] which belongs to the cache kmalloc-128 of size 128 [ 25.503351] The buggy address is located 0 bytes to the right of [ 25.503351] allocated 115-byte region [ffff8881041b9d00, ffff8881041b9d73) [ 25.504099] [ 25.504183] The buggy address belongs to the physical page: [ 25.504559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 25.504960] flags: 0x200000000000000(node=0|zone=2) [ 25.505148] page_type: f5(slab) [ 25.505395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.505692] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.506175] page dumped because: kasan: bad access detected [ 25.506487] [ 25.506577] Memory state around the buggy address: [ 25.506846] ffff8881041b9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.507299] ffff8881041b9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.507702] >ffff8881041b9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.507987] ^ [ 25.508355] ffff8881041b9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.508693] ffff8881041b9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.509104] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.905680] ================================================================== [ 24.906178] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.906719] Read of size 1 at addr ffff888101742c80 by task kunit_try_catch/263 [ 24.907345] [ 24.907471] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.907568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.907584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.907628] Call Trace: [ 24.907729] <TASK> [ 24.907753] dump_stack_lvl+0x73/0xb0 [ 24.907793] print_report+0xd1/0x610 [ 24.907823] ? __virt_addr_valid+0x1db/0x2d0 [ 24.907855] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.907885] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.907917] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.907947] kasan_report+0x141/0x180 [ 24.907975] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.908009] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.908040] __kasan_check_byte+0x3d/0x50 [ 24.908067] kmem_cache_destroy+0x25/0x1d0 [ 24.908101] kmem_cache_double_destroy+0x1bf/0x380 [ 24.908132] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.908161] ? finish_task_switch.isra.0+0x153/0x700 [ 24.908190] ? __switch_to+0x47/0xf80 [ 24.908228] ? __pfx_read_tsc+0x10/0x10 [ 24.908257] ? ktime_get_ts64+0x86/0x230 [ 24.908289] kunit_try_run_case+0x1a5/0x480 [ 24.908320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.908375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.908403] ? __kthread_parkme+0x82/0x180 [ 24.908428] ? preempt_count_sub+0x50/0x80 [ 24.908457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.908518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908573] kthread+0x337/0x6f0 [ 24.908660] ? trace_preempt_on+0x20/0xc0 [ 24.908693] ? __pfx_kthread+0x10/0x10 [ 24.908720] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908751] ? calculate_sigpending+0x7b/0xa0 [ 24.908782] ? __pfx_kthread+0x10/0x10 [ 24.908809] ret_from_fork+0x116/0x1d0 [ 24.908833] ? __pfx_kthread+0x10/0x10 [ 24.908859] ret_from_fork_asm+0x1a/0x30 [ 24.908902] </TASK> [ 24.908915] [ 24.920213] Allocated by task 263: [ 24.920569] kasan_save_stack+0x45/0x70 [ 24.920875] kasan_save_track+0x18/0x40 [ 24.921086] kasan_save_alloc_info+0x3b/0x50 [ 24.921297] __kasan_slab_alloc+0x91/0xa0 [ 24.921540] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.921816] __kmem_cache_create_args+0x169/0x240 [ 24.922072] kmem_cache_double_destroy+0xd5/0x380 [ 24.922289] kunit_try_run_case+0x1a5/0x480 [ 24.922503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.922921] kthread+0x337/0x6f0 [ 24.923102] ret_from_fork+0x116/0x1d0 [ 24.923257] ret_from_fork_asm+0x1a/0x30 [ 24.923449] [ 24.923553] Freed by task 263: [ 24.923718] kasan_save_stack+0x45/0x70 [ 24.923910] kasan_save_track+0x18/0x40 [ 24.924137] kasan_save_free_info+0x3f/0x60 [ 24.924348] __kasan_slab_free+0x56/0x70 [ 24.924685] kmem_cache_free+0x249/0x420 [ 24.925304] slab_kmem_cache_release+0x2e/0x40 [ 24.925496] kmem_cache_release+0x16/0x20 [ 24.925820] kobject_put+0x181/0x450 [ 24.926002] sysfs_slab_release+0x16/0x20 [ 24.926194] kmem_cache_destroy+0xf0/0x1d0 [ 24.926403] kmem_cache_double_destroy+0x14e/0x380 [ 24.926650] kunit_try_run_case+0x1a5/0x480 [ 24.927264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.927624] kthread+0x337/0x6f0 [ 24.927793] ret_from_fork+0x116/0x1d0 [ 24.928109] ret_from_fork_asm+0x1a/0x30 [ 24.928295] [ 24.928455] The buggy address belongs to the object at ffff888101742c80 [ 24.928455] which belongs to the cache kmem_cache of size 208 [ 24.929123] The buggy address is located 0 bytes inside of [ 24.929123] freed 208-byte region [ffff888101742c80, ffff888101742d50) [ 24.929624] [ 24.929752] The buggy address belongs to the physical page: [ 24.929983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101742 [ 24.930303] flags: 0x200000000000000(node=0|zone=2) [ 24.931037] page_type: f5(slab) [ 24.931210] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 24.931500] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.932166] page dumped because: kasan: bad access detected [ 24.932411] [ 24.932506] Memory state around the buggy address: [ 24.932709] ffff888101742b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.933096] ffff888101742c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.933361] >ffff888101742c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.933757] ^ [ 24.933886] ffff888101742d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.934194] ffff888101742d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.934535] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.836913] ================================================================== [ 24.837455] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.838037] Read of size 1 at addr ffff8881060a6000 by task kunit_try_catch/261 [ 24.838650] [ 24.838913] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.838983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.838996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.839129] Call Trace: [ 24.839147] <TASK> [ 24.839168] dump_stack_lvl+0x73/0xb0 [ 24.839202] print_report+0xd1/0x610 [ 24.839227] ? __virt_addr_valid+0x1db/0x2d0 [ 24.839254] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.839277] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.839303] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.839326] kasan_report+0x141/0x180 [ 24.839348] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.839376] __asan_report_load1_noabort+0x18/0x20 [ 24.839401] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.839424] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.839446] ? finish_task_switch.isra.0+0x153/0x700 [ 24.839468] ? __switch_to+0x47/0xf80 [ 24.839498] ? __pfx_read_tsc+0x10/0x10 [ 24.839534] ? ktime_get_ts64+0x86/0x230 [ 24.839561] kunit_try_run_case+0x1a5/0x480 [ 24.839749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.839773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.839797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.839819] ? __kthread_parkme+0x82/0x180 [ 24.839841] ? preempt_count_sub+0x50/0x80 [ 24.839865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.839888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.839914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.839940] kthread+0x337/0x6f0 [ 24.839960] ? trace_preempt_on+0x20/0xc0 [ 24.839985] ? __pfx_kthread+0x10/0x10 [ 24.840006] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.840031] ? calculate_sigpending+0x7b/0xa0 [ 24.840055] ? __pfx_kthread+0x10/0x10 [ 24.840076] ret_from_fork+0x116/0x1d0 [ 24.840096] ? __pfx_kthread+0x10/0x10 [ 24.840117] ret_from_fork_asm+0x1a/0x30 [ 24.840149] </TASK> [ 24.840161] [ 24.850920] Allocated by task 261: [ 24.851090] kasan_save_stack+0x45/0x70 [ 24.851345] kasan_save_track+0x18/0x40 [ 24.851558] kasan_save_alloc_info+0x3b/0x50 [ 24.851779] __kasan_slab_alloc+0x91/0xa0 [ 24.852315] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.852619] kmem_cache_rcu_uaf+0x155/0x510 [ 24.853013] kunit_try_run_case+0x1a5/0x480 [ 24.853207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.853765] kthread+0x337/0x6f0 [ 24.854402] ret_from_fork+0x116/0x1d0 [ 24.854956] ret_from_fork_asm+0x1a/0x30 [ 24.855441] [ 24.855571] Freed by task 0: [ 24.856038] kasan_save_stack+0x45/0x70 [ 24.856328] kasan_save_track+0x18/0x40 [ 24.856502] kasan_save_free_info+0x3f/0x60 [ 24.856990] __kasan_slab_free+0x56/0x70 [ 24.857283] slab_free_after_rcu_debug+0xe4/0x310 [ 24.857593] rcu_core+0x66f/0x1c40 [ 24.857724] rcu_core_si+0x12/0x20 [ 24.857840] handle_softirqs+0x209/0x730 [ 24.857971] __irq_exit_rcu+0xc9/0x110 [ 24.858451] irq_exit_rcu+0x12/0x20 [ 24.858830] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.859054] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.859247] [ 24.859312] Last potentially related work creation: [ 24.859456] kasan_save_stack+0x45/0x70 [ 24.859598] kasan_record_aux_stack+0xb2/0xc0 [ 24.859739] kmem_cache_free+0x131/0x420 [ 24.859868] kmem_cache_rcu_uaf+0x194/0x510 [ 24.860003] kunit_try_run_case+0x1a5/0x480 [ 24.860137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.860301] kthread+0x337/0x6f0 [ 24.860410] ret_from_fork+0x116/0x1d0 [ 24.861643] ret_from_fork_asm+0x1a/0x30 [ 24.862404] [ 24.862491] The buggy address belongs to the object at ffff8881060a6000 [ 24.862491] which belongs to the cache test_cache of size 200 [ 24.864083] The buggy address is located 0 bytes inside of [ 24.864083] freed 200-byte region [ffff8881060a6000, ffff8881060a60c8) [ 24.864439] [ 24.864507] The buggy address belongs to the physical page: [ 24.865428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a6 [ 24.866455] flags: 0x200000000000000(node=0|zone=2) [ 24.867256] page_type: f5(slab) [ 24.867632] raw: 0200000000000000 ffff888101e20280 dead000000000122 0000000000000000 [ 24.867867] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.868825] page dumped because: kasan: bad access detected [ 24.869221] [ 24.869288] Memory state around the buggy address: [ 24.869441] ffff8881060a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.869999] ffff8881060a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.870715] >ffff8881060a6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.870925] ^ [ 24.871037] ffff8881060a6080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.871242] ffff8881060a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.871448] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.777469] ================================================================== [ 24.778273] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.778959] Free of addr ffff88810591a001 by task kunit_try_catch/259 [ 24.779487] [ 24.779712] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.779865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.779883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.779908] Call Trace: [ 24.779924] <TASK> [ 24.779943] dump_stack_lvl+0x73/0xb0 [ 24.779980] print_report+0xd1/0x610 [ 24.780017] ? __virt_addr_valid+0x1db/0x2d0 [ 24.780048] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.780079] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.780109] kasan_report_invalid_free+0x10a/0x130 [ 24.780139] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.780170] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.780200] check_slab_allocation+0x11f/0x130 [ 24.780226] __kasan_slab_pre_free+0x28/0x40 [ 24.780251] kmem_cache_free+0xed/0x420 [ 24.780276] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.780305] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.780338] kmem_cache_invalid_free+0x1d8/0x460 [ 24.780367] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.780395] ? finish_task_switch.isra.0+0x153/0x700 [ 24.780422] ? __switch_to+0x47/0xf80 [ 24.780458] ? __pfx_read_tsc+0x10/0x10 [ 24.780485] ? ktime_get_ts64+0x86/0x230 [ 24.780517] kunit_try_run_case+0x1a5/0x480 [ 24.780556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.780582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.780610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.780637] ? __kthread_parkme+0x82/0x180 [ 24.780662] ? preempt_count_sub+0x50/0x80 [ 24.780691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.780719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.780749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.780780] kthread+0x337/0x6f0 [ 24.780804] ? trace_preempt_on+0x20/0xc0 [ 24.780833] ? __pfx_kthread+0x10/0x10 [ 24.780859] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.780888] ? calculate_sigpending+0x7b/0xa0 [ 24.780917] ? __pfx_kthread+0x10/0x10 [ 24.780943] ret_from_fork+0x116/0x1d0 [ 24.780966] ? __pfx_kthread+0x10/0x10 [ 24.780992] ret_from_fork_asm+0x1a/0x30 [ 24.781032] </TASK> [ 24.781044] [ 24.788534] Allocated by task 259: [ 24.788730] kasan_save_stack+0x45/0x70 [ 24.788882] kasan_save_track+0x18/0x40 [ 24.789020] kasan_save_alloc_info+0x3b/0x50 [ 24.789170] __kasan_slab_alloc+0x91/0xa0 [ 24.789309] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.789516] kmem_cache_invalid_free+0x157/0x460 [ 24.789704] kunit_try_run_case+0x1a5/0x480 [ 24.789915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.790161] kthread+0x337/0x6f0 [ 24.790283] ret_from_fork+0x116/0x1d0 [ 24.790416] ret_from_fork_asm+0x1a/0x30 [ 24.790585] [ 24.790700] The buggy address belongs to the object at ffff88810591a000 [ 24.790700] which belongs to the cache test_cache of size 200 [ 24.791234] The buggy address is located 1 bytes inside of [ 24.791234] 200-byte region [ffff88810591a000, ffff88810591a0c8) [ 24.791780] [ 24.791850] The buggy address belongs to the physical page: [ 24.792024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10591a [ 24.792294] flags: 0x200000000000000(node=0|zone=2) [ 24.792539] page_type: f5(slab) [ 24.792789] raw: 0200000000000000 ffff888101742b40 dead000000000122 0000000000000000 [ 24.793132] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.793412] page dumped because: kasan: bad access detected [ 24.793704] [ 24.793792] Memory state around the buggy address: [ 24.793976] ffff888105919f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.794260] ffff888105919f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.794506] >ffff88810591a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.794953] ^ [ 24.795238] ffff88810591a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.795492] ffff88810591a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.795909] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 24.726668] ================================================================== [ 24.727153] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 24.727599] Free of addr ffff888105917000 by task kunit_try_catch/257 [ 24.728056] [ 24.728587] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.728650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.728700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.728725] Call Trace: [ 24.728742] <TASK> [ 24.728771] dump_stack_lvl+0x73/0xb0 [ 24.728812] print_report+0xd1/0x610 [ 24.728840] ? __virt_addr_valid+0x1db/0x2d0 [ 24.728873] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.728904] ? kmem_cache_double_free+0x1e5/0x480 [ 24.728934] kasan_report_invalid_free+0x10a/0x130 [ 24.728963] ? kmem_cache_double_free+0x1e5/0x480 [ 24.728995] ? kmem_cache_double_free+0x1e5/0x480 [ 24.729025] check_slab_allocation+0x101/0x130 [ 24.729052] __kasan_slab_pre_free+0x28/0x40 [ 24.729077] kmem_cache_free+0xed/0x420 [ 24.729102] ? kasan_save_track+0x18/0x40 [ 24.729126] ? kasan_save_stack+0x45/0x70 [ 24.729149] ? kmem_cache_double_free+0x1e5/0x480 [ 24.729178] ? __kasan_slab_free+0x61/0x70 [ 24.729205] kmem_cache_double_free+0x1e5/0x480 [ 24.729234] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 24.729262] ? finish_task_switch.isra.0+0x153/0x700 [ 24.729289] ? __switch_to+0x47/0xf80 [ 24.729328] ? __pfx_read_tsc+0x10/0x10 [ 24.729355] ? ktime_get_ts64+0x86/0x230 [ 24.729388] kunit_try_run_case+0x1a5/0x480 [ 24.729419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729445] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.729473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.729500] ? __kthread_parkme+0x82/0x180 [ 24.729536] ? preempt_count_sub+0x50/0x80 [ 24.729568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729828] kthread+0x337/0x6f0 [ 24.729854] ? trace_preempt_on+0x20/0xc0 [ 24.729886] ? __pfx_kthread+0x10/0x10 [ 24.729913] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.729943] ? calculate_sigpending+0x7b/0xa0 [ 24.729973] ? __pfx_kthread+0x10/0x10 [ 24.730000] ret_from_fork+0x116/0x1d0 [ 24.730024] ? __pfx_kthread+0x10/0x10 [ 24.730050] ret_from_fork_asm+0x1a/0x30 [ 24.730092] </TASK> [ 24.730104] [ 24.748476] Allocated by task 257: [ 24.748651] kasan_save_stack+0x45/0x70 [ 24.749377] kasan_save_track+0x18/0x40 [ 24.749918] kasan_save_alloc_info+0x3b/0x50 [ 24.750533] __kasan_slab_alloc+0x91/0xa0 [ 24.750693] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.751307] kmem_cache_double_free+0x14f/0x480 [ 24.751680] kunit_try_run_case+0x1a5/0x480 [ 24.752045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.752295] kthread+0x337/0x6f0 [ 24.752452] ret_from_fork+0x116/0x1d0 [ 24.752648] ret_from_fork_asm+0x1a/0x30 [ 24.752791] [ 24.752862] Freed by task 257: [ 24.752973] kasan_save_stack+0x45/0x70 [ 24.753110] kasan_save_track+0x18/0x40 [ 24.753248] kasan_save_free_info+0x3f/0x60 [ 24.753397] __kasan_slab_free+0x56/0x70 [ 24.753753] kmem_cache_free+0x249/0x420 [ 24.753909] kmem_cache_double_free+0x16a/0x480 [ 24.754068] kunit_try_run_case+0x1a5/0x480 [ 24.754217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.754395] kthread+0x337/0x6f0 [ 24.754540] ret_from_fork+0x116/0x1d0 [ 24.755237] ret_from_fork_asm+0x1a/0x30 [ 24.755442] [ 24.755515] The buggy address belongs to the object at ffff888105917000 [ 24.755515] which belongs to the cache test_cache of size 200 [ 24.756903] The buggy address is located 0 bytes inside of [ 24.756903] 200-byte region [ffff888105917000, ffff8881059170c8) [ 24.757793] [ 24.757895] The buggy address belongs to the physical page: [ 24.758133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105917 [ 24.758464] flags: 0x200000000000000(node=0|zone=2) [ 24.759066] page_type: f5(slab) [ 24.759564] raw: 0200000000000000 ffff888101742a00 dead000000000122 0000000000000000 [ 24.759908] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.760537] page dumped because: kasan: bad access detected [ 24.760849] [ 24.760942] Memory state around the buggy address: [ 24.761151] ffff888105916f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.761444] ffff888105916f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.762244] >ffff888105917000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.762884] ^ [ 24.763050] ffff888105917080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.763346] ffff888105917100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.764039] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 24.672265] ================================================================== [ 24.672820] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 24.673273] Read of size 1 at addr ffff8881059150c8 by task kunit_try_catch/255 [ 24.673575] [ 24.674143] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.674204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.674218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.674243] Call Trace: [ 24.674259] <TASK> [ 24.674279] dump_stack_lvl+0x73/0xb0 [ 24.674453] print_report+0xd1/0x610 [ 24.674488] ? __virt_addr_valid+0x1db/0x2d0 [ 24.674530] ? kmem_cache_oob+0x402/0x530 [ 24.674557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.674607] ? kmem_cache_oob+0x402/0x530 [ 24.674636] kasan_report+0x141/0x180 [ 24.674663] ? kmem_cache_oob+0x402/0x530 [ 24.674697] __asan_report_load1_noabort+0x18/0x20 [ 24.674725] kmem_cache_oob+0x402/0x530 [ 24.674751] ? trace_hardirqs_on+0x37/0xe0 [ 24.674781] ? __pfx_kmem_cache_oob+0x10/0x10 [ 24.674807] ? finish_task_switch.isra.0+0x153/0x700 [ 24.674834] ? __switch_to+0x47/0xf80 [ 24.674872] ? __pfx_read_tsc+0x10/0x10 [ 24.674898] ? ktime_get_ts64+0x86/0x230 [ 24.674929] kunit_try_run_case+0x1a5/0x480 [ 24.674958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.674983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.675011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.675038] ? __kthread_parkme+0x82/0x180 [ 24.675062] ? preempt_count_sub+0x50/0x80 [ 24.675091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.675119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.675149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.675180] kthread+0x337/0x6f0 [ 24.675204] ? trace_preempt_on+0x20/0xc0 [ 24.675231] ? __pfx_kthread+0x10/0x10 [ 24.675256] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.675285] ? calculate_sigpending+0x7b/0xa0 [ 24.675314] ? __pfx_kthread+0x10/0x10 [ 24.675341] ret_from_fork+0x116/0x1d0 [ 24.675364] ? __pfx_kthread+0x10/0x10 [ 24.675389] ret_from_fork_asm+0x1a/0x30 [ 24.675429] </TASK> [ 24.675442] [ 24.688171] Allocated by task 255: [ 24.688341] kasan_save_stack+0x45/0x70 [ 24.688895] kasan_save_track+0x18/0x40 [ 24.689206] kasan_save_alloc_info+0x3b/0x50 [ 24.689544] __kasan_slab_alloc+0x91/0xa0 [ 24.689949] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.690327] kmem_cache_oob+0x157/0x530 [ 24.690794] kunit_try_run_case+0x1a5/0x480 [ 24.691004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.691238] kthread+0x337/0x6f0 [ 24.691410] ret_from_fork+0x116/0x1d0 [ 24.691600] ret_from_fork_asm+0x1a/0x30 [ 24.692136] [ 24.692212] The buggy address belongs to the object at ffff888105915000 [ 24.692212] which belongs to the cache test_cache of size 200 [ 24.693395] The buggy address is located 0 bytes to the right of [ 24.693395] allocated 200-byte region [ffff888105915000, ffff8881059150c8) [ 24.694387] [ 24.694504] The buggy address belongs to the physical page: [ 24.695063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105915 [ 24.695548] flags: 0x200000000000000(node=0|zone=2) [ 24.696068] page_type: f5(slab) [ 24.696228] raw: 0200000000000000 ffff8881017428c0 dead000000000122 0000000000000000 [ 24.696943] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.697258] page dumped because: kasan: bad access detected [ 24.697764] [ 24.697986] Memory state around the buggy address: [ 24.698358] ffff888105914f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.698914] ffff888105915000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.699388] >ffff888105915080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.699889] ^ [ 24.700287] ffff888105915100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.700578] ffff888105915180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.701231] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 24.635207] ================================================================== [ 24.635692] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 24.635975] Read of size 8 at addr ffff8881055e0c80 by task kunit_try_catch/248 [ 24.636381] [ 24.636489] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.636549] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.636562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.636581] Call Trace: [ 24.636594] <TASK> [ 24.636610] dump_stack_lvl+0x73/0xb0 [ 24.636641] print_report+0xd1/0x610 [ 24.636664] ? __virt_addr_valid+0x1db/0x2d0 [ 24.636688] ? workqueue_uaf+0x4d6/0x560 [ 24.636708] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.636733] ? workqueue_uaf+0x4d6/0x560 [ 24.636754] kasan_report+0x141/0x180 [ 24.636776] ? workqueue_uaf+0x4d6/0x560 [ 24.636801] __asan_report_load8_noabort+0x18/0x20 [ 24.636825] workqueue_uaf+0x4d6/0x560 [ 24.636847] ? __pfx_workqueue_uaf+0x10/0x10 [ 24.636890] ? __schedule+0x10cc/0x2b60 [ 24.636911] ? __pfx_read_tsc+0x10/0x10 [ 24.636933] ? ktime_get_ts64+0x86/0x230 [ 24.636958] kunit_try_run_case+0x1a5/0x480 [ 24.636982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.637003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.637025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.637047] ? __kthread_parkme+0x82/0x180 [ 24.637067] ? preempt_count_sub+0x50/0x80 [ 24.637091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.637113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.637138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.637163] kthread+0x337/0x6f0 [ 24.637183] ? trace_preempt_on+0x20/0xc0 [ 24.637206] ? __pfx_kthread+0x10/0x10 [ 24.637226] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.637250] ? calculate_sigpending+0x7b/0xa0 [ 24.637274] ? __pfx_kthread+0x10/0x10 [ 24.637295] ret_from_fork+0x116/0x1d0 [ 24.637314] ? __pfx_kthread+0x10/0x10 [ 24.637334] ret_from_fork_asm+0x1a/0x30 [ 24.637366] </TASK> [ 24.637376] [ 24.647010] Allocated by task 248: [ 24.647175] kasan_save_stack+0x45/0x70 [ 24.647357] kasan_save_track+0x18/0x40 [ 24.647536] kasan_save_alloc_info+0x3b/0x50 [ 24.648120] __kasan_kmalloc+0xb7/0xc0 [ 24.648318] __kmalloc_cache_noprof+0x189/0x420 [ 24.648529] workqueue_uaf+0x152/0x560 [ 24.648659] kunit_try_run_case+0x1a5/0x480 [ 24.648856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.649142] kthread+0x337/0x6f0 [ 24.649292] ret_from_fork+0x116/0x1d0 [ 24.649474] ret_from_fork_asm+0x1a/0x30 [ 24.649719] [ 24.649818] Freed by task 41: [ 24.649933] kasan_save_stack+0x45/0x70 [ 24.650109] kasan_save_track+0x18/0x40 [ 24.650285] kasan_save_free_info+0x3f/0x60 [ 24.650435] __kasan_slab_free+0x56/0x70 [ 24.650585] kfree+0x222/0x3f0 [ 24.650736] workqueue_uaf_work+0x12/0x20 [ 24.650941] process_one_work+0x5ee/0xf60 [ 24.651135] worker_thread+0x758/0x1220 [ 24.651319] kthread+0x337/0x6f0 [ 24.651458] ret_from_fork+0x116/0x1d0 [ 24.651595] ret_from_fork_asm+0x1a/0x30 [ 24.651915] [ 24.652007] Last potentially related work creation: [ 24.652197] kasan_save_stack+0x45/0x70 [ 24.652363] kasan_record_aux_stack+0xb2/0xc0 [ 24.652744] __queue_work+0x61a/0xe70 [ 24.652924] queue_work_on+0xb6/0xc0 [ 24.653097] workqueue_uaf+0x26d/0x560 [ 24.653247] kunit_try_run_case+0x1a5/0x480 [ 24.653410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.653613] kthread+0x337/0x6f0 [ 24.653775] ret_from_fork+0x116/0x1d0 [ 24.654006] ret_from_fork_asm+0x1a/0x30 [ 24.654213] [ 24.654281] The buggy address belongs to the object at ffff8881055e0c80 [ 24.654281] which belongs to the cache kmalloc-32 of size 32 [ 24.654866] The buggy address is located 0 bytes inside of [ 24.654866] freed 32-byte region [ffff8881055e0c80, ffff8881055e0ca0) [ 24.655374] [ 24.655487] The buggy address belongs to the physical page: [ 24.655765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e0 [ 24.656006] flags: 0x200000000000000(node=0|zone=2) [ 24.656164] page_type: f5(slab) [ 24.656353] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.656693] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.656978] page dumped because: kasan: bad access detected [ 24.657141] [ 24.657203] Memory state around the buggy address: [ 24.657393] ffff8881055e0b80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 24.657789] ffff8881055e0c00: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 24.658062] >ffff8881055e0c80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 24.658343] ^ [ 24.658496] ffff8881055e0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.659447] ffff8881055e0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.660032] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 24.597731] ================================================================== [ 24.599102] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 24.599327] Read of size 4 at addr ffff8881055e0b40 by task swapper/1/0 [ 24.599534] [ 24.599645] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.599693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.599705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.599726] Call Trace: [ 24.599755] <IRQ> [ 24.599772] dump_stack_lvl+0x73/0xb0 [ 24.599802] print_report+0xd1/0x610 [ 24.599824] ? __virt_addr_valid+0x1db/0x2d0 [ 24.599846] ? rcu_uaf_reclaim+0x50/0x60 [ 24.599866] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.599891] ? rcu_uaf_reclaim+0x50/0x60 [ 24.599911] kasan_report+0x141/0x180 [ 24.599932] ? rcu_uaf_reclaim+0x50/0x60 [ 24.599956] __asan_report_load4_noabort+0x18/0x20 [ 24.599980] rcu_uaf_reclaim+0x50/0x60 [ 24.600000] rcu_core+0x66f/0x1c40 [ 24.600029] ? __pfx_rcu_core+0x10/0x10 [ 24.600050] ? ktime_get+0x6b/0x150 [ 24.600072] ? handle_softirqs+0x18e/0x730 [ 24.600096] rcu_core_si+0x12/0x20 [ 24.600116] handle_softirqs+0x209/0x730 [ 24.600135] ? hrtimer_interrupt+0x2fe/0x780 [ 24.600162] ? __pfx_handle_softirqs+0x10/0x10 [ 24.600188] __irq_exit_rcu+0xc9/0x110 [ 24.600208] irq_exit_rcu+0x12/0x20 [ 24.600227] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.600251] </IRQ> [ 24.600276] <TASK> [ 24.600287] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.600380] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 24.601279] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d e3 22 17 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 24.601957] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010216 [ 24.602473] RAX: ffff88819d115000 RBX: ffff88810085b000 RCX: ffffffffbbb19a25 [ 24.602549] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001c67c [ 24.602690] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 24.602737] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 24.602781] R13: ffffed102010b600 R14: ffffffffbd7f91d0 R15: 0000000000000000 [ 24.602843] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 24.602902] ? default_idle+0xd/0x20 [ 24.602926] arch_cpu_idle+0xd/0x20 [ 24.602948] default_idle_call+0x48/0x80 [ 24.602969] do_idle+0x379/0x4f0 [ 24.602996] ? __pfx_do_idle+0x10/0x10 [ 24.603017] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 24.603040] ? complete+0x15b/0x1d0 [ 24.603066] cpu_startup_entry+0x5c/0x70 [ 24.603089] start_secondary+0x211/0x290 [ 24.603111] ? __pfx_start_secondary+0x10/0x10 [ 24.603137] common_startup_64+0x13e/0x148 [ 24.603170] </TASK> [ 24.603181] [ 24.616785] Allocated by task 246: [ 24.616933] kasan_save_stack+0x45/0x70 [ 24.617116] kasan_save_track+0x18/0x40 [ 24.617245] kasan_save_alloc_info+0x3b/0x50 [ 24.617388] __kasan_kmalloc+0xb7/0xc0 [ 24.617512] __kmalloc_cache_noprof+0x189/0x420 [ 24.617813] rcu_uaf+0xb0/0x330 [ 24.617983] kunit_try_run_case+0x1a5/0x480 [ 24.618196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.618442] kthread+0x337/0x6f0 [ 24.618711] ret_from_fork+0x116/0x1d0 [ 24.618900] ret_from_fork_asm+0x1a/0x30 [ 24.619057] [ 24.619120] Freed by task 0: [ 24.619219] kasan_save_stack+0x45/0x70 [ 24.619347] kasan_save_track+0x18/0x40 [ 24.619514] kasan_save_free_info+0x3f/0x60 [ 24.619800] __kasan_slab_free+0x56/0x70 [ 24.619992] kfree+0x222/0x3f0 [ 24.620144] rcu_uaf_reclaim+0x1f/0x60 [ 24.620267] rcu_core+0x66f/0x1c40 [ 24.620387] rcu_core_si+0x12/0x20 [ 24.620503] handle_softirqs+0x209/0x730 [ 24.620887] __irq_exit_rcu+0xc9/0x110 [ 24.621095] irq_exit_rcu+0x12/0x20 [ 24.621277] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.621505] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.621836] [ 24.621954] Last potentially related work creation: [ 24.622191] kasan_save_stack+0x45/0x70 [ 24.622333] kasan_record_aux_stack+0xb2/0xc0 [ 24.622484] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 24.622792] call_rcu+0x12/0x20 [ 24.622967] rcu_uaf+0x168/0x330 [ 24.623128] kunit_try_run_case+0x1a5/0x480 [ 24.623321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.623535] kthread+0x337/0x6f0 [ 24.623770] ret_from_fork+0x116/0x1d0 [ 24.623921] ret_from_fork_asm+0x1a/0x30 [ 24.624120] [ 24.624220] The buggy address belongs to the object at ffff8881055e0b40 [ 24.624220] which belongs to the cache kmalloc-32 of size 32 [ 24.624769] The buggy address is located 0 bytes inside of [ 24.624769] freed 32-byte region [ffff8881055e0b40, ffff8881055e0b60) [ 24.625110] [ 24.625176] The buggy address belongs to the physical page: [ 24.625380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e0 [ 24.625923] flags: 0x200000000000000(node=0|zone=2) [ 24.626163] page_type: f5(slab) [ 24.626325] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 24.626740] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 24.627054] page dumped because: kasan: bad access detected [ 24.627250] [ 24.627311] Memory state around the buggy address: [ 24.627459] ffff8881055e0a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.627854] ffff8881055e0a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.628169] >ffff8881055e0b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 24.628476] ^ [ 24.628785] ffff8881055e0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.629055] ffff8881055e0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.629330] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 24.539128] ================================================================== [ 24.539686] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 24.540026] Read of size 1 at addr ffff8881041b9a00 by task kunit_try_catch/244 [ 24.540336] [ 24.540425] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.540474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.540488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.540509] Call Trace: [ 24.540535] <TASK> [ 24.540551] dump_stack_lvl+0x73/0xb0 [ 24.540629] print_report+0xd1/0x610 [ 24.540661] ? __virt_addr_valid+0x1db/0x2d0 [ 24.540688] ? ksize_uaf+0x5fe/0x6c0 [ 24.540713] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.540744] ? ksize_uaf+0x5fe/0x6c0 [ 24.540770] kasan_report+0x141/0x180 [ 24.540797] ? ksize_uaf+0x5fe/0x6c0 [ 24.540829] __asan_report_load1_noabort+0x18/0x20 [ 24.540858] ksize_uaf+0x5fe/0x6c0 [ 24.540883] ? __pfx_ksize_uaf+0x10/0x10 [ 24.540910] ? __schedule+0x10cc/0x2b60 [ 24.540936] ? __pfx_read_tsc+0x10/0x10 [ 24.540962] ? ktime_get_ts64+0x86/0x230 [ 24.541009] kunit_try_run_case+0x1a5/0x480 [ 24.541037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.541090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.541117] ? __kthread_parkme+0x82/0x180 [ 24.541142] ? preempt_count_sub+0x50/0x80 [ 24.541172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.541232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.541263] kthread+0x337/0x6f0 [ 24.541287] ? trace_preempt_on+0x20/0xc0 [ 24.541315] ? __pfx_kthread+0x10/0x10 [ 24.541340] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.541369] ? calculate_sigpending+0x7b/0xa0 [ 24.541398] ? __pfx_kthread+0x10/0x10 [ 24.541425] ret_from_fork+0x116/0x1d0 [ 24.541448] ? __pfx_kthread+0x10/0x10 [ 24.541475] ret_from_fork_asm+0x1a/0x30 [ 24.541516] </TASK> [ 24.541539] [ 24.551694] Allocated by task 244: [ 24.551825] kasan_save_stack+0x45/0x70 [ 24.552030] kasan_save_track+0x18/0x40 [ 24.552220] kasan_save_alloc_info+0x3b/0x50 [ 24.552411] __kasan_kmalloc+0xb7/0xc0 [ 24.552592] __kmalloc_cache_noprof+0x189/0x420 [ 24.552946] ksize_uaf+0xaa/0x6c0 [ 24.553075] kunit_try_run_case+0x1a5/0x480 [ 24.553223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.553481] kthread+0x337/0x6f0 [ 24.553665] ret_from_fork+0x116/0x1d0 [ 24.553852] ret_from_fork_asm+0x1a/0x30 [ 24.553992] [ 24.554061] Freed by task 244: [ 24.554284] kasan_save_stack+0x45/0x70 [ 24.554568] kasan_save_track+0x18/0x40 [ 24.554825] kasan_save_free_info+0x3f/0x60 [ 24.555015] __kasan_slab_free+0x56/0x70 [ 24.555200] kfree+0x222/0x3f0 [ 24.555368] ksize_uaf+0x12c/0x6c0 [ 24.555534] kunit_try_run_case+0x1a5/0x480 [ 24.555835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.556051] kthread+0x337/0x6f0 [ 24.556214] ret_from_fork+0x116/0x1d0 [ 24.556394] ret_from_fork_asm+0x1a/0x30 [ 24.556611] [ 24.556685] The buggy address belongs to the object at ffff8881041b9a00 [ 24.556685] which belongs to the cache kmalloc-128 of size 128 [ 24.557171] The buggy address is located 0 bytes inside of [ 24.557171] freed 128-byte region [ffff8881041b9a00, ffff8881041b9a80) [ 24.557807] [ 24.557911] The buggy address belongs to the physical page: [ 24.558131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.558442] flags: 0x200000000000000(node=0|zone=2) [ 24.558698] page_type: f5(slab) [ 24.558858] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.559247] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.559471] page dumped because: kasan: bad access detected [ 24.559881] [ 24.560036] Memory state around the buggy address: [ 24.560263] ffff8881041b9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.560557] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560905] >ffff8881041b9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.561185] ^ [ 24.561318] ffff8881041b9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561566] ffff8881041b9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561892] ================================================================== [ 24.562647] ================================================================== [ 24.563024] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 24.563290] Read of size 1 at addr ffff8881041b9a78 by task kunit_try_catch/244 [ 24.563580] [ 24.563705] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.563755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.563768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.563790] Call Trace: [ 24.563804] <TASK> [ 24.563820] dump_stack_lvl+0x73/0xb0 [ 24.563854] print_report+0xd1/0x610 [ 24.563881] ? __virt_addr_valid+0x1db/0x2d0 [ 24.563909] ? ksize_uaf+0x5e4/0x6c0 [ 24.563934] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.563965] ? ksize_uaf+0x5e4/0x6c0 [ 24.563990] kasan_report+0x141/0x180 [ 24.564017] ? ksize_uaf+0x5e4/0x6c0 [ 24.564049] __asan_report_load1_noabort+0x18/0x20 [ 24.564078] ksize_uaf+0x5e4/0x6c0 [ 24.564103] ? __pfx_ksize_uaf+0x10/0x10 [ 24.564129] ? __schedule+0x10cc/0x2b60 [ 24.564155] ? __pfx_read_tsc+0x10/0x10 [ 24.564180] ? ktime_get_ts64+0x86/0x230 [ 24.564210] kunit_try_run_case+0x1a5/0x480 [ 24.564238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.564291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.564318] ? __kthread_parkme+0x82/0x180 [ 24.564342] ? preempt_count_sub+0x50/0x80 [ 24.564372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.564430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.564460] kthread+0x337/0x6f0 [ 24.564484] ? trace_preempt_on+0x20/0xc0 [ 24.564512] ? __pfx_kthread+0x10/0x10 [ 24.564549] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.564579] ? calculate_sigpending+0x7b/0xa0 [ 24.564607] ? __pfx_kthread+0x10/0x10 [ 24.564634] ret_from_fork+0x116/0x1d0 [ 24.564657] ? __pfx_kthread+0x10/0x10 [ 24.564683] ret_from_fork_asm+0x1a/0x30 [ 24.564786] </TASK> [ 24.564800] [ 24.571838] Allocated by task 244: [ 24.571976] kasan_save_stack+0x45/0x70 [ 24.572280] kasan_save_track+0x18/0x40 [ 24.572485] kasan_save_alloc_info+0x3b/0x50 [ 24.572799] __kasan_kmalloc+0xb7/0xc0 [ 24.573035] __kmalloc_cache_noprof+0x189/0x420 [ 24.573389] ksize_uaf+0xaa/0x6c0 [ 24.573589] kunit_try_run_case+0x1a5/0x480 [ 24.573793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.574305] kthread+0x337/0x6f0 [ 24.574517] ret_from_fork+0x116/0x1d0 [ 24.574787] ret_from_fork_asm+0x1a/0x30 [ 24.574930] [ 24.574997] Freed by task 244: [ 24.575104] kasan_save_stack+0x45/0x70 [ 24.575248] kasan_save_track+0x18/0x40 [ 24.575440] kasan_save_free_info+0x3f/0x60 [ 24.575703] __kasan_slab_free+0x56/0x70 [ 24.575901] kfree+0x222/0x3f0 [ 24.576066] ksize_uaf+0x12c/0x6c0 [ 24.576244] kunit_try_run_case+0x1a5/0x480 [ 24.576452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.576812] kthread+0x337/0x6f0 [ 24.577030] ret_from_fork+0x116/0x1d0 [ 24.577223] ret_from_fork_asm+0x1a/0x30 [ 24.577434] [ 24.577501] The buggy address belongs to the object at ffff8881041b9a00 [ 24.577501] which belongs to the cache kmalloc-128 of size 128 [ 24.577864] The buggy address is located 120 bytes inside of [ 24.577864] freed 128-byte region [ffff8881041b9a00, ffff8881041b9a80) [ 24.578286] [ 24.578377] The buggy address belongs to the physical page: [ 24.578663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.579317] flags: 0x200000000000000(node=0|zone=2) [ 24.579808] page_type: f5(slab) [ 24.580084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.580427] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.580657] page dumped because: kasan: bad access detected [ 24.580820] [ 24.580886] Memory state around the buggy address: [ 24.581187] ffff8881041b9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.581913] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.582280] >ffff8881041b9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.582646] ^ [ 24.583113] ffff8881041b9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583411] ffff8881041b9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.583909] ================================================================== [ 24.509892] ================================================================== [ 24.510309] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 24.510745] Read of size 1 at addr ffff8881041b9a00 by task kunit_try_catch/244 [ 24.511109] [ 24.511195] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.511249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.511264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.511286] Call Trace: [ 24.511300] <TASK> [ 24.511316] dump_stack_lvl+0x73/0xb0 [ 24.511351] print_report+0xd1/0x610 [ 24.511381] ? __virt_addr_valid+0x1db/0x2d0 [ 24.511411] ? ksize_uaf+0x19d/0x6c0 [ 24.511436] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.511467] ? ksize_uaf+0x19d/0x6c0 [ 24.511493] kasan_report+0x141/0x180 [ 24.511535] ? ksize_uaf+0x19d/0x6c0 [ 24.511565] ? ksize_uaf+0x19d/0x6c0 [ 24.511591] __kasan_check_byte+0x3d/0x50 [ 24.511619] ksize+0x20/0x60 [ 24.511710] ksize_uaf+0x19d/0x6c0 [ 24.511736] ? __pfx_ksize_uaf+0x10/0x10 [ 24.511763] ? __schedule+0x10cc/0x2b60 [ 24.511790] ? __pfx_read_tsc+0x10/0x10 [ 24.511817] ? ktime_get_ts64+0x86/0x230 [ 24.511848] kunit_try_run_case+0x1a5/0x480 [ 24.511877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.511904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.511930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.511958] ? __kthread_parkme+0x82/0x180 [ 24.511983] ? preempt_count_sub+0x50/0x80 [ 24.512013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.512041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.512071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.512102] kthread+0x337/0x6f0 [ 24.512127] ? trace_preempt_on+0x20/0xc0 [ 24.512155] ? __pfx_kthread+0x10/0x10 [ 24.512181] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.512210] ? calculate_sigpending+0x7b/0xa0 [ 24.512238] ? __pfx_kthread+0x10/0x10 [ 24.512265] ret_from_fork+0x116/0x1d0 [ 24.512289] ? __pfx_kthread+0x10/0x10 [ 24.512315] ret_from_fork_asm+0x1a/0x30 [ 24.512354] </TASK> [ 24.512367] [ 24.521246] Allocated by task 244: [ 24.521377] kasan_save_stack+0x45/0x70 [ 24.522006] kasan_save_track+0x18/0x40 [ 24.522571] kasan_save_alloc_info+0x3b/0x50 [ 24.523235] __kasan_kmalloc+0xb7/0xc0 [ 24.523846] __kmalloc_cache_noprof+0x189/0x420 [ 24.524494] ksize_uaf+0xaa/0x6c0 [ 24.525047] kunit_try_run_case+0x1a5/0x480 [ 24.525632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.525972] kthread+0x337/0x6f0 [ 24.526309] ret_from_fork+0x116/0x1d0 [ 24.526471] ret_from_fork_asm+0x1a/0x30 [ 24.526910] [ 24.527008] Freed by task 244: [ 24.527121] kasan_save_stack+0x45/0x70 [ 24.527319] kasan_save_track+0x18/0x40 [ 24.527838] kasan_save_free_info+0x3f/0x60 [ 24.528033] __kasan_slab_free+0x56/0x70 [ 24.528305] kfree+0x222/0x3f0 [ 24.528470] ksize_uaf+0x12c/0x6c0 [ 24.528880] kunit_try_run_case+0x1a5/0x480 [ 24.529093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.529482] kthread+0x337/0x6f0 [ 24.529773] ret_from_fork+0x116/0x1d0 [ 24.530225] ret_from_fork_asm+0x1a/0x30 [ 24.530494] [ 24.530623] The buggy address belongs to the object at ffff8881041b9a00 [ 24.530623] which belongs to the cache kmalloc-128 of size 128 [ 24.531133] The buggy address is located 0 bytes inside of [ 24.531133] freed 128-byte region [ffff8881041b9a00, ffff8881041b9a80) [ 24.532022] [ 24.532129] The buggy address belongs to the physical page: [ 24.532468] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.533081] flags: 0x200000000000000(node=0|zone=2) [ 24.533423] page_type: f5(slab) [ 24.533572] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.534079] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.534404] page dumped because: kasan: bad access detected [ 24.534821] [ 24.534903] Memory state around the buggy address: [ 24.535098] ffff8881041b9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.535400] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.535724] >ffff8881041b9a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.536124] ^ [ 24.536311] ffff8881041b9a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.536574] ffff8881041b9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.536915] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 24.467246] ================================================================== [ 24.467494] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.467888] Read of size 1 at addr ffff8881041b9978 by task kunit_try_catch/242 [ 24.468263] [ 24.468358] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.468576] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.468735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.468759] Call Trace: [ 24.468775] <TASK> [ 24.468792] dump_stack_lvl+0x73/0xb0 [ 24.468829] print_report+0xd1/0x610 [ 24.468857] ? __virt_addr_valid+0x1db/0x2d0 [ 24.468886] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.468914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.468945] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.468973] kasan_report+0x141/0x180 [ 24.469000] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.469035] __asan_report_load1_noabort+0x18/0x20 [ 24.469063] ksize_unpoisons_memory+0x7e9/0x9b0 [ 24.469092] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.469119] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.469154] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.469188] kunit_try_run_case+0x1a5/0x480 [ 24.469217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.469270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.469298] ? __kthread_parkme+0x82/0x180 [ 24.469323] ? preempt_count_sub+0x50/0x80 [ 24.469352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.469411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.469442] kthread+0x337/0x6f0 [ 24.469466] ? trace_preempt_on+0x20/0xc0 [ 24.469496] ? __pfx_kthread+0x10/0x10 [ 24.469735] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.470037] ? calculate_sigpending+0x7b/0xa0 [ 24.470067] ? __pfx_kthread+0x10/0x10 [ 24.470095] ret_from_fork+0x116/0x1d0 [ 24.470120] ? __pfx_kthread+0x10/0x10 [ 24.470146] ret_from_fork_asm+0x1a/0x30 [ 24.470186] </TASK> [ 24.470198] [ 24.477164] Allocated by task 242: [ 24.477326] kasan_save_stack+0x45/0x70 [ 24.477477] kasan_save_track+0x18/0x40 [ 24.477764] kasan_save_alloc_info+0x3b/0x50 [ 24.478172] __kasan_kmalloc+0xb7/0xc0 [ 24.478339] __kmalloc_cache_noprof+0x189/0x420 [ 24.478503] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.478943] kunit_try_run_case+0x1a5/0x480 [ 24.479213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.479453] kthread+0x337/0x6f0 [ 24.479603] ret_from_fork+0x116/0x1d0 [ 24.479844] ret_from_fork_asm+0x1a/0x30 [ 24.479988] [ 24.480064] The buggy address belongs to the object at ffff8881041b9900 [ 24.480064] which belongs to the cache kmalloc-128 of size 128 [ 24.480545] The buggy address is located 5 bytes to the right of [ 24.480545] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.481200] [ 24.481394] The buggy address belongs to the physical page: [ 24.481629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.482069] flags: 0x200000000000000(node=0|zone=2) [ 24.482240] page_type: f5(slab) [ 24.482360] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.482801] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.483341] page dumped because: kasan: bad access detected [ 24.483509] [ 24.483589] Memory state around the buggy address: [ 24.483743] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.483955] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.484577] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.484902] ^ [ 24.485219] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.485536] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.486039] ================================================================== [ 24.443229] ================================================================== [ 24.443731] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 24.444267] Read of size 1 at addr ffff8881041b9973 by task kunit_try_catch/242 [ 24.444538] [ 24.444629] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.444686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.444701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.444740] Call Trace: [ 24.444819] <TASK> [ 24.444842] dump_stack_lvl+0x73/0xb0 [ 24.444879] print_report+0xd1/0x610 [ 24.444920] ? __virt_addr_valid+0x1db/0x2d0 [ 24.444950] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.444997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.445044] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445072] kasan_report+0x141/0x180 [ 24.445100] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445134] __asan_report_load1_noabort+0x18/0x20 [ 24.445163] ksize_unpoisons_memory+0x81c/0x9b0 [ 24.445191] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.445218] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.445255] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.445305] kunit_try_run_case+0x1a5/0x480 [ 24.445348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.445374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.445402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.445430] ? __kthread_parkme+0x82/0x180 [ 24.445456] ? preempt_count_sub+0x50/0x80 [ 24.445486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.445514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.445560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.445699] kthread+0x337/0x6f0 [ 24.445726] ? trace_preempt_on+0x20/0xc0 [ 24.445755] ? __pfx_kthread+0x10/0x10 [ 24.445781] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.445810] ? calculate_sigpending+0x7b/0xa0 [ 24.445839] ? __pfx_kthread+0x10/0x10 [ 24.445866] ret_from_fork+0x116/0x1d0 [ 24.445890] ? __pfx_kthread+0x10/0x10 [ 24.445916] ret_from_fork_asm+0x1a/0x30 [ 24.445956] </TASK> [ 24.445970] [ 24.454698] Allocated by task 242: [ 24.455281] kasan_save_stack+0x45/0x70 [ 24.455825] kasan_save_track+0x18/0x40 [ 24.456339] kasan_save_alloc_info+0x3b/0x50 [ 24.456940] __kasan_kmalloc+0xb7/0xc0 [ 24.457334] __kmalloc_cache_noprof+0x189/0x420 [ 24.457503] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.457783] kunit_try_run_case+0x1a5/0x480 [ 24.458155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.458546] kthread+0x337/0x6f0 [ 24.458993] ret_from_fork+0x116/0x1d0 [ 24.459331] ret_from_fork_asm+0x1a/0x30 [ 24.459478] [ 24.459561] The buggy address belongs to the object at ffff8881041b9900 [ 24.459561] which belongs to the cache kmalloc-128 of size 128 [ 24.460778] The buggy address is located 0 bytes to the right of [ 24.460778] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.462144] [ 24.462267] The buggy address belongs to the physical page: [ 24.462812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.463102] flags: 0x200000000000000(node=0|zone=2) [ 24.463266] page_type: f5(slab) [ 24.463386] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.463639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.464143] page dumped because: kasan: bad access detected [ 24.464362] [ 24.464455] Memory state around the buggy address: [ 24.464759] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.464985] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.465395] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.465734] ^ [ 24.466031] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466312] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.466686] ================================================================== [ 24.487415] ================================================================== [ 24.487871] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.488227] Read of size 1 at addr ffff8881041b997f by task kunit_try_catch/242 [ 24.488937] [ 24.489037] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.489089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.489102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.489125] Call Trace: [ 24.489142] <TASK> [ 24.489159] dump_stack_lvl+0x73/0xb0 [ 24.489194] print_report+0xd1/0x610 [ 24.489222] ? __virt_addr_valid+0x1db/0x2d0 [ 24.489252] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.489310] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489338] kasan_report+0x141/0x180 [ 24.489366] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489400] __asan_report_load1_noabort+0x18/0x20 [ 24.489429] ksize_unpoisons_memory+0x7b6/0x9b0 [ 24.489457] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.489484] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.489532] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 24.489566] kunit_try_run_case+0x1a5/0x480 [ 24.489818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.489874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.489903] ? __kthread_parkme+0x82/0x180 [ 24.489929] ? preempt_count_sub+0x50/0x80 [ 24.489959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.489988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.490021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.490054] kthread+0x337/0x6f0 [ 24.490078] ? trace_preempt_on+0x20/0xc0 [ 24.490107] ? __pfx_kthread+0x10/0x10 [ 24.490133] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.490163] ? calculate_sigpending+0x7b/0xa0 [ 24.490192] ? __pfx_kthread+0x10/0x10 [ 24.490219] ret_from_fork+0x116/0x1d0 [ 24.490244] ? __pfx_kthread+0x10/0x10 [ 24.490269] ret_from_fork_asm+0x1a/0x30 [ 24.490311] </TASK> [ 24.490323] [ 24.497684] Allocated by task 242: [ 24.497814] kasan_save_stack+0x45/0x70 [ 24.497962] kasan_save_track+0x18/0x40 [ 24.498128] kasan_save_alloc_info+0x3b/0x50 [ 24.498578] __kasan_kmalloc+0xb7/0xc0 [ 24.498808] __kmalloc_cache_noprof+0x189/0x420 [ 24.499056] ksize_unpoisons_memory+0xc7/0x9b0 [ 24.499211] kunit_try_run_case+0x1a5/0x480 [ 24.499404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.499768] kthread+0x337/0x6f0 [ 24.499994] ret_from_fork+0x116/0x1d0 [ 24.500186] ret_from_fork_asm+0x1a/0x30 [ 24.500354] [ 24.500449] The buggy address belongs to the object at ffff8881041b9900 [ 24.500449] which belongs to the cache kmalloc-128 of size 128 [ 24.501006] The buggy address is located 12 bytes to the right of [ 24.501006] allocated 115-byte region [ffff8881041b9900, ffff8881041b9973) [ 24.501401] [ 24.501495] The buggy address belongs to the physical page: [ 24.501752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.502126] flags: 0x200000000000000(node=0|zone=2) [ 24.502358] page_type: f5(slab) [ 24.502541] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.503001] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.503298] page dumped because: kasan: bad access detected [ 24.503473] [ 24.503554] Memory state around the buggy address: [ 24.503771] ffff8881041b9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.504095] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.504411] >ffff8881041b9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.504829] ^ [ 24.505097] ffff8881041b9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.505377] ffff8881041b9a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.505736] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 24.416767] ================================================================== [ 24.417127] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 24.417813] Free of addr ffff888104884660 by task kunit_try_catch/240 [ 24.418092] [ 24.418219] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.418265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.418277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.418296] Call Trace: [ 24.418313] <TASK> [ 24.418328] dump_stack_lvl+0x73/0xb0 [ 24.418355] print_report+0xd1/0x610 [ 24.418377] ? __virt_addr_valid+0x1db/0x2d0 [ 24.418422] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.418448] ? kfree_sensitive+0x2e/0x90 [ 24.418472] kasan_report_invalid_free+0x10a/0x130 [ 24.418497] ? kfree_sensitive+0x2e/0x90 [ 24.418528] ? kfree_sensitive+0x2e/0x90 [ 24.418547] check_slab_allocation+0x101/0x130 [ 24.418662] __kasan_slab_pre_free+0x28/0x40 [ 24.418688] kfree+0xf0/0x3f0 [ 24.418710] ? kfree_sensitive+0x2e/0x90 [ 24.418734] kfree_sensitive+0x2e/0x90 [ 24.418754] kmalloc_double_kzfree+0x19c/0x350 [ 24.418776] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.418800] ? __schedule+0x10cc/0x2b60 [ 24.418842] ? __pfx_read_tsc+0x10/0x10 [ 24.418863] ? ktime_get_ts64+0x86/0x230 [ 24.418887] kunit_try_run_case+0x1a5/0x480 [ 24.418911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.418932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.418953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.418975] ? __kthread_parkme+0x82/0x180 [ 24.419010] ? preempt_count_sub+0x50/0x80 [ 24.419033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.419055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.419081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.419106] kthread+0x337/0x6f0 [ 24.419125] ? trace_preempt_on+0x20/0xc0 [ 24.419147] ? __pfx_kthread+0x10/0x10 [ 24.419167] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.419191] ? calculate_sigpending+0x7b/0xa0 [ 24.419214] ? __pfx_kthread+0x10/0x10 [ 24.419235] ret_from_fork+0x116/0x1d0 [ 24.419253] ? __pfx_kthread+0x10/0x10 [ 24.419273] ret_from_fork_asm+0x1a/0x30 [ 24.419305] </TASK> [ 24.419315] [ 24.427512] Allocated by task 240: [ 24.427767] kasan_save_stack+0x45/0x70 [ 24.427960] kasan_save_track+0x18/0x40 [ 24.428110] kasan_save_alloc_info+0x3b/0x50 [ 24.428315] __kasan_kmalloc+0xb7/0xc0 [ 24.428458] __kmalloc_cache_noprof+0x189/0x420 [ 24.428665] kmalloc_double_kzfree+0xa9/0x350 [ 24.428868] kunit_try_run_case+0x1a5/0x480 [ 24.429020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.429190] kthread+0x337/0x6f0 [ 24.429305] ret_from_fork+0x116/0x1d0 [ 24.429485] ret_from_fork_asm+0x1a/0x30 [ 24.429803] [ 24.429899] Freed by task 240: [ 24.430046] kasan_save_stack+0x45/0x70 [ 24.430237] kasan_save_track+0x18/0x40 [ 24.430418] kasan_save_free_info+0x3f/0x60 [ 24.430692] __kasan_slab_free+0x56/0x70 [ 24.430834] kfree+0x222/0x3f0 [ 24.430946] kfree_sensitive+0x67/0x90 [ 24.431164] kmalloc_double_kzfree+0x12b/0x350 [ 24.431379] kunit_try_run_case+0x1a5/0x480 [ 24.431890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.432161] kthread+0x337/0x6f0 [ 24.432307] ret_from_fork+0x116/0x1d0 [ 24.432433] ret_from_fork_asm+0x1a/0x30 [ 24.432723] [ 24.432840] The buggy address belongs to the object at ffff888104884660 [ 24.432840] which belongs to the cache kmalloc-16 of size 16 [ 24.433421] The buggy address is located 0 bytes inside of [ 24.433421] 16-byte region [ffff888104884660, ffff888104884670) [ 24.434004] [ 24.434100] The buggy address belongs to the physical page: [ 24.434339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 24.434775] flags: 0x200000000000000(node=0|zone=2) [ 24.434998] page_type: f5(slab) [ 24.435160] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.435469] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.435778] page dumped because: kasan: bad access detected [ 24.436050] [ 24.436139] Memory state around the buggy address: [ 24.436381] ffff888104884500: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc [ 24.436871] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.437191] >ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.437509] ^ [ 24.437880] ffff888104884680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.438208] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.438532] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 24.389588] ================================================================== [ 24.390366] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 24.390719] Read of size 1 at addr ffff888104884660 by task kunit_try_catch/240 [ 24.391843] [ 24.392060] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.392113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.392126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.392147] Call Trace: [ 24.392159] <TASK> [ 24.392176] dump_stack_lvl+0x73/0xb0 [ 24.392209] print_report+0xd1/0x610 [ 24.392232] ? __virt_addr_valid+0x1db/0x2d0 [ 24.392255] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.392277] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.392303] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.392325] kasan_report+0x141/0x180 [ 24.392346] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.392371] ? kmalloc_double_kzfree+0x19c/0x350 [ 24.392393] __kasan_check_byte+0x3d/0x50 [ 24.392414] kfree_sensitive+0x22/0x90 [ 24.392437] kmalloc_double_kzfree+0x19c/0x350 [ 24.392459] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 24.392483] ? __schedule+0x10cc/0x2b60 [ 24.392505] ? __pfx_read_tsc+0x10/0x10 [ 24.392542] ? ktime_get_ts64+0x86/0x230 [ 24.392572] kunit_try_run_case+0x1a5/0x480 [ 24.392596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.392617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.392639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.392661] ? __kthread_parkme+0x82/0x180 [ 24.392681] ? preempt_count_sub+0x50/0x80 [ 24.392704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.392726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.392751] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.392777] kthread+0x337/0x6f0 [ 24.392796] ? trace_preempt_on+0x20/0xc0 [ 24.392819] ? __pfx_kthread+0x10/0x10 [ 24.392840] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.392864] ? calculate_sigpending+0x7b/0xa0 [ 24.392887] ? __pfx_kthread+0x10/0x10 [ 24.392908] ret_from_fork+0x116/0x1d0 [ 24.392927] ? __pfx_kthread+0x10/0x10 [ 24.392946] ret_from_fork_asm+0x1a/0x30 [ 24.392978] </TASK> [ 24.392989] [ 24.404478] Allocated by task 240: [ 24.404783] kasan_save_stack+0x45/0x70 [ 24.404989] kasan_save_track+0x18/0x40 [ 24.405158] kasan_save_alloc_info+0x3b/0x50 [ 24.405297] __kasan_kmalloc+0xb7/0xc0 [ 24.405454] __kmalloc_cache_noprof+0x189/0x420 [ 24.405823] kmalloc_double_kzfree+0xa9/0x350 [ 24.406067] kunit_try_run_case+0x1a5/0x480 [ 24.406287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.406537] kthread+0x337/0x6f0 [ 24.406801] ret_from_fork+0x116/0x1d0 [ 24.406986] ret_from_fork_asm+0x1a/0x30 [ 24.407178] [ 24.407278] Freed by task 240: [ 24.407409] kasan_save_stack+0x45/0x70 [ 24.407549] kasan_save_track+0x18/0x40 [ 24.407854] kasan_save_free_info+0x3f/0x60 [ 24.408078] __kasan_slab_free+0x56/0x70 [ 24.408268] kfree+0x222/0x3f0 [ 24.408444] kfree_sensitive+0x67/0x90 [ 24.408876] kmalloc_double_kzfree+0x12b/0x350 [ 24.409077] kunit_try_run_case+0x1a5/0x480 [ 24.409280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.409470] kthread+0x337/0x6f0 [ 24.409661] ret_from_fork+0x116/0x1d0 [ 24.409889] ret_from_fork_asm+0x1a/0x30 [ 24.410083] [ 24.410279] The buggy address belongs to the object at ffff888104884660 [ 24.410279] which belongs to the cache kmalloc-16 of size 16 [ 24.410829] The buggy address is located 0 bytes inside of [ 24.410829] freed 16-byte region [ffff888104884660, ffff888104884670) [ 24.411341] [ 24.411408] The buggy address belongs to the physical page: [ 24.411724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 24.412130] flags: 0x200000000000000(node=0|zone=2) [ 24.412294] page_type: f5(slab) [ 24.412475] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.412919] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.413225] page dumped because: kasan: bad access detected [ 24.413458] [ 24.413554] Memory state around the buggy address: [ 24.413991] ffff888104884500: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc [ 24.414301] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.414517] >ffff888104884600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.414860] ^ [ 24.415138] ffff888104884680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.415392] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.415811] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 24.353421] ================================================================== [ 24.354003] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 24.354279] Read of size 1 at addr ffff8881055e17a8 by task kunit_try_catch/236 [ 24.354720] [ 24.354833] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.354884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.354896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.354919] Call Trace: [ 24.354931] <TASK> [ 24.354948] dump_stack_lvl+0x73/0xb0 [ 24.354979] print_report+0xd1/0x610 [ 24.355001] ? __virt_addr_valid+0x1db/0x2d0 [ 24.355025] ? kmalloc_uaf2+0x4a8/0x520 [ 24.355045] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.355070] ? kmalloc_uaf2+0x4a8/0x520 [ 24.355090] kasan_report+0x141/0x180 [ 24.355112] ? kmalloc_uaf2+0x4a8/0x520 [ 24.355137] __asan_report_load1_noabort+0x18/0x20 [ 24.355161] kmalloc_uaf2+0x4a8/0x520 [ 24.355181] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 24.355200] ? finish_task_switch.isra.0+0x153/0x700 [ 24.355222] ? __switch_to+0x47/0xf80 [ 24.355250] ? __schedule+0x10cc/0x2b60 [ 24.355271] ? __pfx_read_tsc+0x10/0x10 [ 24.355292] ? ktime_get_ts64+0x86/0x230 [ 24.355317] kunit_try_run_case+0x1a5/0x480 [ 24.355340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.355361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.355383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.355405] ? __kthread_parkme+0x82/0x180 [ 24.355425] ? preempt_count_sub+0x50/0x80 [ 24.355448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.355470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.355496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.355533] kthread+0x337/0x6f0 [ 24.355553] ? trace_preempt_on+0x20/0xc0 [ 24.355576] ? __pfx_kthread+0x10/0x10 [ 24.355597] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.355620] ? calculate_sigpending+0x7b/0xa0 [ 24.355644] ? __pfx_kthread+0x10/0x10 [ 24.355666] ret_from_fork+0x116/0x1d0 [ 24.355684] ? __pfx_kthread+0x10/0x10 [ 24.355704] ret_from_fork_asm+0x1a/0x30 [ 24.355795] </TASK> [ 24.355810] [ 24.367109] Allocated by task 236: [ 24.367270] kasan_save_stack+0x45/0x70 [ 24.367456] kasan_save_track+0x18/0x40 [ 24.368021] kasan_save_alloc_info+0x3b/0x50 [ 24.368227] __kasan_kmalloc+0xb7/0xc0 [ 24.368399] __kmalloc_cache_noprof+0x189/0x420 [ 24.368650] kmalloc_uaf2+0xc6/0x520 [ 24.369218] kunit_try_run_case+0x1a5/0x480 [ 24.369659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.370087] kthread+0x337/0x6f0 [ 24.370266] ret_from_fork+0x116/0x1d0 [ 24.370437] ret_from_fork_asm+0x1a/0x30 [ 24.370669] [ 24.371145] Freed by task 236: [ 24.371495] kasan_save_stack+0x45/0x70 [ 24.371871] kasan_save_track+0x18/0x40 [ 24.372066] kasan_save_free_info+0x3f/0x60 [ 24.372252] __kasan_slab_free+0x56/0x70 [ 24.372416] kfree+0x222/0x3f0 [ 24.372571] kmalloc_uaf2+0x14c/0x520 [ 24.373201] kunit_try_run_case+0x1a5/0x480 [ 24.373399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.373876] kthread+0x337/0x6f0 [ 24.374182] ret_from_fork+0x116/0x1d0 [ 24.374367] ret_from_fork_asm+0x1a/0x30 [ 24.374549] [ 24.374941] The buggy address belongs to the object at ffff8881055e1780 [ 24.374941] which belongs to the cache kmalloc-64 of size 64 [ 24.375442] The buggy address is located 40 bytes inside of [ 24.375442] freed 64-byte region [ffff8881055e1780, ffff8881055e17c0) [ 24.376767] [ 24.377014] The buggy address belongs to the physical page: [ 24.377339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e1 [ 24.378165] flags: 0x200000000000000(node=0|zone=2) [ 24.378471] page_type: f5(slab) [ 24.378898] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.379219] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.379534] page dumped because: kasan: bad access detected [ 24.380267] [ 24.380464] Memory state around the buggy address: [ 24.380999] ffff8881055e1680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.381453] ffff8881055e1700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.381978] >ffff8881055e1780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.382266] ^ [ 24.382454] ffff8881055e1800: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 24.382958] ffff8881055e1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.383974] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 24.322503] ================================================================== [ 24.323252] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 24.323582] Write of size 33 at addr ffff8881055e1600 by task kunit_try_catch/234 [ 24.324067] [ 24.324422] CPU: 1 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.324477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.324490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.324512] Call Trace: [ 24.324543] <TASK> [ 24.324560] dump_stack_lvl+0x73/0xb0 [ 24.324666] print_report+0xd1/0x610 [ 24.324689] ? __virt_addr_valid+0x1db/0x2d0 [ 24.324715] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.324736] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.324761] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.324792] kasan_report+0x141/0x180 [ 24.324814] ? kmalloc_uaf_memset+0x1a3/0x360 [ 24.324841] kasan_check_range+0x10c/0x1c0 [ 24.324876] __asan_memset+0x27/0x50 [ 24.324899] kmalloc_uaf_memset+0x1a3/0x360 [ 24.324920] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 24.324942] ? __schedule+0x10cc/0x2b60 [ 24.324964] ? __pfx_read_tsc+0x10/0x10 [ 24.324986] ? ktime_get_ts64+0x86/0x230 [ 24.325012] kunit_try_run_case+0x1a5/0x480 [ 24.325036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.325057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.325079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.325101] ? __kthread_parkme+0x82/0x180 [ 24.325121] ? preempt_count_sub+0x50/0x80 [ 24.325145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.325167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.325192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.325218] kthread+0x337/0x6f0 [ 24.325236] ? trace_preempt_on+0x20/0xc0 [ 24.325261] ? __pfx_kthread+0x10/0x10 [ 24.325281] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.325304] ? calculate_sigpending+0x7b/0xa0 [ 24.325328] ? __pfx_kthread+0x10/0x10 [ 24.325350] ret_from_fork+0x116/0x1d0 [ 24.325368] ? __pfx_kthread+0x10/0x10 [ 24.325388] ret_from_fork_asm+0x1a/0x30 [ 24.325420] </TASK> [ 24.325432] [ 24.333441] Allocated by task 234: [ 24.333588] kasan_save_stack+0x45/0x70 [ 24.333729] kasan_save_track+0x18/0x40 [ 24.333860] kasan_save_alloc_info+0x3b/0x50 [ 24.334099] __kasan_kmalloc+0xb7/0xc0 [ 24.334281] __kmalloc_cache_noprof+0x189/0x420 [ 24.334499] kmalloc_uaf_memset+0xa9/0x360 [ 24.334702] kunit_try_run_case+0x1a5/0x480 [ 24.334897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.335070] kthread+0x337/0x6f0 [ 24.335183] ret_from_fork+0x116/0x1d0 [ 24.335308] ret_from_fork_asm+0x1a/0x30 [ 24.336103] [ 24.336204] Freed by task 234: [ 24.336357] kasan_save_stack+0x45/0x70 [ 24.336559] kasan_save_track+0x18/0x40 [ 24.338441] kasan_save_free_info+0x3f/0x60 [ 24.338610] __kasan_slab_free+0x56/0x70 [ 24.338743] kfree+0x222/0x3f0 [ 24.338853] kmalloc_uaf_memset+0x12b/0x360 [ 24.338991] kunit_try_run_case+0x1a5/0x480 [ 24.339155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.339690] kthread+0x337/0x6f0 [ 24.339954] ret_from_fork+0x116/0x1d0 [ 24.340088] ret_from_fork_asm+0x1a/0x30 [ 24.340298] [ 24.340918] The buggy address belongs to the object at ffff8881055e1600 [ 24.340918] which belongs to the cache kmalloc-64 of size 64 [ 24.341267] The buggy address is located 0 bytes inside of [ 24.341267] freed 64-byte region [ffff8881055e1600, ffff8881055e1640) [ 24.341825] [ 24.341926] The buggy address belongs to the physical page: [ 24.342175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e1 [ 24.342454] flags: 0x200000000000000(node=0|zone=2) [ 24.342813] page_type: f5(slab) [ 24.344416] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.344666] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.344885] page dumped because: kasan: bad access detected [ 24.345053] [ 24.345780] Memory state around the buggy address: [ 24.346603] ffff8881055e1500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.346928] ffff8881055e1580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.347967] >ffff8881055e1600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.348259] ^ [ 24.348379] ffff8881055e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.348759] ffff8881055e1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.349105] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 24.293806] ================================================================== [ 24.294438] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 24.295057] Read of size 1 at addr ffff8881058f7168 by task kunit_try_catch/232 [ 24.295338] [ 24.295510] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.295804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.295823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.296041] Call Trace: [ 24.296074] <TASK> [ 24.296096] dump_stack_lvl+0x73/0xb0 [ 24.296136] print_report+0xd1/0x610 [ 24.296164] ? __virt_addr_valid+0x1db/0x2d0 [ 24.296193] ? kmalloc_uaf+0x320/0x380 [ 24.296217] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.296248] ? kmalloc_uaf+0x320/0x380 [ 24.296274] kasan_report+0x141/0x180 [ 24.296301] ? kmalloc_uaf+0x320/0x380 [ 24.296332] __asan_report_load1_noabort+0x18/0x20 [ 24.296360] kmalloc_uaf+0x320/0x380 [ 24.296385] ? __pfx_kmalloc_uaf+0x10/0x10 [ 24.296410] ? __schedule+0x10cc/0x2b60 [ 24.296437] ? __pfx_read_tsc+0x10/0x10 [ 24.296463] ? ktime_get_ts64+0x86/0x230 [ 24.296494] kunit_try_run_case+0x1a5/0x480 [ 24.296532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.296558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.296599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.296626] ? __kthread_parkme+0x82/0x180 [ 24.296665] ? preempt_count_sub+0x50/0x80 [ 24.296697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.296725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.296756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.296786] kthread+0x337/0x6f0 [ 24.296811] ? trace_preempt_on+0x20/0xc0 [ 24.296840] ? __pfx_kthread+0x10/0x10 [ 24.296865] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.296894] ? calculate_sigpending+0x7b/0xa0 [ 24.296923] ? __pfx_kthread+0x10/0x10 [ 24.296950] ret_from_fork+0x116/0x1d0 [ 24.296973] ? __pfx_kthread+0x10/0x10 [ 24.296998] ret_from_fork_asm+0x1a/0x30 [ 24.297038] </TASK> [ 24.297051] [ 24.307764] Allocated by task 232: [ 24.307951] kasan_save_stack+0x45/0x70 [ 24.308163] kasan_save_track+0x18/0x40 [ 24.308359] kasan_save_alloc_info+0x3b/0x50 [ 24.308688] __kasan_kmalloc+0xb7/0xc0 [ 24.308870] __kmalloc_cache_noprof+0x189/0x420 [ 24.309106] kmalloc_uaf+0xaa/0x380 [ 24.309233] kunit_try_run_case+0x1a5/0x480 [ 24.309376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.309653] kthread+0x337/0x6f0 [ 24.309999] ret_from_fork+0x116/0x1d0 [ 24.310233] ret_from_fork_asm+0x1a/0x30 [ 24.310436] [ 24.310510] Freed by task 232: [ 24.310642] kasan_save_stack+0x45/0x70 [ 24.310859] kasan_save_track+0x18/0x40 [ 24.311158] kasan_save_free_info+0x3f/0x60 [ 24.311373] __kasan_slab_free+0x56/0x70 [ 24.311560] kfree+0x222/0x3f0 [ 24.311818] kmalloc_uaf+0x12c/0x380 [ 24.311978] kunit_try_run_case+0x1a5/0x480 [ 24.312184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.312419] kthread+0x337/0x6f0 [ 24.312623] ret_from_fork+0x116/0x1d0 [ 24.312847] ret_from_fork_asm+0x1a/0x30 [ 24.313054] [ 24.313146] The buggy address belongs to the object at ffff8881058f7160 [ 24.313146] which belongs to the cache kmalloc-16 of size 16 [ 24.313528] The buggy address is located 8 bytes inside of [ 24.313528] freed 16-byte region [ffff8881058f7160, ffff8881058f7170) [ 24.314115] [ 24.314208] The buggy address belongs to the physical page: [ 24.314453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7 [ 24.315110] flags: 0x200000000000000(node=0|zone=2) [ 24.315374] page_type: f5(slab) [ 24.315558] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.315791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.316088] page dumped because: kasan: bad access detected [ 24.316443] [ 24.316566] Memory state around the buggy address: [ 24.316927] ffff8881058f7000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.317244] ffff8881058f7080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.317540] >ffff8881058f7100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.317935] ^ [ 24.318245] ffff8881058f7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.318544] ffff8881058f7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.319063] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 24.263374] ================================================================== [ 24.264279] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.264558] Read of size 64 at addr ffff888105911204 by task kunit_try_catch/230 [ 24.265471] [ 24.265795] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.265853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.265867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.265890] Call Trace: [ 24.265904] <TASK> [ 24.265922] dump_stack_lvl+0x73/0xb0 [ 24.265957] print_report+0xd1/0x610 [ 24.265985] ? __virt_addr_valid+0x1db/0x2d0 [ 24.266013] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.266041] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.266071] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.266100] kasan_report+0x141/0x180 [ 24.266127] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.266162] kasan_check_range+0x10c/0x1c0 [ 24.266190] __asan_memmove+0x27/0x70 [ 24.266219] kmalloc_memmove_invalid_size+0x16f/0x330 [ 24.266248] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 24.266278] ? __schedule+0x10cc/0x2b60 [ 24.266304] ? __pfx_read_tsc+0x10/0x10 [ 24.266330] ? ktime_get_ts64+0x86/0x230 [ 24.266361] kunit_try_run_case+0x1a5/0x480 [ 24.266389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.266414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.266440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.266475] ? __kthread_parkme+0x82/0x180 [ 24.266500] ? preempt_count_sub+0x50/0x80 [ 24.266734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.266770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.266803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.266834] kthread+0x337/0x6f0 [ 24.266858] ? trace_preempt_on+0x20/0xc0 [ 24.266887] ? __pfx_kthread+0x10/0x10 [ 24.266912] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.266941] ? calculate_sigpending+0x7b/0xa0 [ 24.266970] ? __pfx_kthread+0x10/0x10 [ 24.266997] ret_from_fork+0x116/0x1d0 [ 24.267020] ? __pfx_kthread+0x10/0x10 [ 24.267046] ret_from_fork_asm+0x1a/0x30 [ 24.267085] </TASK> [ 24.267097] [ 24.276870] Allocated by task 230: [ 24.277462] kasan_save_stack+0x45/0x70 [ 24.277935] kasan_save_track+0x18/0x40 [ 24.278119] kasan_save_alloc_info+0x3b/0x50 [ 24.278318] __kasan_kmalloc+0xb7/0xc0 [ 24.278493] __kmalloc_cache_noprof+0x189/0x420 [ 24.279259] kmalloc_memmove_invalid_size+0xac/0x330 [ 24.279570] kunit_try_run_case+0x1a5/0x480 [ 24.279920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.280163] kthread+0x337/0x6f0 [ 24.280321] ret_from_fork+0x116/0x1d0 [ 24.280486] ret_from_fork_asm+0x1a/0x30 [ 24.280761] [ 24.280849] The buggy address belongs to the object at ffff888105911200 [ 24.280849] which belongs to the cache kmalloc-64 of size 64 [ 24.281324] The buggy address is located 4 bytes inside of [ 24.281324] allocated 64-byte region [ffff888105911200, ffff888105911240) [ 24.282417] [ 24.282675] The buggy address belongs to the physical page: [ 24.283240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105911 [ 24.284254] flags: 0x200000000000000(node=0|zone=2) [ 24.284483] page_type: f5(slab) [ 24.284680] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.284977] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.285282] page dumped because: kasan: bad access detected [ 24.285499] [ 24.285676] Memory state around the buggy address: [ 24.285841] ffff888105911100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.286168] ffff888105911180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.286416] >ffff888105911200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.286898] ^ [ 24.287560] ffff888105911280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.288110] ffff888105911300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.288372] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 24.230845] ================================================================== [ 24.232340] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 24.233128] Read of size 18446744073709551614 at addr ffff888105911184 by task kunit_try_catch/228 [ 24.233468] [ 24.233710] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.233769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.233784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.233808] Call Trace: [ 24.233824] <TASK> [ 24.233842] dump_stack_lvl+0x73/0xb0 [ 24.233879] print_report+0xd1/0x610 [ 24.233906] ? __virt_addr_valid+0x1db/0x2d0 [ 24.233938] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.233966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.233997] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.234050] kasan_report+0x141/0x180 [ 24.234081] ? kmalloc_memmove_negative_size+0x171/0x330 [ 24.234120] kasan_check_range+0x10c/0x1c0 [ 24.234150] __asan_memmove+0x27/0x70 [ 24.234180] kmalloc_memmove_negative_size+0x171/0x330 [ 24.234209] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 24.234239] ? __schedule+0x10cc/0x2b60 [ 24.234268] ? __pfx_read_tsc+0x10/0x10 [ 24.234296] ? ktime_get_ts64+0x86/0x230 [ 24.234330] kunit_try_run_case+0x1a5/0x480 [ 24.234363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.234390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.234418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.234446] ? __kthread_parkme+0x82/0x180 [ 24.234482] ? preempt_count_sub+0x50/0x80 [ 24.234513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.234554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.234715] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.234746] kthread+0x337/0x6f0 [ 24.234771] ? trace_preempt_on+0x20/0xc0 [ 24.234801] ? __pfx_kthread+0x10/0x10 [ 24.234826] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.234856] ? calculate_sigpending+0x7b/0xa0 [ 24.234885] ? __pfx_kthread+0x10/0x10 [ 24.234911] ret_from_fork+0x116/0x1d0 [ 24.234935] ? __pfx_kthread+0x10/0x10 [ 24.234960] ret_from_fork_asm+0x1a/0x30 [ 24.235002] </TASK> [ 24.235014] [ 24.246879] Allocated by task 228: [ 24.247199] kasan_save_stack+0x45/0x70 [ 24.247619] kasan_save_track+0x18/0x40 [ 24.247913] kasan_save_alloc_info+0x3b/0x50 [ 24.248068] __kasan_kmalloc+0xb7/0xc0 [ 24.248202] __kmalloc_cache_noprof+0x189/0x420 [ 24.248359] kmalloc_memmove_negative_size+0xac/0x330 [ 24.248540] kunit_try_run_case+0x1a5/0x480 [ 24.248848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.249350] kthread+0x337/0x6f0 [ 24.249738] ret_from_fork+0x116/0x1d0 [ 24.250157] ret_from_fork_asm+0x1a/0x30 [ 24.250600] [ 24.250780] The buggy address belongs to the object at ffff888105911180 [ 24.250780] which belongs to the cache kmalloc-64 of size 64 [ 24.251957] The buggy address is located 4 bytes inside of [ 24.251957] 64-byte region [ffff888105911180, ffff8881059111c0) [ 24.253014] [ 24.253202] The buggy address belongs to the physical page: [ 24.253475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105911 [ 24.254101] flags: 0x200000000000000(node=0|zone=2) [ 24.254436] page_type: f5(slab) [ 24.254627] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.255361] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.255940] page dumped because: kasan: bad access detected [ 24.256431] [ 24.256503] Memory state around the buggy address: [ 24.256938] ffff888105911080: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 24.257558] ffff888105911100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.258194] >ffff888105911180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.258413] ^ [ 24.258548] ffff888105911200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.259310] ffff888105911280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.259995] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 24.205920] ================================================================== [ 24.207216] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 24.207595] Write of size 16 at addr ffff888105654d69 by task kunit_try_catch/226 [ 24.208482] [ 24.208823] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.208886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.208900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.208920] Call Trace: [ 24.209026] <TASK> [ 24.209049] dump_stack_lvl+0x73/0xb0 [ 24.209081] print_report+0xd1/0x610 [ 24.209104] ? __virt_addr_valid+0x1db/0x2d0 [ 24.209126] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.209210] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209234] kasan_report+0x141/0x180 [ 24.209257] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209283] kasan_check_range+0x10c/0x1c0 [ 24.209306] __asan_memset+0x27/0x50 [ 24.209328] kmalloc_oob_memset_16+0x166/0x330 [ 24.209350] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 24.209373] ? __schedule+0x10cc/0x2b60 [ 24.209394] ? __pfx_read_tsc+0x10/0x10 [ 24.209414] ? ktime_get_ts64+0x86/0x230 [ 24.209439] kunit_try_run_case+0x1a5/0x480 [ 24.209462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.209482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.209504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.209537] ? __kthread_parkme+0x82/0x180 [ 24.209556] ? preempt_count_sub+0x50/0x80 [ 24.209579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.209604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.209631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.209673] kthread+0x337/0x6f0 [ 24.209692] ? trace_preempt_on+0x20/0xc0 [ 24.209714] ? __pfx_kthread+0x10/0x10 [ 24.209735] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.209760] ? calculate_sigpending+0x7b/0xa0 [ 24.209785] ? __pfx_kthread+0x10/0x10 [ 24.209806] ret_from_fork+0x116/0x1d0 [ 24.209825] ? __pfx_kthread+0x10/0x10 [ 24.209845] ret_from_fork_asm+0x1a/0x30 [ 24.209876] </TASK> [ 24.209887] [ 24.218559] Allocated by task 226: [ 24.218731] kasan_save_stack+0x45/0x70 [ 24.218944] kasan_save_track+0x18/0x40 [ 24.219269] kasan_save_alloc_info+0x3b/0x50 [ 24.219425] __kasan_kmalloc+0xb7/0xc0 [ 24.219607] __kmalloc_cache_noprof+0x189/0x420 [ 24.220047] kmalloc_oob_memset_16+0xac/0x330 [ 24.220275] kunit_try_run_case+0x1a5/0x480 [ 24.220452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.220859] kthread+0x337/0x6f0 [ 24.221008] ret_from_fork+0x116/0x1d0 [ 24.221137] ret_from_fork_asm+0x1a/0x30 [ 24.221272] [ 24.221349] The buggy address belongs to the object at ffff888105654d00 [ 24.221349] which belongs to the cache kmalloc-128 of size 128 [ 24.221897] The buggy address is located 105 bytes inside of [ 24.221897] allocated 120-byte region [ffff888105654d00, ffff888105654d78) [ 24.222404] [ 24.222500] The buggy address belongs to the physical page: [ 24.222941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 24.223279] flags: 0x200000000000000(node=0|zone=2) [ 24.223462] page_type: f5(slab) [ 24.223717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.224032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.224341] page dumped because: kasan: bad access detected [ 24.224594] [ 24.224823] Memory state around the buggy address: [ 24.225058] ffff888105654c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.225379] ffff888105654c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.225708] >ffff888105654d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.225966] ^ [ 24.226307] ffff888105654d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.226732] ffff888105654e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.226955] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 24.182222] ================================================================== [ 24.182792] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 24.183347] Write of size 8 at addr ffff888105654c71 by task kunit_try_catch/224 [ 24.183741] [ 24.183899] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.183996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.184043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.184062] Call Trace: [ 24.184074] <TASK> [ 24.184089] dump_stack_lvl+0x73/0xb0 [ 24.184131] print_report+0xd1/0x610 [ 24.184154] ? __virt_addr_valid+0x1db/0x2d0 [ 24.184176] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.184197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.184223] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.184244] kasan_report+0x141/0x180 [ 24.184266] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.184292] kasan_check_range+0x10c/0x1c0 [ 24.184315] __asan_memset+0x27/0x50 [ 24.184338] kmalloc_oob_memset_8+0x166/0x330 [ 24.184360] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.184384] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.184410] kunit_try_run_case+0x1a5/0x480 [ 24.184432] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.184453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.184475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.184497] ? __kthread_parkme+0x82/0x180 [ 24.184516] ? preempt_count_sub+0x50/0x80 [ 24.184551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.184655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.184684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.184712] kthread+0x337/0x6f0 [ 24.184732] ? trace_preempt_on+0x20/0xc0 [ 24.184755] ? __pfx_kthread+0x10/0x10 [ 24.184775] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.184800] ? calculate_sigpending+0x7b/0xa0 [ 24.184823] ? __pfx_kthread+0x10/0x10 [ 24.184845] ret_from_fork+0x116/0x1d0 [ 24.184863] ? __pfx_kthread+0x10/0x10 [ 24.184884] ret_from_fork_asm+0x1a/0x30 [ 24.184915] </TASK> [ 24.184926] [ 24.192389] Allocated by task 224: [ 24.192513] kasan_save_stack+0x45/0x70 [ 24.192863] kasan_save_track+0x18/0x40 [ 24.193059] kasan_save_alloc_info+0x3b/0x50 [ 24.193264] __kasan_kmalloc+0xb7/0xc0 [ 24.193433] __kmalloc_cache_noprof+0x189/0x420 [ 24.193668] kmalloc_oob_memset_8+0xac/0x330 [ 24.193929] kunit_try_run_case+0x1a5/0x480 [ 24.194101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.194274] kthread+0x337/0x6f0 [ 24.194430] ret_from_fork+0x116/0x1d0 [ 24.194684] ret_from_fork_asm+0x1a/0x30 [ 24.195037] [ 24.195158] The buggy address belongs to the object at ffff888105654c00 [ 24.195158] which belongs to the cache kmalloc-128 of size 128 [ 24.195573] The buggy address is located 113 bytes inside of [ 24.195573] allocated 120-byte region [ffff888105654c00, ffff888105654c78) [ 24.196196] [ 24.196287] The buggy address belongs to the physical page: [ 24.196505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 24.196982] flags: 0x200000000000000(node=0|zone=2) [ 24.197220] page_type: f5(slab) [ 24.197376] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.197798] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.198023] page dumped because: kasan: bad access detected [ 24.198251] [ 24.198349] Memory state around the buggy address: [ 24.198578] ffff888105654b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.198851] ffff888105654b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.199077] >ffff888105654c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.199387] ^ [ 24.199989] ffff888105654c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.200284] ffff888105654d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.200634] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 24.151683] ================================================================== [ 24.152238] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 24.152481] Write of size 4 at addr ffff8881041b9875 by task kunit_try_catch/222 [ 24.153510] [ 24.153847] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.153905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.153919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.154041] Call Trace: [ 24.154061] <TASK> [ 24.154080] dump_stack_lvl+0x73/0xb0 [ 24.154120] print_report+0xd1/0x610 [ 24.154148] ? __virt_addr_valid+0x1db/0x2d0 [ 24.154187] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.154214] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.154246] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.154274] kasan_report+0x141/0x180 [ 24.154301] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.154334] kasan_check_range+0x10c/0x1c0 [ 24.154363] __asan_memset+0x27/0x50 [ 24.154391] kmalloc_oob_memset_4+0x166/0x330 [ 24.154419] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 24.154447] ? __schedule+0x10cc/0x2b60 [ 24.154479] ? __pfx_read_tsc+0x10/0x10 [ 24.154505] ? ktime_get_ts64+0x86/0x230 [ 24.154549] kunit_try_run_case+0x1a5/0x480 [ 24.154578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.154604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.154631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.154690] ? __kthread_parkme+0x82/0x180 [ 24.154716] ? preempt_count_sub+0x50/0x80 [ 24.154745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.154773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.154804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.154836] kthread+0x337/0x6f0 [ 24.154860] ? trace_preempt_on+0x20/0xc0 [ 24.154889] ? __pfx_kthread+0x10/0x10 [ 24.154915] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.154944] ? calculate_sigpending+0x7b/0xa0 [ 24.154973] ? __pfx_kthread+0x10/0x10 [ 24.155000] ret_from_fork+0x116/0x1d0 [ 24.155025] ? __pfx_kthread+0x10/0x10 [ 24.155050] ret_from_fork_asm+0x1a/0x30 [ 24.155090] </TASK> [ 24.155103] [ 24.168977] Allocated by task 222: [ 24.169294] kasan_save_stack+0x45/0x70 [ 24.169501] kasan_save_track+0x18/0x40 [ 24.169675] kasan_save_alloc_info+0x3b/0x50 [ 24.170148] __kasan_kmalloc+0xb7/0xc0 [ 24.170516] __kmalloc_cache_noprof+0x189/0x420 [ 24.171006] kmalloc_oob_memset_4+0xac/0x330 [ 24.171312] kunit_try_run_case+0x1a5/0x480 [ 24.171461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.171961] kthread+0x337/0x6f0 [ 24.172294] ret_from_fork+0x116/0x1d0 [ 24.172677] ret_from_fork_asm+0x1a/0x30 [ 24.173119] [ 24.173293] The buggy address belongs to the object at ffff8881041b9800 [ 24.173293] which belongs to the cache kmalloc-128 of size 128 [ 24.173982] The buggy address is located 117 bytes inside of [ 24.173982] allocated 120-byte region [ffff8881041b9800, ffff8881041b9878) [ 24.174350] [ 24.174421] The buggy address belongs to the physical page: [ 24.174623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.175027] flags: 0x200000000000000(node=0|zone=2) [ 24.175289] page_type: f5(slab) [ 24.175437] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.175677] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.176163] page dumped because: kasan: bad access detected [ 24.176402] [ 24.176469] Memory state around the buggy address: [ 24.176661] ffff8881041b9700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177035] ffff8881041b9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177334] >ffff8881041b9800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.177631] ^ [ 24.177986] ffff8881041b9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178301] ffff8881041b9900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178599] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 24.122264] ================================================================== [ 24.123073] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 24.123815] Write of size 2 at addr ffff888105654b77 by task kunit_try_catch/220 [ 24.124356] [ 24.124543] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.124597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.124610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.124630] Call Trace: [ 24.124642] <TASK> [ 24.124658] dump_stack_lvl+0x73/0xb0 [ 24.124686] print_report+0xd1/0x610 [ 24.124708] ? __virt_addr_valid+0x1db/0x2d0 [ 24.124730] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.124750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.124775] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.124797] kasan_report+0x141/0x180 [ 24.124819] ? kmalloc_oob_memset_2+0x166/0x330 [ 24.124844] kasan_check_range+0x10c/0x1c0 [ 24.124867] __asan_memset+0x27/0x50 [ 24.124890] kmalloc_oob_memset_2+0x166/0x330 [ 24.124912] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 24.124934] ? __schedule+0x10cc/0x2b60 [ 24.124955] ? __pfx_read_tsc+0x10/0x10 [ 24.124976] ? ktime_get_ts64+0x86/0x230 [ 24.125000] kunit_try_run_case+0x1a5/0x480 [ 24.125023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.125043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.125065] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.125123] ? __kthread_parkme+0x82/0x180 [ 24.125156] ? preempt_count_sub+0x50/0x80 [ 24.125191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.125214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.125239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.125264] kthread+0x337/0x6f0 [ 24.125285] ? trace_preempt_on+0x20/0xc0 [ 24.125308] ? __pfx_kthread+0x10/0x10 [ 24.125328] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.125352] ? calculate_sigpending+0x7b/0xa0 [ 24.125374] ? __pfx_kthread+0x10/0x10 [ 24.125395] ret_from_fork+0x116/0x1d0 [ 24.125414] ? __pfx_kthread+0x10/0x10 [ 24.125434] ret_from_fork_asm+0x1a/0x30 [ 24.125465] </TASK> [ 24.125475] [ 24.138226] Allocated by task 220: [ 24.138581] kasan_save_stack+0x45/0x70 [ 24.138955] kasan_save_track+0x18/0x40 [ 24.139452] kasan_save_alloc_info+0x3b/0x50 [ 24.139811] __kasan_kmalloc+0xb7/0xc0 [ 24.140195] __kmalloc_cache_noprof+0x189/0x420 [ 24.140847] kmalloc_oob_memset_2+0xac/0x330 [ 24.141143] kunit_try_run_case+0x1a5/0x480 [ 24.141424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.141901] kthread+0x337/0x6f0 [ 24.142073] ret_from_fork+0x116/0x1d0 [ 24.142260] ret_from_fork_asm+0x1a/0x30 [ 24.142447] [ 24.142536] The buggy address belongs to the object at ffff888105654b00 [ 24.142536] which belongs to the cache kmalloc-128 of size 128 [ 24.143083] The buggy address is located 119 bytes inside of [ 24.143083] allocated 120-byte region [ffff888105654b00, ffff888105654b78) [ 24.143651] [ 24.143796] The buggy address belongs to the physical page: [ 24.144093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 24.144402] flags: 0x200000000000000(node=0|zone=2) [ 24.144629] page_type: f5(slab) [ 24.144999] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.145358] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.145682] page dumped because: kasan: bad access detected [ 24.145902] [ 24.146062] Memory state around the buggy address: [ 24.146330] ffff888105654a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.146654] ffff888105654a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.147000] >ffff888105654b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.147292] ^ [ 24.147648] ffff888105654b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.147934] ffff888105654c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.148223] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 24.090268] ================================================================== [ 24.091240] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.091489] Write of size 128 at addr ffff8881041b9700 by task kunit_try_catch/218 [ 24.092082] [ 24.092369] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.092424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.092459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.092482] Call Trace: [ 24.092507] <TASK> [ 24.092543] dump_stack_lvl+0x73/0xb0 [ 24.092579] print_report+0xd1/0x610 [ 24.092616] ? __virt_addr_valid+0x1db/0x2d0 [ 24.092647] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092673] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.092737] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092764] kasan_report+0x141/0x180 [ 24.092804] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092839] kasan_check_range+0x10c/0x1c0 [ 24.092867] __asan_memset+0x27/0x50 [ 24.092896] kmalloc_oob_in_memset+0x15f/0x320 [ 24.092923] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.092954] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.092987] kunit_try_run_case+0x1a5/0x480 [ 24.093015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.093068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.093095] ? __kthread_parkme+0x82/0x180 [ 24.093120] ? preempt_count_sub+0x50/0x80 [ 24.093150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.093208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.093239] kthread+0x337/0x6f0 [ 24.093263] ? trace_preempt_on+0x20/0xc0 [ 24.093292] ? __pfx_kthread+0x10/0x10 [ 24.093318] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.093347] ? calculate_sigpending+0x7b/0xa0 [ 24.093375] ? __pfx_kthread+0x10/0x10 [ 24.093402] ret_from_fork+0x116/0x1d0 [ 24.093425] ? __pfx_kthread+0x10/0x10 [ 24.093450] ret_from_fork_asm+0x1a/0x30 [ 24.093490] </TASK> [ 24.093502] [ 24.106412] Allocated by task 218: [ 24.106554] kasan_save_stack+0x45/0x70 [ 24.107082] kasan_save_track+0x18/0x40 [ 24.107483] kasan_save_alloc_info+0x3b/0x50 [ 24.108148] __kasan_kmalloc+0xb7/0xc0 [ 24.108539] __kmalloc_cache_noprof+0x189/0x420 [ 24.109089] kmalloc_oob_in_memset+0xac/0x320 [ 24.109427] kunit_try_run_case+0x1a5/0x480 [ 24.109597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.110237] kthread+0x337/0x6f0 [ 24.110592] ret_from_fork+0x116/0x1d0 [ 24.111048] ret_from_fork_asm+0x1a/0x30 [ 24.111367] [ 24.111556] The buggy address belongs to the object at ffff8881041b9700 [ 24.111556] which belongs to the cache kmalloc-128 of size 128 [ 24.112260] The buggy address is located 0 bytes inside of [ 24.112260] allocated 120-byte region [ffff8881041b9700, ffff8881041b9778) [ 24.112873] [ 24.113196] The buggy address belongs to the physical page: [ 24.113747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.114464] flags: 0x200000000000000(node=0|zone=2) [ 24.114951] page_type: f5(slab) [ 24.115333] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.115720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.116409] page dumped because: kasan: bad access detected [ 24.116954] [ 24.117026] Memory state around the buggy address: [ 24.117182] ffff8881041b9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.117398] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.117629] >ffff8881041b9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.118031] ^ [ 24.118565] ffff8881041b9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.118872] ffff8881041b9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.119239] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 24.061313] ================================================================== [ 24.061785] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 24.062100] Read of size 16 at addr ffff888104884640 by task kunit_try_catch/216 [ 24.062409] [ 24.062501] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.062559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.062572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.062593] Call Trace: [ 24.062667] <TASK> [ 24.062688] dump_stack_lvl+0x73/0xb0 [ 24.062720] print_report+0xd1/0x610 [ 24.062743] ? __virt_addr_valid+0x1db/0x2d0 [ 24.062767] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.062787] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.062812] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.062833] kasan_report+0x141/0x180 [ 24.062854] ? kmalloc_uaf_16+0x47b/0x4c0 [ 24.062879] __asan_report_load16_noabort+0x18/0x20 [ 24.062903] kmalloc_uaf_16+0x47b/0x4c0 [ 24.062924] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 24.062946] ? __schedule+0x10cc/0x2b60 [ 24.062968] ? __pfx_read_tsc+0x10/0x10 [ 24.062989] ? ktime_get_ts64+0x86/0x230 [ 24.063016] kunit_try_run_case+0x1a5/0x480 [ 24.063038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.063059] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.063081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.063104] ? __kthread_parkme+0x82/0x180 [ 24.063124] ? preempt_count_sub+0x50/0x80 [ 24.063148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.063170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.063196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.063222] kthread+0x337/0x6f0 [ 24.063241] ? trace_preempt_on+0x20/0xc0 [ 24.063265] ? __pfx_kthread+0x10/0x10 [ 24.063285] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.063309] ? calculate_sigpending+0x7b/0xa0 [ 24.063334] ? __pfx_kthread+0x10/0x10 [ 24.063355] ret_from_fork+0x116/0x1d0 [ 24.063374] ? __pfx_kthread+0x10/0x10 [ 24.063394] ret_from_fork_asm+0x1a/0x30 [ 24.063426] </TASK> [ 24.063437] [ 24.070559] Allocated by task 216: [ 24.070697] kasan_save_stack+0x45/0x70 [ 24.070836] kasan_save_track+0x18/0x40 [ 24.070963] kasan_save_alloc_info+0x3b/0x50 [ 24.071169] __kasan_kmalloc+0xb7/0xc0 [ 24.071355] __kmalloc_cache_noprof+0x189/0x420 [ 24.071680] kmalloc_uaf_16+0x15b/0x4c0 [ 24.071879] kunit_try_run_case+0x1a5/0x480 [ 24.072086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.072310] kthread+0x337/0x6f0 [ 24.072480] ret_from_fork+0x116/0x1d0 [ 24.072758] ret_from_fork_asm+0x1a/0x30 [ 24.072952] [ 24.073029] Freed by task 216: [ 24.073151] kasan_save_stack+0x45/0x70 [ 24.073279] kasan_save_track+0x18/0x40 [ 24.073405] kasan_save_free_info+0x3f/0x60 [ 24.073625] __kasan_slab_free+0x56/0x70 [ 24.073830] kfree+0x222/0x3f0 [ 24.073989] kmalloc_uaf_16+0x1d6/0x4c0 [ 24.074179] kunit_try_run_case+0x1a5/0x480 [ 24.074382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.074686] kthread+0x337/0x6f0 [ 24.074820] ret_from_fork+0x116/0x1d0 [ 24.074947] ret_from_fork_asm+0x1a/0x30 [ 24.075086] [ 24.075149] The buggy address belongs to the object at ffff888104884640 [ 24.075149] which belongs to the cache kmalloc-16 of size 16 [ 24.075574] The buggy address is located 0 bytes inside of [ 24.075574] freed 16-byte region [ffff888104884640, ffff888104884650) [ 24.076096] [ 24.076181] The buggy address belongs to the physical page: [ 24.076374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104884 [ 24.076616] flags: 0x200000000000000(node=0|zone=2) [ 24.076845] page_type: f5(slab) [ 24.077005] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.077331] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.080174] page dumped because: kasan: bad access detected [ 24.080877] [ 24.081041] Memory state around the buggy address: [ 24.081333] ffff888104884500: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc [ 24.081557] ffff888104884580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.082979] >ffff888104884600: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 24.084290] ^ [ 24.084469] ffff888104884680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.085764] ffff888104884700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.086149] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 24.039294] ================================================================== [ 24.039798] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 24.040205] Write of size 16 at addr ffff8881058f7120 by task kunit_try_catch/214 [ 24.040507] [ 24.040848] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.040911] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.040925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.040949] Call Trace: [ 24.040964] <TASK> [ 24.040985] dump_stack_lvl+0x73/0xb0 [ 24.041024] print_report+0xd1/0x610 [ 24.041052] ? __virt_addr_valid+0x1db/0x2d0 [ 24.041084] ? kmalloc_oob_16+0x452/0x4a0 [ 24.041109] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.041139] ? kmalloc_oob_16+0x452/0x4a0 [ 24.041165] kasan_report+0x141/0x180 [ 24.041192] ? kmalloc_oob_16+0x452/0x4a0 [ 24.041225] __asan_report_store16_noabort+0x1b/0x30 [ 24.041254] kmalloc_oob_16+0x452/0x4a0 [ 24.041280] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 24.041307] ? __schedule+0x10cc/0x2b60 [ 24.041334] ? __pfx_read_tsc+0x10/0x10 [ 24.041362] ? ktime_get_ts64+0x86/0x230 [ 24.041395] kunit_try_run_case+0x1a5/0x480 [ 24.041424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.041450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.041477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.041504] ? __kthread_parkme+0x82/0x180 [ 24.041545] ? preempt_count_sub+0x50/0x80 [ 24.041575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.041937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.041973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.042004] kthread+0x337/0x6f0 [ 24.042029] ? trace_preempt_on+0x20/0xc0 [ 24.042059] ? __pfx_kthread+0x10/0x10 [ 24.042085] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.042115] ? calculate_sigpending+0x7b/0xa0 [ 24.042144] ? __pfx_kthread+0x10/0x10 [ 24.042171] ret_from_fork+0x116/0x1d0 [ 24.042195] ? __pfx_kthread+0x10/0x10 [ 24.042220] ret_from_fork_asm+0x1a/0x30 [ 24.042261] </TASK> [ 24.042274] [ 24.048916] Allocated by task 214: [ 24.049094] kasan_save_stack+0x45/0x70 [ 24.049440] kasan_save_track+0x18/0x40 [ 24.049602] kasan_save_alloc_info+0x3b/0x50 [ 24.049755] __kasan_kmalloc+0xb7/0xc0 [ 24.049891] __kmalloc_cache_noprof+0x189/0x420 [ 24.050050] kmalloc_oob_16+0xa8/0x4a0 [ 24.050188] kunit_try_run_case+0x1a5/0x480 [ 24.050400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.050670] kthread+0x337/0x6f0 [ 24.050849] ret_from_fork+0x116/0x1d0 [ 24.051042] ret_from_fork_asm+0x1a/0x30 [ 24.051290] [ 24.051388] The buggy address belongs to the object at ffff8881058f7120 [ 24.051388] which belongs to the cache kmalloc-16 of size 16 [ 24.052680] The buggy address is located 0 bytes inside of [ 24.052680] allocated 13-byte region [ffff8881058f7120, ffff8881058f712d) [ 24.053187] [ 24.053276] The buggy address belongs to the physical page: [ 24.053470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7 [ 24.054043] flags: 0x200000000000000(node=0|zone=2) [ 24.054270] page_type: f5(slab) [ 24.054426] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 24.054815] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.055048] page dumped because: kasan: bad access detected [ 24.055218] [ 24.055312] Memory state around the buggy address: [ 24.055541] ffff8881058f7000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.056204] ffff8881058f7080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 24.056592] >ffff8881058f7100: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 24.057033] ^ [ 24.057241] ffff8881058f7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.057553] ffff8881058f7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.057885] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 24.013564] ================================================================== [ 24.014103] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 24.014372] Read of size 1 at addr ffff8881009a8e00 by task kunit_try_catch/212 [ 24.014789] [ 24.014881] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.014930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.014941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.014962] Call Trace: [ 24.014975] <TASK> [ 24.014994] dump_stack_lvl+0x73/0xb0 [ 24.015033] print_report+0xd1/0x610 [ 24.015055] ? __virt_addr_valid+0x1db/0x2d0 [ 24.015079] ? krealloc_uaf+0x53c/0x5e0 [ 24.015099] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.015125] ? krealloc_uaf+0x53c/0x5e0 [ 24.015146] kasan_report+0x141/0x180 [ 24.015167] ? krealloc_uaf+0x53c/0x5e0 [ 24.015194] __asan_report_load1_noabort+0x18/0x20 [ 24.015218] krealloc_uaf+0x53c/0x5e0 [ 24.015239] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.015259] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.015288] ? __pfx_krealloc_uaf+0x10/0x10 [ 24.015314] kunit_try_run_case+0x1a5/0x480 [ 24.015336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.015357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.015379] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.015401] ? __kthread_parkme+0x82/0x180 [ 24.015421] ? preempt_count_sub+0x50/0x80 [ 24.015444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.015467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.015492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.015530] kthread+0x337/0x6f0 [ 24.015550] ? trace_preempt_on+0x20/0xc0 [ 24.015573] ? __pfx_kthread+0x10/0x10 [ 24.015594] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.015618] ? calculate_sigpending+0x7b/0xa0 [ 24.015643] ? __pfx_kthread+0x10/0x10 [ 24.015664] ret_from_fork+0x116/0x1d0 [ 24.015684] ? __pfx_kthread+0x10/0x10 [ 24.015704] ret_from_fork_asm+0x1a/0x30 [ 24.015736] </TASK> [ 24.015747] [ 24.022350] Allocated by task 212: [ 24.022478] kasan_save_stack+0x45/0x70 [ 24.022806] kasan_save_track+0x18/0x40 [ 24.023018] kasan_save_alloc_info+0x3b/0x50 [ 24.023224] __kasan_kmalloc+0xb7/0xc0 [ 24.023392] __kmalloc_cache_noprof+0x189/0x420 [ 24.023593] krealloc_uaf+0xbb/0x5e0 [ 24.023785] kunit_try_run_case+0x1a5/0x480 [ 24.023926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.024096] kthread+0x337/0x6f0 [ 24.024211] ret_from_fork+0x116/0x1d0 [ 24.024379] ret_from_fork_asm+0x1a/0x30 [ 24.024835] [ 24.024993] Freed by task 212: [ 24.025304] kasan_save_stack+0x45/0x70 [ 24.025497] kasan_save_track+0x18/0x40 [ 24.025857] kasan_save_free_info+0x3f/0x60 [ 24.026122] __kasan_slab_free+0x56/0x70 [ 24.026313] kfree+0x222/0x3f0 [ 24.026453] krealloc_uaf+0x13d/0x5e0 [ 24.026691] kunit_try_run_case+0x1a5/0x480 [ 24.026870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.027056] kthread+0x337/0x6f0 [ 24.027169] ret_from_fork+0x116/0x1d0 [ 24.027294] ret_from_fork_asm+0x1a/0x30 [ 24.027427] [ 24.027513] The buggy address belongs to the object at ffff8881009a8e00 [ 24.027513] which belongs to the cache kmalloc-256 of size 256 [ 24.028395] The buggy address is located 0 bytes inside of [ 24.028395] freed 256-byte region [ffff8881009a8e00, ffff8881009a8f00) [ 24.029250] [ 24.029333] The buggy address belongs to the physical page: [ 24.029548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 24.029786] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.030152] anon flags: 0x200000000000040(head|node=0|zone=2) [ 24.030422] page_type: f5(slab) [ 24.030601] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.030963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.031262] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.031527] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.031900] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 24.032273] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.032679] page dumped because: kasan: bad access detected [ 24.032847] [ 24.032909] Memory state around the buggy address: [ 24.033056] ffff8881009a8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.033352] ffff8881009a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.033808] >ffff8881009a8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.034109] ^ [ 24.034263] ffff8881009a8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.034477] ffff8881009a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.034689] ================================================================== [ 23.990864] ================================================================== [ 23.991403] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.992017] Read of size 1 at addr ffff8881009a8e00 by task kunit_try_catch/212 [ 23.992316] [ 23.992416] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.992464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.992476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.992496] Call Trace: [ 23.992509] <TASK> [ 23.992539] dump_stack_lvl+0x73/0xb0 [ 23.992569] print_report+0xd1/0x610 [ 23.992945] ? __virt_addr_valid+0x1db/0x2d0 [ 23.992970] ? krealloc_uaf+0x1b8/0x5e0 [ 23.992990] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.993016] ? krealloc_uaf+0x1b8/0x5e0 [ 23.993038] kasan_report+0x141/0x180 [ 23.993059] ? krealloc_uaf+0x1b8/0x5e0 [ 23.993083] ? krealloc_uaf+0x1b8/0x5e0 [ 23.993104] __kasan_check_byte+0x3d/0x50 [ 23.993126] krealloc_noprof+0x3f/0x340 [ 23.993153] krealloc_uaf+0x1b8/0x5e0 [ 23.993174] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.993194] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.993224] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.993250] kunit_try_run_case+0x1a5/0x480 [ 23.993273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.993294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.993316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.993337] ? __kthread_parkme+0x82/0x180 [ 23.993357] ? preempt_count_sub+0x50/0x80 [ 23.993381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.993403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.993429] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.993455] kthread+0x337/0x6f0 [ 23.993474] ? trace_preempt_on+0x20/0xc0 [ 23.993497] ? __pfx_kthread+0x10/0x10 [ 23.993531] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.993556] ? calculate_sigpending+0x7b/0xa0 [ 23.993637] ? __pfx_kthread+0x10/0x10 [ 23.993661] ret_from_fork+0x116/0x1d0 [ 23.993680] ? __pfx_kthread+0x10/0x10 [ 23.993700] ret_from_fork_asm+0x1a/0x30 [ 23.993732] </TASK> [ 23.993743] [ 24.000965] Allocated by task 212: [ 24.001305] kasan_save_stack+0x45/0x70 [ 24.001500] kasan_save_track+0x18/0x40 [ 24.001677] kasan_save_alloc_info+0x3b/0x50 [ 24.001950] __kasan_kmalloc+0xb7/0xc0 [ 24.002083] __kmalloc_cache_noprof+0x189/0x420 [ 24.002231] krealloc_uaf+0xbb/0x5e0 [ 24.002392] kunit_try_run_case+0x1a5/0x480 [ 24.002626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.002893] kthread+0x337/0x6f0 [ 24.003056] ret_from_fork+0x116/0x1d0 [ 24.003233] ret_from_fork_asm+0x1a/0x30 [ 24.003418] [ 24.003482] Freed by task 212: [ 24.003596] kasan_save_stack+0x45/0x70 [ 24.003726] kasan_save_track+0x18/0x40 [ 24.003854] kasan_save_free_info+0x3f/0x60 [ 24.004025] __kasan_slab_free+0x56/0x70 [ 24.004211] kfree+0x222/0x3f0 [ 24.004374] krealloc_uaf+0x13d/0x5e0 [ 24.004730] kunit_try_run_case+0x1a5/0x480 [ 24.004932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.005149] kthread+0x337/0x6f0 [ 24.005298] ret_from_fork+0x116/0x1d0 [ 24.005465] ret_from_fork_asm+0x1a/0x30 [ 24.005725] [ 24.005797] The buggy address belongs to the object at ffff8881009a8e00 [ 24.005797] which belongs to the cache kmalloc-256 of size 256 [ 24.006344] The buggy address is located 0 bytes inside of [ 24.006344] freed 256-byte region [ffff8881009a8e00, ffff8881009a8f00) [ 24.006918] [ 24.007016] The buggy address belongs to the physical page: [ 24.007234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 24.007555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.007940] anon flags: 0x200000000000040(head|node=0|zone=2) [ 24.008130] page_type: f5(slab) [ 24.008247] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.008531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.008862] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 24.009548] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.010073] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 24.010302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.010532] page dumped because: kasan: bad access detected [ 24.010696] [ 24.010791] Memory state around the buggy address: [ 24.011011] ffff8881009a8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.011330] ffff8881009a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.011724] >ffff8881009a8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.012041] ^ [ 24.012203] ffff8881009a8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.012527] ffff8881009a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.012884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 23.972352] ================================================================== [ 23.972871] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973230] Write of size 1 at addr ffff8881049420eb by task kunit_try_catch/210 [ 23.973567] [ 23.973709] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.973758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.973771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.973792] Call Trace: [ 23.973805] <TASK> [ 23.973821] dump_stack_lvl+0x73/0xb0 [ 23.973855] print_report+0xd1/0x610 [ 23.973881] ? __virt_addr_valid+0x1db/0x2d0 [ 23.973910] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973938] ? kasan_addr_to_slab+0x11/0xa0 [ 23.973963] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.973991] kasan_report+0x141/0x180 [ 23.974018] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.974053] __asan_report_store1_noabort+0x1b/0x30 [ 23.974081] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.974112] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.974141] ? finish_task_switch.isra.0+0x153/0x700 [ 23.974167] ? __switch_to+0x47/0xf80 [ 23.974199] ? __schedule+0x10cc/0x2b60 [ 23.974228] ? __pfx_read_tsc+0x10/0x10 [ 23.974259] krealloc_large_less_oob+0x1c/0x30 [ 23.974286] kunit_try_run_case+0x1a5/0x480 [ 23.974315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.974341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.974368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.974395] ? __kthread_parkme+0x82/0x180 [ 23.974421] ? preempt_count_sub+0x50/0x80 [ 23.974449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.974481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.974512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.974553] kthread+0x337/0x6f0 [ 23.974577] ? trace_preempt_on+0x20/0xc0 [ 23.974605] ? __pfx_kthread+0x10/0x10 [ 23.974631] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.974672] ? calculate_sigpending+0x7b/0xa0 [ 23.974701] ? __pfx_kthread+0x10/0x10 [ 23.974729] ret_from_fork+0x116/0x1d0 [ 23.974752] ? __pfx_kthread+0x10/0x10 [ 23.974777] ret_from_fork_asm+0x1a/0x30 [ 23.974818] </TASK> [ 23.974830] [ 23.982038] The buggy address belongs to the physical page: [ 23.982301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940 [ 23.982776] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.983039] flags: 0x200000000000040(head|node=0|zone=2) [ 23.983220] page_type: f8(unknown) [ 23.983393] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.983927] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.984288] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.984597] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.984949] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff [ 23.985281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.985535] page dumped because: kasan: bad access detected [ 23.985705] [ 23.985772] Memory state around the buggy address: [ 23.985926] ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.986199] ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.986514] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.986878] ^ [ 23.987145] ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.987361] ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.987703] ================================================================== [ 23.838669] ================================================================== [ 23.838906] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.839325] Write of size 1 at addr ffff8881009a90eb by task kunit_try_catch/206 [ 23.839998] [ 23.840110] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.840156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.840167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.840186] Call Trace: [ 23.840202] <TASK> [ 23.840215] dump_stack_lvl+0x73/0xb0 [ 23.840244] print_report+0xd1/0x610 [ 23.840266] ? __virt_addr_valid+0x1db/0x2d0 [ 23.840288] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.840311] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.840336] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.840359] kasan_report+0x141/0x180 [ 23.840380] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.840408] __asan_report_store1_noabort+0x1b/0x30 [ 23.840432] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.840457] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.840480] ? finish_task_switch.isra.0+0x153/0x700 [ 23.840501] ? __switch_to+0x47/0xf80 [ 23.840540] ? __schedule+0x10cc/0x2b60 [ 23.840561] ? __pfx_read_tsc+0x10/0x10 [ 23.840586] krealloc_less_oob+0x1c/0x30 [ 23.840607] kunit_try_run_case+0x1a5/0x480 [ 23.840629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.840650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.840672] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.840693] ? __kthread_parkme+0x82/0x180 [ 23.840713] ? preempt_count_sub+0x50/0x80 [ 23.840735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.840757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.840783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.840808] kthread+0x337/0x6f0 [ 23.840827] ? trace_preempt_on+0x20/0xc0 [ 23.840850] ? __pfx_kthread+0x10/0x10 [ 23.840870] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.840985] ? calculate_sigpending+0x7b/0xa0 [ 23.841010] ? __pfx_kthread+0x10/0x10 [ 23.841032] ret_from_fork+0x116/0x1d0 [ 23.841051] ? __pfx_kthread+0x10/0x10 [ 23.841071] ret_from_fork_asm+0x1a/0x30 [ 23.841104] </TASK> [ 23.841114] [ 23.848241] Allocated by task 206: [ 23.848407] kasan_save_stack+0x45/0x70 [ 23.848586] kasan_save_track+0x18/0x40 [ 23.848740] kasan_save_alloc_info+0x3b/0x50 [ 23.848883] __kasan_krealloc+0x190/0x1f0 [ 23.849016] krealloc_noprof+0xf3/0x340 [ 23.849147] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.849373] krealloc_less_oob+0x1c/0x30 [ 23.849571] kunit_try_run_case+0x1a5/0x480 [ 23.849857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.850151] kthread+0x337/0x6f0 [ 23.850266] ret_from_fork+0x116/0x1d0 [ 23.850391] ret_from_fork_asm+0x1a/0x30 [ 23.850539] [ 23.850602] The buggy address belongs to the object at ffff8881009a9000 [ 23.850602] which belongs to the cache kmalloc-256 of size 256 [ 23.851102] The buggy address is located 34 bytes to the right of [ 23.851102] allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9) [ 23.851656] [ 23.851744] The buggy address belongs to the physical page: [ 23.852156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 23.852402] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.852771] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.852960] page_type: f5(slab) [ 23.853119] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.853455] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.854002] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.854404] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.854772] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 23.855136] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.855360] page dumped because: kasan: bad access detected [ 23.855548] [ 23.855669] Memory state around the buggy address: [ 23.855883] ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.856195] ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.856508] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.856944] ^ [ 23.857145] ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.857354] ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.857571] ================================================================== [ 23.922898] ================================================================== [ 23.923154] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.923394] Write of size 1 at addr ffff8881049420d0 by task kunit_try_catch/210 [ 23.923727] [ 23.923840] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.923887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.923900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.923921] Call Trace: [ 23.923934] <TASK> [ 23.923949] dump_stack_lvl+0x73/0xb0 [ 23.923979] print_report+0xd1/0x610 [ 23.924006] ? __virt_addr_valid+0x1db/0x2d0 [ 23.924033] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.924060] ? kasan_addr_to_slab+0x11/0xa0 [ 23.924085] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.924113] kasan_report+0x141/0x180 [ 23.924140] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.924175] __asan_report_store1_noabort+0x1b/0x30 [ 23.924203] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.924234] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.924262] ? finish_task_switch.isra.0+0x153/0x700 [ 23.924417] ? __switch_to+0x47/0xf80 [ 23.924453] ? __schedule+0x10cc/0x2b60 [ 23.924480] ? __pfx_read_tsc+0x10/0x10 [ 23.924510] krealloc_large_less_oob+0x1c/0x30 [ 23.924551] kunit_try_run_case+0x1a5/0x480 [ 23.924579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.924605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.924632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.924659] ? __kthread_parkme+0x82/0x180 [ 23.924684] ? preempt_count_sub+0x50/0x80 [ 23.924713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.924740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.924771] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.924802] kthread+0x337/0x6f0 [ 23.924826] ? trace_preempt_on+0x20/0xc0 [ 23.924853] ? __pfx_kthread+0x10/0x10 [ 23.924879] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.924908] ? calculate_sigpending+0x7b/0xa0 [ 23.924936] ? __pfx_kthread+0x10/0x10 [ 23.924963] ret_from_fork+0x116/0x1d0 [ 23.924987] ? __pfx_kthread+0x10/0x10 [ 23.925012] ret_from_fork_asm+0x1a/0x30 [ 23.925105] </TASK> [ 23.925117] [ 23.932955] The buggy address belongs to the physical page: [ 23.933192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940 [ 23.933497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.933917] flags: 0x200000000000040(head|node=0|zone=2) [ 23.934168] page_type: f8(unknown) [ 23.934321] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.934734] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.935129] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.935456] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.935851] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff [ 23.936135] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.936469] page dumped because: kasan: bad access detected [ 23.936715] [ 23.936792] Memory state around the buggy address: [ 23.936945] ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.937261] ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.937725] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.938020] ^ [ 23.938253] ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.938558] ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.938924] ================================================================== [ 23.729045] ================================================================== [ 23.729567] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.729906] Write of size 1 at addr ffff8881009a90c9 by task kunit_try_catch/206 [ 23.730498] [ 23.730658] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.730711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.730723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.730745] Call Trace: [ 23.730757] <TASK> [ 23.730989] dump_stack_lvl+0x73/0xb0 [ 23.731064] print_report+0xd1/0x610 [ 23.731089] ? __virt_addr_valid+0x1db/0x2d0 [ 23.731115] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.731147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.731173] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.731197] kasan_report+0x141/0x180 [ 23.731219] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.731247] __asan_report_store1_noabort+0x1b/0x30 [ 23.731271] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.731296] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.731320] ? finish_task_switch.isra.0+0x153/0x700 [ 23.731342] ? __switch_to+0x47/0xf80 [ 23.731369] ? __schedule+0x10cc/0x2b60 [ 23.731392] ? __pfx_read_tsc+0x10/0x10 [ 23.731417] krealloc_less_oob+0x1c/0x30 [ 23.731438] kunit_try_run_case+0x1a5/0x480 [ 23.731462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.731482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.731505] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.731536] ? __kthread_parkme+0x82/0x180 [ 23.731560] ? preempt_count_sub+0x50/0x80 [ 23.731651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.731675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.731702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.731728] kthread+0x337/0x6f0 [ 23.731747] ? trace_preempt_on+0x20/0xc0 [ 23.731772] ? __pfx_kthread+0x10/0x10 [ 23.731793] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.731818] ? calculate_sigpending+0x7b/0xa0 [ 23.731842] ? __pfx_kthread+0x10/0x10 [ 23.731863] ret_from_fork+0x116/0x1d0 [ 23.731883] ? __pfx_kthread+0x10/0x10 [ 23.731903] ret_from_fork_asm+0x1a/0x30 [ 23.731936] </TASK> [ 23.731947] [ 23.742253] Allocated by task 206: [ 23.742703] kasan_save_stack+0x45/0x70 [ 23.743219] kasan_save_track+0x18/0x40 [ 23.743669] kasan_save_alloc_info+0x3b/0x50 [ 23.744162] __kasan_krealloc+0x190/0x1f0 [ 23.744562] krealloc_noprof+0xf3/0x340 [ 23.745002] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.745555] krealloc_less_oob+0x1c/0x30 [ 23.745955] kunit_try_run_case+0x1a5/0x480 [ 23.746376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.746944] kthread+0x337/0x6f0 [ 23.747287] ret_from_fork+0x116/0x1d0 [ 23.747734] ret_from_fork_asm+0x1a/0x30 [ 23.748146] [ 23.748340] The buggy address belongs to the object at ffff8881009a9000 [ 23.748340] which belongs to the cache kmalloc-256 of size 256 [ 23.749397] The buggy address is located 0 bytes to the right of [ 23.749397] allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9) [ 23.750047] [ 23.750204] The buggy address belongs to the physical page: [ 23.750774] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 23.751614] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.752335] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.752981] page_type: f5(slab) [ 23.753280] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.753507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.753974] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.754772] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.755549] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 23.756307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.757098] page dumped because: kasan: bad access detected [ 23.757698] [ 23.757775] Memory state around the buggy address: [ 23.757923] ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.758159] ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.758887] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.759667] ^ [ 23.760218] ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.761073] ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.761742] ================================================================== [ 23.790541] ================================================================== [ 23.791068] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.791434] Write of size 1 at addr ffff8881009a90da by task kunit_try_catch/206 [ 23.791800] [ 23.792023] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.792073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.792084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.792104] Call Trace: [ 23.792117] <TASK> [ 23.792131] dump_stack_lvl+0x73/0xb0 [ 23.792158] print_report+0xd1/0x610 [ 23.792181] ? __virt_addr_valid+0x1db/0x2d0 [ 23.792202] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.792225] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.792250] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.792273] kasan_report+0x141/0x180 [ 23.792295] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.792323] __asan_report_store1_noabort+0x1b/0x30 [ 23.792347] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.792373] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.792396] ? finish_task_switch.isra.0+0x153/0x700 [ 23.792417] ? __switch_to+0x47/0xf80 [ 23.792442] ? __schedule+0x10cc/0x2b60 [ 23.792464] ? __pfx_read_tsc+0x10/0x10 [ 23.792487] krealloc_less_oob+0x1c/0x30 [ 23.792508] kunit_try_run_case+0x1a5/0x480 [ 23.792543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.792564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.792789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.792827] ? __kthread_parkme+0x82/0x180 [ 23.792848] ? preempt_count_sub+0x50/0x80 [ 23.792871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.792894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.792920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.792946] kthread+0x337/0x6f0 [ 23.792965] ? trace_preempt_on+0x20/0xc0 [ 23.792988] ? __pfx_kthread+0x10/0x10 [ 23.793008] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.793032] ? calculate_sigpending+0x7b/0xa0 [ 23.793055] ? __pfx_kthread+0x10/0x10 [ 23.793076] ret_from_fork+0x116/0x1d0 [ 23.793095] ? __pfx_kthread+0x10/0x10 [ 23.793115] ret_from_fork_asm+0x1a/0x30 [ 23.793147] </TASK> [ 23.793157] [ 23.801086] Allocated by task 206: [ 23.801209] kasan_save_stack+0x45/0x70 [ 23.801386] kasan_save_track+0x18/0x40 [ 23.801592] kasan_save_alloc_info+0x3b/0x50 [ 23.801793] __kasan_krealloc+0x190/0x1f0 [ 23.801997] krealloc_noprof+0xf3/0x340 [ 23.802329] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.802494] krealloc_less_oob+0x1c/0x30 [ 23.802640] kunit_try_run_case+0x1a5/0x480 [ 23.802836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.803113] kthread+0x337/0x6f0 [ 23.803382] ret_from_fork+0x116/0x1d0 [ 23.803511] ret_from_fork_asm+0x1a/0x30 [ 23.803901] [ 23.804010] The buggy address belongs to the object at ffff8881009a9000 [ 23.804010] which belongs to the cache kmalloc-256 of size 256 [ 23.804545] The buggy address is located 17 bytes to the right of [ 23.804545] allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9) [ 23.805093] [ 23.805205] The buggy address belongs to the physical page: [ 23.805420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 23.805928] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.806196] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.806380] page_type: f5(slab) [ 23.806550] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.807134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.807611] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.807841] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.808334] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 23.808770] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.809237] page dumped because: kasan: bad access detected [ 23.809442] [ 23.809513] Memory state around the buggy address: [ 23.810010] ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.810282] ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.810575] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.811020] ^ [ 23.811207] ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.811529] ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.812020] ================================================================== [ 23.812430] ================================================================== [ 23.812791] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.813184] Write of size 1 at addr ffff8881009a90ea by task kunit_try_catch/206 [ 23.813542] [ 23.813692] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.813738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.813750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.813769] Call Trace: [ 23.814319] <TASK> [ 23.814346] dump_stack_lvl+0x73/0xb0 [ 23.814437] print_report+0xd1/0x610 [ 23.814476] ? __virt_addr_valid+0x1db/0x2d0 [ 23.814501] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.814535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.814562] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.814740] kasan_report+0x141/0x180 [ 23.814767] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.814795] __asan_report_store1_noabort+0x1b/0x30 [ 23.814819] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.814847] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.814873] ? finish_task_switch.isra.0+0x153/0x700 [ 23.814897] ? __switch_to+0x47/0xf80 [ 23.814923] ? __schedule+0x10cc/0x2b60 [ 23.814945] ? __pfx_read_tsc+0x10/0x10 [ 23.814970] krealloc_less_oob+0x1c/0x30 [ 23.814992] kunit_try_run_case+0x1a5/0x480 [ 23.815015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.815036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.815057] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.815080] ? __kthread_parkme+0x82/0x180 [ 23.815100] ? preempt_count_sub+0x50/0x80 [ 23.815123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.815146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.815172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.815198] kthread+0x337/0x6f0 [ 23.815217] ? trace_preempt_on+0x20/0xc0 [ 23.815240] ? __pfx_kthread+0x10/0x10 [ 23.815260] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.815284] ? calculate_sigpending+0x7b/0xa0 [ 23.815307] ? __pfx_kthread+0x10/0x10 [ 23.815328] ret_from_fork+0x116/0x1d0 [ 23.815347] ? __pfx_kthread+0x10/0x10 [ 23.815367] ret_from_fork_asm+0x1a/0x30 [ 23.815398] </TASK> [ 23.815409] [ 23.828859] Allocated by task 206: [ 23.829017] kasan_save_stack+0x45/0x70 [ 23.829196] kasan_save_track+0x18/0x40 [ 23.829359] kasan_save_alloc_info+0x3b/0x50 [ 23.829570] __kasan_krealloc+0x190/0x1f0 [ 23.829786] krealloc_noprof+0xf3/0x340 [ 23.829958] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.830174] krealloc_less_oob+0x1c/0x30 [ 23.830347] kunit_try_run_case+0x1a5/0x480 [ 23.830543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.830750] kthread+0x337/0x6f0 [ 23.830862] ret_from_fork+0x116/0x1d0 [ 23.830985] ret_from_fork_asm+0x1a/0x30 [ 23.831144] [ 23.831230] The buggy address belongs to the object at ffff8881009a9000 [ 23.831230] which belongs to the cache kmalloc-256 of size 256 [ 23.831824] The buggy address is located 33 bytes to the right of [ 23.831824] allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9) [ 23.832307] [ 23.832397] The buggy address belongs to the physical page: [ 23.832700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 23.833036] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.833345] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.833823] page_type: f5(slab) [ 23.833964] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.834188] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.834539] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.834973] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.835300] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 23.835627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.835878] page dumped because: kasan: bad access detected [ 23.836128] [ 23.836204] Memory state around the buggy address: [ 23.836363] ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.836588] ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.836894] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.837297] ^ [ 23.837532] ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.837892] ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.838179] ================================================================== [ 23.906310] ================================================================== [ 23.906945] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.907300] Write of size 1 at addr ffff8881049420c9 by task kunit_try_catch/210 [ 23.907644] [ 23.907834] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.907893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.907907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.907931] Call Trace: [ 23.907946] <TASK> [ 23.907977] dump_stack_lvl+0x73/0xb0 [ 23.908015] print_report+0xd1/0x610 [ 23.908043] ? __virt_addr_valid+0x1db/0x2d0 [ 23.908074] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.908102] ? kasan_addr_to_slab+0x11/0xa0 [ 23.908127] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.908156] kasan_report+0x141/0x180 [ 23.908183] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.908218] __asan_report_store1_noabort+0x1b/0x30 [ 23.908247] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.908278] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.908307] ? finish_task_switch.isra.0+0x153/0x700 [ 23.908333] ? __switch_to+0x47/0xf80 [ 23.908367] ? __schedule+0x10cc/0x2b60 [ 23.908395] ? __pfx_read_tsc+0x10/0x10 [ 23.908426] krealloc_large_less_oob+0x1c/0x30 [ 23.908453] kunit_try_run_case+0x1a5/0x480 [ 23.908483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.908509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.908549] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.908576] ? __kthread_parkme+0x82/0x180 [ 23.908656] ? preempt_count_sub+0x50/0x80 [ 23.908686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.908714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.908752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.908783] kthread+0x337/0x6f0 [ 23.908807] ? trace_preempt_on+0x20/0xc0 [ 23.908838] ? __pfx_kthread+0x10/0x10 [ 23.908863] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.908893] ? calculate_sigpending+0x7b/0xa0 [ 23.908921] ? __pfx_kthread+0x10/0x10 [ 23.908948] ret_from_fork+0x116/0x1d0 [ 23.908972] ? __pfx_kthread+0x10/0x10 [ 23.908997] ret_from_fork_asm+0x1a/0x30 [ 23.909038] </TASK> [ 23.909052] [ 23.916378] The buggy address belongs to the physical page: [ 23.916735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940 [ 23.917380] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.917699] flags: 0x200000000000040(head|node=0|zone=2) [ 23.917929] page_type: f8(unknown) [ 23.918100] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.918405] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.918652] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.918910] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.919249] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff [ 23.919720] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.920028] page dumped because: kasan: bad access detected [ 23.920199] [ 23.920266] Memory state around the buggy address: [ 23.920437] ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.921012] ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.921339] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.921692] ^ [ 23.921916] ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.922195] ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.922495] ================================================================== [ 23.955485] ================================================================== [ 23.956375] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.956960] Write of size 1 at addr ffff8881049420ea by task kunit_try_catch/210 [ 23.957275] [ 23.957361] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.957407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.957421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.957442] Call Trace: [ 23.957457] <TASK> [ 23.957472] dump_stack_lvl+0x73/0xb0 [ 23.957504] print_report+0xd1/0x610 [ 23.957545] ? __virt_addr_valid+0x1db/0x2d0 [ 23.957572] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.957618] ? kasan_addr_to_slab+0x11/0xa0 [ 23.957643] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.957672] kasan_report+0x141/0x180 [ 23.957699] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.957734] __asan_report_store1_noabort+0x1b/0x30 [ 23.957763] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.957795] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.957824] ? finish_task_switch.isra.0+0x153/0x700 [ 23.957849] ? __switch_to+0x47/0xf80 [ 23.957881] ? __schedule+0x10cc/0x2b60 [ 23.957907] ? __pfx_read_tsc+0x10/0x10 [ 23.957937] krealloc_large_less_oob+0x1c/0x30 [ 23.957964] kunit_try_run_case+0x1a5/0x480 [ 23.957992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.958018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.958045] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.958072] ? __kthread_parkme+0x82/0x180 [ 23.958096] ? preempt_count_sub+0x50/0x80 [ 23.958125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.958153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.958183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.958214] kthread+0x337/0x6f0 [ 23.958238] ? trace_preempt_on+0x20/0xc0 [ 23.958266] ? __pfx_kthread+0x10/0x10 [ 23.958291] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.958320] ? calculate_sigpending+0x7b/0xa0 [ 23.958349] ? __pfx_kthread+0x10/0x10 [ 23.958375] ret_from_fork+0x116/0x1d0 [ 23.958399] ? __pfx_kthread+0x10/0x10 [ 23.958424] ret_from_fork_asm+0x1a/0x30 [ 23.958468] </TASK> [ 23.958480] [ 23.965543] The buggy address belongs to the physical page: [ 23.966049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940 [ 23.966402] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.966893] flags: 0x200000000000040(head|node=0|zone=2) [ 23.967118] page_type: f8(unknown) [ 23.967244] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.967473] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.968161] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.968532] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.968916] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff [ 23.969238] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.969535] page dumped because: kasan: bad access detected [ 23.969857] [ 23.969945] Memory state around the buggy address: [ 23.970147] ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.970404] ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.970886] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.971155] ^ [ 23.971405] ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.971819] ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.972065] ================================================================== [ 23.762338] ================================================================== [ 23.762699] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.763350] Write of size 1 at addr ffff8881009a90d0 by task kunit_try_catch/206 [ 23.763995] [ 23.764089] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.764153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.764165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.764208] Call Trace: [ 23.764223] <TASK> [ 23.764238] dump_stack_lvl+0x73/0xb0 [ 23.764277] print_report+0xd1/0x610 [ 23.764299] ? __virt_addr_valid+0x1db/0x2d0 [ 23.764321] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.764344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.764369] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.764423] kasan_report+0x141/0x180 [ 23.764444] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.764501] __asan_report_store1_noabort+0x1b/0x30 [ 23.764543] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.764568] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.764632] ? finish_task_switch.isra.0+0x153/0x700 [ 23.764911] ? __switch_to+0x47/0xf80 [ 23.764937] ? __schedule+0x10cc/0x2b60 [ 23.764959] ? __pfx_read_tsc+0x10/0x10 [ 23.764983] krealloc_less_oob+0x1c/0x30 [ 23.765004] kunit_try_run_case+0x1a5/0x480 [ 23.765027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.765047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.765069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.765091] ? __kthread_parkme+0x82/0x180 [ 23.765111] ? preempt_count_sub+0x50/0x80 [ 23.765133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.765156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.765181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.765207] kthread+0x337/0x6f0 [ 23.765226] ? trace_preempt_on+0x20/0xc0 [ 23.765248] ? __pfx_kthread+0x10/0x10 [ 23.765268] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.765292] ? calculate_sigpending+0x7b/0xa0 [ 23.765315] ? __pfx_kthread+0x10/0x10 [ 23.765336] ret_from_fork+0x116/0x1d0 [ 23.765354] ? __pfx_kthread+0x10/0x10 [ 23.765374] ret_from_fork_asm+0x1a/0x30 [ 23.765405] </TASK> [ 23.765415] [ 23.777694] Allocated by task 206: [ 23.777817] kasan_save_stack+0x45/0x70 [ 23.778280] kasan_save_track+0x18/0x40 [ 23.778706] kasan_save_alloc_info+0x3b/0x50 [ 23.779136] __kasan_krealloc+0x190/0x1f0 [ 23.779655] krealloc_noprof+0xf3/0x340 [ 23.779993] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.780444] krealloc_less_oob+0x1c/0x30 [ 23.780745] kunit_try_run_case+0x1a5/0x480 [ 23.781104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.781279] kthread+0x337/0x6f0 [ 23.781392] ret_from_fork+0x116/0x1d0 [ 23.781527] ret_from_fork_asm+0x1a/0x30 [ 23.781689] [ 23.781798] The buggy address belongs to the object at ffff8881009a9000 [ 23.781798] which belongs to the cache kmalloc-256 of size 256 [ 23.782307] The buggy address is located 7 bytes to the right of [ 23.782307] allocated 201-byte region [ffff8881009a9000, ffff8881009a90c9) [ 23.782858] [ 23.782944] The buggy address belongs to the physical page: [ 23.783168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1009a8 [ 23.783443] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.783921] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.784431] page_type: f5(slab) [ 23.784653] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.784964] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.785277] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.785746] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.786281] head: 0200000000000001 ffffea0004026a01 00000000ffffffff 00000000ffffffff [ 23.786840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.787068] page dumped because: kasan: bad access detected [ 23.787231] [ 23.787294] Memory state around the buggy address: [ 23.787440] ffff8881009a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.787667] ffff8881009a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.788263] >ffff8881009a9080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.788511] ^ [ 23.789130] ffff8881009a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789564] ffff8881009a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789983] ================================================================== [ 23.939266] ================================================================== [ 23.939487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.939955] Write of size 1 at addr ffff8881049420da by task kunit_try_catch/210 [ 23.940402] [ 23.940488] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.940544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.940557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.940577] Call Trace: [ 23.940592] <TASK> [ 23.940607] dump_stack_lvl+0x73/0xb0 [ 23.940637] print_report+0xd1/0x610 [ 23.940664] ? __virt_addr_valid+0x1db/0x2d0 [ 23.940692] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.940719] ? kasan_addr_to_slab+0x11/0xa0 [ 23.940744] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.940772] kasan_report+0x141/0x180 [ 23.940798] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.940833] __asan_report_store1_noabort+0x1b/0x30 [ 23.940862] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.940892] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.940920] ? finish_task_switch.isra.0+0x153/0x700 [ 23.941013] ? __switch_to+0x47/0xf80 [ 23.941046] ? __schedule+0x10cc/0x2b60 [ 23.941073] ? __pfx_read_tsc+0x10/0x10 [ 23.941103] krealloc_large_less_oob+0x1c/0x30 [ 23.941131] kunit_try_run_case+0x1a5/0x480 [ 23.941159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.941185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.941211] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.941238] ? __kthread_parkme+0x82/0x180 [ 23.941263] ? preempt_count_sub+0x50/0x80 [ 23.941292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.941320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.941350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.941381] kthread+0x337/0x6f0 [ 23.941405] ? trace_preempt_on+0x20/0xc0 [ 23.941432] ? __pfx_kthread+0x10/0x10 [ 23.941458] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.941486] ? calculate_sigpending+0x7b/0xa0 [ 23.941514] ? __pfx_kthread+0x10/0x10 [ 23.941554] ret_from_fork+0x116/0x1d0 [ 23.941578] ? __pfx_kthread+0x10/0x10 [ 23.941623] ret_from_fork_asm+0x1a/0x30 [ 23.941663] </TASK> [ 23.941674] [ 23.949101] The buggy address belongs to the physical page: [ 23.949363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104940 [ 23.949729] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.950285] flags: 0x200000000000040(head|node=0|zone=2) [ 23.950769] page_type: f8(unknown) [ 23.950901] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.951207] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.951562] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.951984] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.952301] head: 0200000000000002 ffffea0004125001 00000000ffffffff 00000000ffffffff [ 23.952645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.952919] page dumped because: kasan: bad access detected [ 23.953090] [ 23.953157] Memory state around the buggy address: [ 23.953312] ffff888104941f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.953576] ffff888104942000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.954094] >ffff888104942080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.954405] ^ [ 23.954685] ffff888104942100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.954944] ffff888104942180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.955152] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.882481] ================================================================== [ 23.883380] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.884063] Write of size 1 at addr ffff8881061120f0 by task kunit_try_catch/208 [ 23.884303] [ 23.884386] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.884430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.884442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.884461] Call Trace: [ 23.884474] <TASK> [ 23.884489] dump_stack_lvl+0x73/0xb0 [ 23.884530] print_report+0xd1/0x610 [ 23.884553] ? __virt_addr_valid+0x1db/0x2d0 [ 23.884577] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.884599] ? kasan_addr_to_slab+0x11/0xa0 [ 23.884619] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.884642] kasan_report+0x141/0x180 [ 23.884665] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.884693] __asan_report_store1_noabort+0x1b/0x30 [ 23.884717] krealloc_more_oob_helper+0x7eb/0x930 [ 23.884739] ? __schedule+0x10cc/0x2b60 [ 23.884760] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.884784] ? finish_task_switch.isra.0+0x153/0x700 [ 23.884805] ? __switch_to+0x47/0xf80 [ 23.884831] ? __schedule+0x10cc/0x2b60 [ 23.884851] ? __pfx_read_tsc+0x10/0x10 [ 23.884876] krealloc_large_more_oob+0x1c/0x30 [ 23.884898] kunit_try_run_case+0x1a5/0x480 [ 23.884985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.885031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.885053] ? __kthread_parkme+0x82/0x180 [ 23.885073] ? preempt_count_sub+0x50/0x80 [ 23.885096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.885118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.885144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.885170] kthread+0x337/0x6f0 [ 23.885189] ? trace_preempt_on+0x20/0xc0 [ 23.885212] ? __pfx_kthread+0x10/0x10 [ 23.885232] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.885256] ? calculate_sigpending+0x7b/0xa0 [ 23.885279] ? __pfx_kthread+0x10/0x10 [ 23.885300] ret_from_fork+0x116/0x1d0 [ 23.885320] ? __pfx_kthread+0x10/0x10 [ 23.885340] ret_from_fork_asm+0x1a/0x30 [ 23.885371] </TASK> [ 23.885382] [ 23.895843] The buggy address belongs to the physical page: [ 23.896056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106110 [ 23.896362] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.896648] flags: 0x200000000000040(head|node=0|zone=2) [ 23.897261] page_type: f8(unknown) [ 23.897394] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.897634] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.897943] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.898278] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.898786] head: 0200000000000002 ffffea0004184401 00000000ffffffff 00000000ffffffff [ 23.899031] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.899285] page dumped because: kasan: bad access detected [ 23.899544] [ 23.899697] Memory state around the buggy address: [ 23.899924] ffff888106111f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.900233] ffff888106112000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.900793] >ffff888106112080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.901069] ^ [ 23.901327] ffff888106112100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.901659] ffff888106112180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.901898] ================================================================== [ 23.702440] ================================================================== [ 23.702767] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.703269] Write of size 1 at addr ffff888104b460f0 by task kunit_try_catch/204 [ 23.703601] [ 23.703708] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.703769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.703783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.703805] Call Trace: [ 23.703820] <TASK> [ 23.703836] dump_stack_lvl+0x73/0xb0 [ 23.703868] print_report+0xd1/0x610 [ 23.703895] ? __virt_addr_valid+0x1db/0x2d0 [ 23.703923] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.703950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.703981] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.704010] kasan_report+0x141/0x180 [ 23.704037] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.704073] __asan_report_store1_noabort+0x1b/0x30 [ 23.704101] krealloc_more_oob_helper+0x7eb/0x930 [ 23.704128] ? __schedule+0x10cc/0x2b60 [ 23.704155] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.704184] ? finish_task_switch.isra.0+0x153/0x700 [ 23.704209] ? __switch_to+0x47/0xf80 [ 23.704241] ? __schedule+0x10cc/0x2b60 [ 23.704267] ? __pfx_read_tsc+0x10/0x10 [ 23.704503] krealloc_more_oob+0x1c/0x30 [ 23.704551] kunit_try_run_case+0x1a5/0x480 [ 23.704743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.704776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.704804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.704850] ? __kthread_parkme+0x82/0x180 [ 23.704875] ? preempt_count_sub+0x50/0x80 [ 23.704904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.704932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.704962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.704993] kthread+0x337/0x6f0 [ 23.705019] ? trace_preempt_on+0x20/0xc0 [ 23.705048] ? __pfx_kthread+0x10/0x10 [ 23.705074] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.705294] ? calculate_sigpending+0x7b/0xa0 [ 23.705337] ? __pfx_kthread+0x10/0x10 [ 23.705365] ret_from_fork+0x116/0x1d0 [ 23.705389] ? __pfx_kthread+0x10/0x10 [ 23.705414] ret_from_fork_asm+0x1a/0x30 [ 23.705453] </TASK> [ 23.705465] [ 23.713923] Allocated by task 204: [ 23.714048] kasan_save_stack+0x45/0x70 [ 23.714192] kasan_save_track+0x18/0x40 [ 23.714323] kasan_save_alloc_info+0x3b/0x50 [ 23.714472] __kasan_krealloc+0x190/0x1f0 [ 23.714718] krealloc_noprof+0xf3/0x340 [ 23.715242] krealloc_more_oob_helper+0x1a9/0x930 [ 23.715474] krealloc_more_oob+0x1c/0x30 [ 23.715823] kunit_try_run_case+0x1a5/0x480 [ 23.716029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.716348] kthread+0x337/0x6f0 [ 23.716541] ret_from_fork+0x116/0x1d0 [ 23.716790] ret_from_fork_asm+0x1a/0x30 [ 23.717017] [ 23.717125] The buggy address belongs to the object at ffff888104b46000 [ 23.717125] which belongs to the cache kmalloc-256 of size 256 [ 23.717676] The buggy address is located 5 bytes to the right of [ 23.717676] allocated 235-byte region [ffff888104b46000, ffff888104b460eb) [ 23.718138] [ 23.718203] The buggy address belongs to the physical page: [ 23.718369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b46 [ 23.718775] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.719056] flags: 0x200000000000040(head|node=0|zone=2) [ 23.719283] page_type: f5(slab) [ 23.719429] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.719765] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.720064] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.720370] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.721474] head: 0200000000000001 ffffea000412d181 00000000ffffffff 00000000ffffffff [ 23.721815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.722129] page dumped because: kasan: bad access detected [ 23.722366] [ 23.722472] Memory state around the buggy address: [ 23.722877] ffff888104b45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.723216] ffff888104b46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.723506] >ffff888104b46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.723906] ^ [ 23.724217] ffff888104b46100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.724534] ffff888104b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.724923] ================================================================== [ 23.861428] ================================================================== [ 23.862502] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.863166] Write of size 1 at addr ffff8881061120eb by task kunit_try_catch/208 [ 23.863849] [ 23.864081] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.864147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.864160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.864179] Call Trace: [ 23.864191] <TASK> [ 23.864207] dump_stack_lvl+0x73/0xb0 [ 23.864235] print_report+0xd1/0x610 [ 23.864258] ? __virt_addr_valid+0x1db/0x2d0 [ 23.864280] ? krealloc_more_oob_helper+0x821/0x930 [ 23.864303] ? kasan_addr_to_slab+0x11/0xa0 [ 23.864323] ? krealloc_more_oob_helper+0x821/0x930 [ 23.864346] kasan_report+0x141/0x180 [ 23.864368] ? krealloc_more_oob_helper+0x821/0x930 [ 23.864396] __asan_report_store1_noabort+0x1b/0x30 [ 23.864420] krealloc_more_oob_helper+0x821/0x930 [ 23.864442] ? __schedule+0x10cc/0x2b60 [ 23.864463] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.864487] ? finish_task_switch.isra.0+0x153/0x700 [ 23.864508] ? __switch_to+0x47/0xf80 [ 23.864545] ? __schedule+0x10cc/0x2b60 [ 23.864566] ? __pfx_read_tsc+0x10/0x10 [ 23.864655] krealloc_large_more_oob+0x1c/0x30 [ 23.864679] kunit_try_run_case+0x1a5/0x480 [ 23.864702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.864723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.864745] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.864767] ? __kthread_parkme+0x82/0x180 [ 23.864787] ? preempt_count_sub+0x50/0x80 [ 23.864809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.864832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.864857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.864883] kthread+0x337/0x6f0 [ 23.864902] ? trace_preempt_on+0x20/0xc0 [ 23.864925] ? __pfx_kthread+0x10/0x10 [ 23.864945] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.864969] ? calculate_sigpending+0x7b/0xa0 [ 23.864992] ? __pfx_kthread+0x10/0x10 [ 23.865013] ret_from_fork+0x116/0x1d0 [ 23.865032] ? __pfx_kthread+0x10/0x10 [ 23.865052] ret_from_fork_asm+0x1a/0x30 [ 23.865083] </TASK> [ 23.865094] [ 23.874601] The buggy address belongs to the physical page: [ 23.874952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106110 [ 23.875345] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.875643] flags: 0x200000000000040(head|node=0|zone=2) [ 23.875861] page_type: f8(unknown) [ 23.876296] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.876672] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.877147] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.877384] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.877935] head: 0200000000000002 ffffea0004184401 00000000ffffffff 00000000ffffffff [ 23.878307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.878770] page dumped because: kasan: bad access detected [ 23.878944] [ 23.879033] Memory state around the buggy address: [ 23.879292] ffff888106111f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.879689] ffff888106112000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.879911] >ffff888106112080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.880226] ^ [ 23.880507] ffff888106112100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.880967] ffff888106112180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.881220] ================================================================== [ 23.680145] ================================================================== [ 23.680861] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.681167] Write of size 1 at addr ffff888104b460eb by task kunit_try_catch/204 [ 23.681528] [ 23.681860] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.681917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.681957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.681979] Call Trace: [ 23.681993] <TASK> [ 23.682009] dump_stack_lvl+0x73/0xb0 [ 23.682063] print_report+0xd1/0x610 [ 23.682091] ? __virt_addr_valid+0x1db/0x2d0 [ 23.682119] ? krealloc_more_oob_helper+0x821/0x930 [ 23.682147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.682178] ? krealloc_more_oob_helper+0x821/0x930 [ 23.682207] kasan_report+0x141/0x180 [ 23.682234] ? krealloc_more_oob_helper+0x821/0x930 [ 23.682269] __asan_report_store1_noabort+0x1b/0x30 [ 23.682297] krealloc_more_oob_helper+0x821/0x930 [ 23.682324] ? __schedule+0x10cc/0x2b60 [ 23.682350] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.682379] ? finish_task_switch.isra.0+0x153/0x700 [ 23.682405] ? __switch_to+0x47/0xf80 [ 23.682438] ? __schedule+0x10cc/0x2b60 [ 23.682473] ? __pfx_read_tsc+0x10/0x10 [ 23.682503] krealloc_more_oob+0x1c/0x30 [ 23.682539] kunit_try_run_case+0x1a5/0x480 [ 23.682568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.682595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.682622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.682649] ? __kthread_parkme+0x82/0x180 [ 23.682674] ? preempt_count_sub+0x50/0x80 [ 23.682774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.682803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.682834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.682865] kthread+0x337/0x6f0 [ 23.682890] ? trace_preempt_on+0x20/0xc0 [ 23.682918] ? __pfx_kthread+0x10/0x10 [ 23.682944] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.682973] ? calculate_sigpending+0x7b/0xa0 [ 23.683001] ? __pfx_kthread+0x10/0x10 [ 23.683028] ret_from_fork+0x116/0x1d0 [ 23.683051] ? __pfx_kthread+0x10/0x10 [ 23.683077] ret_from_fork_asm+0x1a/0x30 [ 23.683117] </TASK> [ 23.683129] [ 23.691390] Allocated by task 204: [ 23.691625] kasan_save_stack+0x45/0x70 [ 23.691885] kasan_save_track+0x18/0x40 [ 23.692076] kasan_save_alloc_info+0x3b/0x50 [ 23.692262] __kasan_krealloc+0x190/0x1f0 [ 23.692475] krealloc_noprof+0xf3/0x340 [ 23.692727] krealloc_more_oob_helper+0x1a9/0x930 [ 23.692966] krealloc_more_oob+0x1c/0x30 [ 23.693158] kunit_try_run_case+0x1a5/0x480 [ 23.693363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.693652] kthread+0x337/0x6f0 [ 23.693889] ret_from_fork+0x116/0x1d0 [ 23.694061] ret_from_fork_asm+0x1a/0x30 [ 23.694335] [ 23.694429] The buggy address belongs to the object at ffff888104b46000 [ 23.694429] which belongs to the cache kmalloc-256 of size 256 [ 23.695043] The buggy address is located 0 bytes to the right of [ 23.695043] allocated 235-byte region [ffff888104b46000, ffff888104b460eb) [ 23.695562] [ 23.695657] The buggy address belongs to the physical page: [ 23.696014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104b46 [ 23.696346] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.696576] flags: 0x200000000000040(head|node=0|zone=2) [ 23.696745] page_type: f5(slab) [ 23.696904] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.697231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.697600] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 23.697985] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.698211] head: 0200000000000001 ffffea000412d181 00000000ffffffff 00000000ffffffff [ 23.698432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.698966] page dumped because: kasan: bad access detected [ 23.699221] [ 23.699387] Memory state around the buggy address: [ 23.699828] ffff888104b45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.700156] ffff888104b46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.700486] >ffff888104b46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 23.700950] ^ [ 23.701151] ffff888104b46100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.701484] ffff888104b46180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.701827] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 23.659183] ================================================================== [ 23.660000] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 23.660304] Read of size 1 at addr ffff8881061f0000 by task kunit_try_catch/202 [ 23.660651] [ 23.660756] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.660808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.660822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.660844] Call Trace: [ 23.660858] <TASK> [ 23.660876] dump_stack_lvl+0x73/0xb0 [ 23.660912] print_report+0xd1/0x610 [ 23.660940] ? __virt_addr_valid+0x1db/0x2d0 [ 23.660969] ? page_alloc_uaf+0x356/0x3d0 [ 23.660994] ? kasan_addr_to_slab+0x11/0xa0 [ 23.661019] ? page_alloc_uaf+0x356/0x3d0 [ 23.661046] kasan_report+0x141/0x180 [ 23.661073] ? page_alloc_uaf+0x356/0x3d0 [ 23.661106] __asan_report_load1_noabort+0x18/0x20 [ 23.661134] page_alloc_uaf+0x356/0x3d0 [ 23.661160] ? __pfx_page_alloc_uaf+0x10/0x10 [ 23.661188] ? __schedule+0x10cc/0x2b60 [ 23.661214] ? __pfx_read_tsc+0x10/0x10 [ 23.661240] ? ktime_get_ts64+0x86/0x230 [ 23.661271] kunit_try_run_case+0x1a5/0x480 [ 23.661300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.661325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.661352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.661379] ? __kthread_parkme+0x82/0x180 [ 23.661405] ? preempt_count_sub+0x50/0x80 [ 23.661434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.661462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.661493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.661870] kthread+0x337/0x6f0 [ 23.661905] ? trace_preempt_on+0x20/0xc0 [ 23.661935] ? __pfx_kthread+0x10/0x10 [ 23.661960] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.661989] ? calculate_sigpending+0x7b/0xa0 [ 23.662019] ? __pfx_kthread+0x10/0x10 [ 23.662046] ret_from_fork+0x116/0x1d0 [ 23.662070] ? __pfx_kthread+0x10/0x10 [ 23.662096] ret_from_fork_asm+0x1a/0x30 [ 23.662136] </TASK> [ 23.662148] [ 23.669924] The buggy address belongs to the physical page: [ 23.670112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f0 [ 23.670508] flags: 0x200000000000000(node=0|zone=2) [ 23.670766] page_type: f0(buddy) [ 23.671019] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000 [ 23.671555] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 23.671951] page dumped because: kasan: bad access detected [ 23.672268] [ 23.672352] Memory state around the buggy address: [ 23.672576] ffff8881061eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.673049] ffff8881061eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.673344] >ffff8881061f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.673737] ^ [ 23.673907] ffff8881061f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.674213] ffff8881061f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.674487] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 23.628151] ================================================================== [ 23.628691] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 23.628949] Free of addr ffff88810610c001 by task kunit_try_catch/198 [ 23.629197] [ 23.629283] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.629329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.629341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.629361] Call Trace: [ 23.629373] <TASK> [ 23.629389] dump_stack_lvl+0x73/0xb0 [ 23.629418] print_report+0xd1/0x610 [ 23.629442] ? __virt_addr_valid+0x1db/0x2d0 [ 23.629468] ? kasan_addr_to_slab+0x11/0xa0 [ 23.629488] ? kfree+0x274/0x3f0 [ 23.629509] kasan_report_invalid_free+0x10a/0x130 [ 23.629547] ? kfree+0x274/0x3f0 [ 23.629570] ? kfree+0x274/0x3f0 [ 23.629873] __kasan_kfree_large+0x86/0xd0 [ 23.629906] free_large_kmalloc+0x52/0x110 [ 23.629931] kfree+0x274/0x3f0 [ 23.629958] kmalloc_large_invalid_free+0x120/0x2b0 [ 23.629982] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 23.630005] ? __schedule+0x10cc/0x2b60 [ 23.630027] ? __pfx_read_tsc+0x10/0x10 [ 23.630049] ? ktime_get_ts64+0x86/0x230 [ 23.630074] kunit_try_run_case+0x1a5/0x480 [ 23.630098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.630119] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.630141] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.630163] ? __kthread_parkme+0x82/0x180 [ 23.630184] ? preempt_count_sub+0x50/0x80 [ 23.630207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.630229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.630255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.630280] kthread+0x337/0x6f0 [ 23.630299] ? trace_preempt_on+0x20/0xc0 [ 23.630323] ? __pfx_kthread+0x10/0x10 [ 23.630343] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.630367] ? calculate_sigpending+0x7b/0xa0 [ 23.630391] ? __pfx_kthread+0x10/0x10 [ 23.630412] ret_from_fork+0x116/0x1d0 [ 23.630431] ? __pfx_kthread+0x10/0x10 [ 23.630451] ret_from_fork_asm+0x1a/0x30 [ 23.630488] </TASK> [ 23.630499] [ 23.643967] The buggy address belongs to the physical page: [ 23.644199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10610c [ 23.644497] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.645263] flags: 0x200000000000040(head|node=0|zone=2) [ 23.645737] page_type: f8(unknown) [ 23.645953] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.646240] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.646544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.647188] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.647948] head: 0200000000000002 ffffea0004184301 00000000ffffffff 00000000ffffffff [ 23.648339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.649016] page dumped because: kasan: bad access detected [ 23.649499] [ 23.649706] Memory state around the buggy address: [ 23.649902] ffff88810610bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.650171] ffff88810610bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.650439] >ffff88810610c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.651264] ^ [ 23.651502] ffff88810610c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.652130] ffff88810610c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.652748] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 23.604212] ================================================================== [ 23.604851] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 23.605302] Read of size 1 at addr ffff88810493c000 by task kunit_try_catch/196 [ 23.606245] [ 23.606383] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.606615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.606633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.606658] Call Trace: [ 23.606673] <TASK> [ 23.606690] dump_stack_lvl+0x73/0xb0 [ 23.606727] print_report+0xd1/0x610 [ 23.606755] ? __virt_addr_valid+0x1db/0x2d0 [ 23.606783] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.606808] ? kasan_addr_to_slab+0x11/0xa0 [ 23.606834] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.606859] kasan_report+0x141/0x180 [ 23.606886] ? kmalloc_large_uaf+0x2f1/0x340 [ 23.606918] __asan_report_load1_noabort+0x18/0x20 [ 23.606947] kmalloc_large_uaf+0x2f1/0x340 [ 23.606972] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 23.606999] ? __schedule+0x10cc/0x2b60 [ 23.607025] ? __pfx_read_tsc+0x10/0x10 [ 23.607051] ? ktime_get_ts64+0x86/0x230 [ 23.607082] kunit_try_run_case+0x1a5/0x480 [ 23.607111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.607138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.607164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.607191] ? __kthread_parkme+0x82/0x180 [ 23.607216] ? preempt_count_sub+0x50/0x80 [ 23.607245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.607274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.607304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.607335] kthread+0x337/0x6f0 [ 23.607359] ? trace_preempt_on+0x20/0xc0 [ 23.607387] ? __pfx_kthread+0x10/0x10 [ 23.607412] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.607441] ? calculate_sigpending+0x7b/0xa0 [ 23.607470] ? __pfx_kthread+0x10/0x10 [ 23.607497] ret_from_fork+0x116/0x1d0 [ 23.607531] ? __pfx_kthread+0x10/0x10 [ 23.607567] ret_from_fork_asm+0x1a/0x30 [ 23.607609] </TASK> [ 23.607621] [ 23.618484] The buggy address belongs to the physical page: [ 23.619227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10493c [ 23.619741] flags: 0x200000000000000(node=0|zone=2) [ 23.620088] raw: 0200000000000000 ffffea0004125008 ffff88815b039fc0 0000000000000000 [ 23.620534] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 23.621097] page dumped because: kasan: bad access detected [ 23.621507] [ 23.621685] Memory state around the buggy address: [ 23.621866] ffff88810493bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.622193] ffff88810493bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.622503] >ffff88810493c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.623177] ^ [ 23.623467] ffff88810493c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.623984] ffff88810493c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 23.624438] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 23.577692] ================================================================== [ 23.578292] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 23.578783] Write of size 1 at addr ffff88810493e00a by task kunit_try_catch/194 [ 23.579578] [ 23.579971] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.580031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.580045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.580068] Call Trace: [ 23.580084] <TASK> [ 23.580103] dump_stack_lvl+0x73/0xb0 [ 23.580139] print_report+0xd1/0x610 [ 23.580167] ? __virt_addr_valid+0x1db/0x2d0 [ 23.580198] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.580226] ? kasan_addr_to_slab+0x11/0xa0 [ 23.580252] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.580279] kasan_report+0x141/0x180 [ 23.580306] ? kmalloc_large_oob_right+0x2e9/0x330 [ 23.580340] __asan_report_store1_noabort+0x1b/0x30 [ 23.580369] kmalloc_large_oob_right+0x2e9/0x330 [ 23.580396] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 23.580424] ? __schedule+0x10cc/0x2b60 [ 23.580451] ? __pfx_read_tsc+0x10/0x10 [ 23.580478] ? ktime_get_ts64+0x86/0x230 [ 23.580509] kunit_try_run_case+0x1a5/0x480 [ 23.580554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.580663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.580694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.580722] ? __kthread_parkme+0x82/0x180 [ 23.580748] ? preempt_count_sub+0x50/0x80 [ 23.580778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.580806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.580837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.580868] kthread+0x337/0x6f0 [ 23.580892] ? trace_preempt_on+0x20/0xc0 [ 23.580921] ? __pfx_kthread+0x10/0x10 [ 23.580947] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.580976] ? calculate_sigpending+0x7b/0xa0 [ 23.581005] ? __pfx_kthread+0x10/0x10 [ 23.581032] ret_from_fork+0x116/0x1d0 [ 23.581056] ? __pfx_kthread+0x10/0x10 [ 23.581081] ret_from_fork_asm+0x1a/0x30 [ 23.581122] </TASK> [ 23.581134] [ 23.592163] The buggy address belongs to the physical page: [ 23.592420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10493c [ 23.593041] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.593479] flags: 0x200000000000040(head|node=0|zone=2) [ 23.594122] page_type: f8(unknown) [ 23.594303] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.594748] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.595032] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.595389] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.595722] head: 0200000000000002 ffffea0004124f01 00000000ffffffff 00000000ffffffff [ 23.596116] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.596864] page dumped because: kasan: bad access detected [ 23.597082] [ 23.597167] Memory state around the buggy address: [ 23.597545] ffff88810493df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.598063] ffff88810493df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.598479] >ffff88810493e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.599146] ^ [ 23.599301] ffff88810493e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.599866] ffff88810493e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.600222] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 23.548314] ================================================================== [ 23.549306] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 23.550100] Write of size 1 at addr ffff888102b25f00 by task kunit_try_catch/192 [ 23.550461] [ 23.550854] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.550917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.550930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.550950] Call Trace: [ 23.550992] <TASK> [ 23.551008] dump_stack_lvl+0x73/0xb0 [ 23.551038] print_report+0xd1/0x610 [ 23.551061] ? __virt_addr_valid+0x1db/0x2d0 [ 23.551084] ? kmalloc_big_oob_right+0x316/0x370 [ 23.551105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.551131] ? kmalloc_big_oob_right+0x316/0x370 [ 23.551153] kasan_report+0x141/0x180 [ 23.551174] ? kmalloc_big_oob_right+0x316/0x370 [ 23.551201] __asan_report_store1_noabort+0x1b/0x30 [ 23.551225] kmalloc_big_oob_right+0x316/0x370 [ 23.551246] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 23.551269] ? __schedule+0x10cc/0x2b60 [ 23.551290] ? __pfx_read_tsc+0x10/0x10 [ 23.551311] ? ktime_get_ts64+0x86/0x230 [ 23.551335] kunit_try_run_case+0x1a5/0x480 [ 23.551358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.551379] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.551400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.551422] ? __kthread_parkme+0x82/0x180 [ 23.551442] ? preempt_count_sub+0x50/0x80 [ 23.551466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.551488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.551513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.551552] kthread+0x337/0x6f0 [ 23.551571] ? trace_preempt_on+0x20/0xc0 [ 23.551616] ? __pfx_kthread+0x10/0x10 [ 23.551637] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.551660] ? calculate_sigpending+0x7b/0xa0 [ 23.551684] ? __pfx_kthread+0x10/0x10 [ 23.551705] ret_from_fork+0x116/0x1d0 [ 23.551724] ? __pfx_kthread+0x10/0x10 [ 23.551744] ret_from_fork_asm+0x1a/0x30 [ 23.551776] </TASK> [ 23.551786] [ 23.561560] Allocated by task 192: [ 23.561752] kasan_save_stack+0x45/0x70 [ 23.561895] kasan_save_track+0x18/0x40 [ 23.562659] kasan_save_alloc_info+0x3b/0x50 [ 23.562811] __kasan_kmalloc+0xb7/0xc0 [ 23.563161] __kmalloc_cache_noprof+0x189/0x420 [ 23.563377] kmalloc_big_oob_right+0xa9/0x370 [ 23.563574] kunit_try_run_case+0x1a5/0x480 [ 23.563766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.564052] kthread+0x337/0x6f0 [ 23.564879] ret_from_fork+0x116/0x1d0 [ 23.565054] ret_from_fork_asm+0x1a/0x30 [ 23.565236] [ 23.565316] The buggy address belongs to the object at ffff888102b24000 [ 23.565316] which belongs to the cache kmalloc-8k of size 8192 [ 23.566151] The buggy address is located 0 bytes to the right of [ 23.566151] allocated 7936-byte region [ffff888102b24000, ffff888102b25f00) [ 23.566623] [ 23.566915] The buggy address belongs to the physical page: [ 23.567182] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b20 [ 23.567545] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.567983] flags: 0x200000000000040(head|node=0|zone=2) [ 23.568334] page_type: f5(slab) [ 23.568600] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 23.568934] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.569345] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 23.569805] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 23.570209] head: 0200000000000003 ffffea00040ac801 00000000ffffffff 00000000ffffffff [ 23.570661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.570995] page dumped because: kasan: bad access detected [ 23.571328] [ 23.571424] Memory state around the buggy address: [ 23.571838] ffff888102b25e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.572173] ffff888102b25e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.572503] >ffff888102b25f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.572921] ^ [ 23.573100] ffff888102b25f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.573491] ffff888102b26000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.573953] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 23.526694] ================================================================== [ 23.527220] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.527535] Write of size 1 at addr ffff888105654a78 by task kunit_try_catch/190 [ 23.527804] [ 23.527908] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.527952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.528020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.528040] Call Trace: [ 23.528064] <TASK> [ 23.528078] dump_stack_lvl+0x73/0xb0 [ 23.528106] print_report+0xd1/0x610 [ 23.528127] ? __virt_addr_valid+0x1db/0x2d0 [ 23.528149] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.528174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.528200] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.528224] kasan_report+0x141/0x180 [ 23.528246] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.528274] __asan_report_store1_noabort+0x1b/0x30 [ 23.528298] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 23.528322] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.528346] ? __schedule+0x10cc/0x2b60 [ 23.528367] ? __pfx_read_tsc+0x10/0x10 [ 23.528388] ? ktime_get_ts64+0x86/0x230 [ 23.528412] kunit_try_run_case+0x1a5/0x480 [ 23.528468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.528489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.528552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.528665] ? __kthread_parkme+0x82/0x180 [ 23.528684] ? preempt_count_sub+0x50/0x80 [ 23.528719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.528741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.528767] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.528792] kthread+0x337/0x6f0 [ 23.528811] ? trace_preempt_on+0x20/0xc0 [ 23.528833] ? __pfx_kthread+0x10/0x10 [ 23.528853] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.528877] ? calculate_sigpending+0x7b/0xa0 [ 23.528899] ? __pfx_kthread+0x10/0x10 [ 23.528921] ret_from_fork+0x116/0x1d0 [ 23.528939] ? __pfx_kthread+0x10/0x10 [ 23.528959] ret_from_fork_asm+0x1a/0x30 [ 23.528990] </TASK> [ 23.529000] [ 23.536675] Allocated by task 190: [ 23.536850] kasan_save_stack+0x45/0x70 [ 23.537094] kasan_save_track+0x18/0x40 [ 23.537357] kasan_save_alloc_info+0x3b/0x50 [ 23.537699] __kasan_kmalloc+0xb7/0xc0 [ 23.537922] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.538181] kmalloc_track_caller_oob_right+0x19a/0x520 [ 23.538348] kunit_try_run_case+0x1a5/0x480 [ 23.538611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.538881] kthread+0x337/0x6f0 [ 23.539050] ret_from_fork+0x116/0x1d0 [ 23.539254] ret_from_fork_asm+0x1a/0x30 [ 23.539446] [ 23.539544] The buggy address belongs to the object at ffff888105654a00 [ 23.539544] which belongs to the cache kmalloc-128 of size 128 [ 23.539989] The buggy address is located 0 bytes to the right of [ 23.539989] allocated 120-byte region [ffff888105654a00, ffff888105654a78) [ 23.540612] [ 23.540767] The buggy address belongs to the physical page: [ 23.541162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 23.541406] flags: 0x200000000000000(node=0|zone=2) [ 23.541689] page_type: f5(slab) [ 23.541866] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.542258] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.542701] page dumped because: kasan: bad access detected [ 23.542896] [ 23.542958] Memory state around the buggy address: [ 23.543131] ffff888105654900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.543445] ffff888105654980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.543741] >ffff888105654a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.544012] ^ [ 23.544289] ffff888105654a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.544674] ffff888105654b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.545092] ================================================================== [ 23.505015] ================================================================== [ 23.506185] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.506999] Write of size 1 at addr ffff888105654978 by task kunit_try_catch/190 [ 23.507235] [ 23.507324] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.507375] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.507387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.507408] Call Trace: [ 23.507422] <TASK> [ 23.507441] dump_stack_lvl+0x73/0xb0 [ 23.507473] print_report+0xd1/0x610 [ 23.507496] ? __virt_addr_valid+0x1db/0x2d0 [ 23.507555] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.507617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.507645] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.507670] kasan_report+0x141/0x180 [ 23.507692] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.507720] __asan_report_store1_noabort+0x1b/0x30 [ 23.507744] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 23.507768] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.507793] ? __schedule+0x10cc/0x2b60 [ 23.507814] ? __pfx_read_tsc+0x10/0x10 [ 23.507857] ? ktime_get_ts64+0x86/0x230 [ 23.507911] kunit_try_run_case+0x1a5/0x480 [ 23.507936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.507969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.507991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.508012] ? __kthread_parkme+0x82/0x180 [ 23.508033] ? preempt_count_sub+0x50/0x80 [ 23.508056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.508078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.508104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.508129] kthread+0x337/0x6f0 [ 23.508148] ? trace_preempt_on+0x20/0xc0 [ 23.508172] ? __pfx_kthread+0x10/0x10 [ 23.508192] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.508216] ? calculate_sigpending+0x7b/0xa0 [ 23.508240] ? __pfx_kthread+0x10/0x10 [ 23.508261] ret_from_fork+0x116/0x1d0 [ 23.508279] ? __pfx_kthread+0x10/0x10 [ 23.508299] ret_from_fork_asm+0x1a/0x30 [ 23.508331] </TASK> [ 23.508343] [ 23.517626] Allocated by task 190: [ 23.517776] kasan_save_stack+0x45/0x70 [ 23.518070] kasan_save_track+0x18/0x40 [ 23.518206] kasan_save_alloc_info+0x3b/0x50 [ 23.518406] __kasan_kmalloc+0xb7/0xc0 [ 23.518736] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.518925] kmalloc_track_caller_oob_right+0x99/0x520 [ 23.519164] kunit_try_run_case+0x1a5/0x480 [ 23.519438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.519759] kthread+0x337/0x6f0 [ 23.519983] ret_from_fork+0x116/0x1d0 [ 23.520202] ret_from_fork_asm+0x1a/0x30 [ 23.520435] [ 23.520544] The buggy address belongs to the object at ffff888105654900 [ 23.520544] which belongs to the cache kmalloc-128 of size 128 [ 23.521072] The buggy address is located 0 bytes to the right of [ 23.521072] allocated 120-byte region [ffff888105654900, ffff888105654978) [ 23.521843] [ 23.521950] The buggy address belongs to the physical page: [ 23.522216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 23.522503] flags: 0x200000000000000(node=0|zone=2) [ 23.522736] page_type: f5(slab) [ 23.522897] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.523193] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.523493] page dumped because: kasan: bad access detected [ 23.523815] [ 23.523907] Memory state around the buggy address: [ 23.524129] ffff888105654800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.524424] ffff888105654880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.524651] >ffff888105654900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.524950] ^ [ 23.525321] ffff888105654980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525694] ffff888105654a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.525987] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 23.477106] ================================================================== [ 23.477562] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 23.478424] Read of size 1 at addr ffff8881054d7000 by task kunit_try_catch/188 [ 23.479293] [ 23.479430] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.479489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.479505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.479539] Call Trace: [ 23.479557] <TASK> [ 23.479576] dump_stack_lvl+0x73/0xb0 [ 23.479632] print_report+0xd1/0x610 [ 23.479660] ? __virt_addr_valid+0x1db/0x2d0 [ 23.479691] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.479719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.479749] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.479778] kasan_report+0x141/0x180 [ 23.479863] ? kmalloc_node_oob_right+0x369/0x3c0 [ 23.479913] __asan_report_load1_noabort+0x18/0x20 [ 23.479943] kmalloc_node_oob_right+0x369/0x3c0 [ 23.479972] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 23.480001] ? __schedule+0x10cc/0x2b60 [ 23.480028] ? __pfx_read_tsc+0x10/0x10 [ 23.480055] ? ktime_get_ts64+0x86/0x230 [ 23.480087] kunit_try_run_case+0x1a5/0x480 [ 23.480117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.480144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.480172] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.480200] ? __kthread_parkme+0x82/0x180 [ 23.480226] ? preempt_count_sub+0x50/0x80 [ 23.480255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.480283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.480314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.480345] kthread+0x337/0x6f0 [ 23.480369] ? trace_preempt_on+0x20/0xc0 [ 23.480399] ? __pfx_kthread+0x10/0x10 [ 23.480424] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.480453] ? calculate_sigpending+0x7b/0xa0 [ 23.480482] ? __pfx_kthread+0x10/0x10 [ 23.480509] ret_from_fork+0x116/0x1d0 [ 23.480553] ? __pfx_kthread+0x10/0x10 [ 23.480579] ret_from_fork_asm+0x1a/0x30 [ 23.480620] </TASK> [ 23.480633] [ 23.490338] Allocated by task 188: [ 23.490480] kasan_save_stack+0x45/0x70 [ 23.490684] kasan_save_track+0x18/0x40 [ 23.490942] kasan_save_alloc_info+0x3b/0x50 [ 23.491160] __kasan_kmalloc+0xb7/0xc0 [ 23.491305] __kmalloc_cache_node_noprof+0x188/0x420 [ 23.491730] kmalloc_node_oob_right+0xab/0x3c0 [ 23.492012] kunit_try_run_case+0x1a5/0x480 [ 23.492158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.492363] kthread+0x337/0x6f0 [ 23.492591] ret_from_fork+0x116/0x1d0 [ 23.493068] ret_from_fork_asm+0x1a/0x30 [ 23.493274] [ 23.493416] The buggy address belongs to the object at ffff8881054d6000 [ 23.493416] which belongs to the cache kmalloc-4k of size 4096 [ 23.494038] The buggy address is located 0 bytes to the right of [ 23.494038] allocated 4096-byte region [ffff8881054d6000, ffff8881054d7000) [ 23.494789] [ 23.494882] The buggy address belongs to the physical page: [ 23.495247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054d0 [ 23.495967] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.496293] flags: 0x200000000000040(head|node=0|zone=2) [ 23.496664] page_type: f5(slab) [ 23.496850] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 23.497180] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.497534] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 23.497974] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 23.498319] head: 0200000000000003 ffffea0004153401 00000000ffffffff 00000000ffffffff [ 23.498819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 23.499139] page dumped because: kasan: bad access detected [ 23.499411] [ 23.499528] Memory state around the buggy address: [ 23.499812] ffff8881054d6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.500140] ffff8881054d6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.500499] >ffff8881054d7000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.500811] ^ [ 23.501022] ffff8881054d7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.501376] ffff8881054d7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.501773] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 23.440956] ================================================================== [ 23.442443] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 23.443077] Read of size 1 at addr ffff8881058f70ff by task kunit_try_catch/186 [ 23.443315] [ 23.443402] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.443455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.443469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.443490] Call Trace: [ 23.443504] <TASK> [ 23.443534] dump_stack_lvl+0x73/0xb0 [ 23.443568] print_report+0xd1/0x610 [ 23.443601] ? __virt_addr_valid+0x1db/0x2d0 [ 23.443630] ? kmalloc_oob_left+0x361/0x3c0 [ 23.443655] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.443686] ? kmalloc_oob_left+0x361/0x3c0 [ 23.443712] kasan_report+0x141/0x180 [ 23.443739] ? kmalloc_oob_left+0x361/0x3c0 [ 23.443772] __asan_report_load1_noabort+0x18/0x20 [ 23.444216] kmalloc_oob_left+0x361/0x3c0 [ 23.444246] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.444276] ? __schedule+0x10cc/0x2b60 [ 23.444303] ? __pfx_read_tsc+0x10/0x10 [ 23.444328] ? ktime_get_ts64+0x86/0x230 [ 23.444359] kunit_try_run_case+0x1a5/0x480 [ 23.444387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.444413] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.444440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.444466] ? __kthread_parkme+0x82/0x180 [ 23.444491] ? preempt_count_sub+0x50/0x80 [ 23.444533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.444562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.444624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.444657] kthread+0x337/0x6f0 [ 23.444682] ? trace_preempt_on+0x20/0xc0 [ 23.444710] ? __pfx_kthread+0x10/0x10 [ 23.444743] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.444772] ? calculate_sigpending+0x7b/0xa0 [ 23.444800] ? __pfx_kthread+0x10/0x10 [ 23.444827] ret_from_fork+0x116/0x1d0 [ 23.444850] ? __pfx_kthread+0x10/0x10 [ 23.444876] ret_from_fork_asm+0x1a/0x30 [ 23.444915] </TASK> [ 23.444927] [ 23.457367] Allocated by task 26: [ 23.457554] kasan_save_stack+0x45/0x70 [ 23.457909] kasan_save_track+0x18/0x40 [ 23.458092] kasan_save_alloc_info+0x3b/0x50 [ 23.458305] __kasan_kmalloc+0xb7/0xc0 [ 23.458581] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 23.458937] kstrdup+0x3e/0xa0 [ 23.459106] devtmpfs_work_loop+0x96d/0xf30 [ 23.459449] devtmpfsd+0x3b/0x40 [ 23.459708] kthread+0x337/0x6f0 [ 23.459882] ret_from_fork+0x116/0x1d0 [ 23.460175] ret_from_fork_asm+0x1a/0x30 [ 23.460388] [ 23.460483] Freed by task 26: [ 23.460693] kasan_save_stack+0x45/0x70 [ 23.461111] kasan_save_track+0x18/0x40 [ 23.461268] kasan_save_free_info+0x3f/0x60 [ 23.461477] __kasan_slab_free+0x56/0x70 [ 23.461874] kfree+0x222/0x3f0 [ 23.462049] devtmpfs_work_loop+0xacb/0xf30 [ 23.462261] devtmpfsd+0x3b/0x40 [ 23.462434] kthread+0x337/0x6f0 [ 23.462755] ret_from_fork+0x116/0x1d0 [ 23.462935] ret_from_fork_asm+0x1a/0x30 [ 23.463143] [ 23.463245] The buggy address belongs to the object at ffff8881058f70e0 [ 23.463245] which belongs to the cache kmalloc-16 of size 16 [ 23.464247] The buggy address is located 15 bytes to the right of [ 23.464247] allocated 16-byte region [ffff8881058f70e0, ffff8881058f70f0) [ 23.465308] [ 23.465390] The buggy address belongs to the physical page: [ 23.465576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7 [ 23.466414] flags: 0x200000000000000(node=0|zone=2) [ 23.466994] page_type: f5(slab) [ 23.467431] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.467905] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.468605] page dumped because: kasan: bad access detected [ 23.468991] [ 23.469069] Memory state around the buggy address: [ 23.469231] ffff8881058f6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.469450] ffff8881058f7000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.469928] >ffff8881058f7080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.470834] ^ [ 23.471443] ffff8881058f7100: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.472151] ffff8881058f7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.472917] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 23.419487] ================================================================== [ 23.419824] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 23.420209] Read of size 1 at addr ffff8881041b9680 by task kunit_try_catch/184 [ 23.420462] [ 23.420555] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.420604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.420617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.420638] Call Trace: [ 23.420651] <TASK> [ 23.420666] dump_stack_lvl+0x73/0xb0 [ 23.420697] print_report+0xd1/0x610 [ 23.420725] ? __virt_addr_valid+0x1db/0x2d0 [ 23.420754] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420780] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.420810] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420837] kasan_report+0x141/0x180 [ 23.420865] ? kmalloc_oob_right+0x68a/0x7f0 [ 23.420897] __asan_report_load1_noabort+0x18/0x20 [ 23.420926] kmalloc_oob_right+0x68a/0x7f0 [ 23.420954] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.420981] ? __schedule+0x10cc/0x2b60 [ 23.421007] ? __pfx_read_tsc+0x10/0x10 [ 23.421047] ? ktime_get_ts64+0x86/0x230 [ 23.421077] kunit_try_run_case+0x1a5/0x480 [ 23.421105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.421158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.421185] ? __kthread_parkme+0x82/0x180 [ 23.421210] ? preempt_count_sub+0x50/0x80 [ 23.421239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.421268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.421298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.421331] kthread+0x337/0x6f0 [ 23.421355] ? trace_preempt_on+0x20/0xc0 [ 23.421382] ? __pfx_kthread+0x10/0x10 [ 23.421408] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.421437] ? calculate_sigpending+0x7b/0xa0 [ 23.421466] ? __pfx_kthread+0x10/0x10 [ 23.421493] ret_from_fork+0x116/0x1d0 [ 23.421525] ? __pfx_kthread+0x10/0x10 [ 23.421551] ret_from_fork_asm+0x1a/0x30 [ 23.421591] </TASK> [ 23.421602] [ 23.428905] Allocated by task 184: [ 23.429080] kasan_save_stack+0x45/0x70 [ 23.429433] kasan_save_track+0x18/0x40 [ 23.429611] kasan_save_alloc_info+0x3b/0x50 [ 23.429761] __kasan_kmalloc+0xb7/0xc0 [ 23.429893] __kmalloc_cache_noprof+0x189/0x420 [ 23.430048] kmalloc_oob_right+0xa9/0x7f0 [ 23.430437] kunit_try_run_case+0x1a5/0x480 [ 23.430758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.431019] kthread+0x337/0x6f0 [ 23.431190] ret_from_fork+0x116/0x1d0 [ 23.431377] ret_from_fork_asm+0x1a/0x30 [ 23.431548] [ 23.431617] The buggy address belongs to the object at ffff8881041b9600 [ 23.431617] which belongs to the cache kmalloc-128 of size 128 [ 23.432021] The buggy address is located 13 bytes to the right of [ 23.432021] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.432413] [ 23.432504] The buggy address belongs to the physical page: [ 23.432937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.433338] flags: 0x200000000000000(node=0|zone=2) [ 23.433621] page_type: f5(slab) [ 23.433792] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.434112] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.434338] page dumped because: kasan: bad access detected [ 23.434525] [ 23.434617] Memory state around the buggy address: [ 23.434839] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.435161] ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.435539] >ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.435771] ^ [ 23.435884] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.436532] ffff8881041b9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.436906] ================================================================== [ 23.375504] ================================================================== [ 23.376792] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 23.377503] Write of size 1 at addr ffff8881041b9673 by task kunit_try_catch/184 [ 23.378003] [ 23.379062] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.379441] Tainted: [N]=TEST [ 23.379476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.379713] Call Trace: [ 23.379785] <TASK> [ 23.379932] dump_stack_lvl+0x73/0xb0 [ 23.380024] print_report+0xd1/0x610 [ 23.380059] ? __virt_addr_valid+0x1db/0x2d0 [ 23.380092] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.380149] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380175] kasan_report+0x141/0x180 [ 23.380203] ? kmalloc_oob_right+0x6f0/0x7f0 [ 23.380236] __asan_report_store1_noabort+0x1b/0x30 [ 23.380265] kmalloc_oob_right+0x6f0/0x7f0 [ 23.380293] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.380320] ? __schedule+0x10cc/0x2b60 [ 23.380349] ? __pfx_read_tsc+0x10/0x10 [ 23.380376] ? ktime_get_ts64+0x86/0x230 [ 23.380409] kunit_try_run_case+0x1a5/0x480 [ 23.380439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.380465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.380492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.380532] ? __kthread_parkme+0x82/0x180 [ 23.380559] ? preempt_count_sub+0x50/0x80 [ 23.380603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.380631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.380675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.380707] kthread+0x337/0x6f0 [ 23.380733] ? trace_preempt_on+0x20/0xc0 [ 23.380763] ? __pfx_kthread+0x10/0x10 [ 23.380789] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.380818] ? calculate_sigpending+0x7b/0xa0 [ 23.380848] ? __pfx_kthread+0x10/0x10 [ 23.380876] ret_from_fork+0x116/0x1d0 [ 23.380900] ? __pfx_kthread+0x10/0x10 [ 23.380925] ret_from_fork_asm+0x1a/0x30 [ 23.380992] </TASK> [ 23.381059] [ 23.388804] Allocated by task 184: [ 23.389221] kasan_save_stack+0x45/0x70 [ 23.389450] kasan_save_track+0x18/0x40 [ 23.389726] kasan_save_alloc_info+0x3b/0x50 [ 23.389884] __kasan_kmalloc+0xb7/0xc0 [ 23.390018] __kmalloc_cache_noprof+0x189/0x420 [ 23.390240] kmalloc_oob_right+0xa9/0x7f0 [ 23.390440] kunit_try_run_case+0x1a5/0x480 [ 23.390671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.391065] kthread+0x337/0x6f0 [ 23.391197] ret_from_fork+0x116/0x1d0 [ 23.391332] ret_from_fork_asm+0x1a/0x30 [ 23.391514] [ 23.391657] The buggy address belongs to the object at ffff8881041b9600 [ 23.391657] which belongs to the cache kmalloc-128 of size 128 [ 23.392405] The buggy address is located 0 bytes to the right of [ 23.392405] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.393391] [ 23.393665] The buggy address belongs to the physical page: [ 23.394117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.394666] flags: 0x200000000000000(node=0|zone=2) [ 23.395404] page_type: f5(slab) [ 23.396008] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.396336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.396713] page dumped because: kasan: bad access detected [ 23.396991] [ 23.397093] Memory state around the buggy address: [ 23.397888] ffff8881041b9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.398214] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.398566] >ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.398967] ^ [ 23.399288] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.399637] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.399955] ================================================================== [ 23.401038] ================================================================== [ 23.401331] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 23.401860] Write of size 1 at addr ffff8881041b9678 by task kunit_try_catch/184 [ 23.402121] [ 23.402208] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 23.402258] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.402273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.402295] Call Trace: [ 23.402313] <TASK> [ 23.402330] dump_stack_lvl+0x73/0xb0 [ 23.402364] print_report+0xd1/0x610 [ 23.402393] ? __virt_addr_valid+0x1db/0x2d0 [ 23.402421] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.402483] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402511] kasan_report+0x141/0x180 [ 23.402551] ? kmalloc_oob_right+0x6bd/0x7f0 [ 23.402755] __asan_report_store1_noabort+0x1b/0x30 [ 23.402794] kmalloc_oob_right+0x6bd/0x7f0 [ 23.402823] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 23.402851] ? __schedule+0x10cc/0x2b60 [ 23.402877] ? __pfx_read_tsc+0x10/0x10 [ 23.402904] ? ktime_get_ts64+0x86/0x230 [ 23.402934] kunit_try_run_case+0x1a5/0x480 [ 23.402962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.403015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.403042] ? __kthread_parkme+0x82/0x180 [ 23.403067] ? preempt_count_sub+0x50/0x80 [ 23.403096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.403124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.403156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.403187] kthread+0x337/0x6f0 [ 23.403211] ? trace_preempt_on+0x20/0xc0 [ 23.403239] ? __pfx_kthread+0x10/0x10 [ 23.403265] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.403294] ? calculate_sigpending+0x7b/0xa0 [ 23.403322] ? __pfx_kthread+0x10/0x10 [ 23.403349] ret_from_fork+0x116/0x1d0 [ 23.403373] ? __pfx_kthread+0x10/0x10 [ 23.403398] ret_from_fork_asm+0x1a/0x30 [ 23.403438] </TASK> [ 23.403450] [ 23.410696] Allocated by task 184: [ 23.410880] kasan_save_stack+0x45/0x70 [ 23.411081] kasan_save_track+0x18/0x40 [ 23.411228] kasan_save_alloc_info+0x3b/0x50 [ 23.411377] __kasan_kmalloc+0xb7/0xc0 [ 23.411574] __kmalloc_cache_noprof+0x189/0x420 [ 23.411792] kmalloc_oob_right+0xa9/0x7f0 [ 23.412049] kunit_try_run_case+0x1a5/0x480 [ 23.412197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412379] kthread+0x337/0x6f0 [ 23.412558] ret_from_fork+0x116/0x1d0 [ 23.412929] ret_from_fork_asm+0x1a/0x30 [ 23.413131] [ 23.413222] The buggy address belongs to the object at ffff8881041b9600 [ 23.413222] which belongs to the cache kmalloc-128 of size 128 [ 23.413949] The buggy address is located 5 bytes to the right of [ 23.413949] allocated 115-byte region [ffff8881041b9600, ffff8881041b9673) [ 23.414369] [ 23.414439] The buggy address belongs to the physical page: [ 23.414685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 23.415042] flags: 0x200000000000000(node=0|zone=2) [ 23.415363] page_type: f5(slab) [ 23.415629] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.415921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.416192] page dumped because: kasan: bad access detected [ 23.416365] [ 23.416461] Memory state around the buggy address: [ 23.416693] ffff8881041b9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.417114] ffff8881041b9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.417396] >ffff8881041b9600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.417666] ^ [ 23.418200] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.418470] ffff8881041b9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.419019] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 199.335153] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2942 [ 199.336613] Modules linked in: [ 199.336995] CPU: 0 UID: 0 PID: 2942 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 199.338291] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.338950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.339218] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.339431] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 1a 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.340183] RSP: 0000:ffff888104b7fc78 EFLAGS: 00010286 [ 199.340493] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.340944] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbc06299c [ 199.341552] RBP: ffff888104b7fca0 R08: 0000000000000000 R09: ffffed1020d64d00 [ 199.342278] R10: ffff888106b26807 R11: 0000000000000000 R12: ffffffffbc062988 [ 199.342905] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104b7fd38 [ 199.343130] FS: 0000000000000000(0000) GS:ffff88819d015000(0000) knlGS:0000000000000000 [ 199.343393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.343818] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 199.344183] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1542 [ 199.344528] DR3: ffffffffbe0b1543 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.345047] Call Trace: [ 199.345211] <TASK> [ 199.345369] drm_test_rect_calc_vscale+0x108/0x270 [ 199.345783] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.346069] ? __schedule+0x10cc/0x2b60 [ 199.346306] ? __pfx_read_tsc+0x10/0x10 [ 199.346666] ? ktime_get_ts64+0x86/0x230 [ 199.346906] kunit_try_run_case+0x1a5/0x480 [ 199.347149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.347382] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.347640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.347842] ? __kthread_parkme+0x82/0x180 [ 199.348046] ? preempt_count_sub+0x50/0x80 [ 199.348255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.348721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.349000] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.349260] kthread+0x337/0x6f0 [ 199.349507] ? trace_preempt_on+0x20/0xc0 [ 199.349690] ? __pfx_kthread+0x10/0x10 [ 199.350028] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.350397] ? calculate_sigpending+0x7b/0xa0 [ 199.350756] ? __pfx_kthread+0x10/0x10 [ 199.350985] ret_from_fork+0x116/0x1d0 [ 199.351201] ? __pfx_kthread+0x10/0x10 [ 199.351456] ret_from_fork_asm+0x1a/0x30 [ 199.351682] </TASK> [ 199.351900] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.355963] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2944 [ 199.356444] Modules linked in: [ 199.356750] CPU: 1 UID: 0 PID: 2944 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 199.357311] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.357655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.358407] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.358770] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 1a 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.359815] RSP: 0000:ffff888104c0fc78 EFLAGS: 00010286 [ 199.360082] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.360388] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbc0629d4 [ 199.360841] RBP: ffff888104c0fca0 R08: 0000000000000000 R09: ffffed1020fcfd40 [ 199.361145] R10: ffff888107e7ea07 R11: 0000000000000000 R12: ffffffffbc0629c0 [ 199.361450] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104c0fd38 [ 199.361842] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 199.362182] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.362473] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 199.363018] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 199.363384] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.363953] Call Trace: [ 199.364056] <TASK> [ 199.364185] drm_test_rect_calc_vscale+0x108/0x270 [ 199.364433] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.365168] ? __schedule+0x10cc/0x2b60 [ 199.365363] ? __pfx_read_tsc+0x10/0x10 [ 199.365776] ? ktime_get_ts64+0x86/0x230 [ 199.365984] kunit_try_run_case+0x1a5/0x480 [ 199.366287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.366961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.367289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.367700] ? __kthread_parkme+0x82/0x180 [ 199.368096] ? preempt_count_sub+0x50/0x80 [ 199.368446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.368957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.369355] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.369903] kthread+0x337/0x6f0 [ 199.370184] ? trace_preempt_on+0x20/0xc0 [ 199.370393] ? __pfx_kthread+0x10/0x10 [ 199.370692] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.370847] ? calculate_sigpending+0x7b/0xa0 [ 199.371122] ? __pfx_kthread+0x10/0x10 [ 199.371928] ret_from_fork+0x116/0x1d0 [ 199.372351] ? __pfx_kthread+0x10/0x10 [ 199.372512] ret_from_fork_asm+0x1a/0x30 [ 199.372666] </TASK> [ 199.372754] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 199.306422] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2932 [ 199.307142] Modules linked in: [ 199.307349] CPU: 1 UID: 0 PID: 2932 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 199.307974] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.308226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.308589] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.308902] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.309833] RSP: 0000:ffff888104c6fc78 EFLAGS: 00010286 [ 199.310066] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.310332] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbc0629d8 [ 199.310653] RBP: ffff888104c6fca0 R08: 0000000000000000 R09: ffffed1020fcfc80 [ 199.311007] R10: ffff888107e7e407 R11: 0000000000000000 R12: ffffffffbc0629c0 [ 199.311326] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104c6fd38 [ 199.311745] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 199.312028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.312281] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 199.312650] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 199.313019] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.313392] Call Trace: [ 199.313524] <TASK> [ 199.313721] drm_test_rect_calc_hscale+0x108/0x270 [ 199.314165] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.314455] ? __schedule+0x10cc/0x2b60 [ 199.314779] ? __pfx_read_tsc+0x10/0x10 [ 199.314990] ? ktime_get_ts64+0x86/0x230 [ 199.315193] kunit_try_run_case+0x1a5/0x480 [ 199.315445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.315811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.316104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.316303] ? __kthread_parkme+0x82/0x180 [ 199.316508] ? preempt_count_sub+0x50/0x80 [ 199.316774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.316930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.317472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.318106] kthread+0x337/0x6f0 [ 199.318262] ? trace_preempt_on+0x20/0xc0 [ 199.318678] ? __pfx_kthread+0x10/0x10 [ 199.318835] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.319103] ? calculate_sigpending+0x7b/0xa0 [ 199.319381] ? __pfx_kthread+0x10/0x10 [ 199.319727] ret_from_fork+0x116/0x1d0 [ 199.319887] ? __pfx_kthread+0x10/0x10 [ 199.320523] ret_from_fork_asm+0x1a/0x30 [ 199.320923] </TASK> [ 199.321024] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.285035] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2930 [ 199.285381] Modules linked in: [ 199.285535] CPU: 1 UID: 0 PID: 2930 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 199.287090] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.287721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.288655] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.289058] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.289536] RSP: 0000:ffff888104bc7c78 EFLAGS: 00010286 [ 199.289706] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.289902] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbc0629a0 [ 199.290095] RBP: ffff888104bc7ca0 R08: 0000000000000000 R09: ffffed1020fcfc40 [ 199.290285] R10: ffff888107e7e207 R11: 0000000000000000 R12: ffffffffbc062988 [ 199.291034] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888104bc7d38 [ 199.292471] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 199.293540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.294236] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 199.294975] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 199.295736] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.296352] Call Trace: [ 199.296620] <TASK> [ 199.296789] drm_test_rect_calc_hscale+0x108/0x270 [ 199.297199] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.297699] ? __schedule+0x10cc/0x2b60 [ 199.297853] ? __pfx_read_tsc+0x10/0x10 [ 199.297994] ? ktime_get_ts64+0x86/0x230 [ 199.298136] kunit_try_run_case+0x1a5/0x480 [ 199.298284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.298456] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.298655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.298896] ? __kthread_parkme+0x82/0x180 [ 199.299097] ? preempt_count_sub+0x50/0x80 [ 199.299315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.299659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.299856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.300271] kthread+0x337/0x6f0 [ 199.300481] ? trace_preempt_on+0x20/0xc0 [ 199.300742] ? __pfx_kthread+0x10/0x10 [ 199.300916] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.301135] ? calculate_sigpending+0x7b/0xa0 [ 199.301321] ? __pfx_kthread+0x10/0x10 [ 199.301551] ret_from_fork+0x116/0x1d0 [ 199.301720] ? __pfx_kthread+0x10/0x10 [ 199.301966] ret_from_fork_asm+0x1a/0x30 [ 199.302192] </TASK> [ 199.302301] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 198.517365] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 198.517460] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2735 [ 198.518364] Modules linked in: [ 198.518709] CPU: 1 UID: 0 PID: 2735 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 198.519172] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.519422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.519809] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 198.520072] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ed c5 81 00 48 c7 c1 c0 68 01 bc 4c 89 f2 48 c7 c7 e0 64 01 bc 48 89 c6 e8 e4 d1 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 198.520790] RSP: 0000:ffff888102f97d18 EFLAGS: 00010286 [ 198.521091] RAX: 0000000000000000 RBX: ffff888105e81000 RCX: 1ffffffff79a4a84 [ 198.521417] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.521745] RBP: ffff888102f97d48 R08: 0000000000000000 R09: fffffbfff79a4a84 [ 198.522022] R10: 0000000000000003 R11: 000000000003ba68 R12: ffff8881042ee000 [ 198.522357] R13: ffff888105e810f8 R14: ffff888106b69000 R15: ffff8881003c7b48 [ 198.522663] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 198.523018] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.523240] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 198.523544] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 198.523836] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.524098] Call Trace: [ 198.524224] <TASK> [ 198.524308] ? trace_preempt_on+0x20/0xc0 [ 198.524609] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 198.524811] drm_gem_shmem_free_wrapper+0x12/0x20 [ 198.525029] __kunit_action_free+0x57/0x70 [ 198.525176] kunit_remove_resource+0x133/0x200 [ 198.525543] ? preempt_count_sub+0x50/0x80 [ 198.526012] kunit_cleanup+0x7a/0x120 [ 198.526216] kunit_try_run_case_cleanup+0xbd/0xf0 [ 198.526457] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 198.526858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.527117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.527354] kthread+0x337/0x6f0 [ 198.527516] ? trace_preempt_on+0x20/0xc0 [ 198.527714] ? __pfx_kthread+0x10/0x10 [ 198.528020] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.528224] ? calculate_sigpending+0x7b/0xa0 [ 198.528424] ? __pfx_kthread+0x10/0x10 [ 198.528575] ret_from_fork+0x116/0x1d0 [ 198.528850] ? __pfx_kthread+0x10/0x10 [ 198.529020] ret_from_fork_asm+0x1a/0x30 [ 198.529170] </TASK> [ 198.529287] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 198.373404] WARNING: drivers/gpu/drm/drm_framebuffer.c:869 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2716 [ 198.374234] Modules linked in: [ 198.374537] CPU: 0 UID: 0 PID: 2716 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 198.375196] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.375506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.376139] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 198.376398] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 198.377438] RSP: 0000:ffff888104247b20 EFLAGS: 00010246 [ 198.377889] RAX: ffff888104247ba8 RBX: ffff888104247c28 RCX: 1ffff11020848f8e [ 198.378267] RDX: dffffc0000000000 RSI: ffff888102fc4000 RDI: ffff888102fc4000 [ 198.378806] RBP: ffff888104247b70 R08: ffff888102fc4000 R09: ffffffffbc0066e0 [ 198.379195] R10: 0000000000000003 R11: 0000000013e0d374 R12: 1ffff11020848f71 [ 198.379515] R13: ffff888104247c70 R14: ffff888104247db8 R15: 0000000000000000 [ 198.380044] FS: 0000000000000000(0000) GS:ffff88819d015000(0000) knlGS:0000000000000000 [ 198.380470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.380923] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 198.381230] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1542 [ 198.381795] DR3: ffffffffbe0b1543 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.382083] Call Trace: [ 198.382211] <TASK> [ 198.382533] ? trace_preempt_on+0x20/0xc0 [ 198.382927] ? add_dr+0xc1/0x1d0 [ 198.383111] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 198.383660] ? add_dr+0x148/0x1d0 [ 198.383954] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 198.384204] ? __drmm_add_action+0x1a4/0x280 [ 198.384659] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.384930] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.385189] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.385455] ? __schedule+0x10cc/0x2b60 [ 198.386067] ? __pfx_read_tsc+0x10/0x10 [ 198.386281] ? ktime_get_ts64+0x86/0x230 [ 198.386465] kunit_try_run_case+0x1a5/0x480 [ 198.387034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.387231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.387731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.388069] ? __kthread_parkme+0x82/0x180 [ 198.388355] ? preempt_count_sub+0x50/0x80 [ 198.388837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.389075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.389325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.390025] kthread+0x337/0x6f0 [ 198.390223] ? trace_preempt_on+0x20/0xc0 [ 198.390447] ? __pfx_kthread+0x10/0x10 [ 198.390627] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.390990] ? calculate_sigpending+0x7b/0xa0 [ 198.391223] ? __pfx_kthread+0x10/0x10 [ 198.391433] ret_from_fork+0x116/0x1d0 [ 198.391586] ? __pfx_kthread+0x10/0x10 [ 198.391948] ret_from_fork_asm+0x1a/0x30 [ 198.392159] </TASK> [ 198.392281] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 198.331121] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 198.331253] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2712 [ 198.332616] Modules linked in: [ 198.332992] CPU: 0 UID: 0 PID: 2712 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 198.334035] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.334224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.334886] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 198.335458] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 ab fd 88 00 48 c7 c1 80 11 00 bc 4c 89 fa 48 c7 c7 e0 11 00 bc 48 89 c6 e8 a2 09 78 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 198.339193] RSP: 0000:ffff8881094cfb68 EFLAGS: 00010282 [ 198.340377] RAX: 0000000000000000 RBX: ffff8881094cfc40 RCX: 1ffffffff79a4a84 [ 198.341059] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.341289] RBP: ffff8881094cfb90 R08: 0000000000000000 R09: fffffbfff79a4a84 [ 198.342347] R10: 0000000000000003 R11: 000000000003a1f0 R12: ffff8881094cfc18 [ 198.343175] R13: ffff888104305000 R14: ffff888102fc2000 R15: ffff888105f2be00 [ 198.343792] FS: 0000000000000000(0000) GS:ffff88819d015000(0000) knlGS:0000000000000000 [ 198.344173] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.344369] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 198.345434] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1542 [ 198.345817] DR3: ffffffffbe0b1543 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.346276] Call Trace: [ 198.346470] <TASK> [ 198.346673] drm_test_framebuffer_free+0x1ab/0x610 [ 198.347079] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 198.347346] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.347899] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.348271] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.348904] ? __schedule+0x10cc/0x2b60 [ 198.349101] ? __pfx_read_tsc+0x10/0x10 [ 198.349310] ? ktime_get_ts64+0x86/0x230 [ 198.349534] kunit_try_run_case+0x1a5/0x480 [ 198.349821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.350061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.350275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.350734] ? __kthread_parkme+0x82/0x180 [ 198.350952] ? preempt_count_sub+0x50/0x80 [ 198.351107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.351383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.351721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.352013] kthread+0x337/0x6f0 [ 198.352199] ? trace_preempt_on+0x20/0xc0 [ 198.352433] ? __pfx_kthread+0x10/0x10 [ 198.352622] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.353018] ? calculate_sigpending+0x7b/0xa0 [ 198.353383] ? __pfx_kthread+0x10/0x10 [ 198.354015] ret_from_fork+0x116/0x1d0 [ 198.354437] ? __pfx_kthread+0x10/0x10 [ 198.354983] ret_from_fork_asm+0x1a/0x30 [ 198.355212] </TASK> [ 198.355347] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 197.032775] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2160 [ 197.033471] Modules linked in: [ 197.033664] CPU: 1 UID: 0 PID: 2160 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 197.034440] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.034954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.035403] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 197.035917] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 197.036909] RSP: 0000:ffff88810972fc90 EFLAGS: 00010246 [ 197.037270] RAX: dffffc0000000000 RBX: ffff8881095bc000 RCX: 0000000000000000 [ 197.037730] RDX: 1ffff110212b7834 RSI: ffffffffb9208b78 RDI: ffff8881095bc1a0 [ 197.038217] RBP: ffff88810972fca0 R08: 1ffff11020078f6a R09: ffffed10212e5f65 [ 197.038645] R10: 0000000000000003 R11: ffffffffb8782c58 R12: 0000000000000000 [ 197.039118] R13: ffff88810972fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 197.039542] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 197.040361] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.040700] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 197.041542] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 197.042546] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.043058] Call Trace: [ 197.044234] <TASK> [ 197.044821] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 197.045664] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 197.045895] ? __schedule+0x10cc/0x2b60 [ 197.046033] ? __pfx_read_tsc+0x10/0x10 [ 197.046168] ? ktime_get_ts64+0x86/0x230 [ 197.046303] kunit_try_run_case+0x1a5/0x480 [ 197.046765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.047225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.048166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.048826] ? __kthread_parkme+0x82/0x180 [ 197.049030] ? preempt_count_sub+0x50/0x80 [ 197.049219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.050055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.050254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.050826] kthread+0x337/0x6f0 [ 197.050954] ? trace_preempt_on+0x20/0xc0 [ 197.051271] ? __pfx_kthread+0x10/0x10 [ 197.051531] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.051678] ? calculate_sigpending+0x7b/0xa0 [ 197.051974] ? __pfx_kthread+0x10/0x10 [ 197.052159] ret_from_fork+0x116/0x1d0 [ 197.052322] ? __pfx_kthread+0x10/0x10 [ 197.052461] ret_from_fork_asm+0x1a/0x30 [ 197.052685] </TASK> [ 197.052803] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 196.959411] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2152 [ 196.960235] Modules linked in: [ 196.960523] CPU: 0 UID: 0 PID: 2152 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 196.961303] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.961751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.962239] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 196.962828] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 196.964037] RSP: 0000:ffff88810972fc90 EFLAGS: 00010246 [ 196.964340] RAX: dffffc0000000000 RBX: ffff888108adc000 RCX: 0000000000000000 [ 196.964718] RDX: 1ffff1102115b834 RSI: ffffffffb9208b78 RDI: ffff888108adc1a0 [ 196.965364] RBP: ffff88810972fca0 R08: 1ffff11020078f6a R09: ffffed10212e5f65 [ 196.966007] R10: 0000000000000003 R11: ffffffffb8782c58 R12: 0000000000000000 [ 196.966229] R13: ffff88810972fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 196.966465] FS: 0000000000000000(0000) GS:ffff88819d015000(0000) knlGS:0000000000000000 [ 196.966774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.967203] CR2: 00007ffff7ffe000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 196.967638] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1542 [ 196.968159] DR3: ffffffffbe0b1543 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.968465] Call Trace: [ 196.968637] <TASK> [ 196.968741] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 196.969206] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 196.969546] ? __schedule+0x10cc/0x2b60 [ 196.969830] ? __pfx_read_tsc+0x10/0x10 [ 196.970046] ? ktime_get_ts64+0x86/0x230 [ 196.970218] kunit_try_run_case+0x1a5/0x480 [ 196.970460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.970644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.970992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 196.971197] ? __kthread_parkme+0x82/0x180 [ 196.971450] ? preempt_count_sub+0x50/0x80 [ 196.971795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.972084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.972348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.972685] kthread+0x337/0x6f0 [ 196.972954] ? trace_preempt_on+0x20/0xc0 [ 196.973165] ? __pfx_kthread+0x10/0x10 [ 196.973377] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.973615] ? calculate_sigpending+0x7b/0xa0 [ 196.973953] ? __pfx_kthread+0x10/0x10 [ 196.974181] ret_from_fork+0x116/0x1d0 [ 196.974377] ? __pfx_kthread+0x10/0x10 [ 196.974564] ret_from_fork_asm+0x1a/0x30 [ 196.974865] </TASK> [ 196.974961] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 123.187572] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/706 [ 123.188008] Modules linked in: [ 123.188331] CPU: 0 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 123.188783] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 123.189230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.189972] RIP: 0010:intlog10+0x2a/0x40 [ 123.190215] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 07 c3 90 02 90 <0f> 0b 90 31 c0 e9 fc c2 90 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 123.190914] RSP: 0000:ffff888105a77cb0 EFLAGS: 00010246 [ 123.191307] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020b4efb4 [ 123.191685] RDX: 1ffffffff77d3448 RSI: 1ffff11020b4efb3 RDI: 0000000000000000 [ 123.192044] RBP: ffff888105a77d60 R08: 0000000000000000 R09: ffffed10205151a0 [ 123.192464] R10: ffff8881028a8d07 R11: 0000000000000000 R12: 1ffff11020b4ef97 [ 123.193004] R13: ffffffffbbe9a240 R14: 0000000000000000 R15: ffff888105a77d38 [ 123.193355] FS: 0000000000000000(0000) GS:ffff88819d015000(0000) knlGS:0000000000000000 [ 123.193913] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.194166] CR2: ffff88815a946fe0 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 123.194492] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1542 [ 123.194903] DR3: ffffffffbe0b1543 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.195270] Call Trace: [ 123.195370] <TASK> [ 123.195489] ? intlog10_test+0xf2/0x220 [ 123.195835] ? __pfx_intlog10_test+0x10/0x10 [ 123.196151] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 123.196441] ? trace_hardirqs_on+0x37/0xe0 [ 123.196662] ? __pfx_read_tsc+0x10/0x10 [ 123.197001] ? ktime_get_ts64+0x86/0x230 [ 123.197307] kunit_try_run_case+0x1a5/0x480 [ 123.197548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.197873] ? queued_spin_lock_slowpath+0x116/0xb40 [ 123.198177] ? __kthread_parkme+0x82/0x180 [ 123.198398] ? preempt_count_sub+0x50/0x80 [ 123.198733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.198996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.199283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.199561] kthread+0x337/0x6f0 [ 123.199751] ? trace_preempt_on+0x20/0xc0 [ 123.200066] ? __pfx_kthread+0x10/0x10 [ 123.200224] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.200474] ? calculate_sigpending+0x7b/0xa0 [ 123.200765] ? __pfx_kthread+0x10/0x10 [ 123.200957] ret_from_fork+0x116/0x1d0 [ 123.201205] ? __pfx_kthread+0x10/0x10 [ 123.201361] ret_from_fork_asm+0x1a/0x30 [ 123.201541] </TASK> [ 123.201840] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 123.144564] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/688 [ 123.144862] Modules linked in: [ 123.145092] CPU: 1 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 123.145776] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 123.146062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 123.146411] RIP: 0010:intlog2+0xdf/0x110 [ 123.146691] Code: e9 bb c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 8f 7a 55 ff 8b 45 e4 eb [ 123.147289] RSP: 0000:ffff88810583fcb0 EFLAGS: 00010246 [ 123.147544] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020b07fb4 [ 123.147892] RDX: 1ffffffff77d349c RSI: 1ffff11020b07fb3 RDI: 0000000000000000 [ 123.148252] RBP: ffff88810583fd60 R08: 0000000000000000 R09: ffffed1020515060 [ 123.148496] R10: ffff8881028a8307 R11: 0000000000000000 R12: 1ffff11020b07f97 [ 123.149230] R13: ffffffffbbe9a4e0 R14: 0000000000000000 R15: ffff88810583fd38 [ 123.149542] FS: 0000000000000000(0000) GS:ffff88819d115000(0000) knlGS:0000000000000000 [ 123.149917] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.150294] CR2: dffffc0000000000 CR3: 00000001216bc000 CR4: 00000000000006f0 [ 123.150898] DR0: ffffffffbe0b1540 DR1: ffffffffbe0b1541 DR2: ffffffffbe0b1543 [ 123.151461] DR3: ffffffffbe0b1545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.151961] Call Trace: [ 123.152102] <TASK> [ 123.152210] ? intlog2_test+0xf2/0x220 [ 123.152773] ? __pfx_intlog2_test+0x10/0x10 [ 123.152957] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 123.153375] ? trace_hardirqs_on+0x37/0xe0 [ 123.153670] ? __pfx_read_tsc+0x10/0x10 [ 123.153950] ? ktime_get_ts64+0x86/0x230 [ 123.154152] kunit_try_run_case+0x1a5/0x480 [ 123.154342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.154535] ? queued_spin_lock_slowpath+0x116/0xb40 [ 123.154800] ? __kthread_parkme+0x82/0x180 [ 123.155050] ? preempt_count_sub+0x50/0x80 [ 123.155257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 123.155488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 123.155727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 123.156116] kthread+0x337/0x6f0 [ 123.156352] ? trace_preempt_on+0x20/0xc0 [ 123.156746] ? __pfx_kthread+0x10/0x10 [ 123.156943] ? _raw_spin_unlock_irq+0x47/0x80 [ 123.157565] ? calculate_sigpending+0x7b/0xa0 [ 123.157732] ? __pfx_kthread+0x10/0x10 [ 123.157866] ret_from_fork+0x116/0x1d0 [ 123.158466] ? __pfx_kthread+0x10/0x10 [ 123.158620] ret_from_fork_asm+0x1a/0x30 [ 123.158767] </TASK> [ 123.158878] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 122.434611] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI