Date
July 16, 2025, 12:11 p.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 25.178893] ================================================================== [ 25.180614] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 25.182094] Read of size 1 at addr ffff888106092358 by task kunit_try_catch/306 [ 25.182995] [ 25.183400] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.183466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.183590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.183620] Call Trace: [ 25.183637] <TASK> [ 25.183662] dump_stack_lvl+0x73/0xb0 [ 25.183699] print_report+0xd1/0x610 [ 25.183724] ? __virt_addr_valid+0x1db/0x2d0 [ 25.183747] ? memcmp+0x1b4/0x1d0 [ 25.183770] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.183797] ? memcmp+0x1b4/0x1d0 [ 25.183818] kasan_report+0x141/0x180 [ 25.183840] ? memcmp+0x1b4/0x1d0 [ 25.183873] __asan_report_load1_noabort+0x18/0x20 [ 25.183898] memcmp+0x1b4/0x1d0 [ 25.183921] kasan_memcmp+0x18f/0x390 [ 25.183942] ? trace_hardirqs_on+0x37/0xe0 [ 25.183966] ? __pfx_kasan_memcmp+0x10/0x10 [ 25.183986] ? finish_task_switch.isra.0+0x153/0x700 [ 25.184009] ? __switch_to+0x47/0xf80 [ 25.184039] ? __pfx_read_tsc+0x10/0x10 [ 25.184062] ? ktime_get_ts64+0x86/0x230 [ 25.184089] kunit_try_run_case+0x1a5/0x480 [ 25.184114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.184160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.184183] ? __kthread_parkme+0x82/0x180 [ 25.184204] ? preempt_count_sub+0x50/0x80 [ 25.184227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.184276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.184313] kthread+0x337/0x6f0 [ 25.184333] ? trace_preempt_on+0x20/0xc0 [ 25.184354] ? __pfx_kthread+0x10/0x10 [ 25.184434] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.184455] ? calculate_sigpending+0x7b/0xa0 [ 25.184493] ? __pfx_kthread+0x10/0x10 [ 25.184514] ret_from_fork+0x116/0x1d0 [ 25.184534] ? __pfx_kthread+0x10/0x10 [ 25.184555] ret_from_fork_asm+0x1a/0x30 [ 25.184587] </TASK> [ 25.184598] [ 25.195944] Allocated by task 306: [ 25.196097] kasan_save_stack+0x45/0x70 [ 25.197267] kasan_save_track+0x18/0x40 [ 25.197666] kasan_save_alloc_info+0x3b/0x50 [ 25.198196] __kasan_kmalloc+0xb7/0xc0 [ 25.198537] __kmalloc_cache_noprof+0x189/0x420 [ 25.198964] kasan_memcmp+0xb7/0x390 [ 25.199101] kunit_try_run_case+0x1a5/0x480 [ 25.199244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.199440] kthread+0x337/0x6f0 [ 25.199559] ret_from_fork+0x116/0x1d0 [ 25.199712] ret_from_fork_asm+0x1a/0x30 [ 25.200358] [ 25.200542] The buggy address belongs to the object at ffff888106092340 [ 25.200542] which belongs to the cache kmalloc-32 of size 32 [ 25.201552] The buggy address is located 0 bytes to the right of [ 25.201552] allocated 24-byte region [ffff888106092340, ffff888106092358) [ 25.202701] [ 25.203072] The buggy address belongs to the physical page: [ 25.203482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106092 [ 25.203863] flags: 0x200000000000000(node=0|zone=2) [ 25.204029] page_type: f5(slab) [ 25.204151] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.204785] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.205463] page dumped because: kasan: bad access detected [ 25.205687] [ 25.205754] Memory state around the buggy address: [ 25.205909] ffff888106092200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.206122] ffff888106092280: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 25.206344] >ffff888106092300: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.206553] ^ [ 25.206826] ffff888106092380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.207153] ffff888106092400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.208196] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 23.796248] ================================================================== [ 23.796803] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 23.797496] Read of size 1 at addr ffff888104a24a00 by task kunit_try_catch/245 [ 23.798140] [ 23.798288] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.798663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.798680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.798701] Call Trace: [ 23.798715] <TASK> [ 23.798732] dump_stack_lvl+0x73/0xb0 [ 23.798764] print_report+0xd1/0x610 [ 23.798785] ? __virt_addr_valid+0x1db/0x2d0 [ 23.798808] ? ksize_uaf+0x5fe/0x6c0 [ 23.798828] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.798860] ? ksize_uaf+0x5fe/0x6c0 [ 23.798901] kasan_report+0x141/0x180 [ 23.798922] ? ksize_uaf+0x5fe/0x6c0 [ 23.798947] __asan_report_load1_noabort+0x18/0x20 [ 23.798970] ksize_uaf+0x5fe/0x6c0 [ 23.798990] ? __pfx_ksize_uaf+0x10/0x10 [ 23.799011] ? __schedule+0x10c6/0x2b60 [ 23.799034] ? __pfx_read_tsc+0x10/0x10 [ 23.799055] ? ktime_get_ts64+0x86/0x230 [ 23.799080] kunit_try_run_case+0x1a5/0x480 [ 23.799104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.799125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.799147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.799169] ? __kthread_parkme+0x82/0x180 [ 23.799188] ? preempt_count_sub+0x50/0x80 [ 23.799211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.799233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.799259] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.799295] kthread+0x337/0x6f0 [ 23.799315] ? trace_preempt_on+0x20/0xc0 [ 23.799337] ? __pfx_kthread+0x10/0x10 [ 23.799357] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.799377] ? calculate_sigpending+0x7b/0xa0 [ 23.799400] ? __pfx_kthread+0x10/0x10 [ 23.799421] ret_from_fork+0x116/0x1d0 [ 23.799439] ? __pfx_kthread+0x10/0x10 [ 23.799458] ret_from_fork_asm+0x1a/0x30 [ 23.799488] </TASK> [ 23.799499] [ 23.810437] Allocated by task 245: [ 23.810789] kasan_save_stack+0x45/0x70 [ 23.810970] kasan_save_track+0x18/0x40 [ 23.811372] kasan_save_alloc_info+0x3b/0x50 [ 23.811654] __kasan_kmalloc+0xb7/0xc0 [ 23.812040] __kmalloc_cache_noprof+0x189/0x420 [ 23.812262] ksize_uaf+0xaa/0x6c0 [ 23.812404] kunit_try_run_case+0x1a5/0x480 [ 23.812868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.813160] kthread+0x337/0x6f0 [ 23.813437] ret_from_fork+0x116/0x1d0 [ 23.813652] ret_from_fork_asm+0x1a/0x30 [ 23.814035] [ 23.814112] Freed by task 245: [ 23.814528] kasan_save_stack+0x45/0x70 [ 23.814781] kasan_save_track+0x18/0x40 [ 23.815134] kasan_save_free_info+0x3f/0x60 [ 23.815359] __kasan_slab_free+0x56/0x70 [ 23.815767] kfree+0x222/0x3f0 [ 23.815952] ksize_uaf+0x12c/0x6c0 [ 23.816479] kunit_try_run_case+0x1a5/0x480 [ 23.816645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.817204] kthread+0x337/0x6f0 [ 23.817381] ret_from_fork+0x116/0x1d0 [ 23.817603] ret_from_fork_asm+0x1a/0x30 [ 23.817797] [ 23.818066] The buggy address belongs to the object at ffff888104a24a00 [ 23.818066] which belongs to the cache kmalloc-128 of size 128 [ 23.818748] The buggy address is located 0 bytes inside of [ 23.818748] freed 128-byte region [ffff888104a24a00, ffff888104a24a80) [ 23.819563] [ 23.819832] The buggy address belongs to the physical page: [ 23.820429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.820871] flags: 0x200000000000000(node=0|zone=2) [ 23.821308] page_type: f5(slab) [ 23.821501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.821997] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.822462] page dumped because: kasan: bad access detected [ 23.822839] [ 23.822924] Memory state around the buggy address: [ 23.823437] ffff888104a24900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.823853] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.824175] >ffff888104a24a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.824505] ^ [ 23.825081] ffff888104a24a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825480] ffff888104a24b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825888] ================================================================== [ 23.769871] ================================================================== [ 23.771439] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 23.772646] Read of size 1 at addr ffff888104a24a00 by task kunit_try_catch/245 [ 23.773788] [ 23.774188] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.774244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.774257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.774426] Call Trace: [ 23.774444] <TASK> [ 23.774463] dump_stack_lvl+0x73/0xb0 [ 23.774564] print_report+0xd1/0x610 [ 23.774588] ? __virt_addr_valid+0x1db/0x2d0 [ 23.774611] ? ksize_uaf+0x19d/0x6c0 [ 23.774630] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.774655] ? ksize_uaf+0x19d/0x6c0 [ 23.774675] kasan_report+0x141/0x180 [ 23.774696] ? ksize_uaf+0x19d/0x6c0 [ 23.774718] ? ksize_uaf+0x19d/0x6c0 [ 23.774738] __kasan_check_byte+0x3d/0x50 [ 23.774759] ksize+0x20/0x60 [ 23.774779] ksize_uaf+0x19d/0x6c0 [ 23.774798] ? __pfx_ksize_uaf+0x10/0x10 [ 23.774819] ? __schedule+0x10c6/0x2b60 [ 23.774842] ? __pfx_read_tsc+0x10/0x10 [ 23.774880] ? ktime_get_ts64+0x86/0x230 [ 23.774905] kunit_try_run_case+0x1a5/0x480 [ 23.774928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.774949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.774971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.774992] ? __kthread_parkme+0x82/0x180 [ 23.775012] ? preempt_count_sub+0x50/0x80 [ 23.775035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.775057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.775083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.775109] kthread+0x337/0x6f0 [ 23.775127] ? trace_preempt_on+0x20/0xc0 [ 23.775150] ? __pfx_kthread+0x10/0x10 [ 23.775170] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.775189] ? calculate_sigpending+0x7b/0xa0 [ 23.775212] ? __pfx_kthread+0x10/0x10 [ 23.775233] ret_from_fork+0x116/0x1d0 [ 23.775251] ? __pfx_kthread+0x10/0x10 [ 23.775271] ret_from_fork_asm+0x1a/0x30 [ 23.775310] </TASK> [ 23.775321] [ 23.783022] Allocated by task 245: [ 23.783205] kasan_save_stack+0x45/0x70 [ 23.783469] kasan_save_track+0x18/0x40 [ 23.783688] kasan_save_alloc_info+0x3b/0x50 [ 23.783996] __kasan_kmalloc+0xb7/0xc0 [ 23.784186] __kmalloc_cache_noprof+0x189/0x420 [ 23.784412] ksize_uaf+0xaa/0x6c0 [ 23.784643] kunit_try_run_case+0x1a5/0x480 [ 23.784801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.785198] kthread+0x337/0x6f0 [ 23.785389] ret_from_fork+0x116/0x1d0 [ 23.785613] ret_from_fork_asm+0x1a/0x30 [ 23.785749] [ 23.785841] Freed by task 245: [ 23.786146] kasan_save_stack+0x45/0x70 [ 23.786404] kasan_save_track+0x18/0x40 [ 23.786641] kasan_save_free_info+0x3f/0x60 [ 23.786956] __kasan_slab_free+0x56/0x70 [ 23.787127] kfree+0x222/0x3f0 [ 23.787317] ksize_uaf+0x12c/0x6c0 [ 23.787490] kunit_try_run_case+0x1a5/0x480 [ 23.787699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.787917] kthread+0x337/0x6f0 [ 23.788071] ret_from_fork+0x116/0x1d0 [ 23.788228] ret_from_fork_asm+0x1a/0x30 [ 23.788419] [ 23.788484] The buggy address belongs to the object at ffff888104a24a00 [ 23.788484] which belongs to the cache kmalloc-128 of size 128 [ 23.788971] The buggy address is located 0 bytes inside of [ 23.788971] freed 128-byte region [ffff888104a24a00, ffff888104a24a80) [ 23.789620] [ 23.789724] The buggy address belongs to the physical page: [ 23.790078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.790355] flags: 0x200000000000000(node=0|zone=2) [ 23.790616] page_type: f5(slab) [ 23.790818] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.791336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.791685] page dumped because: kasan: bad access detected [ 23.791911] [ 23.791979] Memory state around the buggy address: [ 23.792130] ffff888104a24900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.792355] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.792697] >ffff888104a24a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.793129] ^ [ 23.793309] ffff888104a24a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.793659] ffff888104a24b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.794069] ================================================================== [ 23.827120] ================================================================== [ 23.827462] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 23.827887] Read of size 1 at addr ffff888104a24a78 by task kunit_try_catch/245 [ 23.828322] [ 23.828442] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.828930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.828953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.828975] Call Trace: [ 23.828991] <TASK> [ 23.829009] dump_stack_lvl+0x73/0xb0 [ 23.829044] print_report+0xd1/0x610 [ 23.829066] ? __virt_addr_valid+0x1db/0x2d0 [ 23.829091] ? ksize_uaf+0x5e4/0x6c0 [ 23.829111] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.829136] ? ksize_uaf+0x5e4/0x6c0 [ 23.829156] kasan_report+0x141/0x180 [ 23.829177] ? ksize_uaf+0x5e4/0x6c0 [ 23.829201] __asan_report_load1_noabort+0x18/0x20 [ 23.829224] ksize_uaf+0x5e4/0x6c0 [ 23.829244] ? __pfx_ksize_uaf+0x10/0x10 [ 23.829265] ? __schedule+0x10c6/0x2b60 [ 23.829305] ? __pfx_read_tsc+0x10/0x10 [ 23.829327] ? ktime_get_ts64+0x86/0x230 [ 23.829353] kunit_try_run_case+0x1a5/0x480 [ 23.829377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.829399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.829421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.829443] ? __kthread_parkme+0x82/0x180 [ 23.829463] ? preempt_count_sub+0x50/0x80 [ 23.829487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.829509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.829535] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.829578] kthread+0x337/0x6f0 [ 23.829598] ? trace_preempt_on+0x20/0xc0 [ 23.829621] ? __pfx_kthread+0x10/0x10 [ 23.829641] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.829661] ? calculate_sigpending+0x7b/0xa0 [ 23.829685] ? __pfx_kthread+0x10/0x10 [ 23.829706] ret_from_fork+0x116/0x1d0 [ 23.829724] ? __pfx_kthread+0x10/0x10 [ 23.829744] ret_from_fork_asm+0x1a/0x30 [ 23.829775] </TASK> [ 23.829785] [ 23.837487] Allocated by task 245: [ 23.837780] kasan_save_stack+0x45/0x70 [ 23.838041] kasan_save_track+0x18/0x40 [ 23.838216] kasan_save_alloc_info+0x3b/0x50 [ 23.838450] __kasan_kmalloc+0xb7/0xc0 [ 23.838574] __kmalloc_cache_noprof+0x189/0x420 [ 23.838719] ksize_uaf+0xaa/0x6c0 [ 23.838834] kunit_try_run_case+0x1a5/0x480 [ 23.838968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.839353] kthread+0x337/0x6f0 [ 23.839598] ret_from_fork+0x116/0x1d0 [ 23.839818] ret_from_fork_asm+0x1a/0x30 [ 23.840049] [ 23.840159] Freed by task 245: [ 23.840326] kasan_save_stack+0x45/0x70 [ 23.840544] kasan_save_track+0x18/0x40 [ 23.840971] kasan_save_free_info+0x3f/0x60 [ 23.841305] __kasan_slab_free+0x56/0x70 [ 23.841498] kfree+0x222/0x3f0 [ 23.841798] ksize_uaf+0x12c/0x6c0 [ 23.842150] kunit_try_run_case+0x1a5/0x480 [ 23.842312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.842479] kthread+0x337/0x6f0 [ 23.842589] ret_from_fork+0x116/0x1d0 [ 23.842710] ret_from_fork_asm+0x1a/0x30 [ 23.842840] [ 23.842903] The buggy address belongs to the object at ffff888104a24a00 [ 23.842903] which belongs to the cache kmalloc-128 of size 128 [ 23.843478] The buggy address is located 120 bytes inside of [ 23.843478] freed 128-byte region [ffff888104a24a00, ffff888104a24a80) [ 23.844003] [ 23.844097] The buggy address belongs to the physical page: [ 23.844358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.844633] flags: 0x200000000000000(node=0|zone=2) [ 23.844789] page_type: f5(slab) [ 23.845198] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.845599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.845892] page dumped because: kasan: bad access detected [ 23.846194] [ 23.846306] Memory state around the buggy address: [ 23.846541] ffff888104a24900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.846843] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.847217] >ffff888104a24a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.847464] ^ [ 23.847880] ffff888104a24a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.848300] ffff888104a24b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.848834] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 23.737544] ================================================================== [ 23.738107] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.738838] Read of size 1 at addr ffff888104a2497f by task kunit_try_catch/243 [ 23.739428] [ 23.739517] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.739575] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.739587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.739608] Call Trace: [ 23.739627] <TASK> [ 23.739642] dump_stack_lvl+0x73/0xb0 [ 23.739671] print_report+0xd1/0x610 [ 23.739718] ? __virt_addr_valid+0x1db/0x2d0 [ 23.739740] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.739762] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.739786] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.739809] kasan_report+0x141/0x180 [ 23.739829] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.739856] __asan_report_load1_noabort+0x18/0x20 [ 23.739929] ksize_unpoisons_memory+0x7b6/0x9b0 [ 23.739952] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.739974] ? finish_task_switch.isra.0+0x153/0x700 [ 23.739995] ? __switch_to+0x47/0xf80 [ 23.740020] ? __schedule+0x10c6/0x2b60 [ 23.740042] ? __pfx_read_tsc+0x10/0x10 [ 23.740063] ? ktime_get_ts64+0x86/0x230 [ 23.740088] kunit_try_run_case+0x1a5/0x480 [ 23.740111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.740154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.740176] ? __kthread_parkme+0x82/0x180 [ 23.740195] ? preempt_count_sub+0x50/0x80 [ 23.740217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.740264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.740303] kthread+0x337/0x6f0 [ 23.740322] ? trace_preempt_on+0x20/0xc0 [ 23.740344] ? __pfx_kthread+0x10/0x10 [ 23.740364] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.740384] ? calculate_sigpending+0x7b/0xa0 [ 23.740407] ? __pfx_kthread+0x10/0x10 [ 23.740427] ret_from_fork+0x116/0x1d0 [ 23.740446] ? __pfx_kthread+0x10/0x10 [ 23.740465] ret_from_fork_asm+0x1a/0x30 [ 23.740495] </TASK> [ 23.740505] [ 23.753358] Allocated by task 243: [ 23.753485] kasan_save_stack+0x45/0x70 [ 23.753693] kasan_save_track+0x18/0x40 [ 23.754023] kasan_save_alloc_info+0x3b/0x50 [ 23.754473] __kasan_kmalloc+0xb7/0xc0 [ 23.754854] __kmalloc_cache_noprof+0x189/0x420 [ 23.755529] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.755928] kunit_try_run_case+0x1a5/0x480 [ 23.756382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.756875] kthread+0x337/0x6f0 [ 23.757033] ret_from_fork+0x116/0x1d0 [ 23.757426] ret_from_fork_asm+0x1a/0x30 [ 23.757810] [ 23.757955] The buggy address belongs to the object at ffff888104a24900 [ 23.757955] which belongs to the cache kmalloc-128 of size 128 [ 23.758369] The buggy address is located 12 bytes to the right of [ 23.758369] allocated 115-byte region [ffff888104a24900, ffff888104a24973) [ 23.759305] [ 23.759473] The buggy address belongs to the physical page: [ 23.759990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.760724] flags: 0x200000000000000(node=0|zone=2) [ 23.761191] page_type: f5(slab) [ 23.761547] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.762117] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.762510] page dumped because: kasan: bad access detected [ 23.762805] [ 23.762970] Memory state around the buggy address: [ 23.763629] ffff888104a24800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.764399] ffff888104a24880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.764713] >ffff888104a24900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.765379] ^ [ 23.766111] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.766341] ffff888104a24a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.766549] ================================================================== [ 23.673211] ================================================================== [ 23.674791] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 23.675764] Read of size 1 at addr ffff888104a24973 by task kunit_try_catch/243 [ 23.676801] [ 23.677293] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.677463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.677478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.677501] Call Trace: [ 23.677515] <TASK> [ 23.677531] dump_stack_lvl+0x73/0xb0 [ 23.677593] print_report+0xd1/0x610 [ 23.677615] ? __virt_addr_valid+0x1db/0x2d0 [ 23.677640] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.677662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.677687] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.677709] kasan_report+0x141/0x180 [ 23.677730] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 23.677757] __asan_report_load1_noabort+0x18/0x20 [ 23.677779] ksize_unpoisons_memory+0x81c/0x9b0 [ 23.677801] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.677823] ? finish_task_switch.isra.0+0x153/0x700 [ 23.677844] ? __switch_to+0x47/0xf80 [ 23.677888] ? __schedule+0x10c6/0x2b60 [ 23.677910] ? __pfx_read_tsc+0x10/0x10 [ 23.677933] ? ktime_get_ts64+0x86/0x230 [ 23.677959] kunit_try_run_case+0x1a5/0x480 [ 23.677983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.678004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.678026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.678049] ? __kthread_parkme+0x82/0x180 [ 23.678070] ? preempt_count_sub+0x50/0x80 [ 23.678091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.678113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.678138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.678164] kthread+0x337/0x6f0 [ 23.678183] ? trace_preempt_on+0x20/0xc0 [ 23.678206] ? __pfx_kthread+0x10/0x10 [ 23.678226] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.678246] ? calculate_sigpending+0x7b/0xa0 [ 23.678269] ? __pfx_kthread+0x10/0x10 [ 23.678299] ret_from_fork+0x116/0x1d0 [ 23.678317] ? __pfx_kthread+0x10/0x10 [ 23.678337] ret_from_fork_asm+0x1a/0x30 [ 23.678367] </TASK> [ 23.678378] [ 23.692384] Allocated by task 243: [ 23.692929] kasan_save_stack+0x45/0x70 [ 23.693448] kasan_save_track+0x18/0x40 [ 23.693977] kasan_save_alloc_info+0x3b/0x50 [ 23.694501] __kasan_kmalloc+0xb7/0xc0 [ 23.695036] __kmalloc_cache_noprof+0x189/0x420 [ 23.695671] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.696272] kunit_try_run_case+0x1a5/0x480 [ 23.696832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.697664] kthread+0x337/0x6f0 [ 23.698128] ret_from_fork+0x116/0x1d0 [ 23.698580] ret_from_fork_asm+0x1a/0x30 [ 23.698978] [ 23.699244] The buggy address belongs to the object at ffff888104a24900 [ 23.699244] which belongs to the cache kmalloc-128 of size 128 [ 23.700343] The buggy address is located 0 bytes to the right of [ 23.700343] allocated 115-byte region [ffff888104a24900, ffff888104a24973) [ 23.701459] [ 23.701544] The buggy address belongs to the physical page: [ 23.702463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.703356] flags: 0x200000000000000(node=0|zone=2) [ 23.703533] page_type: f5(slab) [ 23.704116] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.705053] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.705302] page dumped because: kasan: bad access detected [ 23.705471] [ 23.705542] Memory state around the buggy address: [ 23.705704] ffff888104a24800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.705936] ffff888104a24880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.706830] >ffff888104a24900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.707121] ^ [ 23.707443] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.708406] ffff888104a24a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.709374] ================================================================== [ 23.710210] ================================================================== [ 23.710716] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.711144] Read of size 1 at addr ffff888104a24978 by task kunit_try_catch/243 [ 23.711453] [ 23.711575] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.711625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.711638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.711658] Call Trace: [ 23.711671] <TASK> [ 23.711688] dump_stack_lvl+0x73/0xb0 [ 23.711718] print_report+0xd1/0x610 [ 23.712080] ? __virt_addr_valid+0x1db/0x2d0 [ 23.712105] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.712127] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.712151] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.712174] kasan_report+0x141/0x180 [ 23.712195] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.712221] __asan_report_load1_noabort+0x18/0x20 [ 23.712244] ksize_unpoisons_memory+0x7e9/0x9b0 [ 23.712267] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 23.712301] ? finish_task_switch.isra.0+0x153/0x700 [ 23.712322] ? __switch_to+0x47/0xf80 [ 23.712347] ? __schedule+0x10c6/0x2b60 [ 23.712370] ? __pfx_read_tsc+0x10/0x10 [ 23.712391] ? ktime_get_ts64+0x86/0x230 [ 23.712415] kunit_try_run_case+0x1a5/0x480 [ 23.712439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.712461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.712483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.712505] ? __kthread_parkme+0x82/0x180 [ 23.712524] ? preempt_count_sub+0x50/0x80 [ 23.712546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.712580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.712605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.712631] kthread+0x337/0x6f0 [ 23.712649] ? trace_preempt_on+0x20/0xc0 [ 23.712672] ? __pfx_kthread+0x10/0x10 [ 23.712692] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.712711] ? calculate_sigpending+0x7b/0xa0 [ 23.712734] ? __pfx_kthread+0x10/0x10 [ 23.712755] ret_from_fork+0x116/0x1d0 [ 23.712773] ? __pfx_kthread+0x10/0x10 [ 23.712793] ret_from_fork_asm+0x1a/0x30 [ 23.712824] </TASK> [ 23.712834] [ 23.723776] Allocated by task 243: [ 23.723908] kasan_save_stack+0x45/0x70 [ 23.724044] kasan_save_track+0x18/0x40 [ 23.724168] kasan_save_alloc_info+0x3b/0x50 [ 23.724381] __kasan_kmalloc+0xb7/0xc0 [ 23.724675] __kmalloc_cache_noprof+0x189/0x420 [ 23.725195] ksize_unpoisons_memory+0xc7/0x9b0 [ 23.725754] kunit_try_run_case+0x1a5/0x480 [ 23.726038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.726474] kthread+0x337/0x6f0 [ 23.726602] ret_from_fork+0x116/0x1d0 [ 23.726994] ret_from_fork_asm+0x1a/0x30 [ 23.727451] [ 23.727645] The buggy address belongs to the object at ffff888104a24900 [ 23.727645] which belongs to the cache kmalloc-128 of size 128 [ 23.728695] The buggy address is located 5 bytes to the right of [ 23.728695] allocated 115-byte region [ffff888104a24900, ffff888104a24973) [ 23.729430] [ 23.729503] The buggy address belongs to the physical page: [ 23.729905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.730923] flags: 0x200000000000000(node=0|zone=2) [ 23.731093] page_type: f5(slab) [ 23.731207] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.731441] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.731928] page dumped because: kasan: bad access detected [ 23.732532] [ 23.732718] Memory state around the buggy address: [ 23.733189] ffff888104a24800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.733869] ffff888104a24880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.734642] >ffff888104a24900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 23.735238] ^ [ 23.735742] ffff888104a24980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.736164] ffff888104a24a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.736815] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 23.646680] ================================================================== [ 23.647248] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 23.647533] Free of addr ffff888101683a20 by task kunit_try_catch/241 [ 23.647796] [ 23.647977] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.648030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.648042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.648062] Call Trace: [ 23.648083] <TASK> [ 23.648100] dump_stack_lvl+0x73/0xb0 [ 23.648129] print_report+0xd1/0x610 [ 23.648151] ? __virt_addr_valid+0x1db/0x2d0 [ 23.648174] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.648198] ? kfree_sensitive+0x2e/0x90 [ 23.648218] kasan_report_invalid_free+0x10a/0x130 [ 23.648241] ? kfree_sensitive+0x2e/0x90 [ 23.648261] ? kfree_sensitive+0x2e/0x90 [ 23.648298] check_slab_allocation+0x101/0x130 [ 23.648319] __kasan_slab_pre_free+0x28/0x40 [ 23.648338] kfree+0xf0/0x3f0 [ 23.648359] ? kfree_sensitive+0x2e/0x90 [ 23.648380] kfree_sensitive+0x2e/0x90 [ 23.648398] kmalloc_double_kzfree+0x19c/0x350 [ 23.648420] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.648442] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.648465] ? trace_hardirqs_on+0x37/0xe0 [ 23.648487] ? __pfx_read_tsc+0x10/0x10 [ 23.648508] ? ktime_get_ts64+0x86/0x230 [ 23.648532] kunit_try_run_case+0x1a5/0x480 [ 23.648554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.648578] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.648601] ? __kthread_parkme+0x82/0x180 [ 23.648620] ? preempt_count_sub+0x50/0x80 [ 23.648642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.648665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.648690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.648715] kthread+0x337/0x6f0 [ 23.648734] ? trace_preempt_on+0x20/0xc0 [ 23.648755] ? __pfx_kthread+0x10/0x10 [ 23.648774] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.648794] ? calculate_sigpending+0x7b/0xa0 [ 23.648817] ? __pfx_kthread+0x10/0x10 [ 23.648837] ret_from_fork+0x116/0x1d0 [ 23.648856] ? __pfx_kthread+0x10/0x10 [ 23.648932] ret_from_fork_asm+0x1a/0x30 [ 23.648962] </TASK> [ 23.648972] [ 23.657201] Allocated by task 241: [ 23.657386] kasan_save_stack+0x45/0x70 [ 23.657588] kasan_save_track+0x18/0x40 [ 23.657893] kasan_save_alloc_info+0x3b/0x50 [ 23.658137] __kasan_kmalloc+0xb7/0xc0 [ 23.658314] __kmalloc_cache_noprof+0x189/0x420 [ 23.658492] kmalloc_double_kzfree+0xa9/0x350 [ 23.658635] kunit_try_run_case+0x1a5/0x480 [ 23.658848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.659096] kthread+0x337/0x6f0 [ 23.659355] ret_from_fork+0x116/0x1d0 [ 23.659489] ret_from_fork_asm+0x1a/0x30 [ 23.659676] [ 23.659760] Freed by task 241: [ 23.659886] kasan_save_stack+0x45/0x70 [ 23.660015] kasan_save_track+0x18/0x40 [ 23.660147] kasan_save_free_info+0x3f/0x60 [ 23.660504] __kasan_slab_free+0x56/0x70 [ 23.660761] kfree+0x222/0x3f0 [ 23.660923] kfree_sensitive+0x67/0x90 [ 23.661130] kmalloc_double_kzfree+0x12b/0x350 [ 23.661328] kunit_try_run_case+0x1a5/0x480 [ 23.661469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.661646] kthread+0x337/0x6f0 [ 23.661758] ret_from_fork+0x116/0x1d0 [ 23.661884] ret_from_fork_asm+0x1a/0x30 [ 23.662071] [ 23.662157] The buggy address belongs to the object at ffff888101683a20 [ 23.662157] which belongs to the cache kmalloc-16 of size 16 [ 23.662682] The buggy address is located 0 bytes inside of [ 23.662682] 16-byte region [ffff888101683a20, ffff888101683a30) [ 23.663357] [ 23.663429] The buggy address belongs to the physical page: [ 23.663688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101683 [ 23.664297] flags: 0x200000000000000(node=0|zone=2) [ 23.664543] page_type: f5(slab) [ 23.664676] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.664995] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.665341] page dumped because: kasan: bad access detected [ 23.665675] [ 23.665758] Memory state around the buggy address: [ 23.666038] ffff888101683900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.666292] ffff888101683980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.666504] >ffff888101683a00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.667148] ^ [ 23.667376] ffff888101683a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.667635] ffff888101683b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.667870] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 23.607355] ================================================================== [ 23.607840] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 23.608699] Read of size 1 at addr ffff888101683a20 by task kunit_try_catch/241 [ 23.609552] [ 23.609801] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.609885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.609898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.609921] Call Trace: [ 23.609934] <TASK> [ 23.609953] dump_stack_lvl+0x73/0xb0 [ 23.609986] print_report+0xd1/0x610 [ 23.610009] ? __virt_addr_valid+0x1db/0x2d0 [ 23.610034] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.610055] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.610080] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.610102] kasan_report+0x141/0x180 [ 23.610123] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.610148] ? kmalloc_double_kzfree+0x19c/0x350 [ 23.610171] __kasan_check_byte+0x3d/0x50 [ 23.610192] kfree_sensitive+0x22/0x90 [ 23.610214] kmalloc_double_kzfree+0x19c/0x350 [ 23.610236] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 23.610303] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 23.610330] ? trace_hardirqs_on+0x37/0xe0 [ 23.610354] ? __pfx_read_tsc+0x10/0x10 [ 23.610376] ? ktime_get_ts64+0x86/0x230 [ 23.610401] kunit_try_run_case+0x1a5/0x480 [ 23.610426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.610451] ? queued_spin_lock_slowpath+0x116/0xb40 [ 23.610474] ? __kthread_parkme+0x82/0x180 [ 23.610495] ? preempt_count_sub+0x50/0x80 [ 23.610518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.610541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.610576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.610602] kthread+0x337/0x6f0 [ 23.610621] ? trace_preempt_on+0x20/0xc0 [ 23.610642] ? __pfx_kthread+0x10/0x10 [ 23.610661] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.610682] ? calculate_sigpending+0x7b/0xa0 [ 23.610706] ? __pfx_kthread+0x10/0x10 [ 23.610726] ret_from_fork+0x116/0x1d0 [ 23.610744] ? __pfx_kthread+0x10/0x10 [ 23.610764] ret_from_fork_asm+0x1a/0x30 [ 23.610795] </TASK> [ 23.610807] [ 23.624861] Allocated by task 241: [ 23.625282] kasan_save_stack+0x45/0x70 [ 23.625829] kasan_save_track+0x18/0x40 [ 23.626297] kasan_save_alloc_info+0x3b/0x50 [ 23.626439] __kasan_kmalloc+0xb7/0xc0 [ 23.626578] __kmalloc_cache_noprof+0x189/0x420 [ 23.627057] kmalloc_double_kzfree+0xa9/0x350 [ 23.627566] kunit_try_run_case+0x1a5/0x480 [ 23.628046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.628606] kthread+0x337/0x6f0 [ 23.628913] ret_from_fork+0x116/0x1d0 [ 23.629103] ret_from_fork_asm+0x1a/0x30 [ 23.629487] [ 23.629660] Freed by task 241: [ 23.630019] kasan_save_stack+0x45/0x70 [ 23.630148] kasan_save_track+0x18/0x40 [ 23.630271] kasan_save_free_info+0x3f/0x60 [ 23.630415] __kasan_slab_free+0x56/0x70 [ 23.630540] kfree+0x222/0x3f0 [ 23.630926] kfree_sensitive+0x67/0x90 [ 23.631257] kmalloc_double_kzfree+0x12b/0x350 [ 23.631851] kunit_try_run_case+0x1a5/0x480 [ 23.632318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.632848] kthread+0x337/0x6f0 [ 23.633134] ret_from_fork+0x116/0x1d0 [ 23.633473] ret_from_fork_asm+0x1a/0x30 [ 23.634070] [ 23.634251] The buggy address belongs to the object at ffff888101683a20 [ 23.634251] which belongs to the cache kmalloc-16 of size 16 [ 23.635571] The buggy address is located 0 bytes inside of [ 23.635571] freed 16-byte region [ffff888101683a20, ffff888101683a30) [ 23.636541] [ 23.636728] The buggy address belongs to the physical page: [ 23.637132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101683 [ 23.637382] flags: 0x200000000000000(node=0|zone=2) [ 23.637537] page_type: f5(slab) [ 23.637659] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.638243] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.638880] page dumped because: kasan: bad access detected [ 23.639402] [ 23.640483] Memory state around the buggy address: [ 23.640743] ffff888101683900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.641077] ffff888101683980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.641415] >ffff888101683a00: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 23.641745] ^ [ 23.641918] ffff888101683a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.642191] ffff888101683b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.644574] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 23.567679] ================================================================== [ 23.568999] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 23.569798] Read of size 1 at addr ffff8881053a95a8 by task kunit_try_catch/237 [ 23.570522] [ 23.570777] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.570826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.570838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.570858] Call Trace: [ 23.570871] <TASK> [ 23.570888] dump_stack_lvl+0x73/0xb0 [ 23.570918] print_report+0xd1/0x610 [ 23.570939] ? __virt_addr_valid+0x1db/0x2d0 [ 23.570961] ? kmalloc_uaf2+0x4a8/0x520 [ 23.571054] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.571080] ? kmalloc_uaf2+0x4a8/0x520 [ 23.571100] kasan_report+0x141/0x180 [ 23.571121] ? kmalloc_uaf2+0x4a8/0x520 [ 23.571145] __asan_report_load1_noabort+0x18/0x20 [ 23.571168] kmalloc_uaf2+0x4a8/0x520 [ 23.571187] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 23.571206] ? finish_task_switch.isra.0+0x153/0x700 [ 23.571227] ? __switch_to+0x47/0xf80 [ 23.571254] ? __schedule+0x10c6/0x2b60 [ 23.571288] ? __pfx_read_tsc+0x10/0x10 [ 23.571308] ? ktime_get_ts64+0x86/0x230 [ 23.571333] kunit_try_run_case+0x1a5/0x480 [ 23.571356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.571378] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.571400] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.571421] ? __kthread_parkme+0x82/0x180 [ 23.571441] ? preempt_count_sub+0x50/0x80 [ 23.571462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.571484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.571510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.571535] kthread+0x337/0x6f0 [ 23.571564] ? trace_preempt_on+0x20/0xc0 [ 23.571587] ? __pfx_kthread+0x10/0x10 [ 23.571607] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.571627] ? calculate_sigpending+0x7b/0xa0 [ 23.571651] ? __pfx_kthread+0x10/0x10 [ 23.571671] ret_from_fork+0x116/0x1d0 [ 23.571689] ? __pfx_kthread+0x10/0x10 [ 23.571709] ret_from_fork_asm+0x1a/0x30 [ 23.571738] </TASK> [ 23.571749] [ 23.585229] Allocated by task 237: [ 23.585605] kasan_save_stack+0x45/0x70 [ 23.585961] kasan_save_track+0x18/0x40 [ 23.586112] kasan_save_alloc_info+0x3b/0x50 [ 23.586253] __kasan_kmalloc+0xb7/0xc0 [ 23.586390] __kmalloc_cache_noprof+0x189/0x420 [ 23.586538] kmalloc_uaf2+0xc6/0x520 [ 23.586892] kunit_try_run_case+0x1a5/0x480 [ 23.587343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.587923] kthread+0x337/0x6f0 [ 23.588287] ret_from_fork+0x116/0x1d0 [ 23.588689] ret_from_fork_asm+0x1a/0x30 [ 23.589118] [ 23.589306] Freed by task 237: [ 23.589652] kasan_save_stack+0x45/0x70 [ 23.590039] kasan_save_track+0x18/0x40 [ 23.590511] kasan_save_free_info+0x3f/0x60 [ 23.590903] __kasan_slab_free+0x56/0x70 [ 23.591252] kfree+0x222/0x3f0 [ 23.591377] kmalloc_uaf2+0x14c/0x520 [ 23.591572] kunit_try_run_case+0x1a5/0x480 [ 23.592014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.592563] kthread+0x337/0x6f0 [ 23.592879] ret_from_fork+0x116/0x1d0 [ 23.593199] ret_from_fork_asm+0x1a/0x30 [ 23.593346] [ 23.593436] The buggy address belongs to the object at ffff8881053a9580 [ 23.593436] which belongs to the cache kmalloc-64 of size 64 [ 23.594454] The buggy address is located 40 bytes inside of [ 23.594454] freed 64-byte region [ffff8881053a9580, ffff8881053a95c0) [ 23.595490] [ 23.595565] The buggy address belongs to the physical page: [ 23.595727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053a9 [ 23.596245] flags: 0x200000000000000(node=0|zone=2) [ 23.596790] page_type: f5(slab) [ 23.597093] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.597475] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.598184] page dumped because: kasan: bad access detected [ 23.598784] [ 23.598941] Memory state around the buggy address: [ 23.599236] ffff8881053a9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.599862] ffff8881053a9500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.600540] >ffff8881053a9580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.600748] ^ [ 23.600902] ffff8881053a9600: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 23.601595] ffff8881053a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.602300] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 23.531676] ================================================================== [ 23.532142] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 23.532550] Write of size 33 at addr ffff8881053a9480 by task kunit_try_catch/235 [ 23.533207] [ 23.533312] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.533363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.533375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.533395] Call Trace: [ 23.533407] <TASK> [ 23.533424] dump_stack_lvl+0x73/0xb0 [ 23.533454] print_report+0xd1/0x610 [ 23.533476] ? __virt_addr_valid+0x1db/0x2d0 [ 23.533499] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.533520] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.533545] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.533582] kasan_report+0x141/0x180 [ 23.533603] ? kmalloc_uaf_memset+0x1a3/0x360 [ 23.533628] kasan_check_range+0x10c/0x1c0 [ 23.533650] __asan_memset+0x27/0x50 [ 23.533673] kmalloc_uaf_memset+0x1a3/0x360 [ 23.533693] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 23.533714] ? __schedule+0x10c6/0x2b60 [ 23.533735] ? __pfx_read_tsc+0x10/0x10 [ 23.533756] ? ktime_get_ts64+0x86/0x230 [ 23.533780] kunit_try_run_case+0x1a5/0x480 [ 23.533804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.533825] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.533847] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.533868] ? __kthread_parkme+0x82/0x180 [ 23.533888] ? preempt_count_sub+0x50/0x80 [ 23.533911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.533983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.534026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.534052] kthread+0x337/0x6f0 [ 23.534072] ? trace_preempt_on+0x20/0xc0 [ 23.534095] ? __pfx_kthread+0x10/0x10 [ 23.534115] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.534135] ? calculate_sigpending+0x7b/0xa0 [ 23.534158] ? __pfx_kthread+0x10/0x10 [ 23.534179] ret_from_fork+0x116/0x1d0 [ 23.534197] ? __pfx_kthread+0x10/0x10 [ 23.534217] ret_from_fork_asm+0x1a/0x30 [ 23.534247] </TASK> [ 23.534257] [ 23.547220] Allocated by task 235: [ 23.547593] kasan_save_stack+0x45/0x70 [ 23.547967] kasan_save_track+0x18/0x40 [ 23.548223] kasan_save_alloc_info+0x3b/0x50 [ 23.548673] __kasan_kmalloc+0xb7/0xc0 [ 23.548805] __kmalloc_cache_noprof+0x189/0x420 [ 23.549198] kmalloc_uaf_memset+0xa9/0x360 [ 23.549612] kunit_try_run_case+0x1a5/0x480 [ 23.550034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.550331] kthread+0x337/0x6f0 [ 23.550448] ret_from_fork+0x116/0x1d0 [ 23.550628] ret_from_fork_asm+0x1a/0x30 [ 23.550987] [ 23.551178] Freed by task 235: [ 23.551503] kasan_save_stack+0x45/0x70 [ 23.551882] kasan_save_track+0x18/0x40 [ 23.552403] kasan_save_free_info+0x3f/0x60 [ 23.552730] __kasan_slab_free+0x56/0x70 [ 23.552865] kfree+0x222/0x3f0 [ 23.553049] kmalloc_uaf_memset+0x12b/0x360 [ 23.553495] kunit_try_run_case+0x1a5/0x480 [ 23.553920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.554467] kthread+0x337/0x6f0 [ 23.554722] ret_from_fork+0x116/0x1d0 [ 23.554855] ret_from_fork_asm+0x1a/0x30 [ 23.555281] [ 23.555434] The buggy address belongs to the object at ffff8881053a9480 [ 23.555434] which belongs to the cache kmalloc-64 of size 64 [ 23.556234] The buggy address is located 0 bytes inside of [ 23.556234] freed 64-byte region [ffff8881053a9480, ffff8881053a94c0) [ 23.556652] [ 23.556824] The buggy address belongs to the physical page: [ 23.557361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053a9 [ 23.558358] flags: 0x200000000000000(node=0|zone=2) [ 23.558920] page_type: f5(slab) [ 23.559266] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.559912] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.560434] page dumped because: kasan: bad access detected [ 23.560618] [ 23.560708] Memory state around the buggy address: [ 23.561224] ffff8881053a9380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 23.561660] ffff8881053a9400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.561873] >ffff8881053a9480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.562075] ^ [ 23.562183] ffff8881053a9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.562401] ffff8881053a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.562923] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 23.502598] ================================================================== [ 23.503151] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 23.503565] Read of size 1 at addr ffff888105376d68 by task kunit_try_catch/233 [ 23.504084] [ 23.504183] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.504530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.504545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.504578] Call Trace: [ 23.504592] <TASK> [ 23.504612] dump_stack_lvl+0x73/0xb0 [ 23.504646] print_report+0xd1/0x610 [ 23.504669] ? __virt_addr_valid+0x1db/0x2d0 [ 23.504694] ? kmalloc_uaf+0x320/0x380 [ 23.504713] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.504738] ? kmalloc_uaf+0x320/0x380 [ 23.504757] kasan_report+0x141/0x180 [ 23.504778] ? kmalloc_uaf+0x320/0x380 [ 23.504804] __asan_report_load1_noabort+0x18/0x20 [ 23.504827] kmalloc_uaf+0x320/0x380 [ 23.504846] ? __pfx_kmalloc_uaf+0x10/0x10 [ 23.504915] ? __schedule+0x10c6/0x2b60 [ 23.504941] ? __pfx_read_tsc+0x10/0x10 [ 23.504962] ? ktime_get_ts64+0x86/0x230 [ 23.504988] kunit_try_run_case+0x1a5/0x480 [ 23.505012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.505034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.505055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.505077] ? __kthread_parkme+0x82/0x180 [ 23.505097] ? preempt_count_sub+0x50/0x80 [ 23.505120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.505143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.505168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.505194] kthread+0x337/0x6f0 [ 23.505213] ? trace_preempt_on+0x20/0xc0 [ 23.505236] ? __pfx_kthread+0x10/0x10 [ 23.505256] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.505288] ? calculate_sigpending+0x7b/0xa0 [ 23.505312] ? __pfx_kthread+0x10/0x10 [ 23.505332] ret_from_fork+0x116/0x1d0 [ 23.505351] ? __pfx_kthread+0x10/0x10 [ 23.505371] ret_from_fork_asm+0x1a/0x30 [ 23.505401] </TASK> [ 23.505413] [ 23.514810] Allocated by task 233: [ 23.515339] kasan_save_stack+0x45/0x70 [ 23.515548] kasan_save_track+0x18/0x40 [ 23.515925] kasan_save_alloc_info+0x3b/0x50 [ 23.516134] __kasan_kmalloc+0xb7/0xc0 [ 23.516314] __kmalloc_cache_noprof+0x189/0x420 [ 23.516519] kmalloc_uaf+0xaa/0x380 [ 23.516664] kunit_try_run_case+0x1a5/0x480 [ 23.517135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.517361] kthread+0x337/0x6f0 [ 23.517675] ret_from_fork+0x116/0x1d0 [ 23.517820] ret_from_fork_asm+0x1a/0x30 [ 23.518057] [ 23.518146] Freed by task 233: [ 23.518368] kasan_save_stack+0x45/0x70 [ 23.518542] kasan_save_track+0x18/0x40 [ 23.519164] kasan_save_free_info+0x3f/0x60 [ 23.519394] __kasan_slab_free+0x56/0x70 [ 23.519566] kfree+0x222/0x3f0 [ 23.519734] kmalloc_uaf+0x12c/0x380 [ 23.519883] kunit_try_run_case+0x1a5/0x480 [ 23.520346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.520601] kthread+0x337/0x6f0 [ 23.520746] ret_from_fork+0x116/0x1d0 [ 23.520898] ret_from_fork_asm+0x1a/0x30 [ 23.521318] [ 23.521416] The buggy address belongs to the object at ffff888105376d60 [ 23.521416] which belongs to the cache kmalloc-16 of size 16 [ 23.522118] The buggy address is located 8 bytes inside of [ 23.522118] freed 16-byte region [ffff888105376d60, ffff888105376d70) [ 23.522728] [ 23.522831] The buggy address belongs to the physical page: [ 23.523300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 23.523752] flags: 0x200000000000000(node=0|zone=2) [ 23.523968] page_type: f5(slab) [ 23.524338] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.524631] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.525397] page dumped because: kasan: bad access detected [ 23.525634] [ 23.525724] Memory state around the buggy address: [ 23.526178] ffff888105376c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.526494] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.526963] >ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.527259] ^ [ 23.527552] ffff888105376d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.528114] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.528381] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 23.473216] ================================================================== [ 23.473654] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.473908] Read of size 64 at addr ffff888106080104 by task kunit_try_catch/231 [ 23.474130] [ 23.474216] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.474264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.474289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.474308] Call Trace: [ 23.474321] <TASK> [ 23.474340] dump_stack_lvl+0x73/0xb0 [ 23.474367] print_report+0xd1/0x610 [ 23.474387] ? __virt_addr_valid+0x1db/0x2d0 [ 23.474410] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.474432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.474456] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.474478] kasan_report+0x141/0x180 [ 23.474499] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.474526] kasan_check_range+0x10c/0x1c0 [ 23.474547] __asan_memmove+0x27/0x70 [ 23.474569] kmalloc_memmove_invalid_size+0x16f/0x330 [ 23.474592] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 23.474615] ? __schedule+0x10c6/0x2b60 [ 23.474637] ? __pfx_read_tsc+0x10/0x10 [ 23.474658] ? ktime_get_ts64+0x86/0x230 [ 23.474683] kunit_try_run_case+0x1a5/0x480 [ 23.474705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.474726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.474747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.474768] ? __kthread_parkme+0x82/0x180 [ 23.474787] ? preempt_count_sub+0x50/0x80 [ 23.474809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.474831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.474856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.474881] kthread+0x337/0x6f0 [ 23.474899] ? trace_preempt_on+0x20/0xc0 [ 23.474922] ? __pfx_kthread+0x10/0x10 [ 23.474941] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.474960] ? calculate_sigpending+0x7b/0xa0 [ 23.474983] ? __pfx_kthread+0x10/0x10 [ 23.475002] ret_from_fork+0x116/0x1d0 [ 23.475020] ? __pfx_kthread+0x10/0x10 [ 23.475039] ret_from_fork_asm+0x1a/0x30 [ 23.475069] </TASK> [ 23.475078] [ 23.487152] Allocated by task 231: [ 23.487457] kasan_save_stack+0x45/0x70 [ 23.487766] kasan_save_track+0x18/0x40 [ 23.487969] kasan_save_alloc_info+0x3b/0x50 [ 23.488302] __kasan_kmalloc+0xb7/0xc0 [ 23.488461] __kmalloc_cache_noprof+0x189/0x420 [ 23.488840] kmalloc_memmove_invalid_size+0xac/0x330 [ 23.489227] kunit_try_run_case+0x1a5/0x480 [ 23.489459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.489758] kthread+0x337/0x6f0 [ 23.490189] ret_from_fork+0x116/0x1d0 [ 23.490396] ret_from_fork_asm+0x1a/0x30 [ 23.490592] [ 23.491095] The buggy address belongs to the object at ffff888106080100 [ 23.491095] which belongs to the cache kmalloc-64 of size 64 [ 23.491685] The buggy address is located 4 bytes inside of [ 23.491685] allocated 64-byte region [ffff888106080100, ffff888106080140) [ 23.492534] [ 23.492636] The buggy address belongs to the physical page: [ 23.492859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106080 [ 23.493400] flags: 0x200000000000000(node=0|zone=2) [ 23.493702] page_type: f5(slab) [ 23.493841] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.494359] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.494807] page dumped because: kasan: bad access detected [ 23.495253] [ 23.495368] Memory state around the buggy address: [ 23.495563] ffff888106080000: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 23.495861] ffff888106080080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.496148] >ffff888106080100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.496435] ^ [ 23.496672] ffff888106080180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.497463] ffff888106080200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.497786] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 23.446609] ================================================================== [ 23.447417] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 23.447795] Read of size 18446744073709551614 at addr ffff8881053a9284 by task kunit_try_catch/229 [ 23.448435] [ 23.448667] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.448722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.448735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.448756] Call Trace: [ 23.448860] <TASK> [ 23.448879] dump_stack_lvl+0x73/0xb0 [ 23.448912] print_report+0xd1/0x610 [ 23.448934] ? __virt_addr_valid+0x1db/0x2d0 [ 23.448960] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.448983] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.449008] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.449053] kasan_report+0x141/0x180 [ 23.449074] ? kmalloc_memmove_negative_size+0x171/0x330 [ 23.449102] kasan_check_range+0x10c/0x1c0 [ 23.449124] __asan_memmove+0x27/0x70 [ 23.449147] kmalloc_memmove_negative_size+0x171/0x330 [ 23.449171] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 23.449195] ? __schedule+0x10c6/0x2b60 [ 23.449218] ? __pfx_read_tsc+0x10/0x10 [ 23.449241] ? ktime_get_ts64+0x86/0x230 [ 23.449267] kunit_try_run_case+0x1a5/0x480 [ 23.449305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.449326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.449349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.449370] ? __kthread_parkme+0x82/0x180 [ 23.449391] ? preempt_count_sub+0x50/0x80 [ 23.449415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.449437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.449463] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.449489] kthread+0x337/0x6f0 [ 23.449508] ? trace_preempt_on+0x20/0xc0 [ 23.449532] ? __pfx_kthread+0x10/0x10 [ 23.449552] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.449587] ? calculate_sigpending+0x7b/0xa0 [ 23.449611] ? __pfx_kthread+0x10/0x10 [ 23.449633] ret_from_fork+0x116/0x1d0 [ 23.449652] ? __pfx_kthread+0x10/0x10 [ 23.449671] ret_from_fork_asm+0x1a/0x30 [ 23.449703] </TASK> [ 23.449714] [ 23.458925] Allocated by task 229: [ 23.459100] kasan_save_stack+0x45/0x70 [ 23.459509] kasan_save_track+0x18/0x40 [ 23.459750] kasan_save_alloc_info+0x3b/0x50 [ 23.460065] __kasan_kmalloc+0xb7/0xc0 [ 23.460243] __kmalloc_cache_noprof+0x189/0x420 [ 23.460623] kmalloc_memmove_negative_size+0xac/0x330 [ 23.460931] kunit_try_run_case+0x1a5/0x480 [ 23.461231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.461496] kthread+0x337/0x6f0 [ 23.461664] ret_from_fork+0x116/0x1d0 [ 23.461978] ret_from_fork_asm+0x1a/0x30 [ 23.462158] [ 23.462411] The buggy address belongs to the object at ffff8881053a9280 [ 23.462411] which belongs to the cache kmalloc-64 of size 64 [ 23.462948] The buggy address is located 4 bytes inside of [ 23.462948] 64-byte region [ffff8881053a9280, ffff8881053a92c0) [ 23.463540] [ 23.463729] The buggy address belongs to the physical page: [ 23.464081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053a9 [ 23.464522] flags: 0x200000000000000(node=0|zone=2) [ 23.464758] page_type: f5(slab) [ 23.465073] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.465479] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.465967] page dumped because: kasan: bad access detected [ 23.466153] [ 23.466243] Memory state around the buggy address: [ 23.466448] ffff8881053a9180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.466788] ffff8881053a9200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.467356] >ffff8881053a9280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 23.467720] ^ [ 23.467886] ffff8881053a9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.468320] ffff8881053a9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.468708] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 23.423813] ================================================================== [ 23.424289] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.424666] Write of size 16 at addr ffff88810539fb69 by task kunit_try_catch/227 [ 23.425011] [ 23.425103] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.425152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.425164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.425185] Call Trace: [ 23.425197] <TASK> [ 23.425223] dump_stack_lvl+0x73/0xb0 [ 23.425263] print_report+0xd1/0x610 [ 23.425312] ? __virt_addr_valid+0x1db/0x2d0 [ 23.425335] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.425355] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.425380] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.425401] kasan_report+0x141/0x180 [ 23.425422] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.425457] kasan_check_range+0x10c/0x1c0 [ 23.425480] __asan_memset+0x27/0x50 [ 23.425503] kmalloc_oob_memset_16+0x166/0x330 [ 23.425536] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.425565] ? __schedule+0x10c6/0x2b60 [ 23.425589] ? __pfx_read_tsc+0x10/0x10 [ 23.425611] ? ktime_get_ts64+0x86/0x230 [ 23.425637] kunit_try_run_case+0x1a5/0x480 [ 23.425661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.425682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.425723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.425745] ? __kthread_parkme+0x82/0x180 [ 23.425765] ? preempt_count_sub+0x50/0x80 [ 23.425787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.425822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.425849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.425875] kthread+0x337/0x6f0 [ 23.425894] ? trace_preempt_on+0x20/0xc0 [ 23.425918] ? __pfx_kthread+0x10/0x10 [ 23.425937] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.425958] ? calculate_sigpending+0x7b/0xa0 [ 23.425981] ? __pfx_kthread+0x10/0x10 [ 23.426002] ret_from_fork+0x116/0x1d0 [ 23.426020] ? __pfx_kthread+0x10/0x10 [ 23.426040] ret_from_fork_asm+0x1a/0x30 [ 23.426070] </TASK> [ 23.426081] [ 23.433726] Allocated by task 227: [ 23.433908] kasan_save_stack+0x45/0x70 [ 23.434229] kasan_save_track+0x18/0x40 [ 23.434457] kasan_save_alloc_info+0x3b/0x50 [ 23.434782] __kasan_kmalloc+0xb7/0xc0 [ 23.435067] __kmalloc_cache_noprof+0x189/0x420 [ 23.435393] kmalloc_oob_memset_16+0xac/0x330 [ 23.435698] kunit_try_run_case+0x1a5/0x480 [ 23.435845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.436080] kthread+0x337/0x6f0 [ 23.436258] ret_from_fork+0x116/0x1d0 [ 23.436405] ret_from_fork_asm+0x1a/0x30 [ 23.436782] [ 23.436859] The buggy address belongs to the object at ffff88810539fb00 [ 23.436859] which belongs to the cache kmalloc-128 of size 128 [ 23.437317] The buggy address is located 105 bytes inside of [ 23.437317] allocated 120-byte region [ffff88810539fb00, ffff88810539fb78) [ 23.437884] [ 23.437956] The buggy address belongs to the physical page: [ 23.438223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 23.438625] flags: 0x200000000000000(node=0|zone=2) [ 23.438898] page_type: f5(slab) [ 23.439018] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.439264] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.439670] page dumped because: kasan: bad access detected [ 23.439913] [ 23.439988] Memory state around the buggy address: [ 23.440137] ffff88810539fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.440693] ffff88810539fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.441343] >ffff88810539fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.441705] ^ [ 23.442142] ffff88810539fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.442491] ffff88810539fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.442962] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 23.400607] ================================================================== [ 23.400994] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.401446] Write of size 8 at addr ffff88810539fa71 by task kunit_try_catch/225 [ 23.401896] [ 23.402020] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.402086] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.402098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.402119] Call Trace: [ 23.402131] <TASK> [ 23.402150] dump_stack_lvl+0x73/0xb0 [ 23.402181] print_report+0xd1/0x610 [ 23.402203] ? __virt_addr_valid+0x1db/0x2d0 [ 23.402226] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.402246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.402283] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.402304] kasan_report+0x141/0x180 [ 23.402325] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.402350] kasan_check_range+0x10c/0x1c0 [ 23.402373] __asan_memset+0x27/0x50 [ 23.402395] kmalloc_oob_memset_8+0x166/0x330 [ 23.402416] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.402438] ? __schedule+0x10c6/0x2b60 [ 23.402460] ? __pfx_read_tsc+0x10/0x10 [ 23.402492] ? ktime_get_ts64+0x86/0x230 [ 23.402517] kunit_try_run_case+0x1a5/0x480 [ 23.402541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.402610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.402632] ? __kthread_parkme+0x82/0x180 [ 23.402652] ? preempt_count_sub+0x50/0x80 [ 23.402675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.402698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.402723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.402749] kthread+0x337/0x6f0 [ 23.402767] ? trace_preempt_on+0x20/0xc0 [ 23.402791] ? __pfx_kthread+0x10/0x10 [ 23.402810] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.402830] ? calculate_sigpending+0x7b/0xa0 [ 23.402853] ? __pfx_kthread+0x10/0x10 [ 23.402874] ret_from_fork+0x116/0x1d0 [ 23.402892] ? __pfx_kthread+0x10/0x10 [ 23.402912] ret_from_fork_asm+0x1a/0x30 [ 23.403150] </TASK> [ 23.403167] [ 23.411175] Allocated by task 225: [ 23.411332] kasan_save_stack+0x45/0x70 [ 23.411536] kasan_save_track+0x18/0x40 [ 23.411764] kasan_save_alloc_info+0x3b/0x50 [ 23.412023] __kasan_kmalloc+0xb7/0xc0 [ 23.412182] __kmalloc_cache_noprof+0x189/0x420 [ 23.412429] kmalloc_oob_memset_8+0xac/0x330 [ 23.412660] kunit_try_run_case+0x1a5/0x480 [ 23.412798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.412967] kthread+0x337/0x6f0 [ 23.413188] ret_from_fork+0x116/0x1d0 [ 23.413407] ret_from_fork_asm+0x1a/0x30 [ 23.413609] [ 23.413742] The buggy address belongs to the object at ffff88810539fa00 [ 23.413742] which belongs to the cache kmalloc-128 of size 128 [ 23.414229] The buggy address is located 113 bytes inside of [ 23.414229] allocated 120-byte region [ffff88810539fa00, ffff88810539fa78) [ 23.414949] [ 23.415039] The buggy address belongs to the physical page: [ 23.415344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 23.415587] flags: 0x200000000000000(node=0|zone=2) [ 23.415752] page_type: f5(slab) [ 23.415914] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.416249] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.416585] page dumped because: kasan: bad access detected [ 23.416824] [ 23.416969] Memory state around the buggy address: [ 23.417500] ffff88810539f900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.417952] ffff88810539f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.418209] >ffff88810539fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.418483] ^ [ 23.418964] ffff88810539fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.419331] ffff88810539fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.419719] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 23.372838] ================================================================== [ 23.373220] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 23.373961] Write of size 4 at addr ffff888104a24875 by task kunit_try_catch/223 [ 23.374188] [ 23.374284] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.374335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.374347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.374368] Call Trace: [ 23.374381] <TASK> [ 23.374398] dump_stack_lvl+0x73/0xb0 [ 23.374510] print_report+0xd1/0x610 [ 23.374560] ? __virt_addr_valid+0x1db/0x2d0 [ 23.374607] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.374628] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.374653] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.374686] kasan_report+0x141/0x180 [ 23.374707] ? kmalloc_oob_memset_4+0x166/0x330 [ 23.374732] kasan_check_range+0x10c/0x1c0 [ 23.374754] __asan_memset+0x27/0x50 [ 23.374777] kmalloc_oob_memset_4+0x166/0x330 [ 23.374798] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 23.374820] ? __schedule+0x10c6/0x2b60 [ 23.374843] ? __pfx_read_tsc+0x10/0x10 [ 23.374865] ? ktime_get_ts64+0x86/0x230 [ 23.374907] kunit_try_run_case+0x1a5/0x480 [ 23.374932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.375008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.375033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.375056] ? __kthread_parkme+0x82/0x180 [ 23.375077] ? preempt_count_sub+0x50/0x80 [ 23.375100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.375123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.375149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.375174] kthread+0x337/0x6f0 [ 23.375193] ? trace_preempt_on+0x20/0xc0 [ 23.375219] ? __pfx_kthread+0x10/0x10 [ 23.375239] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.375260] ? calculate_sigpending+0x7b/0xa0 [ 23.375299] ? __pfx_kthread+0x10/0x10 [ 23.375320] ret_from_fork+0x116/0x1d0 [ 23.375340] ? __pfx_kthread+0x10/0x10 [ 23.375359] ret_from_fork_asm+0x1a/0x30 [ 23.375390] </TASK> [ 23.375402] [ 23.386111] Allocated by task 223: [ 23.386312] kasan_save_stack+0x45/0x70 [ 23.386566] kasan_save_track+0x18/0x40 [ 23.386722] kasan_save_alloc_info+0x3b/0x50 [ 23.387019] __kasan_kmalloc+0xb7/0xc0 [ 23.387204] __kmalloc_cache_noprof+0x189/0x420 [ 23.387430] kmalloc_oob_memset_4+0xac/0x330 [ 23.387626] kunit_try_run_case+0x1a5/0x480 [ 23.387767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.388097] kthread+0x337/0x6f0 [ 23.388279] ret_from_fork+0x116/0x1d0 [ 23.388467] ret_from_fork_asm+0x1a/0x30 [ 23.388651] [ 23.388718] The buggy address belongs to the object at ffff888104a24800 [ 23.388718] which belongs to the cache kmalloc-128 of size 128 [ 23.389349] The buggy address is located 117 bytes inside of [ 23.389349] allocated 120-byte region [ffff888104a24800, ffff888104a24878) [ 23.390022] [ 23.390130] The buggy address belongs to the physical page: [ 23.390377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 23.390691] flags: 0x200000000000000(node=0|zone=2) [ 23.390872] page_type: f5(slab) [ 23.391066] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.391479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.391911] page dumped because: kasan: bad access detected [ 23.392132] [ 23.392209] Memory state around the buggy address: [ 23.392461] ffff888104a24700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.392738] ffff888104a24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.393057] >ffff888104a24800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.393376] ^ [ 23.393726] ffff888104a24880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.394130] ffff888104a24900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.394405] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 23.343424] ================================================================== [ 23.344574] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.344815] Write of size 2 at addr ffff88810539f977 by task kunit_try_catch/221 [ 23.345034] [ 23.345111] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.345158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.345171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.345190] Call Trace: [ 23.345202] <TASK> [ 23.345218] dump_stack_lvl+0x73/0xb0 [ 23.345247] print_report+0xd1/0x610 [ 23.345564] ? __virt_addr_valid+0x1db/0x2d0 [ 23.346164] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.346191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.346218] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.346240] kasan_report+0x141/0x180 [ 23.346263] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.346354] kasan_check_range+0x10c/0x1c0 [ 23.346377] __asan_memset+0x27/0x50 [ 23.346399] kmalloc_oob_memset_2+0x166/0x330 [ 23.346421] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.346442] ? __schedule+0x10c6/0x2b60 [ 23.346465] ? __pfx_read_tsc+0x10/0x10 [ 23.346487] ? ktime_get_ts64+0x86/0x230 [ 23.346512] kunit_try_run_case+0x1a5/0x480 [ 23.346555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.346577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.346599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.346620] ? __kthread_parkme+0x82/0x180 [ 23.346640] ? preempt_count_sub+0x50/0x80 [ 23.346662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.346684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.346710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.346735] kthread+0x337/0x6f0 [ 23.346754] ? trace_preempt_on+0x20/0xc0 [ 23.346777] ? __pfx_kthread+0x10/0x10 [ 23.346797] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.346817] ? calculate_sigpending+0x7b/0xa0 [ 23.346841] ? __pfx_kthread+0x10/0x10 [ 23.346880] ret_from_fork+0x116/0x1d0 [ 23.346899] ? __pfx_kthread+0x10/0x10 [ 23.346919] ret_from_fork_asm+0x1a/0x30 [ 23.346948] </TASK> [ 23.346959] [ 23.358643] Allocated by task 221: [ 23.358812] kasan_save_stack+0x45/0x70 [ 23.359671] kasan_save_track+0x18/0x40 [ 23.360283] kasan_save_alloc_info+0x3b/0x50 [ 23.360779] __kasan_kmalloc+0xb7/0xc0 [ 23.361049] __kmalloc_cache_noprof+0x189/0x420 [ 23.361235] kmalloc_oob_memset_2+0xac/0x330 [ 23.361453] kunit_try_run_case+0x1a5/0x480 [ 23.361975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.362300] kthread+0x337/0x6f0 [ 23.362477] ret_from_fork+0x116/0x1d0 [ 23.362718] ret_from_fork_asm+0x1a/0x30 [ 23.363290] [ 23.363496] The buggy address belongs to the object at ffff88810539f900 [ 23.363496] which belongs to the cache kmalloc-128 of size 128 [ 23.364458] The buggy address is located 119 bytes inside of [ 23.364458] allocated 120-byte region [ffff88810539f900, ffff88810539f978) [ 23.365182] [ 23.365291] The buggy address belongs to the physical page: [ 23.365859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 23.366278] flags: 0x200000000000000(node=0|zone=2) [ 23.366548] page_type: f5(slab) [ 23.366730] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.367031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.367363] page dumped because: kasan: bad access detected [ 23.367725] [ 23.367838] Memory state around the buggy address: [ 23.368090] ffff88810539f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.368617] ffff88810539f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.369028] >ffff88810539f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.369327] ^ [ 23.369539] ffff88810539f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.370056] ffff88810539fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.370404] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 23.321576] ================================================================== [ 23.322196] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.322541] Write of size 128 at addr ffff88810539f800 by task kunit_try_catch/219 [ 23.322989] [ 23.323097] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.323146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.323158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.323179] Call Trace: [ 23.323191] <TASK> [ 23.323208] dump_stack_lvl+0x73/0xb0 [ 23.323237] print_report+0xd1/0x610 [ 23.323259] ? __virt_addr_valid+0x1db/0x2d0 [ 23.323296] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.323396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.323423] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.323444] kasan_report+0x141/0x180 [ 23.323466] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.323491] kasan_check_range+0x10c/0x1c0 [ 23.323514] __asan_memset+0x27/0x50 [ 23.323536] kmalloc_oob_in_memset+0x15f/0x320 [ 23.323558] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.323579] ? __schedule+0x10c6/0x2b60 [ 23.323611] ? __pfx_read_tsc+0x10/0x10 [ 23.323634] ? ktime_get_ts64+0x86/0x230 [ 23.323659] kunit_try_run_case+0x1a5/0x480 [ 23.323684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.323705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.323727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.323749] ? __kthread_parkme+0x82/0x180 [ 23.323770] ? preempt_count_sub+0x50/0x80 [ 23.323792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.323815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.323840] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.323866] kthread+0x337/0x6f0 [ 23.323892] ? trace_preempt_on+0x20/0xc0 [ 23.323915] ? __pfx_kthread+0x10/0x10 [ 23.323935] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.323955] ? calculate_sigpending+0x7b/0xa0 [ 23.323978] ? __pfx_kthread+0x10/0x10 [ 23.323998] ret_from_fork+0x116/0x1d0 [ 23.324017] ? __pfx_kthread+0x10/0x10 [ 23.324037] ret_from_fork_asm+0x1a/0x30 [ 23.324068] </TASK> [ 23.324078] [ 23.331546] Allocated by task 219: [ 23.331762] kasan_save_stack+0x45/0x70 [ 23.332064] kasan_save_track+0x18/0x40 [ 23.332245] kasan_save_alloc_info+0x3b/0x50 [ 23.332519] __kasan_kmalloc+0xb7/0xc0 [ 23.332703] __kmalloc_cache_noprof+0x189/0x420 [ 23.332855] kmalloc_oob_in_memset+0xac/0x320 [ 23.333112] kunit_try_run_case+0x1a5/0x480 [ 23.333331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.333563] kthread+0x337/0x6f0 [ 23.333739] ret_from_fork+0x116/0x1d0 [ 23.334034] ret_from_fork_asm+0x1a/0x30 [ 23.334218] [ 23.334299] The buggy address belongs to the object at ffff88810539f800 [ 23.334299] which belongs to the cache kmalloc-128 of size 128 [ 23.334648] The buggy address is located 0 bytes inside of [ 23.334648] allocated 120-byte region [ffff88810539f800, ffff88810539f878) [ 23.335165] [ 23.335259] The buggy address belongs to the physical page: [ 23.335518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 23.335780] flags: 0x200000000000000(node=0|zone=2) [ 23.335936] page_type: f5(slab) [ 23.336051] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.336887] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.337216] page dumped because: kasan: bad access detected [ 23.337395] [ 23.337458] Memory state around the buggy address: [ 23.337822] ffff88810539f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.338431] ffff88810539f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.338900] >ffff88810539f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.339111] ^ [ 23.339414] ffff88810539f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.339901] ffff88810539f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.340169] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 23.299024] ================================================================== [ 23.299502] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 23.299761] Read of size 16 at addr ffff888101683a00 by task kunit_try_catch/217 [ 23.300133] [ 23.300219] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.300280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.300293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.300313] Call Trace: [ 23.300326] <TASK> [ 23.300343] dump_stack_lvl+0x73/0xb0 [ 23.300373] print_report+0xd1/0x610 [ 23.300395] ? __virt_addr_valid+0x1db/0x2d0 [ 23.300441] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.300462] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.300487] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.300519] kasan_report+0x141/0x180 [ 23.300540] ? kmalloc_uaf_16+0x47b/0x4c0 [ 23.300576] __asan_report_load16_noabort+0x18/0x20 [ 23.300600] kmalloc_uaf_16+0x47b/0x4c0 [ 23.300621] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 23.300642] ? __schedule+0x10c6/0x2b60 [ 23.300664] ? __pfx_read_tsc+0x10/0x10 [ 23.300686] ? ktime_get_ts64+0x86/0x230 [ 23.300711] kunit_try_run_case+0x1a5/0x480 [ 23.300736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.300759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.300784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.300806] ? __kthread_parkme+0x82/0x180 [ 23.300827] ? preempt_count_sub+0x50/0x80 [ 23.300867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.300890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.300916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.300942] kthread+0x337/0x6f0 [ 23.300961] ? trace_preempt_on+0x20/0xc0 [ 23.300985] ? __pfx_kthread+0x10/0x10 [ 23.301005] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.301025] ? calculate_sigpending+0x7b/0xa0 [ 23.301049] ? __pfx_kthread+0x10/0x10 [ 23.301070] ret_from_fork+0x116/0x1d0 [ 23.301089] ? __pfx_kthread+0x10/0x10 [ 23.301109] ret_from_fork_asm+0x1a/0x30 [ 23.301140] </TASK> [ 23.301151] [ 23.307135] Allocated by task 217: [ 23.307314] kasan_save_stack+0x45/0x70 [ 23.307448] kasan_save_track+0x18/0x40 [ 23.307572] kasan_save_alloc_info+0x3b/0x50 [ 23.307708] __kasan_kmalloc+0xb7/0xc0 [ 23.307865] __kmalloc_cache_noprof+0x189/0x420 [ 23.308075] kmalloc_uaf_16+0x15b/0x4c0 [ 23.308257] kunit_try_run_case+0x1a5/0x480 [ 23.308490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.308890] kthread+0x337/0x6f0 [ 23.309002] ret_from_fork+0x116/0x1d0 [ 23.309126] ret_from_fork_asm+0x1a/0x30 [ 23.309256] [ 23.309328] Freed by task 217: [ 23.309475] kasan_save_stack+0x45/0x70 [ 23.309797] kasan_save_track+0x18/0x40 [ 23.309985] kasan_save_free_info+0x3f/0x60 [ 23.310185] __kasan_slab_free+0x56/0x70 [ 23.310408] kfree+0x222/0x3f0 [ 23.310590] kmalloc_uaf_16+0x1d6/0x4c0 [ 23.310777] kunit_try_run_case+0x1a5/0x480 [ 23.310962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.311129] kthread+0x337/0x6f0 [ 23.311237] ret_from_fork+0x116/0x1d0 [ 23.311370] ret_from_fork_asm+0x1a/0x30 [ 23.311499] [ 23.311585] The buggy address belongs to the object at ffff888101683a00 [ 23.311585] which belongs to the cache kmalloc-16 of size 16 [ 23.312102] The buggy address is located 0 bytes inside of [ 23.312102] freed 16-byte region [ffff888101683a00, ffff888101683a10) [ 23.312631] [ 23.312793] The buggy address belongs to the physical page: [ 23.313030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101683 [ 23.313259] flags: 0x200000000000000(node=0|zone=2) [ 23.313424] page_type: f5(slab) [ 23.313534] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.313881] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.314213] page dumped because: kasan: bad access detected [ 23.314471] [ 23.314596] Memory state around the buggy address: [ 23.314816] ffff888101683900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.315042] ffff888101683980: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 23.315283] >ffff888101683a00: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.315631] ^ [ 23.315750] ffff888101683a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.315958] ffff888101683b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.316258] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 23.273254] ================================================================== [ 23.273914] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 23.274192] Write of size 16 at addr ffff8881016839a0 by task kunit_try_catch/215 [ 23.274880] [ 23.274990] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.275185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.275202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.275223] Call Trace: [ 23.275237] <TASK> [ 23.275257] dump_stack_lvl+0x73/0xb0 [ 23.275302] print_report+0xd1/0x610 [ 23.275324] ? __virt_addr_valid+0x1db/0x2d0 [ 23.275346] ? kmalloc_oob_16+0x452/0x4a0 [ 23.275365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.275392] ? kmalloc_oob_16+0x452/0x4a0 [ 23.275412] kasan_report+0x141/0x180 [ 23.275433] ? kmalloc_oob_16+0x452/0x4a0 [ 23.275458] __asan_report_store16_noabort+0x1b/0x30 [ 23.275481] kmalloc_oob_16+0x452/0x4a0 [ 23.275502] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 23.275523] ? __schedule+0x10c6/0x2b60 [ 23.275568] ? __pfx_read_tsc+0x10/0x10 [ 23.275591] ? ktime_get_ts64+0x86/0x230 [ 23.275617] kunit_try_run_case+0x1a5/0x480 [ 23.275641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.275663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.275685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.275707] ? __kthread_parkme+0x82/0x180 [ 23.275727] ? preempt_count_sub+0x50/0x80 [ 23.275750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.275772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.275798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.275823] kthread+0x337/0x6f0 [ 23.275842] ? trace_preempt_on+0x20/0xc0 [ 23.275865] ? __pfx_kthread+0x10/0x10 [ 23.275885] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.275904] ? calculate_sigpending+0x7b/0xa0 [ 23.275928] ? __pfx_kthread+0x10/0x10 [ 23.275949] ret_from_fork+0x116/0x1d0 [ 23.275967] ? __pfx_kthread+0x10/0x10 [ 23.275987] ret_from_fork_asm+0x1a/0x30 [ 23.276018] </TASK> [ 23.276029] [ 23.284892] Allocated by task 215: [ 23.285041] kasan_save_stack+0x45/0x70 [ 23.285328] kasan_save_track+0x18/0x40 [ 23.285652] kasan_save_alloc_info+0x3b/0x50 [ 23.285812] __kasan_kmalloc+0xb7/0xc0 [ 23.286184] __kmalloc_cache_noprof+0x189/0x420 [ 23.286472] kmalloc_oob_16+0xa8/0x4a0 [ 23.286695] kunit_try_run_case+0x1a5/0x480 [ 23.286886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.287124] kthread+0x337/0x6f0 [ 23.287284] ret_from_fork+0x116/0x1d0 [ 23.287455] ret_from_fork_asm+0x1a/0x30 [ 23.287948] [ 23.288046] The buggy address belongs to the object at ffff8881016839a0 [ 23.288046] which belongs to the cache kmalloc-16 of size 16 [ 23.288722] The buggy address is located 0 bytes inside of [ 23.288722] allocated 13-byte region [ffff8881016839a0, ffff8881016839ad) [ 23.289318] [ 23.289403] The buggy address belongs to the physical page: [ 23.289810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101683 [ 23.290222] flags: 0x200000000000000(node=0|zone=2) [ 23.290468] page_type: f5(slab) [ 23.290765] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 23.291169] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.291605] page dumped because: kasan: bad access detected [ 23.291844] [ 23.291957] Memory state around the buggy address: [ 23.292266] ffff888101683880: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc [ 23.292791] ffff888101683900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.293014] >ffff888101683980: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 23.293220] ^ [ 23.293378] ffff888101683a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.293613] ffff888101683a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.293820] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 23.220838] ================================================================== [ 23.221329] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 23.221964] Read of size 1 at addr ffff888100aa0e00 by task kunit_try_catch/213 [ 23.222613] [ 23.222713] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.222761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.222774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.222795] Call Trace: [ 23.222808] <TASK> [ 23.222827] dump_stack_lvl+0x73/0xb0 [ 23.222859] print_report+0xd1/0x610 [ 23.222949] ? __virt_addr_valid+0x1db/0x2d0 [ 23.222975] ? krealloc_uaf+0x1b8/0x5e0 [ 23.222995] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.223021] ? krealloc_uaf+0x1b8/0x5e0 [ 23.223042] kasan_report+0x141/0x180 [ 23.223063] ? krealloc_uaf+0x1b8/0x5e0 [ 23.223086] ? krealloc_uaf+0x1b8/0x5e0 [ 23.223106] __kasan_check_byte+0x3d/0x50 [ 23.223128] krealloc_noprof+0x3f/0x340 [ 23.223154] krealloc_uaf+0x1b8/0x5e0 [ 23.223175] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.223195] ? finish_task_switch.isra.0+0x153/0x700 [ 23.223217] ? __switch_to+0x47/0xf80 [ 23.223243] ? __schedule+0x10c6/0x2b60 [ 23.223265] ? __pfx_read_tsc+0x10/0x10 [ 23.223301] ? ktime_get_ts64+0x86/0x230 [ 23.223326] kunit_try_run_case+0x1a5/0x480 [ 23.223351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.223372] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.223394] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.223416] ? __kthread_parkme+0x82/0x180 [ 23.223437] ? preempt_count_sub+0x50/0x80 [ 23.223459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.223482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.223508] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.223533] kthread+0x337/0x6f0 [ 23.223563] ? trace_preempt_on+0x20/0xc0 [ 23.223586] ? __pfx_kthread+0x10/0x10 [ 23.223606] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.223626] ? calculate_sigpending+0x7b/0xa0 [ 23.223649] ? __pfx_kthread+0x10/0x10 [ 23.223670] ret_from_fork+0x116/0x1d0 [ 23.223688] ? __pfx_kthread+0x10/0x10 [ 23.223708] ret_from_fork_asm+0x1a/0x30 [ 23.223739] </TASK> [ 23.223750] [ 23.231854] Allocated by task 213: [ 23.232029] kasan_save_stack+0x45/0x70 [ 23.232331] kasan_save_track+0x18/0x40 [ 23.232500] kasan_save_alloc_info+0x3b/0x50 [ 23.232707] __kasan_kmalloc+0xb7/0xc0 [ 23.232834] __kmalloc_cache_noprof+0x189/0x420 [ 23.233086] krealloc_uaf+0xbb/0x5e0 [ 23.233331] kunit_try_run_case+0x1a5/0x480 [ 23.233542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.233801] kthread+0x337/0x6f0 [ 23.233953] ret_from_fork+0x116/0x1d0 [ 23.234234] ret_from_fork_asm+0x1a/0x30 [ 23.234430] [ 23.234498] Freed by task 213: [ 23.234603] kasan_save_stack+0x45/0x70 [ 23.234732] kasan_save_track+0x18/0x40 [ 23.234996] kasan_save_free_info+0x3f/0x60 [ 23.235214] __kasan_slab_free+0x56/0x70 [ 23.235413] kfree+0x222/0x3f0 [ 23.235552] krealloc_uaf+0x13d/0x5e0 [ 23.235697] kunit_try_run_case+0x1a5/0x480 [ 23.235835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.236010] kthread+0x337/0x6f0 [ 23.236123] ret_from_fork+0x116/0x1d0 [ 23.236250] ret_from_fork_asm+0x1a/0x30 [ 23.236619] [ 23.236710] The buggy address belongs to the object at ffff888100aa0e00 [ 23.236710] which belongs to the cache kmalloc-256 of size 256 [ 23.237859] The buggy address is located 0 bytes inside of [ 23.237859] freed 256-byte region [ffff888100aa0e00, ffff888100aa0f00) [ 23.239187] [ 23.239315] The buggy address belongs to the physical page: [ 23.239585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.239827] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.240192] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.240415] page_type: f5(slab) [ 23.240568] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.240990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.241299] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.241542] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.242032] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.242327] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.242653] page dumped because: kasan: bad access detected [ 23.242864] [ 23.243008] Memory state around the buggy address: [ 23.243206] ffff888100aa0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.243491] ffff888100aa0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.243707] >ffff888100aa0e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.243914] ^ [ 23.244025] ffff888100aa0e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.244237] ffff888100aa0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.244453] ================================================================== [ 23.244997] ================================================================== [ 23.245235] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 23.245461] Read of size 1 at addr ffff888100aa0e00 by task kunit_try_catch/213 [ 23.245825] [ 23.245905] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.245949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.245961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.245980] Call Trace: [ 23.245997] <TASK> [ 23.246011] dump_stack_lvl+0x73/0xb0 [ 23.246039] print_report+0xd1/0x610 [ 23.246060] ? __virt_addr_valid+0x1db/0x2d0 [ 23.246081] ? krealloc_uaf+0x53c/0x5e0 [ 23.246101] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.246126] ? krealloc_uaf+0x53c/0x5e0 [ 23.246146] kasan_report+0x141/0x180 [ 23.246167] ? krealloc_uaf+0x53c/0x5e0 [ 23.246191] __asan_report_load1_noabort+0x18/0x20 [ 23.246214] krealloc_uaf+0x53c/0x5e0 [ 23.246234] ? __pfx_krealloc_uaf+0x10/0x10 [ 23.246253] ? finish_task_switch.isra.0+0x153/0x700 [ 23.246507] ? __switch_to+0x47/0xf80 [ 23.246543] ? __schedule+0x10c6/0x2b60 [ 23.246579] ? __pfx_read_tsc+0x10/0x10 [ 23.246602] ? ktime_get_ts64+0x86/0x230 [ 23.246625] kunit_try_run_case+0x1a5/0x480 [ 23.246649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.246670] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.246693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.246715] ? __kthread_parkme+0x82/0x180 [ 23.246735] ? preempt_count_sub+0x50/0x80 [ 23.246756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.246779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.246804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.246830] kthread+0x337/0x6f0 [ 23.246849] ? trace_preempt_on+0x20/0xc0 [ 23.246871] ? __pfx_kthread+0x10/0x10 [ 23.246891] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.246911] ? calculate_sigpending+0x7b/0xa0 [ 23.246934] ? __pfx_kthread+0x10/0x10 [ 23.246955] ret_from_fork+0x116/0x1d0 [ 23.246973] ? __pfx_kthread+0x10/0x10 [ 23.246993] ret_from_fork_asm+0x1a/0x30 [ 23.247022] </TASK> [ 23.247037] [ 23.254616] Allocated by task 213: [ 23.254743] kasan_save_stack+0x45/0x70 [ 23.254884] kasan_save_track+0x18/0x40 [ 23.255011] kasan_save_alloc_info+0x3b/0x50 [ 23.255152] __kasan_kmalloc+0xb7/0xc0 [ 23.255292] __kmalloc_cache_noprof+0x189/0x420 [ 23.255507] krealloc_uaf+0xbb/0x5e0 [ 23.255751] kunit_try_run_case+0x1a5/0x480 [ 23.255953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.256204] kthread+0x337/0x6f0 [ 23.256388] ret_from_fork+0x116/0x1d0 [ 23.256715] ret_from_fork_asm+0x1a/0x30 [ 23.257113] [ 23.257200] Freed by task 213: [ 23.257314] kasan_save_stack+0x45/0x70 [ 23.257444] kasan_save_track+0x18/0x40 [ 23.257627] kasan_save_free_info+0x3f/0x60 [ 23.258208] __kasan_slab_free+0x56/0x70 [ 23.258437] kfree+0x222/0x3f0 [ 23.258654] krealloc_uaf+0x13d/0x5e0 [ 23.258835] kunit_try_run_case+0x1a5/0x480 [ 23.259086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.259346] kthread+0x337/0x6f0 [ 23.259531] ret_from_fork+0x116/0x1d0 [ 23.259676] ret_from_fork_asm+0x1a/0x30 [ 23.259809] [ 23.259891] The buggy address belongs to the object at ffff888100aa0e00 [ 23.259891] which belongs to the cache kmalloc-256 of size 256 [ 23.260411] The buggy address is located 0 bytes inside of [ 23.260411] freed 256-byte region [ffff888100aa0e00, ffff888100aa0f00) [ 23.260759] [ 23.260940] The buggy address belongs to the physical page: [ 23.261343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.261837] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.262244] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.262661] page_type: f5(slab) [ 23.262892] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.263262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.263549] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.263885] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.264280] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.264685] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.265096] page dumped because: kasan: bad access detected [ 23.265334] [ 23.265490] Memory state around the buggy address: [ 23.265718] ffff888100aa0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.265930] ffff888100aa0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.266138] >ffff888100aa0e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.266542] ^ [ 23.266919] ffff888100aa0e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.267471] ffff888100aa0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.268079] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 23.130671] ================================================================== [ 23.131041] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 23.131370] Write of size 1 at addr ffff8881050f20d0 by task kunit_try_catch/211 [ 23.131878] [ 23.132264] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.132438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.132453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.132473] Call Trace: [ 23.132487] <TASK> [ 23.132502] dump_stack_lvl+0x73/0xb0 [ 23.132533] print_report+0xd1/0x610 [ 23.132563] ? __virt_addr_valid+0x1db/0x2d0 [ 23.132586] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132608] ? kasan_addr_to_slab+0x11/0xa0 [ 23.132628] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132651] kasan_report+0x141/0x180 [ 23.132672] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132699] __asan_report_store1_noabort+0x1b/0x30 [ 23.132722] krealloc_less_oob_helper+0xe23/0x11d0 [ 23.132747] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.132769] ? finish_task_switch.isra.0+0x153/0x700 [ 23.132790] ? __switch_to+0x47/0xf80 [ 23.132815] ? __schedule+0x10c6/0x2b60 [ 23.132836] ? __pfx_read_tsc+0x10/0x10 [ 23.132862] krealloc_large_less_oob+0x1c/0x30 [ 23.132886] kunit_try_run_case+0x1a5/0x480 [ 23.132910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.132931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.132952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.132974] ? __kthread_parkme+0x82/0x180 [ 23.132993] ? preempt_count_sub+0x50/0x80 [ 23.133015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.133038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.133064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.133089] kthread+0x337/0x6f0 [ 23.133108] ? trace_preempt_on+0x20/0xc0 [ 23.133131] ? __pfx_kthread+0x10/0x10 [ 23.133151] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.133171] ? calculate_sigpending+0x7b/0xa0 [ 23.133194] ? __pfx_kthread+0x10/0x10 [ 23.133214] ret_from_fork+0x116/0x1d0 [ 23.133233] ? __pfx_kthread+0x10/0x10 [ 23.133255] ret_from_fork_asm+0x1a/0x30 [ 23.133300] </TASK> [ 23.133310] [ 23.145381] The buggy address belongs to the physical page: [ 23.145876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.146471] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.146986] flags: 0x200000000000040(head|node=0|zone=2) [ 23.147319] page_type: f8(unknown) [ 23.147454] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.147881] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.148289] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.148770] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.149305] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.149820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.150308] page dumped because: kasan: bad access detected [ 23.150682] [ 23.150860] Memory state around the buggy address: [ 23.151205] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.151520] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.152074] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.152377] ^ [ 23.152994] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.153463] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.153949] ================================================================== [ 22.931752] ================================================================== [ 22.932717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 22.933413] Write of size 1 at addr ffff888100aa1ec9 by task kunit_try_catch/207 [ 22.933871] [ 22.933965] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.934015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.934027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.934048] Call Trace: [ 22.934060] <TASK> [ 22.934076] dump_stack_lvl+0x73/0xb0 [ 22.934106] print_report+0xd1/0x610 [ 22.934127] ? __virt_addr_valid+0x1db/0x2d0 [ 22.934150] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.934197] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934220] kasan_report+0x141/0x180 [ 22.934240] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934280] __asan_report_store1_noabort+0x1b/0x30 [ 22.934451] krealloc_less_oob_helper+0xd70/0x11d0 [ 22.934477] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.934500] ? finish_task_switch.isra.0+0x153/0x700 [ 22.934521] ? __switch_to+0x47/0xf80 [ 22.934548] ? __schedule+0x10c6/0x2b60 [ 22.934578] ? __pfx_read_tsc+0x10/0x10 [ 22.934602] krealloc_less_oob+0x1c/0x30 [ 22.934623] kunit_try_run_case+0x1a5/0x480 [ 22.934645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.934688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.934710] ? __kthread_parkme+0x82/0x180 [ 22.934729] ? preempt_count_sub+0x50/0x80 [ 22.934750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.934808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.934835] kthread+0x337/0x6f0 [ 22.934853] ? trace_preempt_on+0x20/0xc0 [ 22.934900] ? __pfx_kthread+0x10/0x10 [ 22.934920] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.934940] ? calculate_sigpending+0x7b/0xa0 [ 22.934964] ? __pfx_kthread+0x10/0x10 [ 22.934984] ret_from_fork+0x116/0x1d0 [ 22.935002] ? __pfx_kthread+0x10/0x10 [ 22.935021] ret_from_fork_asm+0x1a/0x30 [ 22.935051] </TASK> [ 22.935062] [ 22.946049] Allocated by task 207: [ 22.946327] kasan_save_stack+0x45/0x70 [ 22.946527] kasan_save_track+0x18/0x40 [ 22.946738] kasan_save_alloc_info+0x3b/0x50 [ 22.947204] __kasan_krealloc+0x190/0x1f0 [ 22.947369] krealloc_noprof+0xf3/0x340 [ 22.947697] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.948166] krealloc_less_oob+0x1c/0x30 [ 22.948510] kunit_try_run_case+0x1a5/0x480 [ 22.948797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.949040] kthread+0x337/0x6f0 [ 22.949217] ret_from_fork+0x116/0x1d0 [ 22.949397] ret_from_fork_asm+0x1a/0x30 [ 22.949961] [ 22.950060] The buggy address belongs to the object at ffff888100aa1e00 [ 22.950060] which belongs to the cache kmalloc-256 of size 256 [ 22.950742] The buggy address is located 0 bytes to the right of [ 22.950742] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 22.951502] [ 22.951628] The buggy address belongs to the physical page: [ 22.952298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 22.952785] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.953196] anon flags: 0x200000000000040(head|node=0|zone=2) [ 22.953424] page_type: f5(slab) [ 22.953826] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.954173] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.954589] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.955241] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.955657] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 22.956080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.956410] page dumped because: kasan: bad access detected [ 22.957015] [ 22.957107] Memory state around the buggy address: [ 22.957280] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.957980] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.958409] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.958931] ^ [ 22.959273] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.959682] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.960198] ================================================================== [ 23.104441] ================================================================== [ 23.104998] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 23.105317] Write of size 1 at addr ffff8881050f20c9 by task kunit_try_catch/211 [ 23.105678] [ 23.105783] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.105830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.105842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.105862] Call Trace: [ 23.105873] <TASK> [ 23.105890] dump_stack_lvl+0x73/0xb0 [ 23.105918] print_report+0xd1/0x610 [ 23.105939] ? __virt_addr_valid+0x1db/0x2d0 [ 23.105961] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.105984] ? kasan_addr_to_slab+0x11/0xa0 [ 23.106003] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106026] kasan_report+0x141/0x180 [ 23.106047] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106074] __asan_report_store1_noabort+0x1b/0x30 [ 23.106098] krealloc_less_oob_helper+0xd70/0x11d0 [ 23.106122] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.106145] ? finish_task_switch.isra.0+0x153/0x700 [ 23.106165] ? __switch_to+0x47/0xf80 [ 23.106191] ? __schedule+0x10c6/0x2b60 [ 23.106212] ? __pfx_read_tsc+0x10/0x10 [ 23.106237] krealloc_large_less_oob+0x1c/0x30 [ 23.106258] kunit_try_run_case+0x1a5/0x480 [ 23.106294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.106316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.106337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.106359] ? __kthread_parkme+0x82/0x180 [ 23.106379] ? preempt_count_sub+0x50/0x80 [ 23.106401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.106423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.106449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.106474] kthread+0x337/0x6f0 [ 23.106493] ? trace_preempt_on+0x20/0xc0 [ 23.106517] ? __pfx_kthread+0x10/0x10 [ 23.106537] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.106752] ? calculate_sigpending+0x7b/0xa0 [ 23.106777] ? __pfx_kthread+0x10/0x10 [ 23.106813] ret_from_fork+0x116/0x1d0 [ 23.106833] ? __pfx_kthread+0x10/0x10 [ 23.106853] ret_from_fork_asm+0x1a/0x30 [ 23.106883] </TASK> [ 23.106894] [ 23.119847] The buggy address belongs to the physical page: [ 23.120333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.120818] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.121381] flags: 0x200000000000040(head|node=0|zone=2) [ 23.121861] page_type: f8(unknown) [ 23.122331] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.122783] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.123303] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.123836] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.124318] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.124735] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.125377] page dumped because: kasan: bad access detected [ 23.125666] [ 23.125903] Memory state around the buggy address: [ 23.126307] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.126816] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.127522] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.128037] ^ [ 23.128421] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.128769] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.129240] ================================================================== [ 23.040407] ================================================================== [ 23.040729] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041071] Write of size 1 at addr ffff888100aa1eeb by task kunit_try_catch/207 [ 23.041416] [ 23.041493] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.041538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.041550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.041573] Call Trace: [ 23.041588] <TASK> [ 23.041604] dump_stack_lvl+0x73/0xb0 [ 23.041631] print_report+0xd1/0x610 [ 23.041652] ? __virt_addr_valid+0x1db/0x2d0 [ 23.041675] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.041722] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041745] kasan_report+0x141/0x180 [ 23.041766] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041793] __asan_report_store1_noabort+0x1b/0x30 [ 23.041817] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.041841] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.041864] ? finish_task_switch.isra.0+0x153/0x700 [ 23.041885] ? __switch_to+0x47/0xf80 [ 23.041910] ? __schedule+0x10c6/0x2b60 [ 23.041931] ? __pfx_read_tsc+0x10/0x10 [ 23.041957] krealloc_less_oob+0x1c/0x30 [ 23.041978] kunit_try_run_case+0x1a5/0x480 [ 23.042002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.042046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.042232] ? __kthread_parkme+0x82/0x180 [ 23.042257] ? preempt_count_sub+0x50/0x80 [ 23.042293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.042316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.042342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.042368] kthread+0x337/0x6f0 [ 23.042387] ? trace_preempt_on+0x20/0xc0 [ 23.042410] ? __pfx_kthread+0x10/0x10 [ 23.042429] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.042449] ? calculate_sigpending+0x7b/0xa0 [ 23.042472] ? __pfx_kthread+0x10/0x10 [ 23.042493] ret_from_fork+0x116/0x1d0 [ 23.042512] ? __pfx_kthread+0x10/0x10 [ 23.042532] ret_from_fork_asm+0x1a/0x30 [ 23.042574] </TASK> [ 23.042584] [ 23.050386] Allocated by task 207: [ 23.050717] kasan_save_stack+0x45/0x70 [ 23.050967] kasan_save_track+0x18/0x40 [ 23.051132] kasan_save_alloc_info+0x3b/0x50 [ 23.051322] __kasan_krealloc+0x190/0x1f0 [ 23.051459] krealloc_noprof+0xf3/0x340 [ 23.051707] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.052026] krealloc_less_oob+0x1c/0x30 [ 23.052165] kunit_try_run_case+0x1a5/0x480 [ 23.052340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.052590] kthread+0x337/0x6f0 [ 23.052880] ret_from_fork+0x116/0x1d0 [ 23.053076] ret_from_fork_asm+0x1a/0x30 [ 23.053277] [ 23.053341] The buggy address belongs to the object at ffff888100aa1e00 [ 23.053341] which belongs to the cache kmalloc-256 of size 256 [ 23.053725] The buggy address is located 34 bytes to the right of [ 23.053725] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.054388] [ 23.054458] The buggy address belongs to the physical page: [ 23.054623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.054856] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.055160] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.055693] page_type: f5(slab) [ 23.055859] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.056259] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.056675] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.057044] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.057293] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.057599] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.058211] page dumped because: kasan: bad access detected [ 23.058514] [ 23.058578] Memory state around the buggy address: [ 23.058724] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.058928] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.059132] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.059343] ^ [ 23.059535] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.059860] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.060150] ================================================================== [ 22.989466] ================================================================== [ 22.989802] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 22.990239] Write of size 1 at addr ffff888100aa1eda by task kunit_try_catch/207 [ 22.991189] [ 22.991453] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.991505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.991518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.991537] Call Trace: [ 22.991555] <TASK> [ 22.991570] dump_stack_lvl+0x73/0xb0 [ 22.991600] print_report+0xd1/0x610 [ 22.991622] ? __virt_addr_valid+0x1db/0x2d0 [ 22.991645] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.991692] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991715] kasan_report+0x141/0x180 [ 22.991736] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991763] __asan_report_store1_noabort+0x1b/0x30 [ 22.991787] krealloc_less_oob_helper+0xec6/0x11d0 [ 22.991811] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.991834] ? finish_task_switch.isra.0+0x153/0x700 [ 22.991855] ? __switch_to+0x47/0xf80 [ 22.991964] ? __schedule+0x10c6/0x2b60 [ 22.991986] ? __pfx_read_tsc+0x10/0x10 [ 22.992013] krealloc_less_oob+0x1c/0x30 [ 22.992035] kunit_try_run_case+0x1a5/0x480 [ 22.992058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.992080] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.992101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.992123] ? __kthread_parkme+0x82/0x180 [ 22.992142] ? preempt_count_sub+0x50/0x80 [ 22.992164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.992187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.992212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.992238] kthread+0x337/0x6f0 [ 22.992256] ? trace_preempt_on+0x20/0xc0 [ 22.992294] ? __pfx_kthread+0x10/0x10 [ 22.992315] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.992334] ? calculate_sigpending+0x7b/0xa0 [ 22.992357] ? __pfx_kthread+0x10/0x10 [ 22.992378] ret_from_fork+0x116/0x1d0 [ 22.992397] ? __pfx_kthread+0x10/0x10 [ 22.992416] ret_from_fork_asm+0x1a/0x30 [ 22.992446] </TASK> [ 22.992456] [ 23.003489] Allocated by task 207: [ 23.003968] kasan_save_stack+0x45/0x70 [ 23.004131] kasan_save_track+0x18/0x40 [ 23.004461] kasan_save_alloc_info+0x3b/0x50 [ 23.004779] __kasan_krealloc+0x190/0x1f0 [ 23.005131] krealloc_noprof+0xf3/0x340 [ 23.005335] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.005537] krealloc_less_oob+0x1c/0x30 [ 23.006087] kunit_try_run_case+0x1a5/0x480 [ 23.006261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.006661] kthread+0x337/0x6f0 [ 23.006957] ret_from_fork+0x116/0x1d0 [ 23.007313] ret_from_fork_asm+0x1a/0x30 [ 23.007641] [ 23.007716] The buggy address belongs to the object at ffff888100aa1e00 [ 23.007716] which belongs to the cache kmalloc-256 of size 256 [ 23.008390] The buggy address is located 17 bytes to the right of [ 23.008390] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.009371] [ 23.009466] The buggy address belongs to the physical page: [ 23.010057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.010494] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.011091] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.011355] page_type: f5(slab) [ 23.011626] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.012169] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.012514] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.013225] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.013704] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.014187] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.014698] page dumped because: kasan: bad access detected [ 23.015018] [ 23.015105] Memory state around the buggy address: [ 23.015308] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.015977] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.016277] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.016567] ^ [ 23.017292] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.017607] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.018015] ================================================================== [ 23.178279] ================================================================== [ 23.178863] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.179325] Write of size 1 at addr ffff8881050f20ea by task kunit_try_catch/211 [ 23.179813] [ 23.180206] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.180381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.180396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.180416] Call Trace: [ 23.180433] <TASK> [ 23.180449] dump_stack_lvl+0x73/0xb0 [ 23.180479] print_report+0xd1/0x610 [ 23.180500] ? __virt_addr_valid+0x1db/0x2d0 [ 23.180523] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180545] ? kasan_addr_to_slab+0x11/0xa0 [ 23.180565] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180587] kasan_report+0x141/0x180 [ 23.180608] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180635] __asan_report_store1_noabort+0x1b/0x30 [ 23.180658] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.180683] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.180706] ? finish_task_switch.isra.0+0x153/0x700 [ 23.180726] ? __switch_to+0x47/0xf80 [ 23.180751] ? __schedule+0x10c6/0x2b60 [ 23.180772] ? __pfx_read_tsc+0x10/0x10 [ 23.180798] krealloc_large_less_oob+0x1c/0x30 [ 23.180820] kunit_try_run_case+0x1a5/0x480 [ 23.180845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.180917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.180941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.180963] ? __kthread_parkme+0x82/0x180 [ 23.180982] ? preempt_count_sub+0x50/0x80 [ 23.181004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.181027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.181052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.181079] kthread+0x337/0x6f0 [ 23.181097] ? trace_preempt_on+0x20/0xc0 [ 23.181119] ? __pfx_kthread+0x10/0x10 [ 23.181139] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.181159] ? calculate_sigpending+0x7b/0xa0 [ 23.181182] ? __pfx_kthread+0x10/0x10 [ 23.181203] ret_from_fork+0x116/0x1d0 [ 23.181222] ? __pfx_kthread+0x10/0x10 [ 23.181241] ret_from_fork_asm+0x1a/0x30 [ 23.181285] </TASK> [ 23.181295] [ 23.193278] The buggy address belongs to the physical page: [ 23.193713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.194315] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.194801] flags: 0x200000000000040(head|node=0|zone=2) [ 23.195166] page_type: f8(unknown) [ 23.195504] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.195964] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.196434] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.196998] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.197454] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.197853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.198361] page dumped because: kasan: bad access detected [ 23.198659] [ 23.198728] Memory state around the buggy address: [ 23.198930] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.199750] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.200212] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.200583] ^ [ 23.200860] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.201282] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.201575] ================================================================== [ 23.202194] ================================================================== [ 23.202593] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 23.202926] Write of size 1 at addr ffff8881050f20eb by task kunit_try_catch/211 [ 23.203205] [ 23.203321] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.203366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.203379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.203398] Call Trace: [ 23.203413] <TASK> [ 23.203427] dump_stack_lvl+0x73/0xb0 [ 23.203453] print_report+0xd1/0x610 [ 23.203474] ? __virt_addr_valid+0x1db/0x2d0 [ 23.203496] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203519] ? kasan_addr_to_slab+0x11/0xa0 [ 23.203539] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203561] kasan_report+0x141/0x180 [ 23.203584] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203612] __asan_report_store1_noabort+0x1b/0x30 [ 23.203636] krealloc_less_oob_helper+0xd47/0x11d0 [ 23.203662] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.203686] ? finish_task_switch.isra.0+0x153/0x700 [ 23.203707] ? __switch_to+0x47/0xf80 [ 23.203732] ? __schedule+0x10c6/0x2b60 [ 23.203752] ? __pfx_read_tsc+0x10/0x10 [ 23.203779] krealloc_large_less_oob+0x1c/0x30 [ 23.203801] kunit_try_run_case+0x1a5/0x480 [ 23.203825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.203846] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.203868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.203891] ? __kthread_parkme+0x82/0x180 [ 23.203911] ? preempt_count_sub+0x50/0x80 [ 23.203932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.203955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.203981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.204006] kthread+0x337/0x6f0 [ 23.204025] ? trace_preempt_on+0x20/0xc0 [ 23.204047] ? __pfx_kthread+0x10/0x10 [ 23.204067] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.204087] ? calculate_sigpending+0x7b/0xa0 [ 23.204109] ? __pfx_kthread+0x10/0x10 [ 23.204129] ret_from_fork+0x116/0x1d0 [ 23.204148] ? __pfx_kthread+0x10/0x10 [ 23.204168] ret_from_fork_asm+0x1a/0x30 [ 23.204198] </TASK> [ 23.204208] [ 23.211535] The buggy address belongs to the physical page: [ 23.211761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.211997] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.212342] flags: 0x200000000000040(head|node=0|zone=2) [ 23.212658] page_type: f8(unknown) [ 23.212902] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.213247] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.213648] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.214045] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.214371] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.214728] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.215010] page dumped because: kasan: bad access detected [ 23.215409] [ 23.215508] Memory state around the buggy address: [ 23.215771] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.216098] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.216329] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.216537] ^ [ 23.216909] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.217219] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.217482] ================================================================== [ 23.154549] ================================================================== [ 23.154986] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 23.155567] Write of size 1 at addr ffff8881050f20da by task kunit_try_catch/211 [ 23.155882] [ 23.156212] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.156504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.156519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.156539] Call Trace: [ 23.156567] <TASK> [ 23.156583] dump_stack_lvl+0x73/0xb0 [ 23.156613] print_report+0xd1/0x610 [ 23.156635] ? __virt_addr_valid+0x1db/0x2d0 [ 23.156657] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156679] ? kasan_addr_to_slab+0x11/0xa0 [ 23.156698] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156721] kasan_report+0x141/0x180 [ 23.156742] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156769] __asan_report_store1_noabort+0x1b/0x30 [ 23.156792] krealloc_less_oob_helper+0xec6/0x11d0 [ 23.156817] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.156839] ? finish_task_switch.isra.0+0x153/0x700 [ 23.156860] ? __switch_to+0x47/0xf80 [ 23.156902] ? __schedule+0x10c6/0x2b60 [ 23.156923] ? __pfx_read_tsc+0x10/0x10 [ 23.156949] krealloc_large_less_oob+0x1c/0x30 [ 23.156972] kunit_try_run_case+0x1a5/0x480 [ 23.156996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.157017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.157040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.157062] ? __kthread_parkme+0x82/0x180 [ 23.157081] ? preempt_count_sub+0x50/0x80 [ 23.157102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.157125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.157150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.157176] kthread+0x337/0x6f0 [ 23.157195] ? trace_preempt_on+0x20/0xc0 [ 23.157217] ? __pfx_kthread+0x10/0x10 [ 23.157236] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.157256] ? calculate_sigpending+0x7b/0xa0 [ 23.157290] ? __pfx_kthread+0x10/0x10 [ 23.157311] ret_from_fork+0x116/0x1d0 [ 23.157330] ? __pfx_kthread+0x10/0x10 [ 23.157349] ret_from_fork_asm+0x1a/0x30 [ 23.157379] </TASK> [ 23.157389] [ 23.168870] The buggy address belongs to the physical page: [ 23.169441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.169916] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.170406] flags: 0x200000000000040(head|node=0|zone=2) [ 23.170853] page_type: f8(unknown) [ 23.171116] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.171462] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.172209] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.172571] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.173097] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.173531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.174120] page dumped because: kasan: bad access detected [ 23.174492] [ 23.174688] Memory state around the buggy address: [ 23.174867] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.175185] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.175503] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 23.176181] ^ [ 23.176572] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.177319] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.177615] ================================================================== [ 22.960678] ================================================================== [ 22.960931] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962083] Write of size 1 at addr ffff888100aa1ed0 by task kunit_try_catch/207 [ 22.962415] [ 22.962669] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.962721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.962733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.962752] Call Trace: [ 22.962767] <TASK> [ 22.962783] dump_stack_lvl+0x73/0xb0 [ 22.962813] print_report+0xd1/0x610 [ 22.962835] ? __virt_addr_valid+0x1db/0x2d0 [ 22.962858] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.962968] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.962991] kasan_report+0x141/0x180 [ 22.963012] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 22.963039] __asan_report_store1_noabort+0x1b/0x30 [ 22.963063] krealloc_less_oob_helper+0xe23/0x11d0 [ 22.963087] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 22.963110] ? finish_task_switch.isra.0+0x153/0x700 [ 22.963131] ? __switch_to+0x47/0xf80 [ 22.963156] ? __schedule+0x10c6/0x2b60 [ 22.963178] ? __pfx_read_tsc+0x10/0x10 [ 22.963204] krealloc_less_oob+0x1c/0x30 [ 22.963225] kunit_try_run_case+0x1a5/0x480 [ 22.963248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.963283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.963305] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.963327] ? __kthread_parkme+0x82/0x180 [ 22.963347] ? preempt_count_sub+0x50/0x80 [ 22.963369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.963391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.963417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.963442] kthread+0x337/0x6f0 [ 22.963461] ? trace_preempt_on+0x20/0xc0 [ 22.963484] ? __pfx_kthread+0x10/0x10 [ 22.963504] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.963524] ? calculate_sigpending+0x7b/0xa0 [ 22.963546] ? __pfx_kthread+0x10/0x10 [ 22.963566] ret_from_fork+0x116/0x1d0 [ 22.963584] ? __pfx_kthread+0x10/0x10 [ 22.963605] ret_from_fork_asm+0x1a/0x30 [ 22.963634] </TASK> [ 22.963644] [ 22.974387] Allocated by task 207: [ 22.974814] kasan_save_stack+0x45/0x70 [ 22.975147] kasan_save_track+0x18/0x40 [ 22.975335] kasan_save_alloc_info+0x3b/0x50 [ 22.975539] __kasan_krealloc+0x190/0x1f0 [ 22.976143] krealloc_noprof+0xf3/0x340 [ 22.976346] krealloc_less_oob_helper+0x1aa/0x11d0 [ 22.976757] krealloc_less_oob+0x1c/0x30 [ 22.977061] kunit_try_run_case+0x1a5/0x480 [ 22.977447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.977721] kthread+0x337/0x6f0 [ 22.977892] ret_from_fork+0x116/0x1d0 [ 22.978475] ret_from_fork_asm+0x1a/0x30 [ 22.978657] [ 22.978912] The buggy address belongs to the object at ffff888100aa1e00 [ 22.978912] which belongs to the cache kmalloc-256 of size 256 [ 22.979388] The buggy address is located 7 bytes to the right of [ 22.979388] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 22.980306] [ 22.980609] The buggy address belongs to the physical page: [ 22.980844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 22.981520] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.982054] anon flags: 0x200000000000040(head|node=0|zone=2) [ 22.982424] page_type: f5(slab) [ 22.982616] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.983160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.983560] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 22.984043] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.984404] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 22.984861] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.985398] page dumped because: kasan: bad access detected [ 22.985827] [ 22.985902] Memory state around the buggy address: [ 22.986253] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.986739] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.987040] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 22.987537] ^ [ 22.987930] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.988351] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.988750] ================================================================== [ 23.018846] ================================================================== [ 23.019453] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 23.020004] Write of size 1 at addr ffff888100aa1eea by task kunit_try_catch/207 [ 23.020636] [ 23.020742] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.020792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.020805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.020825] Call Trace: [ 23.020847] <TASK> [ 23.020864] dump_stack_lvl+0x73/0xb0 [ 23.020894] print_report+0xd1/0x610 [ 23.020916] ? __virt_addr_valid+0x1db/0x2d0 [ 23.020939] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.020962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.020987] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021010] kasan_report+0x141/0x180 [ 23.021031] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021058] __asan_report_store1_noabort+0x1b/0x30 [ 23.021082] krealloc_less_oob_helper+0xe90/0x11d0 [ 23.021106] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 23.021129] ? finish_task_switch.isra.0+0x153/0x700 [ 23.021150] ? __switch_to+0x47/0xf80 [ 23.021175] ? __schedule+0x10c6/0x2b60 [ 23.021196] ? __pfx_read_tsc+0x10/0x10 [ 23.021223] krealloc_less_oob+0x1c/0x30 [ 23.021244] kunit_try_run_case+0x1a5/0x480 [ 23.021280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.021302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.021324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.021346] ? __kthread_parkme+0x82/0x180 [ 23.021366] ? preempt_count_sub+0x50/0x80 [ 23.021387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.021409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.021435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.021461] kthread+0x337/0x6f0 [ 23.021480] ? trace_preempt_on+0x20/0xc0 [ 23.021502] ? __pfx_kthread+0x10/0x10 [ 23.021522] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.021542] ? calculate_sigpending+0x7b/0xa0 [ 23.021766] ? __pfx_kthread+0x10/0x10 [ 23.021789] ret_from_fork+0x116/0x1d0 [ 23.021809] ? __pfx_kthread+0x10/0x10 [ 23.021830] ret_from_fork_asm+0x1a/0x30 [ 23.021861] </TASK> [ 23.021925] [ 23.029627] Allocated by task 207: [ 23.029794] kasan_save_stack+0x45/0x70 [ 23.030104] kasan_save_track+0x18/0x40 [ 23.030262] kasan_save_alloc_info+0x3b/0x50 [ 23.030417] __kasan_krealloc+0x190/0x1f0 [ 23.030560] krealloc_noprof+0xf3/0x340 [ 23.030759] krealloc_less_oob_helper+0x1aa/0x11d0 [ 23.030981] krealloc_less_oob+0x1c/0x30 [ 23.031274] kunit_try_run_case+0x1a5/0x480 [ 23.031495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.031747] kthread+0x337/0x6f0 [ 23.031862] ret_from_fork+0x116/0x1d0 [ 23.032036] ret_from_fork_asm+0x1a/0x30 [ 23.032227] [ 23.032331] The buggy address belongs to the object at ffff888100aa1e00 [ 23.032331] which belongs to the cache kmalloc-256 of size 256 [ 23.032754] The buggy address is located 33 bytes to the right of [ 23.032754] allocated 201-byte region [ffff888100aa1e00, ffff888100aa1ec9) [ 23.033115] [ 23.033180] The buggy address belongs to the physical page: [ 23.033755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa0 [ 23.034115] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.034574] anon flags: 0x200000000000040(head|node=0|zone=2) [ 23.034820] page_type: f5(slab) [ 23.035127] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.035446] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.035782] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 23.036139] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.036460] head: 0200000000000001 ffffea000402a801 00000000ffffffff 00000000ffffffff [ 23.036835] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 23.037054] page dumped because: kasan: bad access detected [ 23.037318] [ 23.037459] Memory state around the buggy address: [ 23.037852] ffff888100aa1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.038121] ffff888100aa1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.038346] >ffff888100aa1e80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 23.038652] ^ [ 23.039208] ffff888100aa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.039541] ffff888100aa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.039836] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 23.082773] ================================================================== [ 23.083349] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 23.083702] Write of size 1 at addr ffff8881050f20f0 by task kunit_try_catch/209 [ 23.084156] [ 23.084288] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.084336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.084348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.084367] Call Trace: [ 23.084379] <TASK> [ 23.084393] dump_stack_lvl+0x73/0xb0 [ 23.084422] print_report+0xd1/0x610 [ 23.084444] ? __virt_addr_valid+0x1db/0x2d0 [ 23.084466] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.084489] ? kasan_addr_to_slab+0x11/0xa0 [ 23.084508] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.084531] kasan_report+0x141/0x180 [ 23.084587] ? krealloc_more_oob_helper+0x7eb/0x930 [ 23.084614] __asan_report_store1_noabort+0x1b/0x30 [ 23.084649] krealloc_more_oob_helper+0x7eb/0x930 [ 23.084672] ? pick_task_fair+0xce/0x340 [ 23.084697] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.084721] ? __schedule+0x2079/0x2b60 [ 23.084754] ? schedule+0x7c/0x2e0 [ 23.084773] ? trace_hardirqs_on+0x37/0xe0 [ 23.084796] ? __schedule+0x2079/0x2b60 [ 23.084817] ? __pfx_read_tsc+0x10/0x10 [ 23.084842] krealloc_large_more_oob+0x1c/0x30 [ 23.084864] kunit_try_run_case+0x1a5/0x480 [ 23.084953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.084975] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.085009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.085031] ? __kthread_parkme+0x82/0x180 [ 23.085051] ? preempt_count_sub+0x50/0x80 [ 23.085076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.085100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.085128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.085154] kthread+0x337/0x6f0 [ 23.085172] ? trace_preempt_on+0x20/0xc0 [ 23.085194] ? __pfx_kthread+0x10/0x10 [ 23.085214] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.085236] ? calculate_sigpending+0x7b/0xa0 [ 23.085259] ? __pfx_kthread+0x10/0x10 [ 23.085288] ret_from_fork+0x116/0x1d0 [ 23.085307] ? __pfx_kthread+0x10/0x10 [ 23.085326] ret_from_fork_asm+0x1a/0x30 [ 23.085358] </TASK> [ 23.085369] [ 23.093316] The buggy address belongs to the physical page: [ 23.093688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.094232] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.094543] flags: 0x200000000000040(head|node=0|zone=2) [ 23.094975] page_type: f8(unknown) [ 23.095099] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.095337] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.095722] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.096379] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.096778] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.097229] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.097586] page dumped because: kasan: bad access detected [ 23.097813] [ 23.097877] Memory state around the buggy address: [ 23.098023] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.098526] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.098825] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.099224] ^ [ 23.099548] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.099932] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.100210] ================================================================== [ 22.896500] ================================================================== [ 22.897579] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 22.898145] Write of size 1 at addr ffff888105e500f0 by task kunit_try_catch/205 [ 22.898449] [ 22.898559] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.898606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.898619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.898638] Call Trace: [ 22.899124] <TASK> [ 22.899151] dump_stack_lvl+0x73/0xb0 [ 22.899183] print_report+0xd1/0x610 [ 22.899205] ? __virt_addr_valid+0x1db/0x2d0 [ 22.899227] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.899250] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.899288] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.899311] kasan_report+0x141/0x180 [ 22.899332] ? krealloc_more_oob_helper+0x7eb/0x930 [ 22.899359] __asan_report_store1_noabort+0x1b/0x30 [ 22.899383] krealloc_more_oob_helper+0x7eb/0x930 [ 22.899404] ? __schedule+0x10c6/0x2b60 [ 22.899425] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.899449] ? finish_task_switch.isra.0+0x153/0x700 [ 22.899470] ? __switch_to+0x47/0xf80 [ 22.899495] ? __schedule+0x10c6/0x2b60 [ 22.899516] ? __pfx_read_tsc+0x10/0x10 [ 22.899542] krealloc_more_oob+0x1c/0x30 [ 22.899563] kunit_try_run_case+0x1a5/0x480 [ 22.899586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.899607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.899629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.899651] ? __kthread_parkme+0x82/0x180 [ 22.899670] ? preempt_count_sub+0x50/0x80 [ 22.899691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.899713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.899739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.899764] kthread+0x337/0x6f0 [ 22.899783] ? trace_preempt_on+0x20/0xc0 [ 22.899805] ? __pfx_kthread+0x10/0x10 [ 22.899825] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.899845] ? calculate_sigpending+0x7b/0xa0 [ 22.899907] ? __pfx_kthread+0x10/0x10 [ 22.899930] ret_from_fork+0x116/0x1d0 [ 22.899949] ? __pfx_kthread+0x10/0x10 [ 22.899968] ret_from_fork_asm+0x1a/0x30 [ 22.899998] </TASK> [ 22.900008] [ 22.911075] Allocated by task 205: [ 22.911196] kasan_save_stack+0x45/0x70 [ 22.911750] kasan_save_track+0x18/0x40 [ 22.912081] kasan_save_alloc_info+0x3b/0x50 [ 22.912242] __kasan_krealloc+0x190/0x1f0 [ 22.912617] krealloc_noprof+0xf3/0x340 [ 22.913056] krealloc_more_oob_helper+0x1a9/0x930 [ 22.913384] krealloc_more_oob+0x1c/0x30 [ 22.913664] kunit_try_run_case+0x1a5/0x480 [ 22.913818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.914133] kthread+0x337/0x6f0 [ 22.914310] ret_from_fork+0x116/0x1d0 [ 22.914480] ret_from_fork_asm+0x1a/0x30 [ 22.915036] [ 22.915113] The buggy address belongs to the object at ffff888105e50000 [ 22.915113] which belongs to the cache kmalloc-256 of size 256 [ 22.916013] The buggy address is located 5 bytes to the right of [ 22.916013] allocated 235-byte region [ffff888105e50000, ffff888105e500eb) [ 22.916665] [ 22.916775] The buggy address belongs to the physical page: [ 22.917027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e50 [ 22.917656] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.918074] flags: 0x200000000000040(head|node=0|zone=2) [ 22.918336] page_type: f5(slab) [ 22.918477] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.919251] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.919719] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.920157] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.920763] head: 0200000000000001 ffffea0004179401 00000000ffffffff 00000000ffffffff [ 22.921622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.922433] page dumped because: kasan: bad access detected [ 22.923120] [ 22.923274] Memory state around the buggy address: [ 22.923817] ffff888105e4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.924436] ffff888105e50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.924906] >ffff888105e50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.925120] ^ [ 22.925340] ffff888105e50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.925627] ffff888105e50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.926369] ================================================================== [ 22.874408] ================================================================== [ 22.874870] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 22.875192] Write of size 1 at addr ffff888105e500eb by task kunit_try_catch/205 [ 22.875503] [ 22.875626] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.875683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.875695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.875717] Call Trace: [ 22.875730] <TASK> [ 22.875751] dump_stack_lvl+0x73/0xb0 [ 22.875784] print_report+0xd1/0x610 [ 22.875807] ? __virt_addr_valid+0x1db/0x2d0 [ 22.875834] ? krealloc_more_oob_helper+0x821/0x930 [ 22.875877] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.875903] ? krealloc_more_oob_helper+0x821/0x930 [ 22.875927] kasan_report+0x141/0x180 [ 22.875949] ? krealloc_more_oob_helper+0x821/0x930 [ 22.875976] __asan_report_store1_noabort+0x1b/0x30 [ 22.875999] krealloc_more_oob_helper+0x821/0x930 [ 22.876020] ? __schedule+0x10c6/0x2b60 [ 22.876043] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 22.876066] ? finish_task_switch.isra.0+0x153/0x700 [ 22.876089] ? __switch_to+0x47/0xf80 [ 22.876115] ? __schedule+0x10c6/0x2b60 [ 22.876136] ? __pfx_read_tsc+0x10/0x10 [ 22.876162] krealloc_more_oob+0x1c/0x30 [ 22.876182] kunit_try_run_case+0x1a5/0x480 [ 22.876208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.876229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.876252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.876283] ? __kthread_parkme+0x82/0x180 [ 22.876304] ? preempt_count_sub+0x50/0x80 [ 22.876337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.876359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.876386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.876412] kthread+0x337/0x6f0 [ 22.876431] ? trace_preempt_on+0x20/0xc0 [ 22.876456] ? __pfx_kthread+0x10/0x10 [ 22.876475] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.876495] ? calculate_sigpending+0x7b/0xa0 [ 22.876518] ? __pfx_kthread+0x10/0x10 [ 22.876556] ret_from_fork+0x116/0x1d0 [ 22.876575] ? __pfx_kthread+0x10/0x10 [ 22.876595] ret_from_fork_asm+0x1a/0x30 [ 22.876626] </TASK> [ 22.876637] [ 22.884130] Allocated by task 205: [ 22.884284] kasan_save_stack+0x45/0x70 [ 22.884484] kasan_save_track+0x18/0x40 [ 22.884695] kasan_save_alloc_info+0x3b/0x50 [ 22.884961] __kasan_krealloc+0x190/0x1f0 [ 22.885123] krealloc_noprof+0xf3/0x340 [ 22.885256] krealloc_more_oob_helper+0x1a9/0x930 [ 22.885419] krealloc_more_oob+0x1c/0x30 [ 22.885632] kunit_try_run_case+0x1a5/0x480 [ 22.885832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.886167] kthread+0x337/0x6f0 [ 22.886351] ret_from_fork+0x116/0x1d0 [ 22.886536] ret_from_fork_asm+0x1a/0x30 [ 22.886729] [ 22.886796] The buggy address belongs to the object at ffff888105e50000 [ 22.886796] which belongs to the cache kmalloc-256 of size 256 [ 22.887373] The buggy address is located 0 bytes to the right of [ 22.887373] allocated 235-byte region [ffff888105e50000, ffff888105e500eb) [ 22.887990] [ 22.888074] The buggy address belongs to the physical page: [ 22.888288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e50 [ 22.888527] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.888766] flags: 0x200000000000040(head|node=0|zone=2) [ 22.889075] page_type: f5(slab) [ 22.889242] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.889618] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.890006] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 22.890235] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.890488] head: 0200000000000001 ffffea0004179401 00000000ffffffff 00000000ffffffff [ 22.890920] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 22.891276] page dumped because: kasan: bad access detected [ 22.891531] [ 22.891646] Memory state around the buggy address: [ 22.891911] ffff888105e4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.892199] ffff888105e50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.892487] >ffff888105e50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 22.892775] ^ [ 22.893099] ffff888105e50100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.893372] ffff888105e50180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.893680] ================================================================== [ 23.063790] ================================================================== [ 23.064562] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 23.064956] Write of size 1 at addr ffff8881050f20eb by task kunit_try_catch/209 [ 23.065327] [ 23.065491] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.065539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.065558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.065578] Call Trace: [ 23.065590] <TASK> [ 23.065607] dump_stack_lvl+0x73/0xb0 [ 23.065637] print_report+0xd1/0x610 [ 23.065703] ? __virt_addr_valid+0x1db/0x2d0 [ 23.065727] ? krealloc_more_oob_helper+0x821/0x930 [ 23.065749] ? kasan_addr_to_slab+0x11/0xa0 [ 23.065807] ? krealloc_more_oob_helper+0x821/0x930 [ 23.065830] kasan_report+0x141/0x180 [ 23.065852] ? krealloc_more_oob_helper+0x821/0x930 [ 23.065946] __asan_report_store1_noabort+0x1b/0x30 [ 23.065970] krealloc_more_oob_helper+0x821/0x930 [ 23.065993] ? pick_task_fair+0xce/0x340 [ 23.066018] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 23.066041] ? __schedule+0x2079/0x2b60 [ 23.066062] ? schedule+0x7c/0x2e0 [ 23.066081] ? trace_hardirqs_on+0x37/0xe0 [ 23.066104] ? __schedule+0x2079/0x2b60 [ 23.066124] ? __pfx_read_tsc+0x10/0x10 [ 23.066149] krealloc_large_more_oob+0x1c/0x30 [ 23.066171] kunit_try_run_case+0x1a5/0x480 [ 23.066194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.066215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.066237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.066259] ? __kthread_parkme+0x82/0x180 [ 23.066291] ? preempt_count_sub+0x50/0x80 [ 23.066312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.066335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.066361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.066387] kthread+0x337/0x6f0 [ 23.066406] ? trace_preempt_on+0x20/0xc0 [ 23.066428] ? __pfx_kthread+0x10/0x10 [ 23.066447] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.066468] ? calculate_sigpending+0x7b/0xa0 [ 23.066491] ? __pfx_kthread+0x10/0x10 [ 23.066512] ret_from_fork+0x116/0x1d0 [ 23.066530] ? __pfx_kthread+0x10/0x10 [ 23.066560] ret_from_fork_asm+0x1a/0x30 [ 23.066590] </TASK> [ 23.066600] [ 23.075518] The buggy address belongs to the physical page: [ 23.075730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050f0 [ 23.075969] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 23.076464] flags: 0x200000000000040(head|node=0|zone=2) [ 23.076733] page_type: f8(unknown) [ 23.076901] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.077284] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.077812] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 23.078171] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 23.078416] head: 0200000000000002 ffffea0004143c01 00000000ffffffff 00000000ffffffff [ 23.078664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 23.078994] page dumped because: kasan: bad access detected [ 23.079292] [ 23.079381] Memory state around the buggy address: [ 23.079661] ffff8881050f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.080113] ffff8881050f2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.080443] >ffff8881050f2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 23.080869] ^ [ 23.081143] ffff8881050f2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.081372] ffff8881050f2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 23.081922] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 29.026290] ================================================================== [ 29.026728] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 29.026728] [ 29.027025] Invalid free of 0x(____ptrval____) (in kfence-#98): [ 29.027476] test_invalid_addr_free+0xfb/0x260 [ 29.027671] kunit_try_run_case+0x1a5/0x480 [ 29.027817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.028092] kthread+0x337/0x6f0 [ 29.028262] ret_from_fork+0x116/0x1d0 [ 29.028463] ret_from_fork_asm+0x1a/0x30 [ 29.028617] [ 29.028752] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.028752] [ 29.029111] allocated by task 358 on cpu 1 at 29.026164s (0.002945s ago): [ 29.029329] test_alloc+0x2a6/0x10f0 [ 29.029524] test_invalid_addr_free+0xdb/0x260 [ 29.029815] kunit_try_run_case+0x1a5/0x480 [ 29.029956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.030126] kthread+0x337/0x6f0 [ 29.030430] ret_from_fork+0x116/0x1d0 [ 29.030624] ret_from_fork_asm+0x1a/0x30 [ 29.030832] [ 29.030946] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 29.031422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.031624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.031968] ================================================================== [ 28.818314] ================================================================== [ 28.818739] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 28.818739] [ 28.819103] Invalid free of 0x(____ptrval____) (in kfence-#96): [ 28.819362] test_invalid_addr_free+0x1e1/0x260 [ 28.819519] kunit_try_run_case+0x1a5/0x480 [ 28.819848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.820117] kthread+0x337/0x6f0 [ 28.820306] ret_from_fork+0x116/0x1d0 [ 28.820505] ret_from_fork_asm+0x1a/0x30 [ 28.820781] [ 28.820957] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.820957] [ 28.821247] allocated by task 356 on cpu 0 at 28.818186s (0.003059s ago): [ 28.821593] test_alloc+0x364/0x10f0 [ 28.821827] test_invalid_addr_free+0xdb/0x260 [ 28.822026] kunit_try_run_case+0x1a5/0x480 [ 28.822200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.822465] kthread+0x337/0x6f0 [ 28.822633] ret_from_fork+0x116/0x1d0 [ 28.822791] ret_from_fork_asm+0x1a/0x30 [ 28.823026] [ 28.823122] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.823654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.823806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.824210] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 58.875001] ================================================================== [ 58.875584] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 58.875584] [ 58.876142] Use-after-free read at 0x(____ptrval____) (in kfence-#148): [ 58.876581] test_krealloc+0x6fc/0xbe0 [ 58.876725] kunit_try_run_case+0x1a5/0x480 [ 58.876887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.877063] kthread+0x337/0x6f0 [ 58.877403] ret_from_fork+0x116/0x1d0 [ 58.877761] ret_from_fork_asm+0x1a/0x30 [ 58.878158] [ 58.878332] kfence-#148: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 58.878332] [ 58.879196] allocated by task 386 on cpu 1 at 58.874199s (0.004994s ago): [ 58.879502] test_alloc+0x364/0x10f0 [ 58.879855] test_krealloc+0xad/0xbe0 [ 58.880017] kunit_try_run_case+0x1a5/0x480 [ 58.880401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.880576] kthread+0x337/0x6f0 [ 58.880691] ret_from_fork+0x116/0x1d0 [ 58.880817] ret_from_fork_asm+0x1a/0x30 [ 58.880964] [ 58.881032] freed by task 386 on cpu 1 at 58.874473s (0.006557s ago): [ 58.881551] krealloc_noprof+0x108/0x340 [ 58.881919] test_krealloc+0x226/0xbe0 [ 58.882293] kunit_try_run_case+0x1a5/0x480 [ 58.882679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.883178] kthread+0x337/0x6f0 [ 58.883471] ret_from_fork+0x116/0x1d0 [ 58.883754] ret_from_fork_asm+0x1a/0x30 [ 58.883903] [ 58.883998] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 58.884932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.885320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.885676] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 58.792313] ================================================================== [ 58.792730] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 58.792730] [ 58.793080] Use-after-free read at 0x(____ptrval____) (in kfence-#147): [ 58.793999] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 58.794333] kunit_try_run_case+0x1a5/0x480 [ 58.794532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.794779] kthread+0x337/0x6f0 [ 58.794946] ret_from_fork+0x116/0x1d0 [ 58.795107] ret_from_fork_asm+0x1a/0x30 [ 58.795707] [ 58.795788] kfence-#147: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 58.795788] [ 58.796383] allocated by task 384 on cpu 0 at 58.770218s (0.026162s ago): [ 58.796865] test_alloc+0x2a6/0x10f0 [ 58.797153] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 58.797342] kunit_try_run_case+0x1a5/0x480 [ 58.797722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.797971] kthread+0x337/0x6f0 [ 58.798337] ret_from_fork+0x116/0x1d0 [ 58.798606] ret_from_fork_asm+0x1a/0x30 [ 58.798902] [ 58.798985] freed by task 384 on cpu 0 at 58.770362s (0.028621s ago): [ 58.799228] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 58.799421] kunit_try_run_case+0x1a5/0x480 [ 58.799606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 58.799843] kthread+0x337/0x6f0 [ 58.799960] ret_from_fork+0x116/0x1d0 [ 58.800142] ret_from_fork_asm+0x1a/0x30 [ 58.800293] [ 58.800394] CPU: 0 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 58.800748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 58.800899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 58.801356] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 33.930704] ================================================================== [ 33.931230] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 33.931230] [ 33.931809] Invalid read at 0x(____ptrval____): [ 33.932055] test_invalid_access+0xf0/0x210 [ 33.932534] kunit_try_run_case+0x1a5/0x480 [ 33.932708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.933102] kthread+0x337/0x6f0 [ 33.933293] ret_from_fork+0x116/0x1d0 [ 33.933495] ret_from_fork_asm+0x1a/0x30 [ 33.933695] [ 33.933814] CPU: 1 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 33.934598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.934789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.935365] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 33.706451] ================================================================== [ 33.706994] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.706994] [ 33.707353] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#143): [ 33.707965] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.708228] kunit_try_run_case+0x1a5/0x480 [ 33.708385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.708656] kthread+0x337/0x6f0 [ 33.708904] ret_from_fork+0x116/0x1d0 [ 33.709057] ret_from_fork_asm+0x1a/0x30 [ 33.709196] [ 33.709264] kfence-#143: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 33.709264] [ 33.709710] allocated by task 374 on cpu 1 at 33.706161s (0.003547s ago): [ 33.710019] test_alloc+0x364/0x10f0 [ 33.710143] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 33.710410] kunit_try_run_case+0x1a5/0x480 [ 33.710635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.710902] kthread+0x337/0x6f0 [ 33.711083] ret_from_fork+0x116/0x1d0 [ 33.711248] ret_from_fork_asm+0x1a/0x30 [ 33.711420] [ 33.711501] freed by task 374 on cpu 1 at 33.706305s (0.005194s ago): [ 33.711786] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 33.712010] kunit_try_run_case+0x1a5/0x480 [ 33.712154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.712325] kthread+0x337/0x6f0 [ 33.712483] ret_from_fork+0x116/0x1d0 [ 33.712666] ret_from_fork_asm+0x1a/0x30 [ 33.712859] [ 33.712991] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 33.713455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.713589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.714338] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 33.290480] ================================================================== [ 33.291042] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 33.291042] [ 33.291405] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#139): [ 33.291756] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 33.291976] kunit_try_run_case+0x1a5/0x480 [ 33.292222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.292451] kthread+0x337/0x6f0 [ 33.292636] ret_from_fork+0x116/0x1d0 [ 33.292853] ret_from_fork_asm+0x1a/0x30 [ 33.293021] [ 33.293113] kfence-#139: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 33.293113] [ 33.293518] allocated by task 372 on cpu 0 at 33.290204s (0.003311s ago): [ 33.293799] test_alloc+0x364/0x10f0 [ 33.293983] test_kmalloc_aligned_oob_read+0x105/0x560 [ 33.294178] kunit_try_run_case+0x1a5/0x480 [ 33.294322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.294536] kthread+0x337/0x6f0 [ 33.294701] ret_from_fork+0x116/0x1d0 [ 33.294884] ret_from_fork_asm+0x1a/0x30 [ 33.295064] [ 33.295156] CPU: 0 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 33.295738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.295937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.296315] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 29.754381] ================================================================== [ 29.754804] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 29.754804] [ 29.755796] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#105): [ 29.756283] test_corruption+0x131/0x3e0 [ 29.756446] kunit_try_run_case+0x1a5/0x480 [ 29.756596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.757012] kthread+0x337/0x6f0 [ 29.757196] ret_from_fork+0x116/0x1d0 [ 29.757329] ret_from_fork_asm+0x1a/0x30 [ 29.757480] [ 29.757548] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.757548] [ 29.757908] allocated by task 362 on cpu 0 at 29.754235s (0.003670s ago): [ 29.758474] test_alloc+0x2a6/0x10f0 [ 29.758634] test_corruption+0xe6/0x3e0 [ 29.758784] kunit_try_run_case+0x1a5/0x480 [ 29.758926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.759099] kthread+0x337/0x6f0 [ 29.759216] ret_from_fork+0x116/0x1d0 [ 29.759344] ret_from_fork_asm+0x1a/0x30 [ 29.759498] [ 29.759572] freed by task 362 on cpu 0 at 29.754281s (0.005288s ago): [ 29.759994] test_corruption+0x131/0x3e0 [ 29.760184] kunit_try_run_case+0x1a5/0x480 [ 29.760338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.760604] kthread+0x337/0x6f0 [ 29.760783] ret_from_fork+0x116/0x1d0 [ 29.760960] ret_from_fork_asm+0x1a/0x30 [ 29.761096] [ 29.761217] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 29.761765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.761899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.762487] ================================================================== [ 29.234493] ================================================================== [ 29.235077] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 29.235077] [ 29.235460] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#100): [ 29.236200] test_corruption+0x2df/0x3e0 [ 29.236400] kunit_try_run_case+0x1a5/0x480 [ 29.236582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.236844] kthread+0x337/0x6f0 [ 29.237411] ret_from_fork+0x116/0x1d0 [ 29.237552] ret_from_fork_asm+0x1a/0x30 [ 29.237820] [ 29.237931] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.237931] [ 29.238294] allocated by task 360 on cpu 1 at 29.234232s (0.004060s ago): [ 29.238590] test_alloc+0x364/0x10f0 [ 29.238772] test_corruption+0x1cb/0x3e0 [ 29.239330] kunit_try_run_case+0x1a5/0x480 [ 29.239512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.239902] kthread+0x337/0x6f0 [ 29.240059] ret_from_fork+0x116/0x1d0 [ 29.240368] ret_from_fork_asm+0x1a/0x30 [ 29.240618] [ 29.240720] freed by task 360 on cpu 1 at 29.234307s (0.006411s ago): [ 29.241139] test_corruption+0x2df/0x3e0 [ 29.241322] kunit_try_run_case+0x1a5/0x480 [ 29.241589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.241816] kthread+0x337/0x6f0 [ 29.241973] ret_from_fork+0x116/0x1d0 [ 29.242136] ret_from_fork_asm+0x1a/0x30 [ 29.242333] [ 29.242478] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 29.243316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.243583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.244076] ================================================================== [ 29.858400] ================================================================== [ 29.858926] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 29.858926] [ 29.859225] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#106): [ 29.859614] test_corruption+0x216/0x3e0 [ 29.859790] kunit_try_run_case+0x1a5/0x480 [ 29.859939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.860227] kthread+0x337/0x6f0 [ 29.860412] ret_from_fork+0x116/0x1d0 [ 29.860565] ret_from_fork_asm+0x1a/0x30 [ 29.860703] [ 29.860797] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.860797] [ 29.861209] allocated by task 362 on cpu 0 at 29.858246s (0.002961s ago): [ 29.861472] test_alloc+0x2a6/0x10f0 [ 29.861649] test_corruption+0x1cb/0x3e0 [ 29.861855] kunit_try_run_case+0x1a5/0x480 [ 29.862071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.862252] kthread+0x337/0x6f0 [ 29.862381] ret_from_fork+0x116/0x1d0 [ 29.862563] ret_from_fork_asm+0x1a/0x30 [ 29.862758] [ 29.862850] freed by task 362 on cpu 0 at 29.858308s (0.004540s ago): [ 29.863208] test_corruption+0x216/0x3e0 [ 29.863387] kunit_try_run_case+0x1a5/0x480 [ 29.863529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.863890] kthread+0x337/0x6f0 [ 29.864072] ret_from_fork+0x116/0x1d0 [ 29.864229] ret_from_fork_asm+0x1a/0x30 [ 29.864373] [ 29.864493] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 29.865018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.865240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.865550] ================================================================== [ 29.130539] ================================================================== [ 29.131098] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 29.131098] [ 29.131519] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#99): [ 29.132471] test_corruption+0x2d2/0x3e0 [ 29.132656] kunit_try_run_case+0x1a5/0x480 [ 29.132886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.133151] kthread+0x337/0x6f0 [ 29.133275] ret_from_fork+0x116/0x1d0 [ 29.133419] ret_from_fork_asm+0x1a/0x30 [ 29.133622] [ 29.133767] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.133767] [ 29.134202] allocated by task 360 on cpu 1 at 29.130245s (0.003955s ago): [ 29.134556] test_alloc+0x364/0x10f0 [ 29.134756] test_corruption+0xe6/0x3e0 [ 29.134889] kunit_try_run_case+0x1a5/0x480 [ 29.135111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.135391] kthread+0x337/0x6f0 [ 29.135544] ret_from_fork+0x116/0x1d0 [ 29.135700] ret_from_fork_asm+0x1a/0x30 [ 29.135914] [ 29.136004] freed by task 360 on cpu 1 at 29.130367s (0.005635s ago): [ 29.136309] test_corruption+0x2d2/0x3e0 [ 29.136498] kunit_try_run_case+0x1a5/0x480 [ 29.136727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.136968] kthread+0x337/0x6f0 [ 29.137087] ret_from_fork+0x116/0x1d0 [ 29.137249] ret_from_fork_asm+0x1a/0x30 [ 29.137476] [ 29.137615] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 29.138475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.138627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.139552] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 25.215012] ================================================================== [ 25.215924] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 25.216384] Read of size 1 at addr ffff8881053b8d50 by task kunit_try_catch/308 [ 25.216645] [ 25.216772] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.216830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.216843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.216866] Call Trace: [ 25.216881] <TASK> [ 25.216903] dump_stack_lvl+0x73/0xb0 [ 25.216935] print_report+0xd1/0x610 [ 25.216964] ? __virt_addr_valid+0x1db/0x2d0 [ 25.216990] ? strcmp+0xb0/0xc0 [ 25.217011] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.217037] ? strcmp+0xb0/0xc0 [ 25.217072] kasan_report+0x141/0x180 [ 25.217094] ? strcmp+0xb0/0xc0 [ 25.217119] __asan_report_load1_noabort+0x18/0x20 [ 25.217142] strcmp+0xb0/0xc0 [ 25.217164] kasan_strings+0x431/0xe80 [ 25.217184] ? trace_hardirqs_on+0x37/0xe0 [ 25.217210] ? __pfx_kasan_strings+0x10/0x10 [ 25.217230] ? finish_task_switch.isra.0+0x153/0x700 [ 25.217253] ? __switch_to+0x47/0xf80 [ 25.217281] ? __schedule+0x10c6/0x2b60 [ 25.217316] ? __pfx_read_tsc+0x10/0x10 [ 25.217338] ? ktime_get_ts64+0x86/0x230 [ 25.217364] kunit_try_run_case+0x1a5/0x480 [ 25.217390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.217412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.217436] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.217458] ? __kthread_parkme+0x82/0x180 [ 25.217479] ? preempt_count_sub+0x50/0x80 [ 25.217500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.217523] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.217550] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.217576] kthread+0x337/0x6f0 [ 25.217697] ? trace_preempt_on+0x20/0xc0 [ 25.217720] ? __pfx_kthread+0x10/0x10 [ 25.217741] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.217761] ? calculate_sigpending+0x7b/0xa0 [ 25.217786] ? __pfx_kthread+0x10/0x10 [ 25.217808] ret_from_fork+0x116/0x1d0 [ 25.217827] ? __pfx_kthread+0x10/0x10 [ 25.217847] ret_from_fork_asm+0x1a/0x30 [ 25.217916] </TASK> [ 25.217929] [ 25.225598] Allocated by task 308: [ 25.225780] kasan_save_stack+0x45/0x70 [ 25.226093] kasan_save_track+0x18/0x40 [ 25.226292] kasan_save_alloc_info+0x3b/0x50 [ 25.226505] __kasan_kmalloc+0xb7/0xc0 [ 25.226680] __kmalloc_cache_noprof+0x189/0x420 [ 25.227115] kasan_strings+0xc0/0xe80 [ 25.227249] kunit_try_run_case+0x1a5/0x480 [ 25.227402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.227747] kthread+0x337/0x6f0 [ 25.227966] ret_from_fork+0x116/0x1d0 [ 25.228188] ret_from_fork_asm+0x1a/0x30 [ 25.228384] [ 25.228468] Freed by task 308: [ 25.228606] kasan_save_stack+0x45/0x70 [ 25.228815] kasan_save_track+0x18/0x40 [ 25.229116] kasan_save_free_info+0x3f/0x60 [ 25.229336] __kasan_slab_free+0x56/0x70 [ 25.229502] kfree+0x222/0x3f0 [ 25.229713] kasan_strings+0x2aa/0xe80 [ 25.229862] kunit_try_run_case+0x1a5/0x480 [ 25.230066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.230274] kthread+0x337/0x6f0 [ 25.230427] ret_from_fork+0x116/0x1d0 [ 25.230583] ret_from_fork_asm+0x1a/0x30 [ 25.230793] [ 25.230859] The buggy address belongs to the object at ffff8881053b8d40 [ 25.230859] which belongs to the cache kmalloc-32 of size 32 [ 25.231211] The buggy address is located 16 bytes inside of [ 25.231211] freed 32-byte region [ffff8881053b8d40, ffff8881053b8d60) [ 25.231609] [ 25.231705] The buggy address belongs to the physical page: [ 25.232378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b8 [ 25.232793] flags: 0x200000000000000(node=0|zone=2) [ 25.233308] page_type: f5(slab) [ 25.233441] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.233943] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.234269] page dumped because: kasan: bad access detected [ 25.234496] [ 25.234567] Memory state around the buggy address: [ 25.234769] ffff8881053b8c00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.234985] ffff8881053b8c80: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.235305] >ffff8881053b8d00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.235663] ^ [ 25.235937] ffff8881053b8d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.236208] ffff8881053b8e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.236559] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 28.610652] ================================================================== [ 28.611192] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 28.611192] [ 28.611568] Invalid free of 0x(____ptrval____) (in kfence-#94): [ 28.611875] test_double_free+0x1d3/0x260 [ 28.612025] kunit_try_run_case+0x1a5/0x480 [ 28.612269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.612518] kthread+0x337/0x6f0 [ 28.612683] ret_from_fork+0x116/0x1d0 [ 28.612815] ret_from_fork_asm+0x1a/0x30 [ 28.612985] [ 28.613116] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.613116] [ 28.613551] allocated by task 352 on cpu 1 at 28.610220s (0.003329s ago): [ 28.613934] test_alloc+0x364/0x10f0 [ 28.614171] test_double_free+0xdb/0x260 [ 28.614307] kunit_try_run_case+0x1a5/0x480 [ 28.614462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.614833] kthread+0x337/0x6f0 [ 28.615000] ret_from_fork+0x116/0x1d0 [ 28.615186] ret_from_fork_asm+0x1a/0x30 [ 28.615369] [ 28.615454] freed by task 352 on cpu 1 at 28.610302s (0.005149s ago): [ 28.615667] test_double_free+0x1e0/0x260 [ 28.615804] kunit_try_run_case+0x1a5/0x480 [ 28.615996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.616249] kthread+0x337/0x6f0 [ 28.616419] ret_from_fork+0x116/0x1d0 [ 28.616613] ret_from_fork_asm+0x1a/0x30 [ 28.616816] [ 28.616934] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.617303] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.617511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.618269] ================================================================== [ 28.714446] ================================================================== [ 28.715042] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 28.715042] [ 28.715374] Invalid free of 0x(____ptrval____) (in kfence-#95): [ 28.715723] test_double_free+0x112/0x260 [ 28.715921] kunit_try_run_case+0x1a5/0x480 [ 28.716066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.716286] kthread+0x337/0x6f0 [ 28.716460] ret_from_fork+0x116/0x1d0 [ 28.716664] ret_from_fork_asm+0x1a/0x30 [ 28.716879] [ 28.716958] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.716958] [ 28.717339] allocated by task 354 on cpu 0 at 28.714250s (0.003087s ago): [ 28.717680] test_alloc+0x2a6/0x10f0 [ 28.717888] test_double_free+0xdb/0x260 [ 28.718215] kunit_try_run_case+0x1a5/0x480 [ 28.718442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.718772] kthread+0x337/0x6f0 [ 28.718928] ret_from_fork+0x116/0x1d0 [ 28.719099] ret_from_fork_asm+0x1a/0x30 [ 28.719284] [ 28.719376] freed by task 354 on cpu 0 at 28.714308s (0.005066s ago): [ 28.719602] test_double_free+0xfa/0x260 [ 28.719827] kunit_try_run_case+0x1a5/0x480 [ 28.720010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.720182] kthread+0x337/0x6f0 [ 28.720298] ret_from_fork+0x116/0x1d0 [ 28.720436] ret_from_fork_asm+0x1a/0x30 [ 28.720573] [ 28.720718] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.721286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.721501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.722023] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 28.194309] ================================================================== [ 28.194760] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.194760] [ 28.195367] Use-after-free read at 0x(____ptrval____) (in kfence-#90): [ 28.195888] test_use_after_free_read+0x129/0x270 [ 28.196209] kunit_try_run_case+0x1a5/0x480 [ 28.196929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.197200] kthread+0x337/0x6f0 [ 28.197396] ret_from_fork+0x116/0x1d0 [ 28.197823] ret_from_fork_asm+0x1a/0x30 [ 28.198034] [ 28.198112] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.198112] [ 28.198754] allocated by task 344 on cpu 1 at 28.194085s (0.004667s ago): [ 28.199226] test_alloc+0x364/0x10f0 [ 28.199424] test_use_after_free_read+0xdc/0x270 [ 28.199830] kunit_try_run_case+0x1a5/0x480 [ 28.200128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.200385] kthread+0x337/0x6f0 [ 28.200728] ret_from_fork+0x116/0x1d0 [ 28.201003] ret_from_fork_asm+0x1a/0x30 [ 28.201311] [ 28.201588] freed by task 344 on cpu 1 at 28.194146s (0.007315s ago): [ 28.202089] test_use_after_free_read+0x1e7/0x270 [ 28.202298] kunit_try_run_case+0x1a5/0x480 [ 28.202638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.202974] kthread+0x337/0x6f0 [ 28.203226] ret_from_fork+0x116/0x1d0 [ 28.203429] ret_from_fork_asm+0x1a/0x30 [ 28.203817] [ 28.204027] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.204560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.204911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.205386] ================================================================== [ 28.298357] ================================================================== [ 28.298880] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 28.298880] [ 28.299285] Use-after-free read at 0x(____ptrval____) (in kfence-#91): [ 28.299542] test_use_after_free_read+0x129/0x270 [ 28.299836] kunit_try_run_case+0x1a5/0x480 [ 28.299988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.300248] kthread+0x337/0x6f0 [ 28.300560] ret_from_fork+0x116/0x1d0 [ 28.300801] ret_from_fork_asm+0x1a/0x30 [ 28.300958] [ 28.301028] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.301028] [ 28.301421] allocated by task 346 on cpu 0 at 28.298222s (0.003197s ago): [ 28.301788] test_alloc+0x2a6/0x10f0 [ 28.301913] test_use_after_free_read+0xdc/0x270 [ 28.302061] kunit_try_run_case+0x1a5/0x480 [ 28.302259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.302532] kthread+0x337/0x6f0 [ 28.302697] ret_from_fork+0x116/0x1d0 [ 28.302938] ret_from_fork_asm+0x1a/0x30 [ 28.303074] [ 28.303141] freed by task 346 on cpu 0 at 28.298263s (0.004876s ago): [ 28.303466] test_use_after_free_read+0xfb/0x270 [ 28.303752] kunit_try_run_case+0x1a5/0x480 [ 28.304031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.304256] kthread+0x337/0x6f0 [ 28.304382] ret_from_fork+0x116/0x1d0 [ 28.304512] ret_from_fork_asm+0x1a/0x30 [ 28.304793] [ 28.304921] CPU: 0 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.305334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.305503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.306006] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 27.986285] ================================================================== [ 27.986756] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 27.986756] [ 27.987322] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#88): [ 27.987654] test_out_of_bounds_write+0x10d/0x260 [ 27.987830] kunit_try_run_case+0x1a5/0x480 [ 27.988015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.988269] kthread+0x337/0x6f0 [ 27.988482] ret_from_fork+0x116/0x1d0 [ 27.988692] ret_from_fork_asm+0x1a/0x30 [ 27.988838] [ 27.988908] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.988908] [ 27.989193] allocated by task 340 on cpu 0 at 27.986180s (0.003011s ago): [ 27.989880] test_alloc+0x364/0x10f0 [ 27.990224] test_out_of_bounds_write+0xd4/0x260 [ 27.990673] kunit_try_run_case+0x1a5/0x480 [ 27.990840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.991294] kthread+0x337/0x6f0 [ 27.991502] ret_from_fork+0x116/0x1d0 [ 27.991693] ret_from_fork_asm+0x1a/0x30 [ 27.992068] [ 27.992259] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.992749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.992943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.993213] ================================================================== [ 28.090376] ================================================================== [ 28.090938] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 28.090938] [ 28.091343] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 28.092388] test_out_of_bounds_write+0x10d/0x260 [ 28.092853] kunit_try_run_case+0x1a5/0x480 [ 28.093164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.093517] kthread+0x337/0x6f0 [ 28.093813] ret_from_fork+0x116/0x1d0 [ 28.094097] ret_from_fork_asm+0x1a/0x30 [ 28.094381] [ 28.094464] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.094464] [ 28.094984] allocated by task 342 on cpu 1 at 28.090294s (0.004687s ago): [ 28.095329] test_alloc+0x2a6/0x10f0 [ 28.095518] test_out_of_bounds_write+0xd4/0x260 [ 28.095944] kunit_try_run_case+0x1a5/0x480 [ 28.096126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.096506] kthread+0x337/0x6f0 [ 28.096810] ret_from_fork+0x116/0x1d0 [ 28.097088] ret_from_fork_asm+0x1a/0x30 [ 28.097332] [ 28.097538] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 28.098126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.098320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.098673] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 27.570507] ================================================================== [ 27.570897] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.570897] [ 27.571403] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#84): [ 27.571731] test_out_of_bounds_read+0x216/0x4e0 [ 27.571976] kunit_try_run_case+0x1a5/0x480 [ 27.572489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.572998] kthread+0x337/0x6f0 [ 27.573187] ret_from_fork+0x116/0x1d0 [ 27.573372] ret_from_fork_asm+0x1a/0x30 [ 27.573543] [ 27.573667] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.573667] [ 27.574044] allocated by task 336 on cpu 0 at 27.570270s (0.003772s ago): [ 27.574350] test_alloc+0x364/0x10f0 [ 27.574477] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.574630] kunit_try_run_case+0x1a5/0x480 [ 27.574774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.575051] kthread+0x337/0x6f0 [ 27.575217] ret_from_fork+0x116/0x1d0 [ 27.575407] ret_from_fork_asm+0x1a/0x30 [ 27.575615] [ 27.575723] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.576109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.576308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.576833] ================================================================== [ 27.674278] ================================================================== [ 27.674756] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.674756] [ 27.675383] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#85): [ 27.675629] test_out_of_bounds_read+0x126/0x4e0 [ 27.675877] kunit_try_run_case+0x1a5/0x480 [ 27.676066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.676243] kthread+0x337/0x6f0 [ 27.676406] ret_from_fork+0x116/0x1d0 [ 27.676597] ret_from_fork_asm+0x1a/0x30 [ 27.676841] [ 27.676933] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.676933] [ 27.677222] allocated by task 338 on cpu 1 at 27.674210s (0.003010s ago): [ 27.677595] test_alloc+0x2a6/0x10f0 [ 27.677839] test_out_of_bounds_read+0xed/0x4e0 [ 27.678100] kunit_try_run_case+0x1a5/0x480 [ 27.678314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.678501] kthread+0x337/0x6f0 [ 27.678730] ret_from_fork+0x116/0x1d0 [ 27.678948] ret_from_fork_asm+0x1a/0x30 [ 27.679147] [ 27.679298] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.679979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.680118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.680420] ================================================================== [ 27.882287] ================================================================== [ 27.882775] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 27.882775] [ 27.883284] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#87): [ 27.883656] test_out_of_bounds_read+0x216/0x4e0 [ 27.883853] kunit_try_run_case+0x1a5/0x480 [ 27.884095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.884319] kthread+0x337/0x6f0 [ 27.884500] ret_from_fork+0x116/0x1d0 [ 27.884650] ret_from_fork_asm+0x1a/0x30 [ 27.884846] [ 27.884940] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.884940] [ 27.885278] allocated by task 338 on cpu 1 at 27.882224s (0.003053s ago): [ 27.885575] test_alloc+0x2a6/0x10f0 [ 27.885856] test_out_of_bounds_read+0x1e2/0x4e0 [ 27.886081] kunit_try_run_case+0x1a5/0x480 [ 27.886288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.886539] kthread+0x337/0x6f0 [ 27.886684] ret_from_fork+0x116/0x1d0 [ 27.886872] ret_from_fork_asm+0x1a/0x30 [ 27.887098] [ 27.887213] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.887813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.888002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.888290] ================================================================== [ 27.467421] ================================================================== [ 27.467999] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 27.467999] [ 27.468512] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#83): [ 27.469137] test_out_of_bounds_read+0x126/0x4e0 [ 27.469401] kunit_try_run_case+0x1a5/0x480 [ 27.469641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.469827] kthread+0x337/0x6f0 [ 27.470019] ret_from_fork+0x116/0x1d0 [ 27.470208] ret_from_fork_asm+0x1a/0x30 [ 27.470412] [ 27.470681] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.470681] [ 27.471222] allocated by task 336 on cpu 0 at 27.466168s (0.004997s ago): [ 27.471836] test_alloc+0x364/0x10f0 [ 27.472058] test_out_of_bounds_read+0xed/0x4e0 [ 27.472309] kunit_try_run_case+0x1a5/0x480 [ 27.472547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.472871] kthread+0x337/0x6f0 [ 27.473008] ret_from_fork+0x116/0x1d0 [ 27.473138] ret_from_fork_asm+0x1a/0x30 [ 27.473367] [ 27.473547] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.474106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.474267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.474671] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 27.341070] ================================================================== [ 27.341425] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 27.341856] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.342195] [ 27.342316] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.342394] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.342409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.342433] Call Trace: [ 27.342452] <TASK> [ 27.342481] dump_stack_lvl+0x73/0xb0 [ 27.342511] print_report+0xd1/0x610 [ 27.342533] ? __virt_addr_valid+0x1db/0x2d0 [ 27.342558] ? strncpy_from_user+0x2e/0x1d0 [ 27.342581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.342608] ? strncpy_from_user+0x2e/0x1d0 [ 27.342643] kasan_report+0x141/0x180 [ 27.342666] ? strncpy_from_user+0x2e/0x1d0 [ 27.342702] kasan_check_range+0x10c/0x1c0 [ 27.342727] __kasan_check_write+0x18/0x20 [ 27.342762] strncpy_from_user+0x2e/0x1d0 [ 27.342785] ? __kasan_check_read+0x15/0x20 [ 27.342811] copy_user_test_oob+0x760/0x10f0 [ 27.342837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.342860] ? finish_task_switch.isra.0+0x153/0x700 [ 27.342883] ? __switch_to+0x47/0xf80 [ 27.342909] ? __schedule+0x10c6/0x2b60 [ 27.342933] ? __pfx_read_tsc+0x10/0x10 [ 27.342955] ? ktime_get_ts64+0x86/0x230 [ 27.342980] kunit_try_run_case+0x1a5/0x480 [ 27.343005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.343037] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.343060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.343084] ? __kthread_parkme+0x82/0x180 [ 27.343116] ? preempt_count_sub+0x50/0x80 [ 27.343138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.343163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.343200] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.343227] kthread+0x337/0x6f0 [ 27.343247] ? trace_preempt_on+0x20/0xc0 [ 27.343282] ? __pfx_kthread+0x10/0x10 [ 27.343303] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.343334] ? calculate_sigpending+0x7b/0xa0 [ 27.343359] ? __pfx_kthread+0x10/0x10 [ 27.343390] ret_from_fork+0x116/0x1d0 [ 27.343410] ? __pfx_kthread+0x10/0x10 [ 27.343431] ret_from_fork_asm+0x1a/0x30 [ 27.343473] </TASK> [ 27.343484] [ 27.351281] Allocated by task 334: [ 27.351445] kasan_save_stack+0x45/0x70 [ 27.351663] kasan_save_track+0x18/0x40 [ 27.351836] kasan_save_alloc_info+0x3b/0x50 [ 27.352047] __kasan_kmalloc+0xb7/0xc0 [ 27.352214] __kmalloc_noprof+0x1c9/0x500 [ 27.352417] kunit_kmalloc_array+0x25/0x60 [ 27.352604] copy_user_test_oob+0xab/0x10f0 [ 27.352786] kunit_try_run_case+0x1a5/0x480 [ 27.352927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.353173] kthread+0x337/0x6f0 [ 27.353360] ret_from_fork+0x116/0x1d0 [ 27.353555] ret_from_fork_asm+0x1a/0x30 [ 27.353791] [ 27.353856] The buggy address belongs to the object at ffff88810611db00 [ 27.353856] which belongs to the cache kmalloc-128 of size 128 [ 27.354350] The buggy address is located 0 bytes inside of [ 27.354350] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.354848] [ 27.354940] The buggy address belongs to the physical page: [ 27.355197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.355554] flags: 0x200000000000000(node=0|zone=2) [ 27.355862] page_type: f5(slab) [ 27.356048] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.356369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.356707] page dumped because: kasan: bad access detected [ 27.356994] [ 27.357059] Memory state around the buggy address: [ 27.357206] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.357582] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.357929] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.358139] ^ [ 27.358382] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.358889] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.359230] ================================================================== [ 27.361049] ================================================================== [ 27.361369] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 27.361952] Write of size 1 at addr ffff88810611db78 by task kunit_try_catch/334 [ 27.362185] [ 27.362286] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.362359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.362374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.362396] Call Trace: [ 27.362416] <TASK> [ 27.362431] dump_stack_lvl+0x73/0xb0 [ 27.362463] print_report+0xd1/0x610 [ 27.362486] ? __virt_addr_valid+0x1db/0x2d0 [ 27.362511] ? strncpy_from_user+0x1a5/0x1d0 [ 27.362535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.362562] ? strncpy_from_user+0x1a5/0x1d0 [ 27.362587] kasan_report+0x141/0x180 [ 27.362610] ? strncpy_from_user+0x1a5/0x1d0 [ 27.362637] __asan_report_store1_noabort+0x1b/0x30 [ 27.362662] strncpy_from_user+0x1a5/0x1d0 [ 27.362687] copy_user_test_oob+0x760/0x10f0 [ 27.362713] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.362736] ? finish_task_switch.isra.0+0x153/0x700 [ 27.362759] ? __switch_to+0x47/0xf80 [ 27.362786] ? __schedule+0x10c6/0x2b60 [ 27.362809] ? __pfx_read_tsc+0x10/0x10 [ 27.362833] ? ktime_get_ts64+0x86/0x230 [ 27.362866] kunit_try_run_case+0x1a5/0x480 [ 27.362902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.362925] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.362960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.362983] ? __kthread_parkme+0x82/0x180 [ 27.363004] ? preempt_count_sub+0x50/0x80 [ 27.363028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.363053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.363079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.363107] kthread+0x337/0x6f0 [ 27.363128] ? trace_preempt_on+0x20/0xc0 [ 27.363152] ? __pfx_kthread+0x10/0x10 [ 27.363173] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.363195] ? calculate_sigpending+0x7b/0xa0 [ 27.363229] ? __pfx_kthread+0x10/0x10 [ 27.363251] ret_from_fork+0x116/0x1d0 [ 27.363271] ? __pfx_kthread+0x10/0x10 [ 27.363303] ret_from_fork_asm+0x1a/0x30 [ 27.363344] </TASK> [ 27.363356] [ 27.370447] Allocated by task 334: [ 27.370678] kasan_save_stack+0x45/0x70 [ 27.370899] kasan_save_track+0x18/0x40 [ 27.371121] kasan_save_alloc_info+0x3b/0x50 [ 27.371348] __kasan_kmalloc+0xb7/0xc0 [ 27.371559] __kmalloc_noprof+0x1c9/0x500 [ 27.371747] kunit_kmalloc_array+0x25/0x60 [ 27.371904] copy_user_test_oob+0xab/0x10f0 [ 27.372123] kunit_try_run_case+0x1a5/0x480 [ 27.372351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.372532] kthread+0x337/0x6f0 [ 27.372761] ret_from_fork+0x116/0x1d0 [ 27.372968] ret_from_fork_asm+0x1a/0x30 [ 27.373111] [ 27.373180] The buggy address belongs to the object at ffff88810611db00 [ 27.373180] which belongs to the cache kmalloc-128 of size 128 [ 27.373732] The buggy address is located 0 bytes to the right of [ 27.373732] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.374248] [ 27.374346] The buggy address belongs to the physical page: [ 27.374599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.374948] flags: 0x200000000000000(node=0|zone=2) [ 27.375120] page_type: f5(slab) [ 27.375237] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.375475] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.375796] page dumped because: kasan: bad access detected [ 27.376043] [ 27.376131] Memory state around the buggy address: [ 27.376358] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.376675] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.377058] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.377267] ^ [ 27.377538] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.378187] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.378510] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 27.243860] ================================================================== [ 27.244192] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 27.244552] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.245067] [ 27.245189] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.245243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.245258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.245281] Call Trace: [ 27.245297] <TASK> [ 27.245314] dump_stack_lvl+0x73/0xb0 [ 27.245356] print_report+0xd1/0x610 [ 27.245379] ? __virt_addr_valid+0x1db/0x2d0 [ 27.245404] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.245455] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245480] kasan_report+0x141/0x180 [ 27.245503] ? copy_user_test_oob+0x3fd/0x10f0 [ 27.245532] kasan_check_range+0x10c/0x1c0 [ 27.245556] __kasan_check_write+0x18/0x20 [ 27.245581] copy_user_test_oob+0x3fd/0x10f0 [ 27.245751] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.245892] ? finish_task_switch.isra.0+0x153/0x700 [ 27.245917] ? __switch_to+0x47/0xf80 [ 27.245946] ? __schedule+0x10c6/0x2b60 [ 27.245969] ? __pfx_read_tsc+0x10/0x10 [ 27.245992] ? ktime_get_ts64+0x86/0x230 [ 27.246017] kunit_try_run_case+0x1a5/0x480 [ 27.246042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.246065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.246089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.246113] ? __kthread_parkme+0x82/0x180 [ 27.246135] ? preempt_count_sub+0x50/0x80 [ 27.246158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.246183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.246211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.246238] kthread+0x337/0x6f0 [ 27.246260] ? trace_preempt_on+0x20/0xc0 [ 27.246285] ? __pfx_kthread+0x10/0x10 [ 27.246306] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.246340] ? calculate_sigpending+0x7b/0xa0 [ 27.246364] ? __pfx_kthread+0x10/0x10 [ 27.246387] ret_from_fork+0x116/0x1d0 [ 27.246406] ? __pfx_kthread+0x10/0x10 [ 27.246428] ret_from_fork_asm+0x1a/0x30 [ 27.246460] </TASK> [ 27.246472] [ 27.256669] Allocated by task 334: [ 27.256865] kasan_save_stack+0x45/0x70 [ 27.257059] kasan_save_track+0x18/0x40 [ 27.257246] kasan_save_alloc_info+0x3b/0x50 [ 27.257467] __kasan_kmalloc+0xb7/0xc0 [ 27.257646] __kmalloc_noprof+0x1c9/0x500 [ 27.258220] kunit_kmalloc_array+0x25/0x60 [ 27.258416] copy_user_test_oob+0xab/0x10f0 [ 27.258844] kunit_try_run_case+0x1a5/0x480 [ 27.259061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.259440] kthread+0x337/0x6f0 [ 27.259720] ret_from_fork+0x116/0x1d0 [ 27.259996] ret_from_fork_asm+0x1a/0x30 [ 27.260188] [ 27.260266] The buggy address belongs to the object at ffff88810611db00 [ 27.260266] which belongs to the cache kmalloc-128 of size 128 [ 27.260978] The buggy address is located 0 bytes inside of [ 27.260978] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.261637] [ 27.261904] The buggy address belongs to the physical page: [ 27.262218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.262577] flags: 0x200000000000000(node=0|zone=2) [ 27.262996] page_type: f5(slab) [ 27.263197] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.263656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.264184] page dumped because: kasan: bad access detected [ 27.264516] [ 27.264610] Memory state around the buggy address: [ 27.264880] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.265356] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.265673] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.266217] ^ [ 27.266542] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267079] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267460] ================================================================== [ 27.293011] ================================================================== [ 27.293678] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 27.295611] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.296482] [ 27.296693] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.296747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.296773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.296797] Call Trace: [ 27.296818] <TASK> [ 27.296835] dump_stack_lvl+0x73/0xb0 [ 27.296880] print_report+0xd1/0x610 [ 27.296903] ? __virt_addr_valid+0x1db/0x2d0 [ 27.296928] ? copy_user_test_oob+0x557/0x10f0 [ 27.296952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.296979] ? copy_user_test_oob+0x557/0x10f0 [ 27.297003] kasan_report+0x141/0x180 [ 27.297027] ? copy_user_test_oob+0x557/0x10f0 [ 27.297056] kasan_check_range+0x10c/0x1c0 [ 27.297091] __kasan_check_write+0x18/0x20 [ 27.297115] copy_user_test_oob+0x557/0x10f0 [ 27.297172] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.297196] ? finish_task_switch.isra.0+0x153/0x700 [ 27.297219] ? __switch_to+0x47/0xf80 [ 27.297245] ? __schedule+0x10c6/0x2b60 [ 27.297268] ? __pfx_read_tsc+0x10/0x10 [ 27.297293] ? ktime_get_ts64+0x86/0x230 [ 27.297321] kunit_try_run_case+0x1a5/0x480 [ 27.297362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.297409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.297433] ? __kthread_parkme+0x82/0x180 [ 27.297454] ? preempt_count_sub+0x50/0x80 [ 27.297478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.297502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.297529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.297559] kthread+0x337/0x6f0 [ 27.297580] ? trace_preempt_on+0x20/0xc0 [ 27.297603] ? __pfx_kthread+0x10/0x10 [ 27.297657] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.297678] ? calculate_sigpending+0x7b/0xa0 [ 27.297703] ? __pfx_kthread+0x10/0x10 [ 27.297735] ret_from_fork+0x116/0x1d0 [ 27.297756] ? __pfx_kthread+0x10/0x10 [ 27.297778] ret_from_fork_asm+0x1a/0x30 [ 27.297810] </TASK> [ 27.297821] [ 27.305649] Allocated by task 334: [ 27.305824] kasan_save_stack+0x45/0x70 [ 27.306023] kasan_save_track+0x18/0x40 [ 27.306334] kasan_save_alloc_info+0x3b/0x50 [ 27.306491] __kasan_kmalloc+0xb7/0xc0 [ 27.306659] __kmalloc_noprof+0x1c9/0x500 [ 27.306869] kunit_kmalloc_array+0x25/0x60 [ 27.307095] copy_user_test_oob+0xab/0x10f0 [ 27.307273] kunit_try_run_case+0x1a5/0x480 [ 27.307464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.307725] kthread+0x337/0x6f0 [ 27.307842] ret_from_fork+0x116/0x1d0 [ 27.307998] ret_from_fork_asm+0x1a/0x30 [ 27.308195] [ 27.308309] The buggy address belongs to the object at ffff88810611db00 [ 27.308309] which belongs to the cache kmalloc-128 of size 128 [ 27.308825] The buggy address is located 0 bytes inside of [ 27.308825] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.309340] [ 27.309432] The buggy address belongs to the physical page: [ 27.309690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.310019] flags: 0x200000000000000(node=0|zone=2) [ 27.310252] page_type: f5(slab) [ 27.310423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.310753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.311073] page dumped because: kasan: bad access detected [ 27.311310] [ 27.311390] Memory state around the buggy address: [ 27.311540] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.311752] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.311962] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.312266] ^ [ 27.312762] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.313080] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.313408] ================================================================== [ 27.313967] ================================================================== [ 27.314302] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 27.314599] Read of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.315247] [ 27.315882] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.315948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.316135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.316159] Call Trace: [ 27.316175] <TASK> [ 27.316203] dump_stack_lvl+0x73/0xb0 [ 27.316237] print_report+0xd1/0x610 [ 27.316260] ? __virt_addr_valid+0x1db/0x2d0 [ 27.316285] ? copy_user_test_oob+0x604/0x10f0 [ 27.316309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.316348] ? copy_user_test_oob+0x604/0x10f0 [ 27.316372] kasan_report+0x141/0x180 [ 27.316394] ? copy_user_test_oob+0x604/0x10f0 [ 27.316424] kasan_check_range+0x10c/0x1c0 [ 27.316448] __kasan_check_read+0x15/0x20 [ 27.316473] copy_user_test_oob+0x604/0x10f0 [ 27.316498] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.316521] ? finish_task_switch.isra.0+0x153/0x700 [ 27.316544] ? __switch_to+0x47/0xf80 [ 27.316571] ? __schedule+0x10c6/0x2b60 [ 27.316593] ? __pfx_read_tsc+0x10/0x10 [ 27.316801] ? ktime_get_ts64+0x86/0x230 [ 27.316843] kunit_try_run_case+0x1a5/0x480 [ 27.316870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.316894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.316951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.316978] ? __kthread_parkme+0x82/0x180 [ 27.316999] ? preempt_count_sub+0x50/0x80 [ 27.317023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.317047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.317075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.317103] kthread+0x337/0x6f0 [ 27.317124] ? trace_preempt_on+0x20/0xc0 [ 27.317148] ? __pfx_kthread+0x10/0x10 [ 27.317169] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.317192] ? calculate_sigpending+0x7b/0xa0 [ 27.317216] ? __pfx_kthread+0x10/0x10 [ 27.317238] ret_from_fork+0x116/0x1d0 [ 27.317258] ? __pfx_kthread+0x10/0x10 [ 27.317279] ret_from_fork_asm+0x1a/0x30 [ 27.317310] </TASK> [ 27.317333] [ 27.328030] Allocated by task 334: [ 27.328369] kasan_save_stack+0x45/0x70 [ 27.328561] kasan_save_track+0x18/0x40 [ 27.328878] kasan_save_alloc_info+0x3b/0x50 [ 27.329364] __kasan_kmalloc+0xb7/0xc0 [ 27.329660] __kmalloc_noprof+0x1c9/0x500 [ 27.330067] kunit_kmalloc_array+0x25/0x60 [ 27.330432] copy_user_test_oob+0xab/0x10f0 [ 27.330904] kunit_try_run_case+0x1a5/0x480 [ 27.331182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.331609] kthread+0x337/0x6f0 [ 27.331890] ret_from_fork+0x116/0x1d0 [ 27.332090] ret_from_fork_asm+0x1a/0x30 [ 27.332266] [ 27.332363] The buggy address belongs to the object at ffff88810611db00 [ 27.332363] which belongs to the cache kmalloc-128 of size 128 [ 27.333197] The buggy address is located 0 bytes inside of [ 27.333197] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.334190] [ 27.334461] The buggy address belongs to the physical page: [ 27.334916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.335269] flags: 0x200000000000000(node=0|zone=2) [ 27.335500] page_type: f5(slab) [ 27.335701] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.336014] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.336315] page dumped because: kasan: bad access detected [ 27.336935] [ 27.337166] Memory state around the buggy address: [ 27.337667] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.338115] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.338623] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.339123] ^ [ 27.339436] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.339912] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.340190] ================================================================== [ 27.268431] ================================================================== [ 27.269042] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 27.269449] Read of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.270139] [ 27.270270] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.270347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.270361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.270385] Call Trace: [ 27.270404] <TASK> [ 27.270421] dump_stack_lvl+0x73/0xb0 [ 27.270453] print_report+0xd1/0x610 [ 27.270476] ? __virt_addr_valid+0x1db/0x2d0 [ 27.270502] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.270553] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270577] kasan_report+0x141/0x180 [ 27.270600] ? copy_user_test_oob+0x4aa/0x10f0 [ 27.270752] kasan_check_range+0x10c/0x1c0 [ 27.270778] __kasan_check_read+0x15/0x20 [ 27.270802] copy_user_test_oob+0x4aa/0x10f0 [ 27.270829] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.270852] ? finish_task_switch.isra.0+0x153/0x700 [ 27.270874] ? __switch_to+0x47/0xf80 [ 27.270901] ? __schedule+0x10c6/0x2b60 [ 27.270924] ? __pfx_read_tsc+0x10/0x10 [ 27.270947] ? ktime_get_ts64+0x86/0x230 [ 27.270975] kunit_try_run_case+0x1a5/0x480 [ 27.271000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.271024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.271049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.271074] ? __kthread_parkme+0x82/0x180 [ 27.271096] ? preempt_count_sub+0x50/0x80 [ 27.271120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.271144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.271172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.271202] kthread+0x337/0x6f0 [ 27.271222] ? trace_preempt_on+0x20/0xc0 [ 27.271246] ? __pfx_kthread+0x10/0x10 [ 27.271267] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.271289] ? calculate_sigpending+0x7b/0xa0 [ 27.271315] ? __pfx_kthread+0x10/0x10 [ 27.271348] ret_from_fork+0x116/0x1d0 [ 27.271368] ? __pfx_kthread+0x10/0x10 [ 27.271389] ret_from_fork_asm+0x1a/0x30 [ 27.271437] </TASK> [ 27.271449] [ 27.281268] Allocated by task 334: [ 27.281573] kasan_save_stack+0x45/0x70 [ 27.281935] kasan_save_track+0x18/0x40 [ 27.282231] kasan_save_alloc_info+0x3b/0x50 [ 27.282586] __kasan_kmalloc+0xb7/0xc0 [ 27.282750] __kmalloc_noprof+0x1c9/0x500 [ 27.282894] kunit_kmalloc_array+0x25/0x60 [ 27.283037] copy_user_test_oob+0xab/0x10f0 [ 27.283178] kunit_try_run_case+0x1a5/0x480 [ 27.283318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.283587] kthread+0x337/0x6f0 [ 27.283753] ret_from_fork+0x116/0x1d0 [ 27.283937] ret_from_fork_asm+0x1a/0x30 [ 27.284135] [ 27.284228] The buggy address belongs to the object at ffff88810611db00 [ 27.284228] which belongs to the cache kmalloc-128 of size 128 [ 27.284996] The buggy address is located 0 bytes inside of [ 27.284996] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.285809] [ 27.286009] The buggy address belongs to the physical page: [ 27.286411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.286858] flags: 0x200000000000000(node=0|zone=2) [ 27.287349] page_type: f5(slab) [ 27.287710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.288078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.288304] page dumped because: kasan: bad access detected [ 27.288481] [ 27.288546] Memory state around the buggy address: [ 27.289004] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.289662] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.290235] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.290885] ^ [ 27.291469] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.291876] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.292089] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 27.216302] ================================================================== [ 27.216838] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 27.217301] Read of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.217659] [ 27.217777] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.217830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.217845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.217868] Call Trace: [ 27.217886] <TASK> [ 27.217924] dump_stack_lvl+0x73/0xb0 [ 27.217956] print_report+0xd1/0x610 [ 27.217980] ? __virt_addr_valid+0x1db/0x2d0 [ 27.218005] ? _copy_to_user+0x3c/0x70 [ 27.218028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.218056] ? _copy_to_user+0x3c/0x70 [ 27.218080] kasan_report+0x141/0x180 [ 27.218103] ? _copy_to_user+0x3c/0x70 [ 27.218131] kasan_check_range+0x10c/0x1c0 [ 27.218155] __kasan_check_read+0x15/0x20 [ 27.218179] _copy_to_user+0x3c/0x70 [ 27.218205] copy_user_test_oob+0x364/0x10f0 [ 27.218231] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.218275] ? finish_task_switch.isra.0+0x153/0x700 [ 27.218297] ? __switch_to+0x47/0xf80 [ 27.218333] ? __schedule+0x10c6/0x2b60 [ 27.218357] ? __pfx_read_tsc+0x10/0x10 [ 27.218379] ? ktime_get_ts64+0x86/0x230 [ 27.218405] kunit_try_run_case+0x1a5/0x480 [ 27.218431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.218454] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.218479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.218503] ? __kthread_parkme+0x82/0x180 [ 27.218525] ? preempt_count_sub+0x50/0x80 [ 27.218548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.218572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.218604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.218646] kthread+0x337/0x6f0 [ 27.218668] ? trace_preempt_on+0x20/0xc0 [ 27.218693] ? __pfx_kthread+0x10/0x10 [ 27.218715] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.218736] ? calculate_sigpending+0x7b/0xa0 [ 27.218761] ? __pfx_kthread+0x10/0x10 [ 27.218783] ret_from_fork+0x116/0x1d0 [ 27.218803] ? __pfx_kthread+0x10/0x10 [ 27.218824] ret_from_fork_asm+0x1a/0x30 [ 27.218856] </TASK> [ 27.218868] [ 27.228394] Allocated by task 334: [ 27.228793] kasan_save_stack+0x45/0x70 [ 27.229023] kasan_save_track+0x18/0x40 [ 27.229316] kasan_save_alloc_info+0x3b/0x50 [ 27.229556] __kasan_kmalloc+0xb7/0xc0 [ 27.229867] __kmalloc_noprof+0x1c9/0x500 [ 27.230096] kunit_kmalloc_array+0x25/0x60 [ 27.230415] copy_user_test_oob+0xab/0x10f0 [ 27.230702] kunit_try_run_case+0x1a5/0x480 [ 27.230874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.231150] kthread+0x337/0x6f0 [ 27.231303] ret_from_fork+0x116/0x1d0 [ 27.231486] ret_from_fork_asm+0x1a/0x30 [ 27.231667] [ 27.232052] The buggy address belongs to the object at ffff88810611db00 [ 27.232052] which belongs to the cache kmalloc-128 of size 128 [ 27.232618] The buggy address is located 0 bytes inside of [ 27.232618] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.233292] [ 27.233582] The buggy address belongs to the physical page: [ 27.233852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.234195] flags: 0x200000000000000(node=0|zone=2) [ 27.234560] page_type: f5(slab) [ 27.234921] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.235314] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.235802] page dumped because: kasan: bad access detected [ 27.236068] [ 27.236156] Memory state around the buggy address: [ 27.236458] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.237015] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.237399] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.237800] ^ [ 27.238164] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.238571] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.238944] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 27.193554] ================================================================== [ 27.194189] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 27.194585] Write of size 121 at addr ffff88810611db00 by task kunit_try_catch/334 [ 27.195129] [ 27.195252] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.195311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.195337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.195364] Call Trace: [ 27.195379] <TASK> [ 27.195401] dump_stack_lvl+0x73/0xb0 [ 27.195439] print_report+0xd1/0x610 [ 27.195466] ? __virt_addr_valid+0x1db/0x2d0 [ 27.195494] ? _copy_from_user+0x32/0x90 [ 27.195518] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.195546] ? _copy_from_user+0x32/0x90 [ 27.195571] kasan_report+0x141/0x180 [ 27.195595] ? _copy_from_user+0x32/0x90 [ 27.195648] kasan_check_range+0x10c/0x1c0 [ 27.195675] __kasan_check_write+0x18/0x20 [ 27.195700] _copy_from_user+0x32/0x90 [ 27.195725] copy_user_test_oob+0x2be/0x10f0 [ 27.195753] ? __pfx_copy_user_test_oob+0x10/0x10 [ 27.195779] ? finish_task_switch.isra.0+0x153/0x700 [ 27.195804] ? __switch_to+0x47/0xf80 [ 27.195832] ? __schedule+0x10c6/0x2b60 [ 27.195856] ? __pfx_read_tsc+0x10/0x10 [ 27.195880] ? ktime_get_ts64+0x86/0x230 [ 27.195907] kunit_try_run_case+0x1a5/0x480 [ 27.195932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.195956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.195979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.196003] ? __kthread_parkme+0x82/0x180 [ 27.196026] ? preempt_count_sub+0x50/0x80 [ 27.196049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.196074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.196102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.196130] kthread+0x337/0x6f0 [ 27.196151] ? trace_preempt_on+0x20/0xc0 [ 27.196176] ? __pfx_kthread+0x10/0x10 [ 27.196198] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.196220] ? calculate_sigpending+0x7b/0xa0 [ 27.196247] ? __pfx_kthread+0x10/0x10 [ 27.196270] ret_from_fork+0x116/0x1d0 [ 27.196289] ? __pfx_kthread+0x10/0x10 [ 27.196311] ret_from_fork_asm+0x1a/0x30 [ 27.196355] </TASK> [ 27.196369] [ 27.203871] Allocated by task 334: [ 27.204015] kasan_save_stack+0x45/0x70 [ 27.204152] kasan_save_track+0x18/0x40 [ 27.204314] kasan_save_alloc_info+0x3b/0x50 [ 27.204547] __kasan_kmalloc+0xb7/0xc0 [ 27.204896] __kmalloc_noprof+0x1c9/0x500 [ 27.205041] kunit_kmalloc_array+0x25/0x60 [ 27.205175] copy_user_test_oob+0xab/0x10f0 [ 27.205311] kunit_try_run_case+0x1a5/0x480 [ 27.205504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.205955] kthread+0x337/0x6f0 [ 27.206119] ret_from_fork+0x116/0x1d0 [ 27.206339] ret_from_fork_asm+0x1a/0x30 [ 27.206535] [ 27.206643] The buggy address belongs to the object at ffff88810611db00 [ 27.206643] which belongs to the cache kmalloc-128 of size 128 [ 27.207159] The buggy address is located 0 bytes inside of [ 27.207159] allocated 120-byte region [ffff88810611db00, ffff88810611db78) [ 27.207719] [ 27.207814] The buggy address belongs to the physical page: [ 27.208060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.208415] flags: 0x200000000000000(node=0|zone=2) [ 27.208704] page_type: f5(slab) [ 27.208868] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.209124] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.209352] page dumped because: kasan: bad access detected [ 27.209518] [ 27.209581] Memory state around the buggy address: [ 27.209825] ffff88810611da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.210157] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.210505] >ffff88810611db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.211102] ^ [ 27.211392] ffff88810611db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.211763] ffff88810611dc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.212013] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 27.159971] ================================================================== [ 27.160424] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 27.161057] Write of size 8 at addr ffff88810611da78 by task kunit_try_catch/330 [ 27.161430] [ 27.161560] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.161646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.161660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.161682] Call Trace: [ 27.161696] <TASK> [ 27.161712] dump_stack_lvl+0x73/0xb0 [ 27.161743] print_report+0xd1/0x610 [ 27.161767] ? __virt_addr_valid+0x1db/0x2d0 [ 27.161792] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.161843] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161870] kasan_report+0x141/0x180 [ 27.161894] ? copy_to_kernel_nofault+0x99/0x260 [ 27.161925] kasan_check_range+0x10c/0x1c0 [ 27.161952] __kasan_check_write+0x18/0x20 [ 27.161977] copy_to_kernel_nofault+0x99/0x260 [ 27.162003] copy_to_kernel_nofault_oob+0x288/0x560 [ 27.162030] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.162055] ? finish_task_switch.isra.0+0x153/0x700 [ 27.162079] ? __schedule+0x10c6/0x2b60 [ 27.162102] ? trace_hardirqs_on+0x37/0xe0 [ 27.162133] ? __pfx_read_tsc+0x10/0x10 [ 27.162157] ? ktime_get_ts64+0x86/0x230 [ 27.162183] kunit_try_run_case+0x1a5/0x480 [ 27.162208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162232] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.162255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.162279] ? __kthread_parkme+0x82/0x180 [ 27.162300] ? preempt_count_sub+0x50/0x80 [ 27.162347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.162400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.162428] kthread+0x337/0x6f0 [ 27.162448] ? trace_preempt_on+0x20/0xc0 [ 27.162492] ? __pfx_kthread+0x10/0x10 [ 27.162513] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.162536] ? calculate_sigpending+0x7b/0xa0 [ 27.162562] ? __pfx_kthread+0x10/0x10 [ 27.162584] ret_from_fork+0x116/0x1d0 [ 27.162620] ? __pfx_kthread+0x10/0x10 [ 27.162641] ret_from_fork_asm+0x1a/0x30 [ 27.162698] </TASK> [ 27.162709] [ 27.171458] Allocated by task 330: [ 27.171586] kasan_save_stack+0x45/0x70 [ 27.172014] kasan_save_track+0x18/0x40 [ 27.172182] kasan_save_alloc_info+0x3b/0x50 [ 27.172387] __kasan_kmalloc+0xb7/0xc0 [ 27.172548] __kmalloc_cache_noprof+0x189/0x420 [ 27.172939] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.173148] kunit_try_run_case+0x1a5/0x480 [ 27.173285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.173524] kthread+0x337/0x6f0 [ 27.173764] ret_from_fork+0x116/0x1d0 [ 27.173955] ret_from_fork_asm+0x1a/0x30 [ 27.174142] [ 27.174272] The buggy address belongs to the object at ffff88810611da00 [ 27.174272] which belongs to the cache kmalloc-128 of size 128 [ 27.174733] The buggy address is located 0 bytes to the right of [ 27.174733] allocated 120-byte region [ffff88810611da00, ffff88810611da78) [ 27.175386] [ 27.175506] The buggy address belongs to the physical page: [ 27.176037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.176401] flags: 0x200000000000000(node=0|zone=2) [ 27.176671] page_type: f5(slab) [ 27.176842] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.177614] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.177870] page dumped because: kasan: bad access detected [ 27.178032] [ 27.178095] Memory state around the buggy address: [ 27.178241] ffff88810611d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.178457] ffff88810611d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.178664] >ffff88810611da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.178865] ^ [ 27.179067] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179273] ffff88810611db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.179960] ================================================================== [ 27.140751] ================================================================== [ 27.141480] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 27.141864] Read of size 8 at addr ffff88810611da78 by task kunit_try_catch/330 [ 27.142193] [ 27.142333] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.142390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.142424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.142447] Call Trace: [ 27.142462] <TASK> [ 27.142481] dump_stack_lvl+0x73/0xb0 [ 27.142515] print_report+0xd1/0x610 [ 27.142540] ? __virt_addr_valid+0x1db/0x2d0 [ 27.142565] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142590] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.142632] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142657] kasan_report+0x141/0x180 [ 27.142681] ? copy_to_kernel_nofault+0x225/0x260 [ 27.142728] __asan_report_load8_noabort+0x18/0x20 [ 27.142755] copy_to_kernel_nofault+0x225/0x260 [ 27.142781] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 27.142807] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 27.142847] ? finish_task_switch.isra.0+0x153/0x700 [ 27.142872] ? __schedule+0x10c6/0x2b60 [ 27.142896] ? trace_hardirqs_on+0x37/0xe0 [ 27.142928] ? __pfx_read_tsc+0x10/0x10 [ 27.142952] ? ktime_get_ts64+0x86/0x230 [ 27.142978] kunit_try_run_case+0x1a5/0x480 [ 27.143005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.143028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.143051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.143075] ? __kthread_parkme+0x82/0x180 [ 27.143096] ? preempt_count_sub+0x50/0x80 [ 27.143120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.143145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.143172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.143200] kthread+0x337/0x6f0 [ 27.143239] ? trace_preempt_on+0x20/0xc0 [ 27.143263] ? __pfx_kthread+0x10/0x10 [ 27.143284] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.143330] ? calculate_sigpending+0x7b/0xa0 [ 27.143357] ? __pfx_kthread+0x10/0x10 [ 27.143379] ret_from_fork+0x116/0x1d0 [ 27.143400] ? __pfx_kthread+0x10/0x10 [ 27.143421] ret_from_fork_asm+0x1a/0x30 [ 27.143454] </TASK> [ 27.143466] [ 27.150394] Allocated by task 330: [ 27.150620] kasan_save_stack+0x45/0x70 [ 27.150873] kasan_save_track+0x18/0x40 [ 27.151066] kasan_save_alloc_info+0x3b/0x50 [ 27.151276] __kasan_kmalloc+0xb7/0xc0 [ 27.151549] __kmalloc_cache_noprof+0x189/0x420 [ 27.151964] copy_to_kernel_nofault_oob+0x12f/0x560 [ 27.152183] kunit_try_run_case+0x1a5/0x480 [ 27.152333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.152508] kthread+0x337/0x6f0 [ 27.152684] ret_from_fork+0x116/0x1d0 [ 27.152868] ret_from_fork_asm+0x1a/0x30 [ 27.153171] [ 27.153261] The buggy address belongs to the object at ffff88810611da00 [ 27.153261] which belongs to the cache kmalloc-128 of size 128 [ 27.153993] The buggy address is located 0 bytes to the right of [ 27.153993] allocated 120-byte region [ffff88810611da00, ffff88810611da78) [ 27.154567] [ 27.154637] The buggy address belongs to the physical page: [ 27.154802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 27.155161] flags: 0x200000000000000(node=0|zone=2) [ 27.155674] page_type: f5(slab) [ 27.155841] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.156143] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.156376] page dumped because: kasan: bad access detected [ 27.156543] [ 27.156617] Memory state around the buggy address: [ 27.156840] ffff88810611d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.157149] ffff88810611d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.157880] >ffff88810611da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.158142] ^ [ 27.158356] ffff88810611da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.158562] ffff88810611db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.158776] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 26.986401] ================================================================== [ 26.987108] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 26.987773] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.988529] [ 26.988732] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.988814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.988828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.988850] Call Trace: [ 26.988872] <TASK> [ 26.988889] dump_stack_lvl+0x73/0xb0 [ 26.988919] print_report+0xd1/0x610 [ 26.988942] ? __virt_addr_valid+0x1db/0x2d0 [ 26.988967] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.988989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.989016] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.989039] kasan_report+0x141/0x180 [ 26.989062] ? kasan_atomics_helper+0x4f98/0x5450 [ 26.989105] __asan_report_load8_noabort+0x18/0x20 [ 26.989131] kasan_atomics_helper+0x4f98/0x5450 [ 26.989155] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.989178] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.989204] ? kasan_atomics+0x152/0x310 [ 26.989231] kasan_atomics+0x1dc/0x310 [ 26.989255] ? __pfx_kasan_atomics+0x10/0x10 [ 26.989279] ? __pfx_read_tsc+0x10/0x10 [ 26.989303] ? ktime_get_ts64+0x86/0x230 [ 26.989339] kunit_try_run_case+0x1a5/0x480 [ 26.989364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989387] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.989411] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.989435] ? __kthread_parkme+0x82/0x180 [ 26.989457] ? preempt_count_sub+0x50/0x80 [ 26.989481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.989533] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.989560] kthread+0x337/0x6f0 [ 26.989581] ? trace_preempt_on+0x20/0xc0 [ 26.989623] ? __pfx_kthread+0x10/0x10 [ 26.989645] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.989667] ? calculate_sigpending+0x7b/0xa0 [ 26.989691] ? __pfx_kthread+0x10/0x10 [ 26.989714] ret_from_fork+0x116/0x1d0 [ 26.989734] ? __pfx_kthread+0x10/0x10 [ 26.989756] ret_from_fork_asm+0x1a/0x30 [ 26.989788] </TASK> [ 26.989799] [ 26.997159] Allocated by task 314: [ 26.997291] kasan_save_stack+0x45/0x70 [ 26.997503] kasan_save_track+0x18/0x40 [ 26.997694] kasan_save_alloc_info+0x3b/0x50 [ 26.998014] __kasan_kmalloc+0xb7/0xc0 [ 26.998204] __kmalloc_cache_noprof+0x189/0x420 [ 26.998363] kasan_atomics+0x95/0x310 [ 26.998486] kunit_try_run_case+0x1a5/0x480 [ 26.998623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.998836] kthread+0x337/0x6f0 [ 26.999036] ret_from_fork+0x116/0x1d0 [ 26.999347] ret_from_fork_asm+0x1a/0x30 [ 26.999541] [ 26.999627] The buggy address belongs to the object at ffff88810623b200 [ 26.999627] which belongs to the cache kmalloc-64 of size 64 [ 27.000084] The buggy address is located 0 bytes to the right of [ 27.000084] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.000745] [ 27.000870] The buggy address belongs to the physical page: [ 27.001136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.001509] flags: 0x200000000000000(node=0|zone=2) [ 27.001763] page_type: f5(slab) [ 27.001880] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.002096] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.002310] page dumped because: kasan: bad access detected [ 27.002509] [ 27.002595] Memory state around the buggy address: [ 27.002849] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.003171] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.003531] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.004004] ^ [ 27.004252] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.004509] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.004937] ================================================================== [ 27.067435] ================================================================== [ 27.067760] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 27.068193] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.068429] [ 27.068511] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.068560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.068573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.068594] Call Trace: [ 27.068626] <TASK> [ 27.068641] dump_stack_lvl+0x73/0xb0 [ 27.068670] print_report+0xd1/0x610 [ 27.068694] ? __virt_addr_valid+0x1db/0x2d0 [ 27.068718] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.068741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.068768] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.068802] kasan_report+0x141/0x180 [ 27.068826] ? kasan_atomics_helper+0x4fa5/0x5450 [ 27.068853] __asan_report_load8_noabort+0x18/0x20 [ 27.068891] kasan_atomics_helper+0x4fa5/0x5450 [ 27.068915] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.068939] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.068964] ? kasan_atomics+0x152/0x310 [ 27.068991] kasan_atomics+0x1dc/0x310 [ 27.069015] ? __pfx_kasan_atomics+0x10/0x10 [ 27.069040] ? __pfx_read_tsc+0x10/0x10 [ 27.069063] ? ktime_get_ts64+0x86/0x230 [ 27.069089] kunit_try_run_case+0x1a5/0x480 [ 27.069114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.069138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.069162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.069187] ? __kthread_parkme+0x82/0x180 [ 27.069219] ? preempt_count_sub+0x50/0x80 [ 27.069245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.069270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.069308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.069346] kthread+0x337/0x6f0 [ 27.069367] ? trace_preempt_on+0x20/0xc0 [ 27.069402] ? __pfx_kthread+0x10/0x10 [ 27.069423] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.069446] ? calculate_sigpending+0x7b/0xa0 [ 27.069482] ? __pfx_kthread+0x10/0x10 [ 27.069506] ret_from_fork+0x116/0x1d0 [ 27.069526] ? __pfx_kthread+0x10/0x10 [ 27.069547] ret_from_fork_asm+0x1a/0x30 [ 27.069588] </TASK> [ 27.069601] [ 27.077195] Allocated by task 314: [ 27.077388] kasan_save_stack+0x45/0x70 [ 27.077606] kasan_save_track+0x18/0x40 [ 27.077814] kasan_save_alloc_info+0x3b/0x50 [ 27.078009] __kasan_kmalloc+0xb7/0xc0 [ 27.078193] __kmalloc_cache_noprof+0x189/0x420 [ 27.078415] kasan_atomics+0x95/0x310 [ 27.078580] kunit_try_run_case+0x1a5/0x480 [ 27.078795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.079001] kthread+0x337/0x6f0 [ 27.079186] ret_from_fork+0x116/0x1d0 [ 27.079333] ret_from_fork_asm+0x1a/0x30 [ 27.079469] [ 27.079535] The buggy address belongs to the object at ffff88810623b200 [ 27.079535] which belongs to the cache kmalloc-64 of size 64 [ 27.080145] The buggy address is located 0 bytes to the right of [ 27.080145] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.080602] [ 27.080706] The buggy address belongs to the physical page: [ 27.080983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.081310] flags: 0x200000000000000(node=0|zone=2) [ 27.081545] page_type: f5(slab) [ 27.081760] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.082082] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.082414] page dumped because: kasan: bad access detected [ 27.082715] [ 27.082783] Memory state around the buggy address: [ 27.083000] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.083214] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.083493] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.083847] ^ [ 27.084024] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.084349] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.084690] ================================================================== [ 26.713276] ================================================================== [ 26.713605] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 26.714123] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.714392] [ 26.714479] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.714567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.714592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.714626] Call Trace: [ 26.714645] <TASK> [ 26.714662] dump_stack_lvl+0x73/0xb0 [ 26.714693] print_report+0xd1/0x610 [ 26.714716] ? __virt_addr_valid+0x1db/0x2d0 [ 26.714741] ? kasan_atomics_helper+0x194a/0x5450 [ 26.714795] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.714822] ? kasan_atomics_helper+0x194a/0x5450 [ 26.714857] kasan_report+0x141/0x180 [ 26.714879] ? kasan_atomics_helper+0x194a/0x5450 [ 26.714906] kasan_check_range+0x10c/0x1c0 [ 26.714930] __kasan_check_write+0x18/0x20 [ 26.714954] kasan_atomics_helper+0x194a/0x5450 [ 26.714978] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.715000] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.715026] ? kasan_atomics+0x152/0x310 [ 26.715052] kasan_atomics+0x1dc/0x310 [ 26.715076] ? __pfx_kasan_atomics+0x10/0x10 [ 26.715101] ? __pfx_read_tsc+0x10/0x10 [ 26.715151] ? ktime_get_ts64+0x86/0x230 [ 26.715177] kunit_try_run_case+0x1a5/0x480 [ 26.715214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.715237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.715263] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.715287] ? __kthread_parkme+0x82/0x180 [ 26.715309] ? preempt_count_sub+0x50/0x80 [ 26.715343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.715368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.715396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.715424] kthread+0x337/0x6f0 [ 26.715446] ? trace_preempt_on+0x20/0xc0 [ 26.715471] ? __pfx_kthread+0x10/0x10 [ 26.715492] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.715514] ? calculate_sigpending+0x7b/0xa0 [ 26.715540] ? __pfx_kthread+0x10/0x10 [ 26.715563] ret_from_fork+0x116/0x1d0 [ 26.715584] ? __pfx_kthread+0x10/0x10 [ 26.715615] ret_from_fork_asm+0x1a/0x30 [ 26.715648] </TASK> [ 26.715660] [ 26.723553] Allocated by task 314: [ 26.723845] kasan_save_stack+0x45/0x70 [ 26.724028] kasan_save_track+0x18/0x40 [ 26.724247] kasan_save_alloc_info+0x3b/0x50 [ 26.724465] __kasan_kmalloc+0xb7/0xc0 [ 26.724617] __kmalloc_cache_noprof+0x189/0x420 [ 26.724822] kasan_atomics+0x95/0x310 [ 26.725025] kunit_try_run_case+0x1a5/0x480 [ 26.725172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.725433] kthread+0x337/0x6f0 [ 26.725688] ret_from_fork+0x116/0x1d0 [ 26.725929] ret_from_fork_asm+0x1a/0x30 [ 26.726115] [ 26.726184] The buggy address belongs to the object at ffff88810623b200 [ 26.726184] which belongs to the cache kmalloc-64 of size 64 [ 26.726707] The buggy address is located 0 bytes to the right of [ 26.726707] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.727193] [ 26.727293] The buggy address belongs to the physical page: [ 26.727520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.728000] flags: 0x200000000000000(node=0|zone=2) [ 26.728256] page_type: f5(slab) [ 26.728384] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.728612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.728893] page dumped because: kasan: bad access detected [ 26.729191] [ 26.729282] Memory state around the buggy address: [ 26.729510] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.730036] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.731133] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.731541] ^ [ 26.731918] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.732363] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.732805] ================================================================== [ 26.833234] ================================================================== [ 26.833502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 26.834112] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.834775] [ 26.834968] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.835028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.835042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.835074] Call Trace: [ 26.835095] <TASK> [ 26.835114] dump_stack_lvl+0x73/0xb0 [ 26.835144] print_report+0xd1/0x610 [ 26.835167] ? __virt_addr_valid+0x1db/0x2d0 [ 26.835201] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.835223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.835250] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.835283] kasan_report+0x141/0x180 [ 26.835306] ? kasan_atomics_helper+0x4f30/0x5450 [ 26.835342] __asan_report_load8_noabort+0x18/0x20 [ 26.835367] kasan_atomics_helper+0x4f30/0x5450 [ 26.835391] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.835414] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.835439] ? kasan_atomics+0x152/0x310 [ 26.835466] kasan_atomics+0x1dc/0x310 [ 26.835490] ? __pfx_kasan_atomics+0x10/0x10 [ 26.835515] ? __pfx_read_tsc+0x10/0x10 [ 26.835538] ? ktime_get_ts64+0x86/0x230 [ 26.835564] kunit_try_run_case+0x1a5/0x480 [ 26.835607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.835631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.835655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.835679] ? __kthread_parkme+0x82/0x180 [ 26.835700] ? preempt_count_sub+0x50/0x80 [ 26.835724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.835749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.835776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.835804] kthread+0x337/0x6f0 [ 26.835825] ? trace_preempt_on+0x20/0xc0 [ 26.835849] ? __pfx_kthread+0x10/0x10 [ 26.835871] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.835893] ? calculate_sigpending+0x7b/0xa0 [ 26.835918] ? __pfx_kthread+0x10/0x10 [ 26.835940] ret_from_fork+0x116/0x1d0 [ 26.835961] ? __pfx_kthread+0x10/0x10 [ 26.835983] ret_from_fork_asm+0x1a/0x30 [ 26.836015] </TASK> [ 26.836027] [ 26.847669] Allocated by task 314: [ 26.848011] kasan_save_stack+0x45/0x70 [ 26.848377] kasan_save_track+0x18/0x40 [ 26.848754] kasan_save_alloc_info+0x3b/0x50 [ 26.849073] __kasan_kmalloc+0xb7/0xc0 [ 26.849201] __kmalloc_cache_noprof+0x189/0x420 [ 26.849360] kasan_atomics+0x95/0x310 [ 26.849489] kunit_try_run_case+0x1a5/0x480 [ 26.849746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.850225] kthread+0x337/0x6f0 [ 26.850549] ret_from_fork+0x116/0x1d0 [ 26.850917] ret_from_fork_asm+0x1a/0x30 [ 26.851280] [ 26.851440] The buggy address belongs to the object at ffff88810623b200 [ 26.851440] which belongs to the cache kmalloc-64 of size 64 [ 26.852506] The buggy address is located 0 bytes to the right of [ 26.852506] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.853028] [ 26.853099] The buggy address belongs to the physical page: [ 26.853268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.853520] flags: 0x200000000000000(node=0|zone=2) [ 26.853800] page_type: f5(slab) [ 26.853971] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.854285] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.854616] page dumped because: kasan: bad access detected [ 26.854865] [ 26.854977] Memory state around the buggy address: [ 26.855143] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.855454] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.855781] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.856085] ^ [ 26.856302] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.856647] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.856939] ================================================================== [ 25.991075] ================================================================== [ 25.991335] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 25.992705] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.993404] [ 25.993622] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.993679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.993694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.993718] Call Trace: [ 25.993740] <TASK> [ 25.993760] dump_stack_lvl+0x73/0xb0 [ 25.993794] print_report+0xd1/0x610 [ 25.993817] ? __virt_addr_valid+0x1db/0x2d0 [ 25.993842] ? kasan_atomics_helper+0x697/0x5450 [ 25.993864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.993891] ? kasan_atomics_helper+0x697/0x5450 [ 25.993914] kasan_report+0x141/0x180 [ 25.993937] ? kasan_atomics_helper+0x697/0x5450 [ 25.993964] kasan_check_range+0x10c/0x1c0 [ 25.993989] __kasan_check_write+0x18/0x20 [ 25.994013] kasan_atomics_helper+0x697/0x5450 [ 25.994036] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.994058] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.994083] ? kasan_atomics+0x152/0x310 [ 25.994110] kasan_atomics+0x1dc/0x310 [ 25.994134] ? __pfx_kasan_atomics+0x10/0x10 [ 25.994159] ? __pfx_read_tsc+0x10/0x10 [ 25.994184] ? ktime_get_ts64+0x86/0x230 [ 25.994213] kunit_try_run_case+0x1a5/0x480 [ 25.994238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.994261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.994285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.994340] ? __kthread_parkme+0x82/0x180 [ 25.994364] ? preempt_count_sub+0x50/0x80 [ 25.994389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.994412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.994440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.994468] kthread+0x337/0x6f0 [ 25.994488] ? trace_preempt_on+0x20/0xc0 [ 25.994512] ? __pfx_kthread+0x10/0x10 [ 25.994534] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.994556] ? calculate_sigpending+0x7b/0xa0 [ 25.994600] ? __pfx_kthread+0x10/0x10 [ 25.994622] ret_from_fork+0x116/0x1d0 [ 25.994641] ? __pfx_kthread+0x10/0x10 [ 25.994663] ret_from_fork_asm+0x1a/0x30 [ 25.994695] </TASK> [ 25.994708] [ 26.006274] Allocated by task 314: [ 26.006564] kasan_save_stack+0x45/0x70 [ 26.006922] kasan_save_track+0x18/0x40 [ 26.007266] kasan_save_alloc_info+0x3b/0x50 [ 26.007667] __kasan_kmalloc+0xb7/0xc0 [ 26.007992] __kmalloc_cache_noprof+0x189/0x420 [ 26.008383] kasan_atomics+0x95/0x310 [ 26.008509] kunit_try_run_case+0x1a5/0x480 [ 26.008821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.009289] kthread+0x337/0x6f0 [ 26.009612] ret_from_fork+0x116/0x1d0 [ 26.009810] ret_from_fork_asm+0x1a/0x30 [ 26.009947] [ 26.010015] The buggy address belongs to the object at ffff88810623b200 [ 26.010015] which belongs to the cache kmalloc-64 of size 64 [ 26.010378] The buggy address is located 0 bytes to the right of [ 26.010378] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.011098] [ 26.011252] The buggy address belongs to the physical page: [ 26.011735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.012391] flags: 0x200000000000000(node=0|zone=2) [ 26.012841] page_type: f5(slab) [ 26.013139] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.013824] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.014452] page dumped because: kasan: bad access detected [ 26.014947] [ 26.015111] Memory state around the buggy address: [ 26.015321] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.015529] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.016122] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.016756] ^ [ 26.017177] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.017678] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.017885] ================================================================== [ 26.894428] ================================================================== [ 26.894799] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 26.895155] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.895542] [ 26.895736] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.895805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.895819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.895875] Call Trace: [ 26.895897] <TASK> [ 26.895917] dump_stack_lvl+0x73/0xb0 [ 26.895948] print_report+0xd1/0x610 [ 26.895971] ? __virt_addr_valid+0x1db/0x2d0 [ 26.895996] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.896022] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.896050] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.896073] kasan_report+0x141/0x180 [ 26.896096] ? kasan_atomics_helper+0x1e12/0x5450 [ 26.896124] kasan_check_range+0x10c/0x1c0 [ 26.896148] __kasan_check_write+0x18/0x20 [ 26.896172] kasan_atomics_helper+0x1e12/0x5450 [ 26.896196] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.896218] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.896244] ? kasan_atomics+0x152/0x310 [ 26.896271] kasan_atomics+0x1dc/0x310 [ 26.896295] ? __pfx_kasan_atomics+0x10/0x10 [ 26.896332] ? __pfx_read_tsc+0x10/0x10 [ 26.896355] ? ktime_get_ts64+0x86/0x230 [ 26.896382] kunit_try_run_case+0x1a5/0x480 [ 26.896409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.896431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.896457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.896481] ? __kthread_parkme+0x82/0x180 [ 26.896503] ? preempt_count_sub+0x50/0x80 [ 26.896528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.896553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.896581] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.896609] kthread+0x337/0x6f0 [ 26.896630] ? trace_preempt_on+0x20/0xc0 [ 26.896655] ? __pfx_kthread+0x10/0x10 [ 26.896676] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.896698] ? calculate_sigpending+0x7b/0xa0 [ 26.896723] ? __pfx_kthread+0x10/0x10 [ 26.896745] ret_from_fork+0x116/0x1d0 [ 26.896766] ? __pfx_kthread+0x10/0x10 [ 26.896788] ret_from_fork_asm+0x1a/0x30 [ 26.896820] </TASK> [ 26.896832] [ 26.904207] Allocated by task 314: [ 26.904346] kasan_save_stack+0x45/0x70 [ 26.904488] kasan_save_track+0x18/0x40 [ 26.904638] kasan_save_alloc_info+0x3b/0x50 [ 26.904817] __kasan_kmalloc+0xb7/0xc0 [ 26.905052] __kmalloc_cache_noprof+0x189/0x420 [ 26.905276] kasan_atomics+0x95/0x310 [ 26.905462] kunit_try_run_case+0x1a5/0x480 [ 26.905748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.906091] kthread+0x337/0x6f0 [ 26.906252] ret_from_fork+0x116/0x1d0 [ 26.906458] ret_from_fork_asm+0x1a/0x30 [ 26.906694] [ 26.906789] The buggy address belongs to the object at ffff88810623b200 [ 26.906789] which belongs to the cache kmalloc-64 of size 64 [ 26.907186] The buggy address is located 0 bytes to the right of [ 26.907186] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.907683] [ 26.907781] The buggy address belongs to the physical page: [ 26.908037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.908475] flags: 0x200000000000000(node=0|zone=2) [ 26.908843] page_type: f5(slab) [ 26.909077] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.909399] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.909651] page dumped because: kasan: bad access detected [ 26.909819] [ 26.909884] Memory state around the buggy address: [ 26.910096] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.910476] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.910830] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.911133] ^ [ 26.911422] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.911721] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.912013] ================================================================== [ 26.274725] ================================================================== [ 26.275111] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 26.275744] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.276175] [ 26.276427] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.276484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.276499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.276521] Call Trace: [ 26.276540] <TASK> [ 26.276564] dump_stack_lvl+0x73/0xb0 [ 26.276609] print_report+0xd1/0x610 [ 26.276633] ? __virt_addr_valid+0x1db/0x2d0 [ 26.276658] ? kasan_atomics_helper+0xf10/0x5450 [ 26.276681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.276708] ? kasan_atomics_helper+0xf10/0x5450 [ 26.276730] kasan_report+0x141/0x180 [ 26.276753] ? kasan_atomics_helper+0xf10/0x5450 [ 26.276780] kasan_check_range+0x10c/0x1c0 [ 26.276805] __kasan_check_write+0x18/0x20 [ 26.276829] kasan_atomics_helper+0xf10/0x5450 [ 26.276853] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.276876] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.276903] ? kasan_atomics+0x152/0x310 [ 26.276930] kasan_atomics+0x1dc/0x310 [ 26.276954] ? __pfx_kasan_atomics+0x10/0x10 [ 26.276979] ? __pfx_read_tsc+0x10/0x10 [ 26.277003] ? ktime_get_ts64+0x86/0x230 [ 26.277031] kunit_try_run_case+0x1a5/0x480 [ 26.277056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.277079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.277104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.277129] ? __kthread_parkme+0x82/0x180 [ 26.277150] ? preempt_count_sub+0x50/0x80 [ 26.277175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.277199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.277228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.277257] kthread+0x337/0x6f0 [ 26.277278] ? trace_preempt_on+0x20/0xc0 [ 26.277301] ? __pfx_kthread+0x10/0x10 [ 26.277331] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.277353] ? calculate_sigpending+0x7b/0xa0 [ 26.277377] ? __pfx_kthread+0x10/0x10 [ 26.277400] ret_from_fork+0x116/0x1d0 [ 26.277420] ? __pfx_kthread+0x10/0x10 [ 26.277441] ret_from_fork_asm+0x1a/0x30 [ 26.277473] </TASK> [ 26.277486] [ 26.284435] Allocated by task 314: [ 26.284571] kasan_save_stack+0x45/0x70 [ 26.284782] kasan_save_track+0x18/0x40 [ 26.284971] kasan_save_alloc_info+0x3b/0x50 [ 26.285179] __kasan_kmalloc+0xb7/0xc0 [ 26.285370] __kmalloc_cache_noprof+0x189/0x420 [ 26.285584] kasan_atomics+0x95/0x310 [ 26.285759] kunit_try_run_case+0x1a5/0x480 [ 26.285948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.286161] kthread+0x337/0x6f0 [ 26.286328] ret_from_fork+0x116/0x1d0 [ 26.286484] ret_from_fork_asm+0x1a/0x30 [ 26.286684] [ 26.286770] The buggy address belongs to the object at ffff88810623b200 [ 26.286770] which belongs to the cache kmalloc-64 of size 64 [ 26.287224] The buggy address is located 0 bytes to the right of [ 26.287224] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.287785] [ 26.287872] The buggy address belongs to the physical page: [ 26.288043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.288280] flags: 0x200000000000000(node=0|zone=2) [ 26.288449] page_type: f5(slab) [ 26.288566] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.288852] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.289508] page dumped because: kasan: bad access detected [ 26.289734] [ 26.289800] Memory state around the buggy address: [ 26.289953] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.290164] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.290503] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.291125] ^ [ 26.291357] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.291740] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.291997] ================================================================== [ 26.018492] ================================================================== [ 26.019186] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 26.019831] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.020441] [ 26.020631] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.020685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.020699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.020721] Call Trace: [ 26.020740] <TASK> [ 26.020756] dump_stack_lvl+0x73/0xb0 [ 26.020787] print_report+0xd1/0x610 [ 26.020810] ? __virt_addr_valid+0x1db/0x2d0 [ 26.020835] ? kasan_atomics_helper+0x72f/0x5450 [ 26.020857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.020884] ? kasan_atomics_helper+0x72f/0x5450 [ 26.020906] kasan_report+0x141/0x180 [ 26.020929] ? kasan_atomics_helper+0x72f/0x5450 [ 26.020955] kasan_check_range+0x10c/0x1c0 [ 26.020980] __kasan_check_write+0x18/0x20 [ 26.021003] kasan_atomics_helper+0x72f/0x5450 [ 26.021027] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.021050] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.021074] ? kasan_atomics+0x152/0x310 [ 26.021102] kasan_atomics+0x1dc/0x310 [ 26.021125] ? __pfx_kasan_atomics+0x10/0x10 [ 26.021151] ? __pfx_read_tsc+0x10/0x10 [ 26.021175] ? ktime_get_ts64+0x86/0x230 [ 26.021200] kunit_try_run_case+0x1a5/0x480 [ 26.021226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.021250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.021274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.021297] ? __kthread_parkme+0x82/0x180 [ 26.021331] ? preempt_count_sub+0x50/0x80 [ 26.021355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.021380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.021407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.021435] kthread+0x337/0x6f0 [ 26.021458] ? trace_preempt_on+0x20/0xc0 [ 26.021482] ? __pfx_kthread+0x10/0x10 [ 26.021503] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.021526] ? calculate_sigpending+0x7b/0xa0 [ 26.021551] ? __pfx_kthread+0x10/0x10 [ 26.021592] ret_from_fork+0x116/0x1d0 [ 26.021619] ? __pfx_kthread+0x10/0x10 [ 26.021640] ret_from_fork_asm+0x1a/0x30 [ 26.021673] </TASK> [ 26.021684] [ 26.031088] Allocated by task 314: [ 26.031275] kasan_save_stack+0x45/0x70 [ 26.031485] kasan_save_track+0x18/0x40 [ 26.031706] kasan_save_alloc_info+0x3b/0x50 [ 26.031921] __kasan_kmalloc+0xb7/0xc0 [ 26.032105] __kmalloc_cache_noprof+0x189/0x420 [ 26.032261] kasan_atomics+0x95/0x310 [ 26.032400] kunit_try_run_case+0x1a5/0x480 [ 26.032543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.032819] kthread+0x337/0x6f0 [ 26.032984] ret_from_fork+0x116/0x1d0 [ 26.033168] ret_from_fork_asm+0x1a/0x30 [ 26.033340] [ 26.033431] The buggy address belongs to the object at ffff88810623b200 [ 26.033431] which belongs to the cache kmalloc-64 of size 64 [ 26.033824] The buggy address is located 0 bytes to the right of [ 26.033824] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.034339] [ 26.034435] The buggy address belongs to the physical page: [ 26.034711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.035054] flags: 0x200000000000000(node=0|zone=2) [ 26.035264] page_type: f5(slab) [ 26.035435] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.035757] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.036033] page dumped because: kasan: bad access detected [ 26.036207] [ 26.036298] Memory state around the buggy address: [ 26.036535] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.036829] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.037043] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.037351] ^ [ 26.037588] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.037909] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.038182] ================================================================== [ 25.909522] ================================================================== [ 25.910262] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 25.910736] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.911210] [ 25.911328] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.911384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.911398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.911421] Call Trace: [ 25.911444] <TASK> [ 25.911464] dump_stack_lvl+0x73/0xb0 [ 25.911497] print_report+0xd1/0x610 [ 25.911520] ? __virt_addr_valid+0x1db/0x2d0 [ 25.911545] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.911567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.911761] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.911786] kasan_report+0x141/0x180 [ 25.911809] ? kasan_atomics_helper+0x4b3a/0x5450 [ 25.911837] __asan_report_store4_noabort+0x1b/0x30 [ 25.911888] kasan_atomics_helper+0x4b3a/0x5450 [ 25.911911] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.911934] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.911960] ? kasan_atomics+0x152/0x310 [ 25.911988] kasan_atomics+0x1dc/0x310 [ 25.912011] ? __pfx_kasan_atomics+0x10/0x10 [ 25.912036] ? __pfx_read_tsc+0x10/0x10 [ 25.912061] ? ktime_get_ts64+0x86/0x230 [ 25.912089] kunit_try_run_case+0x1a5/0x480 [ 25.912114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.912138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.912163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.912188] ? __kthread_parkme+0x82/0x180 [ 25.912210] ? preempt_count_sub+0x50/0x80 [ 25.912235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.912259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.912287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.912325] kthread+0x337/0x6f0 [ 25.912346] ? trace_preempt_on+0x20/0xc0 [ 25.912372] ? __pfx_kthread+0x10/0x10 [ 25.912395] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.912417] ? calculate_sigpending+0x7b/0xa0 [ 25.912442] ? __pfx_kthread+0x10/0x10 [ 25.912465] ret_from_fork+0x116/0x1d0 [ 25.912485] ? __pfx_kthread+0x10/0x10 [ 25.912506] ret_from_fork_asm+0x1a/0x30 [ 25.912539] </TASK> [ 25.912552] [ 25.923285] Allocated by task 314: [ 25.923727] kasan_save_stack+0x45/0x70 [ 25.923936] kasan_save_track+0x18/0x40 [ 25.924293] kasan_save_alloc_info+0x3b/0x50 [ 25.924507] __kasan_kmalloc+0xb7/0xc0 [ 25.924776] __kmalloc_cache_noprof+0x189/0x420 [ 25.925002] kasan_atomics+0x95/0x310 [ 25.925167] kunit_try_run_case+0x1a5/0x480 [ 25.925374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.925609] kthread+0x337/0x6f0 [ 25.925757] ret_from_fork+0x116/0x1d0 [ 25.925928] ret_from_fork_asm+0x1a/0x30 [ 25.926101] [ 25.926179] The buggy address belongs to the object at ffff88810623b200 [ 25.926179] which belongs to the cache kmalloc-64 of size 64 [ 25.927266] The buggy address is located 0 bytes to the right of [ 25.927266] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.928179] [ 25.928277] The buggy address belongs to the physical page: [ 25.928701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.929253] flags: 0x200000000000000(node=0|zone=2) [ 25.929634] page_type: f5(slab) [ 25.929779] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.930327] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.930779] page dumped because: kasan: bad access detected [ 25.931186] [ 25.931287] Memory state around the buggy address: [ 25.931673] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.932140] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.932475] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.933009] ^ [ 25.933289] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.933722] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.934192] ================================================================== [ 26.106602] ================================================================== [ 26.106876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 26.107194] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.107532] [ 26.107664] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.107713] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.107728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.107749] Call Trace: [ 26.107766] <TASK> [ 26.107782] dump_stack_lvl+0x73/0xb0 [ 26.107810] print_report+0xd1/0x610 [ 26.107835] ? __virt_addr_valid+0x1db/0x2d0 [ 26.107881] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.107903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.107932] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.107954] kasan_report+0x141/0x180 [ 26.107977] ? kasan_atomics_helper+0xa2b/0x5450 [ 26.108005] kasan_check_range+0x10c/0x1c0 [ 26.108029] __kasan_check_write+0x18/0x20 [ 26.108054] kasan_atomics_helper+0xa2b/0x5450 [ 26.108077] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.108100] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.108127] ? kasan_atomics+0x152/0x310 [ 26.108154] kasan_atomics+0x1dc/0x310 [ 26.108177] ? __pfx_kasan_atomics+0x10/0x10 [ 26.108202] ? __pfx_read_tsc+0x10/0x10 [ 26.108226] ? ktime_get_ts64+0x86/0x230 [ 26.108251] kunit_try_run_case+0x1a5/0x480 [ 26.108275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.108299] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.108331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.108356] ? __kthread_parkme+0x82/0x180 [ 26.108377] ? preempt_count_sub+0x50/0x80 [ 26.108402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.108426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.108454] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.108482] kthread+0x337/0x6f0 [ 26.108502] ? trace_preempt_on+0x20/0xc0 [ 26.108527] ? __pfx_kthread+0x10/0x10 [ 26.108548] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.108570] ? calculate_sigpending+0x7b/0xa0 [ 26.108613] ? __pfx_kthread+0x10/0x10 [ 26.108636] ret_from_fork+0x116/0x1d0 [ 26.108656] ? __pfx_kthread+0x10/0x10 [ 26.108678] ret_from_fork_asm+0x1a/0x30 [ 26.108709] </TASK> [ 26.108720] [ 26.118670] Allocated by task 314: [ 26.118904] kasan_save_stack+0x45/0x70 [ 26.119222] kasan_save_track+0x18/0x40 [ 26.119569] kasan_save_alloc_info+0x3b/0x50 [ 26.119797] __kasan_kmalloc+0xb7/0xc0 [ 26.119972] __kmalloc_cache_noprof+0x189/0x420 [ 26.120169] kasan_atomics+0x95/0x310 [ 26.120592] kunit_try_run_case+0x1a5/0x480 [ 26.120912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.121324] kthread+0x337/0x6f0 [ 26.121635] ret_from_fork+0x116/0x1d0 [ 26.122012] ret_from_fork_asm+0x1a/0x30 [ 26.122207] [ 26.122296] The buggy address belongs to the object at ffff88810623b200 [ 26.122296] which belongs to the cache kmalloc-64 of size 64 [ 26.123138] The buggy address is located 0 bytes to the right of [ 26.123138] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.124021] [ 26.124246] The buggy address belongs to the physical page: [ 26.124798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.125338] flags: 0x200000000000000(node=0|zone=2) [ 26.125516] page_type: f5(slab) [ 26.125791] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.126467] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.127077] page dumped because: kasan: bad access detected [ 26.127248] [ 26.127326] Memory state around the buggy address: [ 26.127482] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.127992] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.128605] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.129350] ^ [ 26.129803] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.130546] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.131114] ================================================================== [ 26.131766] ================================================================== [ 26.132160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 26.132802] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.133263] [ 26.133362] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.133417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.133431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.133454] Call Trace: [ 26.133477] <TASK> [ 26.133497] dump_stack_lvl+0x73/0xb0 [ 26.133528] print_report+0xd1/0x610 [ 26.133551] ? __virt_addr_valid+0x1db/0x2d0 [ 26.133576] ? kasan_atomics_helper+0xac7/0x5450 [ 26.133624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.133651] ? kasan_atomics_helper+0xac7/0x5450 [ 26.133674] kasan_report+0x141/0x180 [ 26.133719] ? kasan_atomics_helper+0xac7/0x5450 [ 26.133747] kasan_check_range+0x10c/0x1c0 [ 26.133771] __kasan_check_write+0x18/0x20 [ 26.133795] kasan_atomics_helper+0xac7/0x5450 [ 26.133818] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.133841] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.133882] ? kasan_atomics+0x152/0x310 [ 26.133909] kasan_atomics+0x1dc/0x310 [ 26.133933] ? __pfx_kasan_atomics+0x10/0x10 [ 26.133958] ? __pfx_read_tsc+0x10/0x10 [ 26.133981] ? ktime_get_ts64+0x86/0x230 [ 26.134007] kunit_try_run_case+0x1a5/0x480 [ 26.134033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.134057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.134082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.134106] ? __kthread_parkme+0x82/0x180 [ 26.134128] ? preempt_count_sub+0x50/0x80 [ 26.134153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.134177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.134207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.134234] kthread+0x337/0x6f0 [ 26.134255] ? trace_preempt_on+0x20/0xc0 [ 26.134280] ? __pfx_kthread+0x10/0x10 [ 26.134302] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.134335] ? calculate_sigpending+0x7b/0xa0 [ 26.134360] ? __pfx_kthread+0x10/0x10 [ 26.134382] ret_from_fork+0x116/0x1d0 [ 26.134403] ? __pfx_kthread+0x10/0x10 [ 26.134425] ret_from_fork_asm+0x1a/0x30 [ 26.134458] </TASK> [ 26.134470] [ 26.143213] Allocated by task 314: [ 26.143413] kasan_save_stack+0x45/0x70 [ 26.143672] kasan_save_track+0x18/0x40 [ 26.143849] kasan_save_alloc_info+0x3b/0x50 [ 26.144056] __kasan_kmalloc+0xb7/0xc0 [ 26.144226] __kmalloc_cache_noprof+0x189/0x420 [ 26.144444] kasan_atomics+0x95/0x310 [ 26.144662] kunit_try_run_case+0x1a5/0x480 [ 26.144849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.145083] kthread+0x337/0x6f0 [ 26.145263] ret_from_fork+0x116/0x1d0 [ 26.145419] ret_from_fork_asm+0x1a/0x30 [ 26.145658] [ 26.145750] The buggy address belongs to the object at ffff88810623b200 [ 26.145750] which belongs to the cache kmalloc-64 of size 64 [ 26.146247] The buggy address is located 0 bytes to the right of [ 26.146247] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.146799] [ 26.146895] The buggy address belongs to the physical page: [ 26.147105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.147473] flags: 0x200000000000000(node=0|zone=2) [ 26.147718] page_type: f5(slab) [ 26.147871] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.148194] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.148575] page dumped because: kasan: bad access detected [ 26.148779] [ 26.148872] Memory state around the buggy address: [ 26.149094] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.149409] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.149728] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.149999] ^ [ 26.150145] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.150376] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.150578] ================================================================== [ 26.309456] ================================================================== [ 26.309749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 26.310082] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.310406] [ 26.310486] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.310534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.310549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.310570] Call Trace: [ 26.310585] <TASK> [ 26.310601] dump_stack_lvl+0x73/0xb0 [ 26.310628] print_report+0xd1/0x610 [ 26.310651] ? __virt_addr_valid+0x1db/0x2d0 [ 26.310675] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.310697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.310723] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.310746] kasan_report+0x141/0x180 [ 26.310768] ? kasan_atomics_helper+0x4a36/0x5450 [ 26.310795] __asan_report_load4_noabort+0x18/0x20 [ 26.310819] kasan_atomics_helper+0x4a36/0x5450 [ 26.310842] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.310865] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.310890] ? kasan_atomics+0x152/0x310 [ 26.310916] kasan_atomics+0x1dc/0x310 [ 26.310939] ? __pfx_kasan_atomics+0x10/0x10 [ 26.310964] ? __pfx_read_tsc+0x10/0x10 [ 26.310986] ? ktime_get_ts64+0x86/0x230 [ 26.311011] kunit_try_run_case+0x1a5/0x480 [ 26.311035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.311058] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.311082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.311105] ? __kthread_parkme+0x82/0x180 [ 26.311125] ? preempt_count_sub+0x50/0x80 [ 26.311150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.311174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.311201] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.311229] kthread+0x337/0x6f0 [ 26.311249] ? trace_preempt_on+0x20/0xc0 [ 26.311273] ? __pfx_kthread+0x10/0x10 [ 26.311294] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.311328] ? calculate_sigpending+0x7b/0xa0 [ 26.311353] ? __pfx_kthread+0x10/0x10 [ 26.311375] ret_from_fork+0x116/0x1d0 [ 26.311395] ? __pfx_kthread+0x10/0x10 [ 26.311416] ret_from_fork_asm+0x1a/0x30 [ 26.311447] </TASK> [ 26.311458] [ 26.318168] Allocated by task 314: [ 26.318296] kasan_save_stack+0x45/0x70 [ 26.318441] kasan_save_track+0x18/0x40 [ 26.318570] kasan_save_alloc_info+0x3b/0x50 [ 26.318734] __kasan_kmalloc+0xb7/0xc0 [ 26.318861] __kmalloc_cache_noprof+0x189/0x420 [ 26.319080] kasan_atomics+0x95/0x310 [ 26.319263] kunit_try_run_case+0x1a5/0x480 [ 26.319479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.319754] kthread+0x337/0x6f0 [ 26.319924] ret_from_fork+0x116/0x1d0 [ 26.320113] ret_from_fork_asm+0x1a/0x30 [ 26.320318] [ 26.320409] The buggy address belongs to the object at ffff88810623b200 [ 26.320409] which belongs to the cache kmalloc-64 of size 64 [ 26.320953] The buggy address is located 0 bytes to the right of [ 26.320953] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.321490] [ 26.321561] The buggy address belongs to the physical page: [ 26.321815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.322126] flags: 0x200000000000000(node=0|zone=2) [ 26.322335] page_type: f5(slab) [ 26.322501] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.322829] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.323130] page dumped because: kasan: bad access detected [ 26.323365] [ 26.323447] Memory state around the buggy address: [ 26.323668] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.323947] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.324230] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.324509] ^ [ 26.324731] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.325020] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.325262] ================================================================== [ 26.421679] ================================================================== [ 26.421966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 26.422201] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.422433] [ 26.422521] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.422570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.422604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.422627] Call Trace: [ 26.422648] <TASK> [ 26.422665] dump_stack_lvl+0x73/0xb0 [ 26.422694] print_report+0xd1/0x610 [ 26.422717] ? __virt_addr_valid+0x1db/0x2d0 [ 26.422741] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.422763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.422791] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.422812] kasan_report+0x141/0x180 [ 26.422836] ? kasan_atomics_helper+0x49e8/0x5450 [ 26.422862] __asan_report_load4_noabort+0x18/0x20 [ 26.422887] kasan_atomics_helper+0x49e8/0x5450 [ 26.422910] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.422933] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.422958] ? kasan_atomics+0x152/0x310 [ 26.422985] kasan_atomics+0x1dc/0x310 [ 26.423008] ? __pfx_kasan_atomics+0x10/0x10 [ 26.423033] ? __pfx_read_tsc+0x10/0x10 [ 26.423057] ? ktime_get_ts64+0x86/0x230 [ 26.423083] kunit_try_run_case+0x1a5/0x480 [ 26.423107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.423130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.423154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.423178] ? __kthread_parkme+0x82/0x180 [ 26.423199] ? preempt_count_sub+0x50/0x80 [ 26.423224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.423249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.423277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.423305] kthread+0x337/0x6f0 [ 26.423336] ? trace_preempt_on+0x20/0xc0 [ 26.423361] ? __pfx_kthread+0x10/0x10 [ 26.423383] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.423405] ? calculate_sigpending+0x7b/0xa0 [ 26.423430] ? __pfx_kthread+0x10/0x10 [ 26.423452] ret_from_fork+0x116/0x1d0 [ 26.423473] ? __pfx_kthread+0x10/0x10 [ 26.423495] ret_from_fork_asm+0x1a/0x30 [ 26.423527] </TASK> [ 26.423538] [ 26.430663] Allocated by task 314: [ 26.430819] kasan_save_stack+0x45/0x70 [ 26.430979] kasan_save_track+0x18/0x40 [ 26.431152] kasan_save_alloc_info+0x3b/0x50 [ 26.431349] __kasan_kmalloc+0xb7/0xc0 [ 26.431520] __kmalloc_cache_noprof+0x189/0x420 [ 26.431728] kasan_atomics+0x95/0x310 [ 26.431907] kunit_try_run_case+0x1a5/0x480 [ 26.432086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.432271] kthread+0x337/0x6f0 [ 26.432438] ret_from_fork+0x116/0x1d0 [ 26.432648] ret_from_fork_asm+0x1a/0x30 [ 26.432804] [ 26.432870] The buggy address belongs to the object at ffff88810623b200 [ 26.432870] which belongs to the cache kmalloc-64 of size 64 [ 26.433383] The buggy address is located 0 bytes to the right of [ 26.433383] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.433836] [ 26.433905] The buggy address belongs to the physical page: [ 26.434075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.434388] flags: 0x200000000000000(node=0|zone=2) [ 26.434642] page_type: f5(slab) [ 26.434807] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.435142] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.435484] page dumped because: kasan: bad access detected [ 26.435738] [ 26.435809] Memory state around the buggy address: [ 26.435961] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.436180] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.436509] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.436846] ^ [ 26.437070] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.437366] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.437664] ================================================================== [ 27.049565] ================================================================== [ 27.049967] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 27.050333] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.050625] [ 27.050750] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.050802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.050817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.050839] Call Trace: [ 27.050872] <TASK> [ 27.050890] dump_stack_lvl+0x73/0xb0 [ 27.050920] print_report+0xd1/0x610 [ 27.050956] ? __virt_addr_valid+0x1db/0x2d0 [ 27.050981] ? kasan_atomics_helper+0x218a/0x5450 [ 27.051005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.051032] ? kasan_atomics_helper+0x218a/0x5450 [ 27.051055] kasan_report+0x141/0x180 [ 27.051078] ? kasan_atomics_helper+0x218a/0x5450 [ 27.051105] kasan_check_range+0x10c/0x1c0 [ 27.051130] __kasan_check_write+0x18/0x20 [ 27.051163] kasan_atomics_helper+0x218a/0x5450 [ 27.051187] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.051210] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.051245] ? kasan_atomics+0x152/0x310 [ 27.051273] kasan_atomics+0x1dc/0x310 [ 27.051296] ? __pfx_kasan_atomics+0x10/0x10 [ 27.051339] ? __pfx_read_tsc+0x10/0x10 [ 27.051362] ? ktime_get_ts64+0x86/0x230 [ 27.051399] kunit_try_run_case+0x1a5/0x480 [ 27.051424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.051448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.051473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.051497] ? __kthread_parkme+0x82/0x180 [ 27.051529] ? preempt_count_sub+0x50/0x80 [ 27.051554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.051584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.051631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.051660] kthread+0x337/0x6f0 [ 27.051681] ? trace_preempt_on+0x20/0xc0 [ 27.051706] ? __pfx_kthread+0x10/0x10 [ 27.051727] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.051749] ? calculate_sigpending+0x7b/0xa0 [ 27.051775] ? __pfx_kthread+0x10/0x10 [ 27.051798] ret_from_fork+0x116/0x1d0 [ 27.051817] ? __pfx_kthread+0x10/0x10 [ 27.051838] ret_from_fork_asm+0x1a/0x30 [ 27.051870] </TASK> [ 27.051882] [ 27.059255] Allocated by task 314: [ 27.059437] kasan_save_stack+0x45/0x70 [ 27.059629] kasan_save_track+0x18/0x40 [ 27.059815] kasan_save_alloc_info+0x3b/0x50 [ 27.060032] __kasan_kmalloc+0xb7/0xc0 [ 27.060206] __kmalloc_cache_noprof+0x189/0x420 [ 27.060411] kasan_atomics+0x95/0x310 [ 27.060598] kunit_try_run_case+0x1a5/0x480 [ 27.060793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.061049] kthread+0x337/0x6f0 [ 27.061223] ret_from_fork+0x116/0x1d0 [ 27.061430] ret_from_fork_asm+0x1a/0x30 [ 27.061607] [ 27.061737] The buggy address belongs to the object at ffff88810623b200 [ 27.061737] which belongs to the cache kmalloc-64 of size 64 [ 27.062165] The buggy address is located 0 bytes to the right of [ 27.062165] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.062742] [ 27.062841] The buggy address belongs to the physical page: [ 27.063087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.063436] flags: 0x200000000000000(node=0|zone=2) [ 27.063626] page_type: f5(slab) [ 27.063818] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.064128] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.064475] page dumped because: kasan: bad access detected [ 27.064676] [ 27.064779] Memory state around the buggy address: [ 27.065078] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.065289] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.065509] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.065722] ^ [ 27.065873] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.066378] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.066964] ================================================================== [ 25.829329] ================================================================== [ 25.829674] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 25.829929] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.830162] [ 25.830275] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.830337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.830351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.830374] Call Trace: [ 25.830395] <TASK> [ 25.830413] dump_stack_lvl+0x73/0xb0 [ 25.830442] print_report+0xd1/0x610 [ 25.830465] ? __virt_addr_valid+0x1db/0x2d0 [ 25.830490] ? kasan_atomics_helper+0x3df/0x5450 [ 25.830511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.830537] ? kasan_atomics_helper+0x3df/0x5450 [ 25.830559] kasan_report+0x141/0x180 [ 25.830582] ? kasan_atomics_helper+0x3df/0x5450 [ 25.830623] kasan_check_range+0x10c/0x1c0 [ 25.830649] __kasan_check_read+0x15/0x20 [ 25.830673] kasan_atomics_helper+0x3df/0x5450 [ 25.830697] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.830720] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.830746] ? kasan_atomics+0x152/0x310 [ 25.830773] kasan_atomics+0x1dc/0x310 [ 25.830796] ? __pfx_kasan_atomics+0x10/0x10 [ 25.830821] ? __pfx_read_tsc+0x10/0x10 [ 25.830844] ? ktime_get_ts64+0x86/0x230 [ 25.830870] kunit_try_run_case+0x1a5/0x480 [ 25.830896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.830920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.830945] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.830969] ? __kthread_parkme+0x82/0x180 [ 25.830991] ? preempt_count_sub+0x50/0x80 [ 25.831016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.831040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.831068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.831096] kthread+0x337/0x6f0 [ 25.831117] ? trace_preempt_on+0x20/0xc0 [ 25.831141] ? __pfx_kthread+0x10/0x10 [ 25.831163] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.831185] ? calculate_sigpending+0x7b/0xa0 [ 25.831210] ? __pfx_kthread+0x10/0x10 [ 25.831233] ret_from_fork+0x116/0x1d0 [ 25.831253] ? __pfx_kthread+0x10/0x10 [ 25.831275] ret_from_fork_asm+0x1a/0x30 [ 25.831317] </TASK> [ 25.831329] [ 25.838762] Allocated by task 314: [ 25.839229] kasan_save_stack+0x45/0x70 [ 25.839444] kasan_save_track+0x18/0x40 [ 25.839684] kasan_save_alloc_info+0x3b/0x50 [ 25.839976] __kasan_kmalloc+0xb7/0xc0 [ 25.840175] __kmalloc_cache_noprof+0x189/0x420 [ 25.840404] kasan_atomics+0x95/0x310 [ 25.840569] kunit_try_run_case+0x1a5/0x480 [ 25.840769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.841094] kthread+0x337/0x6f0 [ 25.841261] ret_from_fork+0x116/0x1d0 [ 25.841403] ret_from_fork_asm+0x1a/0x30 [ 25.841540] [ 25.841663] The buggy address belongs to the object at ffff88810623b200 [ 25.841663] which belongs to the cache kmalloc-64 of size 64 [ 25.842547] The buggy address is located 0 bytes to the right of [ 25.842547] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.843243] [ 25.843337] The buggy address belongs to the physical page: [ 25.843510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.843991] flags: 0x200000000000000(node=0|zone=2) [ 25.844243] page_type: f5(slab) [ 25.844429] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.844734] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.846000] page dumped because: kasan: bad access detected [ 25.846261] [ 25.846368] Memory state around the buggy address: [ 25.846580] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.847262] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.847567] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.847842] ^ [ 25.848378] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.848780] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.849216] ================================================================== [ 25.877423] ================================================================== [ 25.878872] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 25.879546] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.880367] [ 25.880602] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.880674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.880688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.880713] Call Trace: [ 25.880735] <TASK> [ 25.880757] dump_stack_lvl+0x73/0xb0 [ 25.880788] print_report+0xd1/0x610 [ 25.880812] ? __virt_addr_valid+0x1db/0x2d0 [ 25.880837] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.880867] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.880894] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.880917] kasan_report+0x141/0x180 [ 25.880939] ? kasan_atomics_helper+0x4a0/0x5450 [ 25.880966] kasan_check_range+0x10c/0x1c0 [ 25.880990] __kasan_check_write+0x18/0x20 [ 25.881014] kasan_atomics_helper+0x4a0/0x5450 [ 25.881037] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.881059] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.881085] ? kasan_atomics+0x152/0x310 [ 25.881112] kasan_atomics+0x1dc/0x310 [ 25.881134] ? __pfx_kasan_atomics+0x10/0x10 [ 25.881160] ? __pfx_read_tsc+0x10/0x10 [ 25.881182] ? ktime_get_ts64+0x86/0x230 [ 25.881208] kunit_try_run_case+0x1a5/0x480 [ 25.881233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.881257] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.881282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.881315] ? __kthread_parkme+0x82/0x180 [ 25.881337] ? preempt_count_sub+0x50/0x80 [ 25.881362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.881386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.881414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.881443] kthread+0x337/0x6f0 [ 25.881463] ? trace_preempt_on+0x20/0xc0 [ 25.881488] ? __pfx_kthread+0x10/0x10 [ 25.881510] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.881532] ? calculate_sigpending+0x7b/0xa0 [ 25.881557] ? __pfx_kthread+0x10/0x10 [ 25.881579] ret_from_fork+0x116/0x1d0 [ 25.881603] ? __pfx_kthread+0x10/0x10 [ 25.881628] ret_from_fork_asm+0x1a/0x30 [ 25.881662] </TASK> [ 25.881675] [ 25.896591] Allocated by task 314: [ 25.897443] kasan_save_stack+0x45/0x70 [ 25.897778] kasan_save_track+0x18/0x40 [ 25.898135] kasan_save_alloc_info+0x3b/0x50 [ 25.898458] __kasan_kmalloc+0xb7/0xc0 [ 25.898736] __kmalloc_cache_noprof+0x189/0x420 [ 25.899129] kasan_atomics+0x95/0x310 [ 25.899358] kunit_try_run_case+0x1a5/0x480 [ 25.899761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.900165] kthread+0x337/0x6f0 [ 25.900324] ret_from_fork+0x116/0x1d0 [ 25.900531] ret_from_fork_asm+0x1a/0x30 [ 25.900967] [ 25.901063] The buggy address belongs to the object at ffff88810623b200 [ 25.901063] which belongs to the cache kmalloc-64 of size 64 [ 25.901726] The buggy address is located 0 bytes to the right of [ 25.901726] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.902477] [ 25.902698] The buggy address belongs to the physical page: [ 25.902918] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.903758] flags: 0x200000000000000(node=0|zone=2) [ 25.904157] page_type: f5(slab) [ 25.904294] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.904836] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.905356] page dumped because: kasan: bad access detected [ 25.905712] [ 25.905798] Memory state around the buggy address: [ 25.906125] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.906749] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.907181] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.907482] ^ [ 25.907808] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.908148] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.908706] ================================================================== [ 26.455138] ================================================================== [ 26.455505] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 26.455886] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.456195] [ 26.456287] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.456346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.456360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.456383] Call Trace: [ 26.456401] <TASK> [ 26.456418] dump_stack_lvl+0x73/0xb0 [ 26.456447] print_report+0xd1/0x610 [ 26.456470] ? __virt_addr_valid+0x1db/0x2d0 [ 26.456494] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.456516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.456543] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.456565] kasan_report+0x141/0x180 [ 26.456609] ? kasan_atomics_helper+0x49ce/0x5450 [ 26.456635] __asan_report_load4_noabort+0x18/0x20 [ 26.456660] kasan_atomics_helper+0x49ce/0x5450 [ 26.456684] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.456707] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.456732] ? kasan_atomics+0x152/0x310 [ 26.456759] kasan_atomics+0x1dc/0x310 [ 26.456781] ? __pfx_kasan_atomics+0x10/0x10 [ 26.456806] ? __pfx_read_tsc+0x10/0x10 [ 26.456829] ? ktime_get_ts64+0x86/0x230 [ 26.456855] kunit_try_run_case+0x1a5/0x480 [ 26.456879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.456902] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.456926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.456950] ? __kthread_parkme+0x82/0x180 [ 26.456972] ? preempt_count_sub+0x50/0x80 [ 26.456997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.457021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.457049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.457077] kthread+0x337/0x6f0 [ 26.457098] ? trace_preempt_on+0x20/0xc0 [ 26.457122] ? __pfx_kthread+0x10/0x10 [ 26.457144] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.457166] ? calculate_sigpending+0x7b/0xa0 [ 26.457190] ? __pfx_kthread+0x10/0x10 [ 26.457213] ret_from_fork+0x116/0x1d0 [ 26.457233] ? __pfx_kthread+0x10/0x10 [ 26.457255] ret_from_fork_asm+0x1a/0x30 [ 26.457286] </TASK> [ 26.457298] [ 26.464080] Allocated by task 314: [ 26.464258] kasan_save_stack+0x45/0x70 [ 26.464457] kasan_save_track+0x18/0x40 [ 26.464647] kasan_save_alloc_info+0x3b/0x50 [ 26.464836] __kasan_kmalloc+0xb7/0xc0 [ 26.464992] __kmalloc_cache_noprof+0x189/0x420 [ 26.465176] kasan_atomics+0x95/0x310 [ 26.465361] kunit_try_run_case+0x1a5/0x480 [ 26.465540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.465768] kthread+0x337/0x6f0 [ 26.465889] ret_from_fork+0x116/0x1d0 [ 26.466019] ret_from_fork_asm+0x1a/0x30 [ 26.466154] [ 26.466219] The buggy address belongs to the object at ffff88810623b200 [ 26.466219] which belongs to the cache kmalloc-64 of size 64 [ 26.466741] The buggy address is located 0 bytes to the right of [ 26.466741] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.467276] [ 26.467378] The buggy address belongs to the physical page: [ 26.467655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.467998] flags: 0x200000000000000(node=0|zone=2) [ 26.468158] page_type: f5(slab) [ 26.468273] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.468541] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.468900] page dumped because: kasan: bad access detected [ 26.469153] [ 26.469242] Memory state around the buggy address: [ 26.469415] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.469658] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.469879] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.470185] ^ [ 26.470417] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.470758] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.471071] ================================================================== [ 26.292482] ================================================================== [ 26.293247] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 26.293609] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.293898] [ 26.294007] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.294059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.294073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.294097] Call Trace: [ 26.294116] <TASK> [ 26.294134] dump_stack_lvl+0x73/0xb0 [ 26.294164] print_report+0xd1/0x610 [ 26.294187] ? __virt_addr_valid+0x1db/0x2d0 [ 26.294212] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.294235] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.294262] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.294284] kasan_report+0x141/0x180 [ 26.294307] ? kasan_atomics_helper+0xfa9/0x5450 [ 26.294344] kasan_check_range+0x10c/0x1c0 [ 26.294369] __kasan_check_write+0x18/0x20 [ 26.294393] kasan_atomics_helper+0xfa9/0x5450 [ 26.294418] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.294441] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.294467] ? kasan_atomics+0x152/0x310 [ 26.294493] kasan_atomics+0x1dc/0x310 [ 26.294517] ? __pfx_kasan_atomics+0x10/0x10 [ 26.294542] ? __pfx_read_tsc+0x10/0x10 [ 26.294566] ? ktime_get_ts64+0x86/0x230 [ 26.294592] kunit_try_run_case+0x1a5/0x480 [ 26.294633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.294657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.294682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.294706] ? __kthread_parkme+0x82/0x180 [ 26.294729] ? preempt_count_sub+0x50/0x80 [ 26.294754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.294778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.294806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.294835] kthread+0x337/0x6f0 [ 26.294856] ? trace_preempt_on+0x20/0xc0 [ 26.294881] ? __pfx_kthread+0x10/0x10 [ 26.294903] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.294925] ? calculate_sigpending+0x7b/0xa0 [ 26.294950] ? __pfx_kthread+0x10/0x10 [ 26.294973] ret_from_fork+0x116/0x1d0 [ 26.294994] ? __pfx_kthread+0x10/0x10 [ 26.295016] ret_from_fork_asm+0x1a/0x30 [ 26.295048] </TASK> [ 26.295060] [ 26.302181] Allocated by task 314: [ 26.302326] kasan_save_stack+0x45/0x70 [ 26.302460] kasan_save_track+0x18/0x40 [ 26.302586] kasan_save_alloc_info+0x3b/0x50 [ 26.302805] __kasan_kmalloc+0xb7/0xc0 [ 26.302983] __kmalloc_cache_noprof+0x189/0x420 [ 26.303169] kasan_atomics+0x95/0x310 [ 26.303304] kunit_try_run_case+0x1a5/0x480 [ 26.303493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.303784] kthread+0x337/0x6f0 [ 26.303922] ret_from_fork+0x116/0x1d0 [ 26.304083] ret_from_fork_asm+0x1a/0x30 [ 26.304238] [ 26.304329] The buggy address belongs to the object at ffff88810623b200 [ 26.304329] which belongs to the cache kmalloc-64 of size 64 [ 26.304816] The buggy address is located 0 bytes to the right of [ 26.304816] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.305285] [ 26.305374] The buggy address belongs to the physical page: [ 26.305573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.305894] flags: 0x200000000000000(node=0|zone=2) [ 26.306110] page_type: f5(slab) [ 26.306245] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.306478] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.306756] page dumped because: kasan: bad access detected [ 26.306996] [ 26.307094] Memory state around the buggy address: [ 26.307299] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.307516] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.307895] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.308202] ^ [ 26.308431] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.308731] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.309027] ================================================================== [ 26.694085] ================================================================== [ 26.694451] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 26.694784] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.695146] [ 26.695340] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.695396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.695410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.695433] Call Trace: [ 26.695456] <TASK> [ 26.695474] dump_stack_lvl+0x73/0xb0 [ 26.695505] print_report+0xd1/0x610 [ 26.695529] ? __virt_addr_valid+0x1db/0x2d0 [ 26.695555] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.695578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.695604] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.695627] kasan_report+0x141/0x180 [ 26.695650] ? kasan_atomics_helper+0x18b1/0x5450 [ 26.695676] kasan_check_range+0x10c/0x1c0 [ 26.695701] __kasan_check_write+0x18/0x20 [ 26.695724] kasan_atomics_helper+0x18b1/0x5450 [ 26.695748] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.695771] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.695797] ? kasan_atomics+0x152/0x310 [ 26.695823] kasan_atomics+0x1dc/0x310 [ 26.695846] ? __pfx_kasan_atomics+0x10/0x10 [ 26.695871] ? __pfx_read_tsc+0x10/0x10 [ 26.695928] ? ktime_get_ts64+0x86/0x230 [ 26.695954] kunit_try_run_case+0x1a5/0x480 [ 26.695980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.696015] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.696041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.696066] ? __kthread_parkme+0x82/0x180 [ 26.696088] ? preempt_count_sub+0x50/0x80 [ 26.696113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.696139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.696167] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.696195] kthread+0x337/0x6f0 [ 26.696216] ? trace_preempt_on+0x20/0xc0 [ 26.696241] ? __pfx_kthread+0x10/0x10 [ 26.696263] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.696285] ? calculate_sigpending+0x7b/0xa0 [ 26.696309] ? __pfx_kthread+0x10/0x10 [ 26.696340] ret_from_fork+0x116/0x1d0 [ 26.696361] ? __pfx_kthread+0x10/0x10 [ 26.696384] ret_from_fork_asm+0x1a/0x30 [ 26.696416] </TASK> [ 26.696428] [ 26.704596] Allocated by task 314: [ 26.704769] kasan_save_stack+0x45/0x70 [ 26.704911] kasan_save_track+0x18/0x40 [ 26.705152] kasan_save_alloc_info+0x3b/0x50 [ 26.705368] __kasan_kmalloc+0xb7/0xc0 [ 26.705553] __kmalloc_cache_noprof+0x189/0x420 [ 26.705844] kasan_atomics+0x95/0x310 [ 26.706084] kunit_try_run_case+0x1a5/0x480 [ 26.706286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.706501] kthread+0x337/0x6f0 [ 26.706737] ret_from_fork+0x116/0x1d0 [ 26.706966] ret_from_fork_asm+0x1a/0x30 [ 26.707216] [ 26.707321] The buggy address belongs to the object at ffff88810623b200 [ 26.707321] which belongs to the cache kmalloc-64 of size 64 [ 26.707853] The buggy address is located 0 bytes to the right of [ 26.707853] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.708380] [ 26.708515] The buggy address belongs to the physical page: [ 26.708821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.709060] flags: 0x200000000000000(node=0|zone=2) [ 26.709346] page_type: f5(slab) [ 26.709514] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.709904] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.710130] page dumped because: kasan: bad access detected [ 26.710356] [ 26.710472] Memory state around the buggy address: [ 26.710733] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.711126] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.711501] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.711806] ^ [ 26.711963] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.712231] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.712594] ================================================================== [ 26.055486] ================================================================== [ 26.055869] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 26.056214] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.056526] [ 26.056632] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.056685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.056699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.056722] Call Trace: [ 26.056742] <TASK> [ 26.056759] dump_stack_lvl+0x73/0xb0 [ 26.056789] print_report+0xd1/0x610 [ 26.056813] ? __virt_addr_valid+0x1db/0x2d0 [ 26.056838] ? kasan_atomics_helper+0x860/0x5450 [ 26.056861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.056889] ? kasan_atomics_helper+0x860/0x5450 [ 26.056911] kasan_report+0x141/0x180 [ 26.056934] ? kasan_atomics_helper+0x860/0x5450 [ 26.056961] kasan_check_range+0x10c/0x1c0 [ 26.056985] __kasan_check_write+0x18/0x20 [ 26.057010] kasan_atomics_helper+0x860/0x5450 [ 26.057033] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.057055] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.057081] ? kasan_atomics+0x152/0x310 [ 26.057108] kasan_atomics+0x1dc/0x310 [ 26.057131] ? __pfx_kasan_atomics+0x10/0x10 [ 26.057157] ? __pfx_read_tsc+0x10/0x10 [ 26.057181] ? ktime_get_ts64+0x86/0x230 [ 26.057208] kunit_try_run_case+0x1a5/0x480 [ 26.057233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.057257] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.057282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.057316] ? __kthread_parkme+0x82/0x180 [ 26.057338] ? preempt_count_sub+0x50/0x80 [ 26.057362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.057387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.057416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.057444] kthread+0x337/0x6f0 [ 26.057464] ? trace_preempt_on+0x20/0xc0 [ 26.057488] ? __pfx_kthread+0x10/0x10 [ 26.057509] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.057531] ? calculate_sigpending+0x7b/0xa0 [ 26.057557] ? __pfx_kthread+0x10/0x10 [ 26.057598] ret_from_fork+0x116/0x1d0 [ 26.057622] ? __pfx_kthread+0x10/0x10 [ 26.057644] ret_from_fork_asm+0x1a/0x30 [ 26.057676] </TASK> [ 26.057688] [ 26.064698] Allocated by task 314: [ 26.064878] kasan_save_stack+0x45/0x70 [ 26.065068] kasan_save_track+0x18/0x40 [ 26.065251] kasan_save_alloc_info+0x3b/0x50 [ 26.065468] __kasan_kmalloc+0xb7/0xc0 [ 26.065680] __kmalloc_cache_noprof+0x189/0x420 [ 26.065893] kasan_atomics+0x95/0x310 [ 26.066076] kunit_try_run_case+0x1a5/0x480 [ 26.066257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.066440] kthread+0x337/0x6f0 [ 26.066558] ret_from_fork+0x116/0x1d0 [ 26.066742] ret_from_fork_asm+0x1a/0x30 [ 26.066939] [ 26.067030] The buggy address belongs to the object at ffff88810623b200 [ 26.067030] which belongs to the cache kmalloc-64 of size 64 [ 26.067564] The buggy address is located 0 bytes to the right of [ 26.067564] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.068093] [ 26.068177] The buggy address belongs to the physical page: [ 26.068378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.068733] flags: 0x200000000000000(node=0|zone=2) [ 26.068947] page_type: f5(slab) [ 26.069090] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.069404] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.069725] page dumped because: kasan: bad access detected [ 26.069926] [ 26.069990] Memory state around the buggy address: [ 26.070141] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.070362] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.070592] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.070829] ^ [ 26.071051] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071382] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.071723] ================================================================== [ 26.564379] ================================================================== [ 26.564840] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 26.565251] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.565692] [ 26.565803] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.565880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.565896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.565917] Call Trace: [ 26.565937] <TASK> [ 26.565955] dump_stack_lvl+0x73/0xb0 [ 26.565985] print_report+0xd1/0x610 [ 26.566008] ? __virt_addr_valid+0x1db/0x2d0 [ 26.566034] ? kasan_atomics_helper+0x151d/0x5450 [ 26.566056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.566082] ? kasan_atomics_helper+0x151d/0x5450 [ 26.566105] kasan_report+0x141/0x180 [ 26.566128] ? kasan_atomics_helper+0x151d/0x5450 [ 26.566155] kasan_check_range+0x10c/0x1c0 [ 26.566180] __kasan_check_write+0x18/0x20 [ 26.566205] kasan_atomics_helper+0x151d/0x5450 [ 26.566229] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.566252] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.566278] ? kasan_atomics+0x152/0x310 [ 26.566305] kasan_atomics+0x1dc/0x310 [ 26.566341] ? __pfx_kasan_atomics+0x10/0x10 [ 26.566366] ? __pfx_read_tsc+0x10/0x10 [ 26.566391] ? ktime_get_ts64+0x86/0x230 [ 26.566418] kunit_try_run_case+0x1a5/0x480 [ 26.566444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.566490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.566513] ? __kthread_parkme+0x82/0x180 [ 26.566535] ? preempt_count_sub+0x50/0x80 [ 26.566560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.566601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.566629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.566659] kthread+0x337/0x6f0 [ 26.566680] ? trace_preempt_on+0x20/0xc0 [ 26.566707] ? __pfx_kthread+0x10/0x10 [ 26.566729] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.566752] ? calculate_sigpending+0x7b/0xa0 [ 26.566778] ? __pfx_kthread+0x10/0x10 [ 26.566800] ret_from_fork+0x116/0x1d0 [ 26.566821] ? __pfx_kthread+0x10/0x10 [ 26.566842] ret_from_fork_asm+0x1a/0x30 [ 26.566889] </TASK> [ 26.566900] [ 26.574485] Allocated by task 314: [ 26.574732] kasan_save_stack+0x45/0x70 [ 26.574981] kasan_save_track+0x18/0x40 [ 26.575187] kasan_save_alloc_info+0x3b/0x50 [ 26.575440] __kasan_kmalloc+0xb7/0xc0 [ 26.575621] __kmalloc_cache_noprof+0x189/0x420 [ 26.575869] kasan_atomics+0x95/0x310 [ 26.576060] kunit_try_run_case+0x1a5/0x480 [ 26.576249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.576436] kthread+0x337/0x6f0 [ 26.576555] ret_from_fork+0x116/0x1d0 [ 26.576700] ret_from_fork_asm+0x1a/0x30 [ 26.576839] [ 26.576934] The buggy address belongs to the object at ffff88810623b200 [ 26.576934] which belongs to the cache kmalloc-64 of size 64 [ 26.577527] The buggy address is located 0 bytes to the right of [ 26.577527] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.578030] [ 26.578128] The buggy address belongs to the physical page: [ 26.578310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.578626] flags: 0x200000000000000(node=0|zone=2) [ 26.578857] page_type: f5(slab) [ 26.579005] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.579302] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.579648] page dumped because: kasan: bad access detected [ 26.579835] [ 26.579924] Memory state around the buggy address: [ 26.580142] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.580521] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.580877] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.581138] ^ [ 26.581376] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.581689] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.581893] ================================================================== [ 26.343495] ================================================================== [ 26.346020] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 26.347056] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.347387] [ 26.347477] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.347528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.347543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.347566] Call Trace: [ 26.347587] <TASK> [ 26.347607] dump_stack_lvl+0x73/0xb0 [ 26.347639] print_report+0xd1/0x610 [ 26.347663] ? __virt_addr_valid+0x1db/0x2d0 [ 26.347688] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.347711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.347738] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.347760] kasan_report+0x141/0x180 [ 26.347784] ? kasan_atomics_helper+0x4a1c/0x5450 [ 26.347810] __asan_report_load4_noabort+0x18/0x20 [ 26.347835] kasan_atomics_helper+0x4a1c/0x5450 [ 26.347859] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.347882] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.347907] ? kasan_atomics+0x152/0x310 [ 26.347934] kasan_atomics+0x1dc/0x310 [ 26.347957] ? __pfx_kasan_atomics+0x10/0x10 [ 26.347982] ? __pfx_read_tsc+0x10/0x10 [ 26.348008] ? ktime_get_ts64+0x86/0x230 [ 26.348035] kunit_try_run_case+0x1a5/0x480 [ 26.348060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.348085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.348109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.348133] ? __kthread_parkme+0x82/0x180 [ 26.348155] ? preempt_count_sub+0x50/0x80 [ 26.348179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.348203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.348232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.348259] kthread+0x337/0x6f0 [ 26.348280] ? trace_preempt_on+0x20/0xc0 [ 26.348304] ? __pfx_kthread+0x10/0x10 [ 26.348336] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.348359] ? calculate_sigpending+0x7b/0xa0 [ 26.348384] ? __pfx_kthread+0x10/0x10 [ 26.348406] ret_from_fork+0x116/0x1d0 [ 26.348427] ? __pfx_kthread+0x10/0x10 [ 26.348448] ret_from_fork_asm+0x1a/0x30 [ 26.348481] </TASK> [ 26.348493] [ 26.358365] Allocated by task 314: [ 26.358505] kasan_save_stack+0x45/0x70 [ 26.358650] kasan_save_track+0x18/0x40 [ 26.359054] kasan_save_alloc_info+0x3b/0x50 [ 26.359443] __kasan_kmalloc+0xb7/0xc0 [ 26.359799] __kmalloc_cache_noprof+0x189/0x420 [ 26.360013] kasan_atomics+0x95/0x310 [ 26.360185] kunit_try_run_case+0x1a5/0x480 [ 26.360380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.360845] kthread+0x337/0x6f0 [ 26.361174] ret_from_fork+0x116/0x1d0 [ 26.361543] ret_from_fork_asm+0x1a/0x30 [ 26.361907] [ 26.361993] The buggy address belongs to the object at ffff88810623b200 [ 26.361993] which belongs to the cache kmalloc-64 of size 64 [ 26.362486] The buggy address is located 0 bytes to the right of [ 26.362486] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.363630] [ 26.363773] The buggy address belongs to the physical page: [ 26.364464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.364898] flags: 0x200000000000000(node=0|zone=2) [ 26.365129] page_type: f5(slab) [ 26.365287] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.365893] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.366456] page dumped because: kasan: bad access detected [ 26.366925] [ 26.367022] Memory state around the buggy address: [ 26.367232] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.367535] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.368341] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.368593] ^ [ 26.368759] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.369140] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.369440] ================================================================== [ 26.072241] ================================================================== [ 26.072558] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 26.072897] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.073190] [ 26.073282] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.073341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.073355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.073377] Call Trace: [ 26.073396] <TASK> [ 26.073413] dump_stack_lvl+0x73/0xb0 [ 26.073441] print_report+0xd1/0x610 [ 26.073464] ? __virt_addr_valid+0x1db/0x2d0 [ 26.073489] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.073511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.073539] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.073561] kasan_report+0x141/0x180 [ 26.073608] ? kasan_atomics_helper+0x8f9/0x5450 [ 26.073635] kasan_check_range+0x10c/0x1c0 [ 26.073660] __kasan_check_write+0x18/0x20 [ 26.073684] kasan_atomics_helper+0x8f9/0x5450 [ 26.073708] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.073731] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.073757] ? kasan_atomics+0x152/0x310 [ 26.073784] kasan_atomics+0x1dc/0x310 [ 26.073808] ? __pfx_kasan_atomics+0x10/0x10 [ 26.073832] ? __pfx_read_tsc+0x10/0x10 [ 26.073856] ? ktime_get_ts64+0x86/0x230 [ 26.073882] kunit_try_run_case+0x1a5/0x480 [ 26.073906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.073929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.073953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.073977] ? __kthread_parkme+0x82/0x180 [ 26.073997] ? preempt_count_sub+0x50/0x80 [ 26.074022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.074046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.074074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.074102] kthread+0x337/0x6f0 [ 26.074122] ? trace_preempt_on+0x20/0xc0 [ 26.074147] ? __pfx_kthread+0x10/0x10 [ 26.074168] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.074190] ? calculate_sigpending+0x7b/0xa0 [ 26.074216] ? __pfx_kthread+0x10/0x10 [ 26.074238] ret_from_fork+0x116/0x1d0 [ 26.074260] ? __pfx_kthread+0x10/0x10 [ 26.074281] ret_from_fork_asm+0x1a/0x30 [ 26.074324] </TASK> [ 26.074336] [ 26.082408] Allocated by task 314: [ 26.082569] kasan_save_stack+0x45/0x70 [ 26.082748] kasan_save_track+0x18/0x40 [ 26.082917] kasan_save_alloc_info+0x3b/0x50 [ 26.083106] __kasan_kmalloc+0xb7/0xc0 [ 26.083275] __kmalloc_cache_noprof+0x189/0x420 [ 26.083458] kasan_atomics+0x95/0x310 [ 26.083668] kunit_try_run_case+0x1a5/0x480 [ 26.083856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.084086] kthread+0x337/0x6f0 [ 26.084201] ret_from_fork+0x116/0x1d0 [ 26.084339] ret_from_fork_asm+0x1a/0x30 [ 26.084474] [ 26.084540] The buggy address belongs to the object at ffff88810623b200 [ 26.084540] which belongs to the cache kmalloc-64 of size 64 [ 26.085085] The buggy address is located 0 bytes to the right of [ 26.085085] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.085670] [ 26.085765] The buggy address belongs to the physical page: [ 26.085995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.086338] flags: 0x200000000000000(node=0|zone=2) [ 26.086532] page_type: f5(slab) [ 26.086709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.086937] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.087157] page dumped because: kasan: bad access detected [ 26.087394] [ 26.087483] Memory state around the buggy address: [ 26.087733] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.088058] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.088386] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.088730] ^ [ 26.088923] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.089168] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.089468] ================================================================== [ 26.733815] ================================================================== [ 26.734313] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 26.734839] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.735160] [ 26.735275] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.735337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.735352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.735374] Call Trace: [ 26.735394] <TASK> [ 26.735661] dump_stack_lvl+0x73/0xb0 [ 26.735697] print_report+0xd1/0x610 [ 26.735720] ? __virt_addr_valid+0x1db/0x2d0 [ 26.735745] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.735767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.735794] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.735817] kasan_report+0x141/0x180 [ 26.735840] ? kasan_atomics_helper+0x19e3/0x5450 [ 26.735866] kasan_check_range+0x10c/0x1c0 [ 26.735891] __kasan_check_write+0x18/0x20 [ 26.735915] kasan_atomics_helper+0x19e3/0x5450 [ 26.735938] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.735961] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.735987] ? kasan_atomics+0x152/0x310 [ 26.736013] kasan_atomics+0x1dc/0x310 [ 26.736036] ? __pfx_kasan_atomics+0x10/0x10 [ 26.736061] ? __pfx_read_tsc+0x10/0x10 [ 26.736084] ? ktime_get_ts64+0x86/0x230 [ 26.736110] kunit_try_run_case+0x1a5/0x480 [ 26.736136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.736159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.736183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.736207] ? __kthread_parkme+0x82/0x180 [ 26.736228] ? preempt_count_sub+0x50/0x80 [ 26.736253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.736278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.736306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.736346] kthread+0x337/0x6f0 [ 26.736368] ? trace_preempt_on+0x20/0xc0 [ 26.736393] ? __pfx_kthread+0x10/0x10 [ 26.736414] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.736436] ? calculate_sigpending+0x7b/0xa0 [ 26.736462] ? __pfx_kthread+0x10/0x10 [ 26.736484] ret_from_fork+0x116/0x1d0 [ 26.736505] ? __pfx_kthread+0x10/0x10 [ 26.736526] ret_from_fork_asm+0x1a/0x30 [ 26.736559] </TASK> [ 26.736570] [ 26.746647] Allocated by task 314: [ 26.746833] kasan_save_stack+0x45/0x70 [ 26.747018] kasan_save_track+0x18/0x40 [ 26.747200] kasan_save_alloc_info+0x3b/0x50 [ 26.747406] __kasan_kmalloc+0xb7/0xc0 [ 26.747590] __kmalloc_cache_noprof+0x189/0x420 [ 26.748297] kasan_atomics+0x95/0x310 [ 26.748452] kunit_try_run_case+0x1a5/0x480 [ 26.748745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.749051] kthread+0x337/0x6f0 [ 26.749176] ret_from_fork+0x116/0x1d0 [ 26.749439] ret_from_fork_asm+0x1a/0x30 [ 26.749757] [ 26.749842] The buggy address belongs to the object at ffff88810623b200 [ 26.749842] which belongs to the cache kmalloc-64 of size 64 [ 26.750421] The buggy address is located 0 bytes to the right of [ 26.750421] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.751054] [ 26.751227] The buggy address belongs to the physical page: [ 26.751550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.752142] flags: 0x200000000000000(node=0|zone=2) [ 26.752454] page_type: f5(slab) [ 26.752616] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.753020] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.753336] page dumped because: kasan: bad access detected [ 26.753565] [ 26.753653] Memory state around the buggy address: [ 26.754046] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.754444] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.754834] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.755172] ^ [ 26.755408] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.755867] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.756165] ================================================================== [ 26.948405] ================================================================== [ 26.948801] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 26.949182] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.949530] [ 26.949677] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.949731] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.949746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.949769] Call Trace: [ 26.949792] <TASK> [ 26.949811] dump_stack_lvl+0x73/0xb0 [ 26.949842] print_report+0xd1/0x610 [ 26.949866] ? __virt_addr_valid+0x1db/0x2d0 [ 26.949891] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.949914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.949941] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.949965] kasan_report+0x141/0x180 [ 26.949990] ? kasan_atomics_helper+0x4f71/0x5450 [ 26.950019] __asan_report_load8_noabort+0x18/0x20 [ 26.950045] kasan_atomics_helper+0x4f71/0x5450 [ 26.950069] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.950093] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.950119] ? kasan_atomics+0x152/0x310 [ 26.950146] kasan_atomics+0x1dc/0x310 [ 26.950170] ? __pfx_kasan_atomics+0x10/0x10 [ 26.950196] ? __pfx_read_tsc+0x10/0x10 [ 26.950219] ? ktime_get_ts64+0x86/0x230 [ 26.950245] kunit_try_run_case+0x1a5/0x480 [ 26.950270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.950302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.950347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.950372] ? __kthread_parkme+0x82/0x180 [ 26.950394] ? preempt_count_sub+0x50/0x80 [ 26.950419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.950444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.950472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.950500] kthread+0x337/0x6f0 [ 26.950521] ? trace_preempt_on+0x20/0xc0 [ 26.950547] ? __pfx_kthread+0x10/0x10 [ 26.950571] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.950613] ? calculate_sigpending+0x7b/0xa0 [ 26.950641] ? __pfx_kthread+0x10/0x10 [ 26.950663] ret_from_fork+0x116/0x1d0 [ 26.950684] ? __pfx_kthread+0x10/0x10 [ 26.950707] ret_from_fork_asm+0x1a/0x30 [ 26.950740] </TASK> [ 26.950751] [ 26.957897] Allocated by task 314: [ 26.958031] kasan_save_stack+0x45/0x70 [ 26.958175] kasan_save_track+0x18/0x40 [ 26.958354] kasan_save_alloc_info+0x3b/0x50 [ 26.958560] __kasan_kmalloc+0xb7/0xc0 [ 26.958784] __kmalloc_cache_noprof+0x189/0x420 [ 26.959001] kasan_atomics+0x95/0x310 [ 26.959184] kunit_try_run_case+0x1a5/0x480 [ 26.959397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.959672] kthread+0x337/0x6f0 [ 26.959837] ret_from_fork+0x116/0x1d0 [ 26.959981] ret_from_fork_asm+0x1a/0x30 [ 26.960115] [ 26.960181] The buggy address belongs to the object at ffff88810623b200 [ 26.960181] which belongs to the cache kmalloc-64 of size 64 [ 26.960539] The buggy address is located 0 bytes to the right of [ 26.960539] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.961060] [ 26.961156] The buggy address belongs to the physical page: [ 26.961440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.961852] flags: 0x200000000000000(node=0|zone=2) [ 26.962089] page_type: f5(slab) [ 26.962286] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.962668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.963012] page dumped because: kasan: bad access detected [ 26.963261] [ 26.963358] Memory state around the buggy address: [ 26.963610] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.963892] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.964159] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.964439] ^ [ 26.964692] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.965005] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.965257] ================================================================== [ 26.205597] ================================================================== [ 26.206195] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 26.206591] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.206907] [ 26.206991] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.207042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.207056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.207079] Call Trace: [ 26.207096] <TASK> [ 26.207115] dump_stack_lvl+0x73/0xb0 [ 26.207144] print_report+0xd1/0x610 [ 26.207168] ? __virt_addr_valid+0x1db/0x2d0 [ 26.207215] ? kasan_atomics_helper+0xd47/0x5450 [ 26.207237] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.207265] ? kasan_atomics_helper+0xd47/0x5450 [ 26.207306] kasan_report+0x141/0x180 [ 26.207340] ? kasan_atomics_helper+0xd47/0x5450 [ 26.207384] kasan_check_range+0x10c/0x1c0 [ 26.207409] __kasan_check_write+0x18/0x20 [ 26.207434] kasan_atomics_helper+0xd47/0x5450 [ 26.207457] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.207479] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.207505] ? kasan_atomics+0x152/0x310 [ 26.207531] kasan_atomics+0x1dc/0x310 [ 26.207572] ? __pfx_kasan_atomics+0x10/0x10 [ 26.207597] ? __pfx_read_tsc+0x10/0x10 [ 26.207621] ? ktime_get_ts64+0x86/0x230 [ 26.207646] kunit_try_run_case+0x1a5/0x480 [ 26.207671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.207736] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.207761] ? __kthread_parkme+0x82/0x180 [ 26.207782] ? preempt_count_sub+0x50/0x80 [ 26.207808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.207860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.207906] kthread+0x337/0x6f0 [ 26.207927] ? trace_preempt_on+0x20/0xc0 [ 26.207951] ? __pfx_kthread+0x10/0x10 [ 26.207973] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.207994] ? calculate_sigpending+0x7b/0xa0 [ 26.208020] ? __pfx_kthread+0x10/0x10 [ 26.208058] ret_from_fork+0x116/0x1d0 [ 26.208079] ? __pfx_kthread+0x10/0x10 [ 26.208100] ret_from_fork_asm+0x1a/0x30 [ 26.208132] </TASK> [ 26.208144] [ 26.215768] Allocated by task 314: [ 26.215974] kasan_save_stack+0x45/0x70 [ 26.216180] kasan_save_track+0x18/0x40 [ 26.216380] kasan_save_alloc_info+0x3b/0x50 [ 26.216647] __kasan_kmalloc+0xb7/0xc0 [ 26.216823] __kmalloc_cache_noprof+0x189/0x420 [ 26.217035] kasan_atomics+0x95/0x310 [ 26.217213] kunit_try_run_case+0x1a5/0x480 [ 26.217484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.217940] kthread+0x337/0x6f0 [ 26.218300] ret_from_fork+0x116/0x1d0 [ 26.218494] ret_from_fork_asm+0x1a/0x30 [ 26.218804] [ 26.220250] The buggy address belongs to the object at ffff88810623b200 [ 26.220250] which belongs to the cache kmalloc-64 of size 64 [ 26.220880] The buggy address is located 0 bytes to the right of [ 26.220880] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.221260] [ 26.221348] The buggy address belongs to the physical page: [ 26.221593] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.221944] flags: 0x200000000000000(node=0|zone=2) [ 26.222175] page_type: f5(slab) [ 26.222749] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.223225] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.223882] page dumped because: kasan: bad access detected [ 26.224244] [ 26.224483] Memory state around the buggy address: [ 26.224920] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.225371] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.225931] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.226245] ^ [ 26.226463] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227060] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.227510] ================================================================== [ 25.750446] ================================================================== [ 25.751120] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 25.751439] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.751758] [ 25.751892] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.751948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.751962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.751986] Call Trace: [ 25.752022] <TASK> [ 25.752044] dump_stack_lvl+0x73/0xb0 [ 25.752075] print_report+0xd1/0x610 [ 25.752097] ? __virt_addr_valid+0x1db/0x2d0 [ 25.752121] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.752143] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.752168] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.752190] kasan_report+0x141/0x180 [ 25.752212] ? kasan_atomics_helper+0x4bbc/0x5450 [ 25.752237] __asan_report_load4_noabort+0x18/0x20 [ 25.752261] kasan_atomics_helper+0x4bbc/0x5450 [ 25.752314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.752336] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.752361] ? kasan_atomics+0x152/0x310 [ 25.752388] kasan_atomics+0x1dc/0x310 [ 25.752410] ? __pfx_kasan_atomics+0x10/0x10 [ 25.752433] ? __pfx_read_tsc+0x10/0x10 [ 25.752455] ? ktime_get_ts64+0x86/0x230 [ 25.752481] kunit_try_run_case+0x1a5/0x480 [ 25.752506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.752528] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.752552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.752592] ? __kthread_parkme+0x82/0x180 [ 25.752614] ? preempt_count_sub+0x50/0x80 [ 25.752656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.752680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.752706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.752734] kthread+0x337/0x6f0 [ 25.752753] ? trace_preempt_on+0x20/0xc0 [ 25.752778] ? __pfx_kthread+0x10/0x10 [ 25.752799] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.752820] ? calculate_sigpending+0x7b/0xa0 [ 25.752845] ? __pfx_kthread+0x10/0x10 [ 25.752883] ret_from_fork+0x116/0x1d0 [ 25.752902] ? __pfx_kthread+0x10/0x10 [ 25.752923] ret_from_fork_asm+0x1a/0x30 [ 25.752955] </TASK> [ 25.752967] [ 25.761052] Allocated by task 314: [ 25.761226] kasan_save_stack+0x45/0x70 [ 25.761434] kasan_save_track+0x18/0x40 [ 25.761654] kasan_save_alloc_info+0x3b/0x50 [ 25.761809] __kasan_kmalloc+0xb7/0xc0 [ 25.762009] __kmalloc_cache_noprof+0x189/0x420 [ 25.762217] kasan_atomics+0x95/0x310 [ 25.762404] kunit_try_run_case+0x1a5/0x480 [ 25.762612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.762941] kthread+0x337/0x6f0 [ 25.763112] ret_from_fork+0x116/0x1d0 [ 25.763294] ret_from_fork_asm+0x1a/0x30 [ 25.763498] [ 25.763620] The buggy address belongs to the object at ffff88810623b200 [ 25.763620] which belongs to the cache kmalloc-64 of size 64 [ 25.764033] The buggy address is located 0 bytes to the right of [ 25.764033] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.764627] [ 25.764750] The buggy address belongs to the physical page: [ 25.765224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.765520] flags: 0x200000000000000(node=0|zone=2) [ 25.765785] page_type: f5(slab) [ 25.765991] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.766261] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.766633] page dumped because: kasan: bad access detected [ 25.767008] [ 25.767104] Memory state around the buggy address: [ 25.767359] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.767708] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.768082] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.768388] ^ [ 25.768595] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.768978] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.769274] ================================================================== [ 26.151465] ================================================================== [ 26.152114] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 26.152497] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.152828] [ 26.152959] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.153012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.153026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.153048] Call Trace: [ 26.153070] <TASK> [ 26.153088] dump_stack_lvl+0x73/0xb0 [ 26.153119] print_report+0xd1/0x610 [ 26.153142] ? __virt_addr_valid+0x1db/0x2d0 [ 26.153167] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.153188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.153238] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.153260] kasan_report+0x141/0x180 [ 26.153283] ? kasan_atomics_helper+0xb6a/0x5450 [ 26.153341] kasan_check_range+0x10c/0x1c0 [ 26.153366] __kasan_check_write+0x18/0x20 [ 26.153390] kasan_atomics_helper+0xb6a/0x5450 [ 26.153415] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.153437] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.153482] ? kasan_atomics+0x152/0x310 [ 26.153510] kasan_atomics+0x1dc/0x310 [ 26.153533] ? __pfx_kasan_atomics+0x10/0x10 [ 26.153557] ? __pfx_read_tsc+0x10/0x10 [ 26.153585] ? ktime_get_ts64+0x86/0x230 [ 26.153632] kunit_try_run_case+0x1a5/0x480 [ 26.153658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.153700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.153725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.153750] ? __kthread_parkme+0x82/0x180 [ 26.153772] ? preempt_count_sub+0x50/0x80 [ 26.153797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.153822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.153867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.153896] kthread+0x337/0x6f0 [ 26.153917] ? trace_preempt_on+0x20/0xc0 [ 26.153942] ? __pfx_kthread+0x10/0x10 [ 26.153964] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.153986] ? calculate_sigpending+0x7b/0xa0 [ 26.154013] ? __pfx_kthread+0x10/0x10 [ 26.154036] ret_from_fork+0x116/0x1d0 [ 26.154056] ? __pfx_kthread+0x10/0x10 [ 26.154078] ret_from_fork_asm+0x1a/0x30 [ 26.154110] </TASK> [ 26.154122] [ 26.161948] Allocated by task 314: [ 26.162203] kasan_save_stack+0x45/0x70 [ 26.162374] kasan_save_track+0x18/0x40 [ 26.162560] kasan_save_alloc_info+0x3b/0x50 [ 26.162747] __kasan_kmalloc+0xb7/0xc0 [ 26.162927] __kmalloc_cache_noprof+0x189/0x420 [ 26.163121] kasan_atomics+0x95/0x310 [ 26.163277] kunit_try_run_case+0x1a5/0x480 [ 26.163438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.163856] kthread+0x337/0x6f0 [ 26.164038] ret_from_fork+0x116/0x1d0 [ 26.164196] ret_from_fork_asm+0x1a/0x30 [ 26.164408] [ 26.164500] The buggy address belongs to the object at ffff88810623b200 [ 26.164500] which belongs to the cache kmalloc-64 of size 64 [ 26.165007] The buggy address is located 0 bytes to the right of [ 26.165007] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.165502] [ 26.165590] The buggy address belongs to the physical page: [ 26.165820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.166148] flags: 0x200000000000000(node=0|zone=2) [ 26.166361] page_type: f5(slab) [ 26.166542] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.166857] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.167173] page dumped because: kasan: bad access detected [ 26.167388] [ 26.167477] Memory state around the buggy address: [ 26.167746] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.168041] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.168340] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.168691] ^ [ 26.168906] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.169206] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.169566] ================================================================== [ 26.857579] ================================================================== [ 26.857905] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 26.858220] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.858601] [ 26.858707] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.858758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.858772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.858795] Call Trace: [ 26.858826] <TASK> [ 26.858843] dump_stack_lvl+0x73/0xb0 [ 26.858876] print_report+0xd1/0x610 [ 26.858911] ? __virt_addr_valid+0x1db/0x2d0 [ 26.858936] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.858959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.858986] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.859009] kasan_report+0x141/0x180 [ 26.859031] ? kasan_atomics_helper+0x1ce1/0x5450 [ 26.859059] kasan_check_range+0x10c/0x1c0 [ 26.859083] __kasan_check_write+0x18/0x20 [ 26.859107] kasan_atomics_helper+0x1ce1/0x5450 [ 26.859130] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.859162] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.859190] ? kasan_atomics+0x152/0x310 [ 26.859218] kasan_atomics+0x1dc/0x310 [ 26.859252] ? __pfx_kasan_atomics+0x10/0x10 [ 26.859277] ? __pfx_read_tsc+0x10/0x10 [ 26.859300] ? ktime_get_ts64+0x86/0x230 [ 26.859334] kunit_try_run_case+0x1a5/0x480 [ 26.859359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859383] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.859408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.859432] ? __kthread_parkme+0x82/0x180 [ 26.859453] ? preempt_count_sub+0x50/0x80 [ 26.859477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.859528] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.859556] kthread+0x337/0x6f0 [ 26.859576] ? trace_preempt_on+0x20/0xc0 [ 26.859621] ? __pfx_kthread+0x10/0x10 [ 26.859643] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.859665] ? calculate_sigpending+0x7b/0xa0 [ 26.859690] ? __pfx_kthread+0x10/0x10 [ 26.859712] ret_from_fork+0x116/0x1d0 [ 26.859733] ? __pfx_kthread+0x10/0x10 [ 26.859755] ret_from_fork_asm+0x1a/0x30 [ 26.859795] </TASK> [ 26.859807] [ 26.867236] Allocated by task 314: [ 26.867448] kasan_save_stack+0x45/0x70 [ 26.867624] kasan_save_track+0x18/0x40 [ 26.867756] kasan_save_alloc_info+0x3b/0x50 [ 26.867900] __kasan_kmalloc+0xb7/0xc0 [ 26.868115] __kmalloc_cache_noprof+0x189/0x420 [ 26.868342] kasan_atomics+0x95/0x310 [ 26.868524] kunit_try_run_case+0x1a5/0x480 [ 26.868751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.869003] kthread+0x337/0x6f0 [ 26.869167] ret_from_fork+0x116/0x1d0 [ 26.869355] ret_from_fork_asm+0x1a/0x30 [ 26.869544] [ 26.869661] The buggy address belongs to the object at ffff88810623b200 [ 26.869661] which belongs to the cache kmalloc-64 of size 64 [ 26.870159] The buggy address is located 0 bytes to the right of [ 26.870159] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.870639] [ 26.870784] The buggy address belongs to the physical page: [ 26.871041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.871283] flags: 0x200000000000000(node=0|zone=2) [ 26.871454] page_type: f5(slab) [ 26.871574] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.871972] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.872306] page dumped because: kasan: bad access detected [ 26.872561] [ 26.872677] Memory state around the buggy address: [ 26.872889] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.873167] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.873390] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.873626] ^ [ 26.873851] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.874226] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.874552] ================================================================== [ 26.090027] ================================================================== [ 26.090271] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 26.090613] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.090962] [ 26.091066] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.091114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.091128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.091149] Call Trace: [ 26.091166] <TASK> [ 26.091183] dump_stack_lvl+0x73/0xb0 [ 26.091211] print_report+0xd1/0x610 [ 26.091234] ? __virt_addr_valid+0x1db/0x2d0 [ 26.091258] ? kasan_atomics_helper+0x992/0x5450 [ 26.091280] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.091318] ? kasan_atomics_helper+0x992/0x5450 [ 26.091341] kasan_report+0x141/0x180 [ 26.091364] ? kasan_atomics_helper+0x992/0x5450 [ 26.091392] kasan_check_range+0x10c/0x1c0 [ 26.091417] __kasan_check_write+0x18/0x20 [ 26.091441] kasan_atomics_helper+0x992/0x5450 [ 26.091464] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.091488] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.091513] ? kasan_atomics+0x152/0x310 [ 26.091540] kasan_atomics+0x1dc/0x310 [ 26.091564] ? __pfx_kasan_atomics+0x10/0x10 [ 26.091609] ? __pfx_read_tsc+0x10/0x10 [ 26.091635] ? ktime_get_ts64+0x86/0x230 [ 26.091662] kunit_try_run_case+0x1a5/0x480 [ 26.091687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.091711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.091735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.091759] ? __kthread_parkme+0x82/0x180 [ 26.091781] ? preempt_count_sub+0x50/0x80 [ 26.091805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.091830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.091859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.091887] kthread+0x337/0x6f0 [ 26.091908] ? trace_preempt_on+0x20/0xc0 [ 26.091932] ? __pfx_kthread+0x10/0x10 [ 26.091954] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.091976] ? calculate_sigpending+0x7b/0xa0 [ 26.092001] ? __pfx_kthread+0x10/0x10 [ 26.092024] ret_from_fork+0x116/0x1d0 [ 26.092044] ? __pfx_kthread+0x10/0x10 [ 26.092066] ret_from_fork_asm+0x1a/0x30 [ 26.092098] </TASK> [ 26.092109] [ 26.098950] Allocated by task 314: [ 26.099114] kasan_save_stack+0x45/0x70 [ 26.099285] kasan_save_track+0x18/0x40 [ 26.099458] kasan_save_alloc_info+0x3b/0x50 [ 26.099671] __kasan_kmalloc+0xb7/0xc0 [ 26.099846] __kmalloc_cache_noprof+0x189/0x420 [ 26.100057] kasan_atomics+0x95/0x310 [ 26.100203] kunit_try_run_case+0x1a5/0x480 [ 26.100420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.100678] kthread+0x337/0x6f0 [ 26.100819] ret_from_fork+0x116/0x1d0 [ 26.100976] ret_from_fork_asm+0x1a/0x30 [ 26.101166] [ 26.101233] The buggy address belongs to the object at ffff88810623b200 [ 26.101233] which belongs to the cache kmalloc-64 of size 64 [ 26.101699] The buggy address is located 0 bytes to the right of [ 26.101699] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.102061] [ 26.102128] The buggy address belongs to the physical page: [ 26.102295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.102679] flags: 0x200000000000000(node=0|zone=2) [ 26.102905] page_type: f5(slab) [ 26.103067] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.103416] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.103771] page dumped because: kasan: bad access detected [ 26.104006] [ 26.104071] Memory state around the buggy address: [ 26.104222] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.104444] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.104748] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.105069] ^ [ 26.105292] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.105657] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.105965] ================================================================== [ 26.875315] ================================================================== [ 26.875644] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 26.875964] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.876366] [ 26.876549] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.876636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.876651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.876674] Call Trace: [ 26.876695] <TASK> [ 26.876713] dump_stack_lvl+0x73/0xb0 [ 26.876744] print_report+0xd1/0x610 [ 26.876798] ? __virt_addr_valid+0x1db/0x2d0 [ 26.876834] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.876868] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.876894] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.876917] kasan_report+0x141/0x180 [ 26.876940] ? kasan_atomics_helper+0x1d7a/0x5450 [ 26.876967] kasan_check_range+0x10c/0x1c0 [ 26.876992] __kasan_check_write+0x18/0x20 [ 26.877019] kasan_atomics_helper+0x1d7a/0x5450 [ 26.877042] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.877066] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.877092] ? kasan_atomics+0x152/0x310 [ 26.877119] kasan_atomics+0x1dc/0x310 [ 26.877143] ? __pfx_kasan_atomics+0x10/0x10 [ 26.877167] ? __pfx_read_tsc+0x10/0x10 [ 26.877220] ? ktime_get_ts64+0x86/0x230 [ 26.877258] kunit_try_run_case+0x1a5/0x480 [ 26.877294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.877326] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.877350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.877374] ? __kthread_parkme+0x82/0x180 [ 26.877396] ? preempt_count_sub+0x50/0x80 [ 26.877420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.877444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.877472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.877499] kthread+0x337/0x6f0 [ 26.877520] ? trace_preempt_on+0x20/0xc0 [ 26.877573] ? __pfx_kthread+0x10/0x10 [ 26.877608] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.877633] ? calculate_sigpending+0x7b/0xa0 [ 26.877659] ? __pfx_kthread+0x10/0x10 [ 26.877681] ret_from_fork+0x116/0x1d0 [ 26.877701] ? __pfx_kthread+0x10/0x10 [ 26.877723] ret_from_fork_asm+0x1a/0x30 [ 26.877754] </TASK> [ 26.877765] [ 26.885326] Allocated by task 314: [ 26.885468] kasan_save_stack+0x45/0x70 [ 26.885732] kasan_save_track+0x18/0x40 [ 26.885927] kasan_save_alloc_info+0x3b/0x50 [ 26.886135] __kasan_kmalloc+0xb7/0xc0 [ 26.886417] __kmalloc_cache_noprof+0x189/0x420 [ 26.886679] kasan_atomics+0x95/0x310 [ 26.886877] kunit_try_run_case+0x1a5/0x480 [ 26.887090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.887471] kthread+0x337/0x6f0 [ 26.887670] ret_from_fork+0x116/0x1d0 [ 26.887885] ret_from_fork_asm+0x1a/0x30 [ 26.888036] [ 26.888129] The buggy address belongs to the object at ffff88810623b200 [ 26.888129] which belongs to the cache kmalloc-64 of size 64 [ 26.888790] The buggy address is located 0 bytes to the right of [ 26.888790] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.889266] [ 26.889401] The buggy address belongs to the physical page: [ 26.889697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.890051] flags: 0x200000000000000(node=0|zone=2) [ 26.890216] page_type: f5(slab) [ 26.890391] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.890838] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.891147] page dumped because: kasan: bad access detected [ 26.891441] [ 26.891562] Memory state around the buggy address: [ 26.891822] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.892038] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.892297] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.892676] ^ [ 26.892944] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.893263] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.893600] ================================================================== [ 27.005701] ================================================================== [ 27.006425] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 27.006745] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.007050] [ 27.007155] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.007207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.007221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.007243] Call Trace: [ 27.007264] <TASK> [ 27.007282] dump_stack_lvl+0x73/0xb0 [ 27.007311] print_report+0xd1/0x610 [ 27.007348] ? __virt_addr_valid+0x1db/0x2d0 [ 27.007373] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.007395] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.007422] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.007445] kasan_report+0x141/0x180 [ 27.007468] ? kasan_atomics_helper+0x20c8/0x5450 [ 27.007494] kasan_check_range+0x10c/0x1c0 [ 27.007519] __kasan_check_write+0x18/0x20 [ 27.007543] kasan_atomics_helper+0x20c8/0x5450 [ 27.007567] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.007590] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.007630] ? kasan_atomics+0x152/0x310 [ 27.007657] kasan_atomics+0x1dc/0x310 [ 27.007681] ? __pfx_kasan_atomics+0x10/0x10 [ 27.007705] ? __pfx_read_tsc+0x10/0x10 [ 27.007729] ? ktime_get_ts64+0x86/0x230 [ 27.007754] kunit_try_run_case+0x1a5/0x480 [ 27.007779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.007803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.007828] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.007852] ? __kthread_parkme+0x82/0x180 [ 27.007873] ? preempt_count_sub+0x50/0x80 [ 27.007898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.007922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.007951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.007979] kthread+0x337/0x6f0 [ 27.007999] ? trace_preempt_on+0x20/0xc0 [ 27.008023] ? __pfx_kthread+0x10/0x10 [ 27.008044] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.008066] ? calculate_sigpending+0x7b/0xa0 [ 27.008091] ? __pfx_kthread+0x10/0x10 [ 27.008113] ret_from_fork+0x116/0x1d0 [ 27.008134] ? __pfx_kthread+0x10/0x10 [ 27.008155] ret_from_fork_asm+0x1a/0x30 [ 27.008186] </TASK> [ 27.008197] [ 27.016845] Allocated by task 314: [ 27.017019] kasan_save_stack+0x45/0x70 [ 27.017182] kasan_save_track+0x18/0x40 [ 27.017314] kasan_save_alloc_info+0x3b/0x50 [ 27.017470] __kasan_kmalloc+0xb7/0xc0 [ 27.017600] __kmalloc_cache_noprof+0x189/0x420 [ 27.017819] kasan_atomics+0x95/0x310 [ 27.018166] kunit_try_run_case+0x1a5/0x480 [ 27.018377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.018550] kthread+0x337/0x6f0 [ 27.018799] ret_from_fork+0x116/0x1d0 [ 27.018987] ret_from_fork_asm+0x1a/0x30 [ 27.019141] [ 27.019207] The buggy address belongs to the object at ffff88810623b200 [ 27.019207] which belongs to the cache kmalloc-64 of size 64 [ 27.019805] The buggy address is located 0 bytes to the right of [ 27.019805] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.020330] [ 27.020425] The buggy address belongs to the physical page: [ 27.020670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.020960] flags: 0x200000000000000(node=0|zone=2) [ 27.021179] page_type: f5(slab) [ 27.021313] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.021677] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.021964] page dumped because: kasan: bad access detected [ 27.022180] [ 27.022269] Memory state around the buggy address: [ 27.022457] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.022753] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.023028] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.023270] ^ [ 27.023434] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.023812] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.024147] ================================================================== [ 26.783570] ================================================================== [ 26.784149] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 26.784464] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.785676] [ 26.785787] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.785845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.785860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.785884] Call Trace: [ 26.785906] <TASK> [ 26.785927] dump_stack_lvl+0x73/0xb0 [ 26.785963] print_report+0xd1/0x610 [ 26.785987] ? __virt_addr_valid+0x1db/0x2d0 [ 26.786012] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.786034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.786062] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.786084] kasan_report+0x141/0x180 [ 26.786107] ? kasan_atomics_helper+0x1b22/0x5450 [ 26.786133] kasan_check_range+0x10c/0x1c0 [ 26.786158] __kasan_check_write+0x18/0x20 [ 26.786183] kasan_atomics_helper+0x1b22/0x5450 [ 26.786207] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.786231] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.786258] ? kasan_atomics+0x152/0x310 [ 26.786284] kasan_atomics+0x1dc/0x310 [ 26.786308] ? __pfx_kasan_atomics+0x10/0x10 [ 26.786344] ? __pfx_read_tsc+0x10/0x10 [ 26.786367] ? ktime_get_ts64+0x86/0x230 [ 26.786393] kunit_try_run_case+0x1a5/0x480 [ 26.786418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.786441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.786466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.786491] ? __kthread_parkme+0x82/0x180 [ 26.786684] ? preempt_count_sub+0x50/0x80 [ 26.786710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.786736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.786765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.786792] kthread+0x337/0x6f0 [ 26.786813] ? trace_preempt_on+0x20/0xc0 [ 26.786839] ? __pfx_kthread+0x10/0x10 [ 26.786861] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.786883] ? calculate_sigpending+0x7b/0xa0 [ 26.786908] ? __pfx_kthread+0x10/0x10 [ 26.786931] ret_from_fork+0x116/0x1d0 [ 26.786951] ? __pfx_kthread+0x10/0x10 [ 26.786973] ret_from_fork_asm+0x1a/0x30 [ 26.787006] </TASK> [ 26.787018] [ 26.798279] Allocated by task 314: [ 26.798624] kasan_save_stack+0x45/0x70 [ 26.798833] kasan_save_track+0x18/0x40 [ 26.799092] kasan_save_alloc_info+0x3b/0x50 [ 26.799431] __kasan_kmalloc+0xb7/0xc0 [ 26.799608] __kmalloc_cache_noprof+0x189/0x420 [ 26.799933] kasan_atomics+0x95/0x310 [ 26.800079] kunit_try_run_case+0x1a5/0x480 [ 26.800285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.800530] kthread+0x337/0x6f0 [ 26.800918] ret_from_fork+0x116/0x1d0 [ 26.801184] ret_from_fork_asm+0x1a/0x30 [ 26.801530] [ 26.801646] The buggy address belongs to the object at ffff88810623b200 [ 26.801646] which belongs to the cache kmalloc-64 of size 64 [ 26.802206] The buggy address is located 0 bytes to the right of [ 26.802206] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.803104] [ 26.803193] The buggy address belongs to the physical page: [ 26.803583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.804039] flags: 0x200000000000000(node=0|zone=2) [ 26.804264] page_type: f5(slab) [ 26.804440] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.804936] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.805344] page dumped because: kasan: bad access detected [ 26.805701] [ 26.805783] Memory state around the buggy address: [ 26.806126] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.806413] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.806973] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.807334] ^ [ 26.807635] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.808022] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.808380] ================================================================== [ 26.370213] ================================================================== [ 26.370903] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 26.371555] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.371860] [ 26.371953] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.372008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.372022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.372045] Call Trace: [ 26.372070] <TASK> [ 26.372092] dump_stack_lvl+0x73/0xb0 [ 26.372123] print_report+0xd1/0x610 [ 26.372147] ? __virt_addr_valid+0x1db/0x2d0 [ 26.372172] ? kasan_atomics_helper+0x1148/0x5450 [ 26.372194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.372222] ? kasan_atomics_helper+0x1148/0x5450 [ 26.372244] kasan_report+0x141/0x180 [ 26.372266] ? kasan_atomics_helper+0x1148/0x5450 [ 26.372293] kasan_check_range+0x10c/0x1c0 [ 26.372331] __kasan_check_write+0x18/0x20 [ 26.372355] kasan_atomics_helper+0x1148/0x5450 [ 26.372378] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.372400] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.372427] ? kasan_atomics+0x152/0x310 [ 26.372453] kasan_atomics+0x1dc/0x310 [ 26.372476] ? __pfx_kasan_atomics+0x10/0x10 [ 26.372502] ? __pfx_read_tsc+0x10/0x10 [ 26.372526] ? ktime_get_ts64+0x86/0x230 [ 26.372552] kunit_try_run_case+0x1a5/0x480 [ 26.372598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.372622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.372647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.372671] ? __kthread_parkme+0x82/0x180 [ 26.372693] ? preempt_count_sub+0x50/0x80 [ 26.372718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.372742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.372770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.372799] kthread+0x337/0x6f0 [ 26.372819] ? trace_preempt_on+0x20/0xc0 [ 26.372844] ? __pfx_kthread+0x10/0x10 [ 26.372866] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.372888] ? calculate_sigpending+0x7b/0xa0 [ 26.372913] ? __pfx_kthread+0x10/0x10 [ 26.372936] ret_from_fork+0x116/0x1d0 [ 26.372956] ? __pfx_kthread+0x10/0x10 [ 26.372977] ret_from_fork_asm+0x1a/0x30 [ 26.373010] </TASK> [ 26.373022] [ 26.380014] Allocated by task 314: [ 26.380191] kasan_save_stack+0x45/0x70 [ 26.380370] kasan_save_track+0x18/0x40 [ 26.380551] kasan_save_alloc_info+0x3b/0x50 [ 26.380745] __kasan_kmalloc+0xb7/0xc0 [ 26.380930] __kmalloc_cache_noprof+0x189/0x420 [ 26.381116] kasan_atomics+0x95/0x310 [ 26.381279] kunit_try_run_case+0x1a5/0x480 [ 26.381468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.381727] kthread+0x337/0x6f0 [ 26.381846] ret_from_fork+0x116/0x1d0 [ 26.382025] ret_from_fork_asm+0x1a/0x30 [ 26.382215] [ 26.382306] The buggy address belongs to the object at ffff88810623b200 [ 26.382306] which belongs to the cache kmalloc-64 of size 64 [ 26.382759] The buggy address is located 0 bytes to the right of [ 26.382759] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.383258] [ 26.383365] The buggy address belongs to the physical page: [ 26.383573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.383889] flags: 0x200000000000000(node=0|zone=2) [ 26.384121] page_type: f5(slab) [ 26.384259] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.384595] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.384903] page dumped because: kasan: bad access detected [ 26.385123] [ 26.385215] Memory state around the buggy address: [ 26.385404] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.385730] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.386026] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.386289] ^ [ 26.386483] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.386720] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.386927] ================================================================== [ 27.085365] ================================================================== [ 27.085732] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 27.086059] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.086384] [ 27.086466] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.086513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.086527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.086548] Call Trace: [ 27.086566] <TASK> [ 27.086582] dump_stack_lvl+0x73/0xb0 [ 27.086610] print_report+0xd1/0x610 [ 27.086644] ? __virt_addr_valid+0x1db/0x2d0 [ 27.086669] ? kasan_atomics_helper+0x224c/0x5450 [ 27.086703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.086730] ? kasan_atomics_helper+0x224c/0x5450 [ 27.086752] kasan_report+0x141/0x180 [ 27.086786] ? kasan_atomics_helper+0x224c/0x5450 [ 27.086813] kasan_check_range+0x10c/0x1c0 [ 27.086838] __kasan_check_write+0x18/0x20 [ 27.086862] kasan_atomics_helper+0x224c/0x5450 [ 27.086885] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.086909] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.086944] ? kasan_atomics+0x152/0x310 [ 27.086971] kasan_atomics+0x1dc/0x310 [ 27.087005] ? __pfx_kasan_atomics+0x10/0x10 [ 27.087030] ? __pfx_read_tsc+0x10/0x10 [ 27.087053] ? ktime_get_ts64+0x86/0x230 [ 27.087078] kunit_try_run_case+0x1a5/0x480 [ 27.087103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.087127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.087150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.087175] ? __kthread_parkme+0x82/0x180 [ 27.087196] ? preempt_count_sub+0x50/0x80 [ 27.087221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.087246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.087273] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.087301] kthread+0x337/0x6f0 [ 27.087333] ? trace_preempt_on+0x20/0xc0 [ 27.087356] ? __pfx_kthread+0x10/0x10 [ 27.087378] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.087400] ? calculate_sigpending+0x7b/0xa0 [ 27.087437] ? __pfx_kthread+0x10/0x10 [ 27.087459] ret_from_fork+0x116/0x1d0 [ 27.087479] ? __pfx_kthread+0x10/0x10 [ 27.087510] ret_from_fork_asm+0x1a/0x30 [ 27.087543] </TASK> [ 27.087554] [ 27.094864] Allocated by task 314: [ 27.095037] kasan_save_stack+0x45/0x70 [ 27.095264] kasan_save_track+0x18/0x40 [ 27.095457] kasan_save_alloc_info+0x3b/0x50 [ 27.095603] __kasan_kmalloc+0xb7/0xc0 [ 27.095793] __kmalloc_cache_noprof+0x189/0x420 [ 27.096036] kasan_atomics+0x95/0x310 [ 27.096182] kunit_try_run_case+0x1a5/0x480 [ 27.096387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.096632] kthread+0x337/0x6f0 [ 27.096800] ret_from_fork+0x116/0x1d0 [ 27.096938] ret_from_fork_asm+0x1a/0x30 [ 27.097141] [ 27.097215] The buggy address belongs to the object at ffff88810623b200 [ 27.097215] which belongs to the cache kmalloc-64 of size 64 [ 27.097715] The buggy address is located 0 bytes to the right of [ 27.097715] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.098223] [ 27.098310] The buggy address belongs to the physical page: [ 27.098549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.098933] flags: 0x200000000000000(node=0|zone=2) [ 27.099174] page_type: f5(slab) [ 27.099347] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.099573] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.099916] page dumped because: kasan: bad access detected [ 27.100170] [ 27.100236] Memory state around the buggy address: [ 27.100397] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.100790] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.101125] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.101420] ^ [ 27.101680] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.101981] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.102283] ================================================================== [ 26.487924] ================================================================== [ 26.488281] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 26.488782] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.489147] [ 26.489261] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.489324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.489338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.489361] Call Trace: [ 26.489383] <TASK> [ 26.489400] dump_stack_lvl+0x73/0xb0 [ 26.489431] print_report+0xd1/0x610 [ 26.489456] ? __virt_addr_valid+0x1db/0x2d0 [ 26.489480] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.489501] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.489529] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.489551] kasan_report+0x141/0x180 [ 26.489574] ? kasan_atomics_helper+0x4eae/0x5450 [ 26.489629] __asan_report_load8_noabort+0x18/0x20 [ 26.489654] kasan_atomics_helper+0x4eae/0x5450 [ 26.489678] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.489701] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.489727] ? kasan_atomics+0x152/0x310 [ 26.489753] kasan_atomics+0x1dc/0x310 [ 26.489776] ? __pfx_kasan_atomics+0x10/0x10 [ 26.489801] ? __pfx_read_tsc+0x10/0x10 [ 26.489826] ? ktime_get_ts64+0x86/0x230 [ 26.489852] kunit_try_run_case+0x1a5/0x480 [ 26.489878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.489901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.489925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.489949] ? __kthread_parkme+0x82/0x180 [ 26.489971] ? preempt_count_sub+0x50/0x80 [ 26.489996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.490021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.490048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.490076] kthread+0x337/0x6f0 [ 26.490097] ? trace_preempt_on+0x20/0xc0 [ 26.490122] ? __pfx_kthread+0x10/0x10 [ 26.490144] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.490165] ? calculate_sigpending+0x7b/0xa0 [ 26.490190] ? __pfx_kthread+0x10/0x10 [ 26.490213] ret_from_fork+0x116/0x1d0 [ 26.490233] ? __pfx_kthread+0x10/0x10 [ 26.490255] ret_from_fork_asm+0x1a/0x30 [ 26.490287] </TASK> [ 26.490299] [ 26.500455] Allocated by task 314: [ 26.501018] kasan_save_stack+0x45/0x70 [ 26.501410] kasan_save_track+0x18/0x40 [ 26.502031] kasan_save_alloc_info+0x3b/0x50 [ 26.502192] __kasan_kmalloc+0xb7/0xc0 [ 26.502332] __kmalloc_cache_noprof+0x189/0x420 [ 26.502483] kasan_atomics+0x95/0x310 [ 26.502711] kunit_try_run_case+0x1a5/0x480 [ 26.503070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.503524] kthread+0x337/0x6f0 [ 26.503809] ret_from_fork+0x116/0x1d0 [ 26.504134] ret_from_fork_asm+0x1a/0x30 [ 26.505140] [ 26.505327] The buggy address belongs to the object at ffff88810623b200 [ 26.505327] which belongs to the cache kmalloc-64 of size 64 [ 26.506758] The buggy address is located 0 bytes to the right of [ 26.506758] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.507130] [ 26.507199] The buggy address belongs to the physical page: [ 26.507863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.508717] flags: 0x200000000000000(node=0|zone=2) [ 26.509501] page_type: f5(slab) [ 26.510163] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.510707] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.511568] page dumped because: kasan: bad access detected [ 26.512030] [ 26.512134] Memory state around the buggy address: [ 26.512500] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.513058] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.513789] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.514039] ^ [ 26.514191] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.514585] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.515565] ================================================================== [ 26.038741] ================================================================== [ 26.039075] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 26.039419] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.039805] [ 26.039933] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.039987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.040001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.040025] Call Trace: [ 26.040047] <TASK> [ 26.040064] dump_stack_lvl+0x73/0xb0 [ 26.040094] print_report+0xd1/0x610 [ 26.040116] ? __virt_addr_valid+0x1db/0x2d0 [ 26.040142] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.040164] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.040191] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.040214] kasan_report+0x141/0x180 [ 26.040236] ? kasan_atomics_helper+0x7c7/0x5450 [ 26.040262] kasan_check_range+0x10c/0x1c0 [ 26.040286] __kasan_check_write+0x18/0x20 [ 26.040322] kasan_atomics_helper+0x7c7/0x5450 [ 26.040345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.040368] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.040394] ? kasan_atomics+0x152/0x310 [ 26.040420] kasan_atomics+0x1dc/0x310 [ 26.040444] ? __pfx_kasan_atomics+0x10/0x10 [ 26.040469] ? __pfx_read_tsc+0x10/0x10 [ 26.040493] ? ktime_get_ts64+0x86/0x230 [ 26.040518] kunit_try_run_case+0x1a5/0x480 [ 26.040543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.040565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.040610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.040635] ? __kthread_parkme+0x82/0x180 [ 26.040657] ? preempt_count_sub+0x50/0x80 [ 26.040681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.040705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.040733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.040761] kthread+0x337/0x6f0 [ 26.040782] ? trace_preempt_on+0x20/0xc0 [ 26.040806] ? __pfx_kthread+0x10/0x10 [ 26.040827] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.040850] ? calculate_sigpending+0x7b/0xa0 [ 26.040875] ? __pfx_kthread+0x10/0x10 [ 26.040897] ret_from_fork+0x116/0x1d0 [ 26.040917] ? __pfx_kthread+0x10/0x10 [ 26.040938] ret_from_fork_asm+0x1a/0x30 [ 26.040971] </TASK> [ 26.040982] [ 26.047968] Allocated by task 314: [ 26.048144] kasan_save_stack+0x45/0x70 [ 26.048347] kasan_save_track+0x18/0x40 [ 26.048533] kasan_save_alloc_info+0x3b/0x50 [ 26.048762] __kasan_kmalloc+0xb7/0xc0 [ 26.048937] __kmalloc_cache_noprof+0x189/0x420 [ 26.049145] kasan_atomics+0x95/0x310 [ 26.049290] kunit_try_run_case+0x1a5/0x480 [ 26.049440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.049643] kthread+0x337/0x6f0 [ 26.049761] ret_from_fork+0x116/0x1d0 [ 26.049933] ret_from_fork_asm+0x1a/0x30 [ 26.050126] [ 26.050214] The buggy address belongs to the object at ffff88810623b200 [ 26.050214] which belongs to the cache kmalloc-64 of size 64 [ 26.050785] The buggy address is located 0 bytes to the right of [ 26.050785] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.051303] [ 26.051398] The buggy address belongs to the physical page: [ 26.051589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.051923] flags: 0x200000000000000(node=0|zone=2) [ 26.052084] page_type: f5(slab) [ 26.052200] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.052434] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.052774] page dumped because: kasan: bad access detected [ 26.053020] [ 26.053110] Memory state around the buggy address: [ 26.053338] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.053593] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.053809] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.054016] ^ [ 26.054212] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.054540] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.054876] ================================================================== [ 26.930454] ================================================================== [ 26.931055] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 26.931655] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.931991] [ 26.932078] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.932130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.932144] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.932167] Call Trace: [ 26.932188] <TASK> [ 26.932205] dump_stack_lvl+0x73/0xb0 [ 26.932235] print_report+0xd1/0x610 [ 26.932260] ? __virt_addr_valid+0x1db/0x2d0 [ 26.932285] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.932334] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.932362] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.932386] kasan_report+0x141/0x180 [ 26.932409] ? kasan_atomics_helper+0x1f43/0x5450 [ 26.932437] kasan_check_range+0x10c/0x1c0 [ 26.932461] __kasan_check_write+0x18/0x20 [ 26.932486] kasan_atomics_helper+0x1f43/0x5450 [ 26.932510] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.932534] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.932559] ? kasan_atomics+0x152/0x310 [ 26.932604] kasan_atomics+0x1dc/0x310 [ 26.932628] ? __pfx_kasan_atomics+0x10/0x10 [ 26.932653] ? __pfx_read_tsc+0x10/0x10 [ 26.932675] ? ktime_get_ts64+0x86/0x230 [ 26.932711] kunit_try_run_case+0x1a5/0x480 [ 26.932736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.932759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.932794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.932818] ? __kthread_parkme+0x82/0x180 [ 26.932840] ? preempt_count_sub+0x50/0x80 [ 26.932873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.932898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.932925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.932963] kthread+0x337/0x6f0 [ 26.932983] ? trace_preempt_on+0x20/0xc0 [ 26.933008] ? __pfx_kthread+0x10/0x10 [ 26.933038] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.933060] ? calculate_sigpending+0x7b/0xa0 [ 26.933085] ? __pfx_kthread+0x10/0x10 [ 26.933117] ret_from_fork+0x116/0x1d0 [ 26.933137] ? __pfx_kthread+0x10/0x10 [ 26.933160] ret_from_fork_asm+0x1a/0x30 [ 26.933200] </TASK> [ 26.933212] [ 26.940651] Allocated by task 314: [ 26.940806] kasan_save_stack+0x45/0x70 [ 26.941019] kasan_save_track+0x18/0x40 [ 26.941196] kasan_save_alloc_info+0x3b/0x50 [ 26.941386] __kasan_kmalloc+0xb7/0xc0 [ 26.941568] __kmalloc_cache_noprof+0x189/0x420 [ 26.941816] kasan_atomics+0x95/0x310 [ 26.941994] kunit_try_run_case+0x1a5/0x480 [ 26.942138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.942311] kthread+0x337/0x6f0 [ 26.942490] ret_from_fork+0x116/0x1d0 [ 26.942732] ret_from_fork_asm+0x1a/0x30 [ 26.942967] [ 26.943068] The buggy address belongs to the object at ffff88810623b200 [ 26.943068] which belongs to the cache kmalloc-64 of size 64 [ 26.943574] The buggy address is located 0 bytes to the right of [ 26.943574] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.944099] [ 26.944226] The buggy address belongs to the physical page: [ 26.944456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.944819] flags: 0x200000000000000(node=0|zone=2) [ 26.945026] page_type: f5(slab) [ 26.945204] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.945473] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.945727] page dumped because: kasan: bad access detected [ 26.945895] [ 26.945960] Memory state around the buggy address: [ 26.946194] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.946456] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.946732] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.947039] ^ [ 26.947259] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.947580] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.947913] ================================================================== [ 26.170350] ================================================================== [ 26.170732] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 26.171111] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.171489] [ 26.171615] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.171698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.171713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.171736] Call Trace: [ 26.171759] <TASK> [ 26.171777] dump_stack_lvl+0x73/0xb0 [ 26.171837] print_report+0xd1/0x610 [ 26.171860] ? __virt_addr_valid+0x1db/0x2d0 [ 26.171885] ? kasan_atomics_helper+0xc70/0x5450 [ 26.171907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.171935] ? kasan_atomics_helper+0xc70/0x5450 [ 26.171985] kasan_report+0x141/0x180 [ 26.172009] ? kasan_atomics_helper+0xc70/0x5450 [ 26.172035] kasan_check_range+0x10c/0x1c0 [ 26.172060] __kasan_check_write+0x18/0x20 [ 26.172084] kasan_atomics_helper+0xc70/0x5450 [ 26.172136] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.172183] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.172209] ? kasan_atomics+0x152/0x310 [ 26.172236] kasan_atomics+0x1dc/0x310 [ 26.172259] ? __pfx_kasan_atomics+0x10/0x10 [ 26.172284] ? __pfx_read_tsc+0x10/0x10 [ 26.172319] ? ktime_get_ts64+0x86/0x230 [ 26.172377] kunit_try_run_case+0x1a5/0x480 [ 26.172427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.172449] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.172474] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.172498] ? __kthread_parkme+0x82/0x180 [ 26.172519] ? preempt_count_sub+0x50/0x80 [ 26.172544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.172590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.172638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.172665] kthread+0x337/0x6f0 [ 26.172686] ? trace_preempt_on+0x20/0xc0 [ 26.172712] ? __pfx_kthread+0x10/0x10 [ 26.172757] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.172780] ? calculate_sigpending+0x7b/0xa0 [ 26.172806] ? __pfx_kthread+0x10/0x10 [ 26.172829] ret_from_fork+0x116/0x1d0 [ 26.172849] ? __pfx_kthread+0x10/0x10 [ 26.172871] ret_from_fork_asm+0x1a/0x30 [ 26.172904] </TASK> [ 26.172916] [ 26.180130] Allocated by task 314: [ 26.180305] kasan_save_stack+0x45/0x70 [ 26.180513] kasan_save_track+0x18/0x40 [ 26.180697] kasan_save_alloc_info+0x3b/0x50 [ 26.180926] __kasan_kmalloc+0xb7/0xc0 [ 26.181124] __kmalloc_cache_noprof+0x189/0x420 [ 26.181285] kasan_atomics+0x95/0x310 [ 26.181420] kunit_try_run_case+0x1a5/0x480 [ 26.181558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.181729] kthread+0x337/0x6f0 [ 26.181842] ret_from_fork+0x116/0x1d0 [ 26.181966] ret_from_fork_asm+0x1a/0x30 [ 26.182094] [ 26.182158] The buggy address belongs to the object at ffff88810623b200 [ 26.182158] which belongs to the cache kmalloc-64 of size 64 [ 26.183085] The buggy address is located 0 bytes to the right of [ 26.183085] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.183698] [ 26.183791] The buggy address belongs to the physical page: [ 26.184042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.184396] flags: 0x200000000000000(node=0|zone=2) [ 26.184573] page_type: f5(slab) [ 26.184741] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.184983] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.185196] page dumped because: kasan: bad access detected [ 26.185367] [ 26.185430] Memory state around the buggy address: [ 26.185578] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.185897] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.186220] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.186571] ^ [ 26.186792] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.187097] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.187325] ================================================================== [ 26.228298] ================================================================== [ 26.228740] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 26.228996] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.229325] [ 26.229408] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.229459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.229474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.229497] Call Trace: [ 26.229513] <TASK> [ 26.229529] dump_stack_lvl+0x73/0xb0 [ 26.229558] print_report+0xd1/0x610 [ 26.229581] ? __virt_addr_valid+0x1db/0x2d0 [ 26.229613] ? kasan_atomics_helper+0xde0/0x5450 [ 26.229635] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.229661] ? kasan_atomics_helper+0xde0/0x5450 [ 26.229684] kasan_report+0x141/0x180 [ 26.229718] ? kasan_atomics_helper+0xde0/0x5450 [ 26.229745] kasan_check_range+0x10c/0x1c0 [ 26.229770] __kasan_check_write+0x18/0x20 [ 26.229794] kasan_atomics_helper+0xde0/0x5450 [ 26.229818] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.229842] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.229867] ? kasan_atomics+0x152/0x310 [ 26.229894] kasan_atomics+0x1dc/0x310 [ 26.229918] ? __pfx_kasan_atomics+0x10/0x10 [ 26.229943] ? __pfx_read_tsc+0x10/0x10 [ 26.229967] ? ktime_get_ts64+0x86/0x230 [ 26.229994] kunit_try_run_case+0x1a5/0x480 [ 26.230019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.230043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.230068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.230092] ? __kthread_parkme+0x82/0x180 [ 26.230114] ? preempt_count_sub+0x50/0x80 [ 26.230139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.230163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.230192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.230219] kthread+0x337/0x6f0 [ 26.230240] ? trace_preempt_on+0x20/0xc0 [ 26.230264] ? __pfx_kthread+0x10/0x10 [ 26.230286] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.230317] ? calculate_sigpending+0x7b/0xa0 [ 26.230343] ? __pfx_kthread+0x10/0x10 [ 26.230366] ret_from_fork+0x116/0x1d0 [ 26.230386] ? __pfx_kthread+0x10/0x10 [ 26.230407] ret_from_fork_asm+0x1a/0x30 [ 26.230439] </TASK> [ 26.230451] [ 26.237764] Allocated by task 314: [ 26.237914] kasan_save_stack+0x45/0x70 [ 26.238088] kasan_save_track+0x18/0x40 [ 26.238253] kasan_save_alloc_info+0x3b/0x50 [ 26.238452] __kasan_kmalloc+0xb7/0xc0 [ 26.238658] __kmalloc_cache_noprof+0x189/0x420 [ 26.238842] kasan_atomics+0x95/0x310 [ 26.239010] kunit_try_run_case+0x1a5/0x480 [ 26.239172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.239415] kthread+0x337/0x6f0 [ 26.239569] ret_from_fork+0x116/0x1d0 [ 26.239753] ret_from_fork_asm+0x1a/0x30 [ 26.239903] [ 26.239968] The buggy address belongs to the object at ffff88810623b200 [ 26.239968] which belongs to the cache kmalloc-64 of size 64 [ 26.240418] The buggy address is located 0 bytes to the right of [ 26.240418] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.241006] [ 26.241075] The buggy address belongs to the physical page: [ 26.241244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.241611] flags: 0x200000000000000(node=0|zone=2) [ 26.241859] page_type: f5(slab) [ 26.242025] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.242306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.242585] page dumped because: kasan: bad access detected [ 26.242791] [ 26.242896] Memory state around the buggy address: [ 26.244868] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.245093] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.245306] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.245532] ^ [ 26.245696] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.245909] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.246115] ================================================================== [ 26.965962] ================================================================== [ 26.966208] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 26.966743] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.967110] [ 26.967223] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.967277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.967292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.967315] Call Trace: [ 26.967347] <TASK> [ 26.967364] dump_stack_lvl+0x73/0xb0 [ 26.967396] print_report+0xd1/0x610 [ 26.967420] ? __virt_addr_valid+0x1db/0x2d0 [ 26.967445] ? kasan_atomics_helper+0x2006/0x5450 [ 26.967468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.967495] ? kasan_atomics_helper+0x2006/0x5450 [ 26.967518] kasan_report+0x141/0x180 [ 26.967541] ? kasan_atomics_helper+0x2006/0x5450 [ 26.967569] kasan_check_range+0x10c/0x1c0 [ 26.967614] __kasan_check_write+0x18/0x20 [ 26.967639] kasan_atomics_helper+0x2006/0x5450 [ 26.967663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.967686] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.967713] ? kasan_atomics+0x152/0x310 [ 26.967740] kasan_atomics+0x1dc/0x310 [ 26.967763] ? __pfx_kasan_atomics+0x10/0x10 [ 26.967788] ? __pfx_read_tsc+0x10/0x10 [ 26.967811] ? ktime_get_ts64+0x86/0x230 [ 26.967837] kunit_try_run_case+0x1a5/0x480 [ 26.967862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.967911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.967934] ? __kthread_parkme+0x82/0x180 [ 26.967956] ? preempt_count_sub+0x50/0x80 [ 26.967980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.968006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.968033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.968061] kthread+0x337/0x6f0 [ 26.968083] ? trace_preempt_on+0x20/0xc0 [ 26.968107] ? __pfx_kthread+0x10/0x10 [ 26.968129] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.968151] ? calculate_sigpending+0x7b/0xa0 [ 26.968176] ? __pfx_kthread+0x10/0x10 [ 26.968198] ret_from_fork+0x116/0x1d0 [ 26.968219] ? __pfx_kthread+0x10/0x10 [ 26.968240] ret_from_fork_asm+0x1a/0x30 [ 26.968273] </TASK> [ 26.968285] [ 26.975724] Allocated by task 314: [ 26.975935] kasan_save_stack+0x45/0x70 [ 26.976156] kasan_save_track+0x18/0x40 [ 26.976356] kasan_save_alloc_info+0x3b/0x50 [ 26.976536] __kasan_kmalloc+0xb7/0xc0 [ 26.976728] __kmalloc_cache_noprof+0x189/0x420 [ 26.976884] kasan_atomics+0x95/0x310 [ 26.977063] kunit_try_run_case+0x1a5/0x480 [ 26.977297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.977602] kthread+0x337/0x6f0 [ 26.977741] ret_from_fork+0x116/0x1d0 [ 26.977936] ret_from_fork_asm+0x1a/0x30 [ 26.978114] [ 26.978214] The buggy address belongs to the object at ffff88810623b200 [ 26.978214] which belongs to the cache kmalloc-64 of size 64 [ 26.978751] The buggy address is located 0 bytes to the right of [ 26.978751] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.979264] [ 26.979357] The buggy address belongs to the physical page: [ 26.979621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.979963] flags: 0x200000000000000(node=0|zone=2) [ 26.980129] page_type: f5(slab) [ 26.980272] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.980621] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.980885] page dumped because: kasan: bad access detected [ 26.981053] [ 26.981117] Memory state around the buggy address: [ 26.981269] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.982911] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.983785] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.984539] ^ [ 26.985058] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985282] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.985504] ================================================================== [ 25.809604] ================================================================== [ 25.810033] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 25.810393] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.810713] [ 25.810797] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.810850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.810864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.810887] Call Trace: [ 25.810972] <TASK> [ 25.810995] dump_stack_lvl+0x73/0xb0 [ 25.811027] print_report+0xd1/0x610 [ 25.811051] ? __virt_addr_valid+0x1db/0x2d0 [ 25.811076] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.811098] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.811126] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.811148] kasan_report+0x141/0x180 [ 25.811172] ? kasan_atomics_helper+0x4b6e/0x5450 [ 25.811199] __asan_report_store4_noabort+0x1b/0x30 [ 25.811224] kasan_atomics_helper+0x4b6e/0x5450 [ 25.811248] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.811271] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.811298] ? kasan_atomics+0x152/0x310 [ 25.811357] kasan_atomics+0x1dc/0x310 [ 25.811382] ? __pfx_kasan_atomics+0x10/0x10 [ 25.811407] ? __pfx_read_tsc+0x10/0x10 [ 25.811431] ? ktime_get_ts64+0x86/0x230 [ 25.811456] kunit_try_run_case+0x1a5/0x480 [ 25.811482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.811525] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.811551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.811575] ? __kthread_parkme+0x82/0x180 [ 25.811597] ? preempt_count_sub+0x50/0x80 [ 25.811633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.811658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.811687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.811719] kthread+0x337/0x6f0 [ 25.811741] ? trace_preempt_on+0x20/0xc0 [ 25.811768] ? __pfx_kthread+0x10/0x10 [ 25.811791] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.811814] ? calculate_sigpending+0x7b/0xa0 [ 25.811840] ? __pfx_kthread+0x10/0x10 [ 25.811901] ret_from_fork+0x116/0x1d0 [ 25.811926] ? __pfx_kthread+0x10/0x10 [ 25.811970] ret_from_fork_asm+0x1a/0x30 [ 25.812005] </TASK> [ 25.812019] [ 25.820809] Allocated by task 314: [ 25.821050] kasan_save_stack+0x45/0x70 [ 25.821206] kasan_save_track+0x18/0x40 [ 25.821371] kasan_save_alloc_info+0x3b/0x50 [ 25.821578] __kasan_kmalloc+0xb7/0xc0 [ 25.821844] __kmalloc_cache_noprof+0x189/0x420 [ 25.822012] kasan_atomics+0x95/0x310 [ 25.822142] kunit_try_run_case+0x1a5/0x480 [ 25.822335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.822591] kthread+0x337/0x6f0 [ 25.822767] ret_from_fork+0x116/0x1d0 [ 25.823021] ret_from_fork_asm+0x1a/0x30 [ 25.823369] [ 25.823466] The buggy address belongs to the object at ffff88810623b200 [ 25.823466] which belongs to the cache kmalloc-64 of size 64 [ 25.823890] The buggy address is located 0 bytes to the right of [ 25.823890] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.824378] [ 25.824472] The buggy address belongs to the physical page: [ 25.824776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.825064] flags: 0x200000000000000(node=0|zone=2) [ 25.825229] page_type: f5(slab) [ 25.825361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.826015] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.826350] page dumped because: kasan: bad access detected [ 25.826520] [ 25.826585] Memory state around the buggy address: [ 25.826770] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.827082] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.827498] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.827786] ^ [ 25.828168] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.828469] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.828777] ================================================================== [ 26.404133] ================================================================== [ 26.404479] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 26.404816] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.405109] [ 26.405200] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.405254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.405268] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.405291] Call Trace: [ 26.405324] <TASK> [ 26.405344] dump_stack_lvl+0x73/0xb0 [ 26.405375] print_report+0xd1/0x610 [ 26.405398] ? __virt_addr_valid+0x1db/0x2d0 [ 26.405423] ? kasan_atomics_helper+0x1217/0x5450 [ 26.405445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.405471] ? kasan_atomics_helper+0x1217/0x5450 [ 26.405494] kasan_report+0x141/0x180 [ 26.405517] ? kasan_atomics_helper+0x1217/0x5450 [ 26.405544] kasan_check_range+0x10c/0x1c0 [ 26.405567] __kasan_check_write+0x18/0x20 [ 26.405619] kasan_atomics_helper+0x1217/0x5450 [ 26.405643] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.405665] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.405691] ? kasan_atomics+0x152/0x310 [ 26.405718] kasan_atomics+0x1dc/0x310 [ 26.405741] ? __pfx_kasan_atomics+0x10/0x10 [ 26.405765] ? __pfx_read_tsc+0x10/0x10 [ 26.405791] ? ktime_get_ts64+0x86/0x230 [ 26.405817] kunit_try_run_case+0x1a5/0x480 [ 26.405844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.405866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.405891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.405915] ? __kthread_parkme+0x82/0x180 [ 26.405938] ? preempt_count_sub+0x50/0x80 [ 26.405962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.405987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.406015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.406043] kthread+0x337/0x6f0 [ 26.406064] ? trace_preempt_on+0x20/0xc0 [ 26.406089] ? __pfx_kthread+0x10/0x10 [ 26.406111] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.406132] ? calculate_sigpending+0x7b/0xa0 [ 26.406157] ? __pfx_kthread+0x10/0x10 [ 26.406180] ret_from_fork+0x116/0x1d0 [ 26.406201] ? __pfx_kthread+0x10/0x10 [ 26.406222] ret_from_fork_asm+0x1a/0x30 [ 26.406254] </TASK> [ 26.406267] [ 26.413516] Allocated by task 314: [ 26.413731] kasan_save_stack+0x45/0x70 [ 26.413894] kasan_save_track+0x18/0x40 [ 26.414070] kasan_save_alloc_info+0x3b/0x50 [ 26.414266] __kasan_kmalloc+0xb7/0xc0 [ 26.414421] __kmalloc_cache_noprof+0x189/0x420 [ 26.414661] kasan_atomics+0x95/0x310 [ 26.414816] kunit_try_run_case+0x1a5/0x480 [ 26.414958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.415130] kthread+0x337/0x6f0 [ 26.415246] ret_from_fork+0x116/0x1d0 [ 26.415418] ret_from_fork_asm+0x1a/0x30 [ 26.415640] [ 26.415729] The buggy address belongs to the object at ffff88810623b200 [ 26.415729] which belongs to the cache kmalloc-64 of size 64 [ 26.416255] The buggy address is located 0 bytes to the right of [ 26.416255] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.416791] [ 26.416862] The buggy address belongs to the physical page: [ 26.417114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.417436] flags: 0x200000000000000(node=0|zone=2) [ 26.417678] page_type: f5(slab) [ 26.417827] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.418134] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.418427] page dumped because: kasan: bad access detected [ 26.418672] [ 26.418761] Memory state around the buggy address: [ 26.418952] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.419232] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.419508] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.419807] ^ [ 26.420001] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.420280] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.420557] ================================================================== [ 26.187760] ================================================================== [ 26.188297] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 26.188683] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.188987] [ 26.189073] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.189124] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.189137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.189159] Call Trace: [ 26.189176] <TASK> [ 26.189192] dump_stack_lvl+0x73/0xb0 [ 26.189222] print_report+0xd1/0x610 [ 26.189246] ? __virt_addr_valid+0x1db/0x2d0 [ 26.189271] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.189293] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.189333] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.189356] kasan_report+0x141/0x180 [ 26.189378] ? kasan_atomics_helper+0x4a84/0x5450 [ 26.189405] __asan_report_load4_noabort+0x18/0x20 [ 26.189430] kasan_atomics_helper+0x4a84/0x5450 [ 26.189453] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.189476] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.189503] ? kasan_atomics+0x152/0x310 [ 26.189530] kasan_atomics+0x1dc/0x310 [ 26.189553] ? __pfx_kasan_atomics+0x10/0x10 [ 26.189578] ? __pfx_read_tsc+0x10/0x10 [ 26.189632] ? ktime_get_ts64+0x86/0x230 [ 26.189658] kunit_try_run_case+0x1a5/0x480 [ 26.189682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.189706] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.189729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.189753] ? __kthread_parkme+0x82/0x180 [ 26.189775] ? preempt_count_sub+0x50/0x80 [ 26.189798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.189826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.189852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.189899] kthread+0x337/0x6f0 [ 26.189921] ? trace_preempt_on+0x20/0xc0 [ 26.189945] ? __pfx_kthread+0x10/0x10 [ 26.189984] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.190007] ? calculate_sigpending+0x7b/0xa0 [ 26.190032] ? __pfx_kthread+0x10/0x10 [ 26.190054] ret_from_fork+0x116/0x1d0 [ 26.190075] ? __pfx_kthread+0x10/0x10 [ 26.190097] ret_from_fork_asm+0x1a/0x30 [ 26.190146] </TASK> [ 26.190158] [ 26.197780] Allocated by task 314: [ 26.197973] kasan_save_stack+0x45/0x70 [ 26.198150] kasan_save_track+0x18/0x40 [ 26.198277] kasan_save_alloc_info+0x3b/0x50 [ 26.198487] __kasan_kmalloc+0xb7/0xc0 [ 26.198661] __kmalloc_cache_noprof+0x189/0x420 [ 26.198870] kasan_atomics+0x95/0x310 [ 26.199041] kunit_try_run_case+0x1a5/0x480 [ 26.199240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.199516] kthread+0x337/0x6f0 [ 26.199677] ret_from_fork+0x116/0x1d0 [ 26.199855] ret_from_fork_asm+0x1a/0x30 [ 26.200171] [ 26.200239] The buggy address belongs to the object at ffff88810623b200 [ 26.200239] which belongs to the cache kmalloc-64 of size 64 [ 26.200586] The buggy address is located 0 bytes to the right of [ 26.200586] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.201140] [ 26.201232] The buggy address belongs to the physical page: [ 26.201511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.201796] flags: 0x200000000000000(node=0|zone=2) [ 26.201953] page_type: f5(slab) [ 26.202066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.202285] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.202624] page dumped because: kasan: bad access detected [ 26.202977] [ 26.203098] Memory state around the buggy address: [ 26.203346] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.203705] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.204036] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.204381] ^ [ 26.204581] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.204830] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.205032] ================================================================== [ 26.611553] ================================================================== [ 26.611929] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 26.612227] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.612999] [ 26.613685] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.613762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.613777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.613801] Call Trace: [ 26.613824] <TASK> [ 26.613846] dump_stack_lvl+0x73/0xb0 [ 26.613880] print_report+0xd1/0x610 [ 26.613904] ? __virt_addr_valid+0x1db/0x2d0 [ 26.613929] ? kasan_atomics_helper+0x164f/0x5450 [ 26.613951] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.613978] ? kasan_atomics_helper+0x164f/0x5450 [ 26.614001] kasan_report+0x141/0x180 [ 26.614024] ? kasan_atomics_helper+0x164f/0x5450 [ 26.614056] kasan_check_range+0x10c/0x1c0 [ 26.614080] __kasan_check_write+0x18/0x20 [ 26.614105] kasan_atomics_helper+0x164f/0x5450 [ 26.614128] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.614151] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.614177] ? kasan_atomics+0x152/0x310 [ 26.614203] kasan_atomics+0x1dc/0x310 [ 26.614227] ? __pfx_kasan_atomics+0x10/0x10 [ 26.614252] ? __pfx_read_tsc+0x10/0x10 [ 26.614275] ? ktime_get_ts64+0x86/0x230 [ 26.614301] kunit_try_run_case+0x1a5/0x480 [ 26.614336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.614360] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.614384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.614408] ? __kthread_parkme+0x82/0x180 [ 26.614430] ? preempt_count_sub+0x50/0x80 [ 26.614456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.614483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.614511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.614539] kthread+0x337/0x6f0 [ 26.614564] ? trace_preempt_on+0x20/0xc0 [ 26.614589] ? __pfx_kthread+0x10/0x10 [ 26.614631] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.614653] ? calculate_sigpending+0x7b/0xa0 [ 26.614678] ? __pfx_kthread+0x10/0x10 [ 26.614701] ret_from_fork+0x116/0x1d0 [ 26.614722] ? __pfx_kthread+0x10/0x10 [ 26.614744] ret_from_fork_asm+0x1a/0x30 [ 26.614777] </TASK> [ 26.614788] [ 26.623363] Allocated by task 314: [ 26.623568] kasan_save_stack+0x45/0x70 [ 26.623771] kasan_save_track+0x18/0x40 [ 26.623955] kasan_save_alloc_info+0x3b/0x50 [ 26.624094] __kasan_kmalloc+0xb7/0xc0 [ 26.624336] __kmalloc_cache_noprof+0x189/0x420 [ 26.624557] kasan_atomics+0x95/0x310 [ 26.624784] kunit_try_run_case+0x1a5/0x480 [ 26.625080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.625342] kthread+0x337/0x6f0 [ 26.625499] ret_from_fork+0x116/0x1d0 [ 26.625711] ret_from_fork_asm+0x1a/0x30 [ 26.625899] [ 26.626138] The buggy address belongs to the object at ffff88810623b200 [ 26.626138] which belongs to the cache kmalloc-64 of size 64 [ 26.626700] The buggy address is located 0 bytes to the right of [ 26.626700] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.627137] [ 26.627276] The buggy address belongs to the physical page: [ 26.627791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.628029] flags: 0x200000000000000(node=0|zone=2) [ 26.628247] page_type: f5(slab) [ 26.628426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.628993] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.629392] page dumped because: kasan: bad access detected [ 26.629588] [ 26.629695] Memory state around the buggy address: [ 26.629941] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.630287] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.630757] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.631083] ^ [ 26.631244] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.631596] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.631941] ================================================================== [ 26.543947] ================================================================== [ 26.544686] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 26.545413] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.546090] [ 26.547233] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.547304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.547328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.547350] Call Trace: [ 26.547371] <TASK> [ 26.547389] dump_stack_lvl+0x73/0xb0 [ 26.547420] print_report+0xd1/0x610 [ 26.547444] ? __virt_addr_valid+0x1db/0x2d0 [ 26.547469] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.547491] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.547518] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.547540] kasan_report+0x141/0x180 [ 26.547563] ? kasan_atomics_helper+0x50d4/0x5450 [ 26.547609] __asan_report_store8_noabort+0x1b/0x30 [ 26.547635] kasan_atomics_helper+0x50d4/0x5450 [ 26.547658] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.547682] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.547707] ? kasan_atomics+0x152/0x310 [ 26.547734] kasan_atomics+0x1dc/0x310 [ 26.547758] ? __pfx_kasan_atomics+0x10/0x10 [ 26.547783] ? __pfx_read_tsc+0x10/0x10 [ 26.547807] ? ktime_get_ts64+0x86/0x230 [ 26.547833] kunit_try_run_case+0x1a5/0x480 [ 26.547858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.547882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.547906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.547931] ? __kthread_parkme+0x82/0x180 [ 26.547953] ? preempt_count_sub+0x50/0x80 [ 26.547977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.548001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.548029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.548056] kthread+0x337/0x6f0 [ 26.548077] ? trace_preempt_on+0x20/0xc0 [ 26.548101] ? __pfx_kthread+0x10/0x10 [ 26.548123] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.548145] ? calculate_sigpending+0x7b/0xa0 [ 26.548170] ? __pfx_kthread+0x10/0x10 [ 26.548193] ret_from_fork+0x116/0x1d0 [ 26.548213] ? __pfx_kthread+0x10/0x10 [ 26.548234] ret_from_fork_asm+0x1a/0x30 [ 26.548267] </TASK> [ 26.548278] [ 26.556123] Allocated by task 314: [ 26.556307] kasan_save_stack+0x45/0x70 [ 26.556559] kasan_save_track+0x18/0x40 [ 26.556768] kasan_save_alloc_info+0x3b/0x50 [ 26.556952] __kasan_kmalloc+0xb7/0xc0 [ 26.557136] __kmalloc_cache_noprof+0x189/0x420 [ 26.557399] kasan_atomics+0x95/0x310 [ 26.557559] kunit_try_run_case+0x1a5/0x480 [ 26.557848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.558088] kthread+0x337/0x6f0 [ 26.558292] ret_from_fork+0x116/0x1d0 [ 26.558483] ret_from_fork_asm+0x1a/0x30 [ 26.558742] [ 26.558830] The buggy address belongs to the object at ffff88810623b200 [ 26.558830] which belongs to the cache kmalloc-64 of size 64 [ 26.559269] The buggy address is located 0 bytes to the right of [ 26.559269] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.559656] [ 26.559725] The buggy address belongs to the physical page: [ 26.559888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.560179] flags: 0x200000000000000(node=0|zone=2) [ 26.560385] page_type: f5(slab) [ 26.560550] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.560892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.561261] page dumped because: kasan: bad access detected [ 26.561517] [ 26.561668] Memory state around the buggy address: [ 26.561919] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.562125] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.562338] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.562538] ^ [ 26.562709] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.562978] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.563326] ================================================================== [ 26.809128] ================================================================== [ 26.809386] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 26.809804] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.810260] [ 26.810895] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.810952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.810967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.810991] Call Trace: [ 26.811012] <TASK> [ 26.811030] dump_stack_lvl+0x73/0xb0 [ 26.811156] print_report+0xd1/0x610 [ 26.811186] ? __virt_addr_valid+0x1db/0x2d0 [ 26.811211] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.811233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.811260] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.811283] kasan_report+0x141/0x180 [ 26.811307] ? kasan_atomics_helper+0x1c18/0x5450 [ 26.811347] kasan_check_range+0x10c/0x1c0 [ 26.811371] __kasan_check_write+0x18/0x20 [ 26.811397] kasan_atomics_helper+0x1c18/0x5450 [ 26.811420] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.811444] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.811469] ? kasan_atomics+0x152/0x310 [ 26.811496] kasan_atomics+0x1dc/0x310 [ 26.811520] ? __pfx_kasan_atomics+0x10/0x10 [ 26.811545] ? __pfx_read_tsc+0x10/0x10 [ 26.811568] ? ktime_get_ts64+0x86/0x230 [ 26.811595] kunit_try_run_case+0x1a5/0x480 [ 26.811633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.811656] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.811681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.811705] ? __kthread_parkme+0x82/0x180 [ 26.811726] ? preempt_count_sub+0x50/0x80 [ 26.811751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.811776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.811803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.811830] kthread+0x337/0x6f0 [ 26.811851] ? trace_preempt_on+0x20/0xc0 [ 26.811875] ? __pfx_kthread+0x10/0x10 [ 26.811896] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.811919] ? calculate_sigpending+0x7b/0xa0 [ 26.811944] ? __pfx_kthread+0x10/0x10 [ 26.811966] ret_from_fork+0x116/0x1d0 [ 26.811987] ? __pfx_kthread+0x10/0x10 [ 26.812008] ret_from_fork_asm+0x1a/0x30 [ 26.812041] </TASK> [ 26.812053] [ 26.821988] Allocated by task 314: [ 26.822242] kasan_save_stack+0x45/0x70 [ 26.822411] kasan_save_track+0x18/0x40 [ 26.822788] kasan_save_alloc_info+0x3b/0x50 [ 26.823081] __kasan_kmalloc+0xb7/0xc0 [ 26.823221] __kmalloc_cache_noprof+0x189/0x420 [ 26.823562] kasan_atomics+0x95/0x310 [ 26.823853] kunit_try_run_case+0x1a5/0x480 [ 26.824006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.824256] kthread+0x337/0x6f0 [ 26.824416] ret_from_fork+0x116/0x1d0 [ 26.824588] ret_from_fork_asm+0x1a/0x30 [ 26.825042] [ 26.825122] The buggy address belongs to the object at ffff88810623b200 [ 26.825122] which belongs to the cache kmalloc-64 of size 64 [ 26.825707] The buggy address is located 0 bytes to the right of [ 26.825707] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.826092] [ 26.826168] The buggy address belongs to the physical page: [ 26.826386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.827109] flags: 0x200000000000000(node=0|zone=2) [ 26.827474] page_type: f5(slab) [ 26.827619] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.828299] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.828531] page dumped because: kasan: bad access detected [ 26.829026] [ 26.829210] Memory state around the buggy address: [ 26.829698] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.830170] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.830396] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.830674] ^ [ 26.831134] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.831788] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.832399] ================================================================== [ 25.960135] ================================================================== [ 25.960809] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 25.961438] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.961814] [ 25.961907] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.962285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.962313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.962337] Call Trace: [ 25.962351] <TASK> [ 25.962369] dump_stack_lvl+0x73/0xb0 [ 25.962401] print_report+0xd1/0x610 [ 25.962425] ? __virt_addr_valid+0x1db/0x2d0 [ 25.962449] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.962471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.962498] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.962520] kasan_report+0x141/0x180 [ 25.962543] ? kasan_atomics_helper+0x5fe/0x5450 [ 25.962592] kasan_check_range+0x10c/0x1c0 [ 25.962618] __kasan_check_write+0x18/0x20 [ 25.962642] kasan_atomics_helper+0x5fe/0x5450 [ 25.962664] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.962687] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.962713] ? kasan_atomics+0x152/0x310 [ 25.962739] kasan_atomics+0x1dc/0x310 [ 25.962764] ? __pfx_kasan_atomics+0x10/0x10 [ 25.962788] ? __pfx_read_tsc+0x10/0x10 [ 25.962814] ? ktime_get_ts64+0x86/0x230 [ 25.962840] kunit_try_run_case+0x1a5/0x480 [ 25.962865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.962889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.962913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.962937] ? __kthread_parkme+0x82/0x180 [ 25.962959] ? preempt_count_sub+0x50/0x80 [ 25.962983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.963007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.963035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.963063] kthread+0x337/0x6f0 [ 25.963083] ? trace_preempt_on+0x20/0xc0 [ 25.963107] ? __pfx_kthread+0x10/0x10 [ 25.963128] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.963150] ? calculate_sigpending+0x7b/0xa0 [ 25.963175] ? __pfx_kthread+0x10/0x10 [ 25.963198] ret_from_fork+0x116/0x1d0 [ 25.963218] ? __pfx_kthread+0x10/0x10 [ 25.963240] ret_from_fork_asm+0x1a/0x30 [ 25.963272] </TASK> [ 25.963285] [ 25.976267] Allocated by task 314: [ 25.976633] kasan_save_stack+0x45/0x70 [ 25.976885] kasan_save_track+0x18/0x40 [ 25.977018] kasan_save_alloc_info+0x3b/0x50 [ 25.977165] __kasan_kmalloc+0xb7/0xc0 [ 25.977293] __kmalloc_cache_noprof+0x189/0x420 [ 25.977559] kasan_atomics+0x95/0x310 [ 25.978254] kunit_try_run_case+0x1a5/0x480 [ 25.978723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.978916] kthread+0x337/0x6f0 [ 25.979036] ret_from_fork+0x116/0x1d0 [ 25.979165] ret_from_fork_asm+0x1a/0x30 [ 25.979300] [ 25.979837] The buggy address belongs to the object at ffff88810623b200 [ 25.979837] which belongs to the cache kmalloc-64 of size 64 [ 25.981390] The buggy address is located 0 bytes to the right of [ 25.981390] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.982681] [ 25.982763] The buggy address belongs to the physical page: [ 25.982935] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.983164] flags: 0x200000000000000(node=0|zone=2) [ 25.983658] page_type: f5(slab) [ 25.984387] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.985209] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.985581] page dumped because: kasan: bad access detected [ 25.986413] [ 25.986508] Memory state around the buggy address: [ 25.986666] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.987598] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.988014] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.988236] ^ [ 25.988446] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.989581] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.989955] ================================================================== [ 27.102780] ================================================================== [ 27.103110] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 27.103446] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.103835] [ 27.103982] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.104031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.104044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.104065] Call Trace: [ 27.104082] <TASK> [ 27.104097] dump_stack_lvl+0x73/0xb0 [ 27.104138] print_report+0xd1/0x610 [ 27.104172] ? __virt_addr_valid+0x1db/0x2d0 [ 27.104197] ? kasan_atomics_helper+0x5115/0x5450 [ 27.104219] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.104258] ? kasan_atomics_helper+0x5115/0x5450 [ 27.104281] kasan_report+0x141/0x180 [ 27.104303] ? kasan_atomics_helper+0x5115/0x5450 [ 27.104341] __asan_report_load8_noabort+0x18/0x20 [ 27.104367] kasan_atomics_helper+0x5115/0x5450 [ 27.104390] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.104413] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.104438] ? kasan_atomics+0x152/0x310 [ 27.104465] kasan_atomics+0x1dc/0x310 [ 27.104489] ? __pfx_kasan_atomics+0x10/0x10 [ 27.104514] ? __pfx_read_tsc+0x10/0x10 [ 27.104537] ? ktime_get_ts64+0x86/0x230 [ 27.104563] kunit_try_run_case+0x1a5/0x480 [ 27.104597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.104631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.104655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.104690] ? __kthread_parkme+0x82/0x180 [ 27.104711] ? preempt_count_sub+0x50/0x80 [ 27.104736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.104761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.104788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.104817] kthread+0x337/0x6f0 [ 27.104837] ? trace_preempt_on+0x20/0xc0 [ 27.104860] ? __pfx_kthread+0x10/0x10 [ 27.104883] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.104905] ? calculate_sigpending+0x7b/0xa0 [ 27.104930] ? __pfx_kthread+0x10/0x10 [ 27.104952] ret_from_fork+0x116/0x1d0 [ 27.104972] ? __pfx_kthread+0x10/0x10 [ 27.104993] ret_from_fork_asm+0x1a/0x30 [ 27.105025] </TASK> [ 27.105036] [ 27.111826] Allocated by task 314: [ 27.111953] kasan_save_stack+0x45/0x70 [ 27.112108] kasan_save_track+0x18/0x40 [ 27.112295] kasan_save_alloc_info+0x3b/0x50 [ 27.112533] __kasan_kmalloc+0xb7/0xc0 [ 27.112758] __kmalloc_cache_noprof+0x189/0x420 [ 27.112997] kasan_atomics+0x95/0x310 [ 27.113145] kunit_try_run_case+0x1a5/0x480 [ 27.113357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.113602] kthread+0x337/0x6f0 [ 27.113789] ret_from_fork+0x116/0x1d0 [ 27.113961] ret_from_fork_asm+0x1a/0x30 [ 27.114141] [ 27.114244] The buggy address belongs to the object at ffff88810623b200 [ 27.114244] which belongs to the cache kmalloc-64 of size 64 [ 27.114774] The buggy address is located 0 bytes to the right of [ 27.114774] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.115140] [ 27.115208] The buggy address belongs to the physical page: [ 27.115420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.115850] flags: 0x200000000000000(node=0|zone=2) [ 27.116089] page_type: f5(slab) [ 27.116256] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.116613] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.116887] page dumped because: kasan: bad access detected [ 27.117127] [ 27.117192] Memory state around the buggy address: [ 27.117351] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.117696] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.118029] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.118342] ^ [ 27.118528] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.118855] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119092] ================================================================== [ 25.770228] ================================================================== [ 25.770630] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 25.771077] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.771316] [ 25.771424] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.771497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.771511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.771533] Call Trace: [ 25.771546] <TASK> [ 25.771560] dump_stack_lvl+0x73/0xb0 [ 25.771611] print_report+0xd1/0x610 [ 25.771634] ? __virt_addr_valid+0x1db/0x2d0 [ 25.771678] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.771699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.771725] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.771746] kasan_report+0x141/0x180 [ 25.771768] ? kasan_atomics_helper+0x4ba2/0x5450 [ 25.771812] __asan_report_store4_noabort+0x1b/0x30 [ 25.771837] kasan_atomics_helper+0x4ba2/0x5450 [ 25.771877] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.771900] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.771926] ? kasan_atomics+0x152/0x310 [ 25.771951] kasan_atomics+0x1dc/0x310 [ 25.772032] ? __pfx_kasan_atomics+0x10/0x10 [ 25.772059] ? __pfx_read_tsc+0x10/0x10 [ 25.772084] ? ktime_get_ts64+0x86/0x230 [ 25.772109] kunit_try_run_case+0x1a5/0x480 [ 25.772133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.772155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.772179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.772202] ? __kthread_parkme+0x82/0x180 [ 25.772222] ? preempt_count_sub+0x50/0x80 [ 25.772263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.772288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.772324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.772351] kthread+0x337/0x6f0 [ 25.772371] ? trace_preempt_on+0x20/0xc0 [ 25.772395] ? __pfx_kthread+0x10/0x10 [ 25.772415] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.772437] ? calculate_sigpending+0x7b/0xa0 [ 25.772461] ? __pfx_kthread+0x10/0x10 [ 25.772483] ret_from_fork+0x116/0x1d0 [ 25.772503] ? __pfx_kthread+0x10/0x10 [ 25.772523] ret_from_fork_asm+0x1a/0x30 [ 25.772555] </TASK> [ 25.772565] [ 25.780348] Allocated by task 314: [ 25.780533] kasan_save_stack+0x45/0x70 [ 25.780824] kasan_save_track+0x18/0x40 [ 25.780983] kasan_save_alloc_info+0x3b/0x50 [ 25.781120] __kasan_kmalloc+0xb7/0xc0 [ 25.781349] __kmalloc_cache_noprof+0x189/0x420 [ 25.781559] kasan_atomics+0x95/0x310 [ 25.781832] kunit_try_run_case+0x1a5/0x480 [ 25.782029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.782212] kthread+0x337/0x6f0 [ 25.782394] ret_from_fork+0x116/0x1d0 [ 25.782577] ret_from_fork_asm+0x1a/0x30 [ 25.782797] [ 25.783043] The buggy address belongs to the object at ffff88810623b200 [ 25.783043] which belongs to the cache kmalloc-64 of size 64 [ 25.783556] The buggy address is located 0 bytes to the right of [ 25.783556] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.784075] [ 25.784142] The buggy address belongs to the physical page: [ 25.784619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.784983] flags: 0x200000000000000(node=0|zone=2) [ 25.785141] page_type: f5(slab) [ 25.785258] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.785656] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.785984] page dumped because: kasan: bad access detected [ 25.786230] [ 25.786327] Memory state around the buggy address: [ 25.786551] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.786836] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.787190] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.787488] ^ [ 25.787742] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.787953] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.788294] ================================================================== [ 26.247103] ================================================================== [ 26.249881] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 26.250131] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.250370] [ 26.250461] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.250512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.250526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.250549] Call Trace: [ 26.250569] <TASK> [ 26.250588] dump_stack_lvl+0x73/0xb0 [ 26.250616] print_report+0xd1/0x610 [ 26.250638] ? __virt_addr_valid+0x1db/0x2d0 [ 26.250661] ? kasan_atomics_helper+0xe78/0x5450 [ 26.250683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.250709] ? kasan_atomics_helper+0xe78/0x5450 [ 26.250731] kasan_report+0x141/0x180 [ 26.250753] ? kasan_atomics_helper+0xe78/0x5450 [ 26.250778] kasan_check_range+0x10c/0x1c0 [ 26.250802] __kasan_check_write+0x18/0x20 [ 26.250826] kasan_atomics_helper+0xe78/0x5450 [ 26.250848] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.250871] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.250896] ? kasan_atomics+0x152/0x310 [ 26.250922] kasan_atomics+0x1dc/0x310 [ 26.250944] ? __pfx_kasan_atomics+0x10/0x10 [ 26.250969] ? __pfx_read_tsc+0x10/0x10 [ 26.250994] ? ktime_get_ts64+0x86/0x230 [ 26.251021] kunit_try_run_case+0x1a5/0x480 [ 26.251045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.251069] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.251093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.251117] ? __kthread_parkme+0x82/0x180 [ 26.251138] ? preempt_count_sub+0x50/0x80 [ 26.251162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.251186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.251213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.251240] kthread+0x337/0x6f0 [ 26.251260] ? trace_preempt_on+0x20/0xc0 [ 26.251284] ? __pfx_kthread+0x10/0x10 [ 26.251305] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.251954] ? calculate_sigpending+0x7b/0xa0 [ 26.251992] ? __pfx_kthread+0x10/0x10 [ 26.252049] ret_from_fork+0x116/0x1d0 [ 26.252072] ? __pfx_kthread+0x10/0x10 [ 26.252095] ret_from_fork_asm+0x1a/0x30 [ 26.252129] </TASK> [ 26.252140] [ 26.264532] Allocated by task 314: [ 26.264690] kasan_save_stack+0x45/0x70 [ 26.264925] kasan_save_track+0x18/0x40 [ 26.265118] kasan_save_alloc_info+0x3b/0x50 [ 26.265291] __kasan_kmalloc+0xb7/0xc0 [ 26.265444] __kmalloc_cache_noprof+0x189/0x420 [ 26.265662] kasan_atomics+0x95/0x310 [ 26.265875] kunit_try_run_case+0x1a5/0x480 [ 26.266060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.266259] kthread+0x337/0x6f0 [ 26.266427] ret_from_fork+0x116/0x1d0 [ 26.266586] ret_from_fork_asm+0x1a/0x30 [ 26.266770] [ 26.266842] The buggy address belongs to the object at ffff88810623b200 [ 26.266842] which belongs to the cache kmalloc-64 of size 64 [ 26.267231] The buggy address is located 0 bytes to the right of [ 26.267231] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.267781] [ 26.267854] The buggy address belongs to the physical page: [ 26.268020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.268515] flags: 0x200000000000000(node=0|zone=2) [ 26.268897] page_type: f5(slab) [ 26.269045] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.269336] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.270020] page dumped because: kasan: bad access detected [ 26.270460] [ 26.270537] Memory state around the buggy address: [ 26.270919] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.271402] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.271920] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.272414] ^ [ 26.272812] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.273113] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.273415] ================================================================== [ 26.325844] ================================================================== [ 26.326106] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 26.326451] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.326805] [ 26.326914] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.326962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.326976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.326998] Call Trace: [ 26.327017] <TASK> [ 26.327034] dump_stack_lvl+0x73/0xb0 [ 26.327062] print_report+0xd1/0x610 [ 26.327086] ? __virt_addr_valid+0x1db/0x2d0 [ 26.327112] ? kasan_atomics_helper+0x1079/0x5450 [ 26.327133] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.327162] ? kasan_atomics_helper+0x1079/0x5450 [ 26.327186] kasan_report+0x141/0x180 [ 26.327210] ? kasan_atomics_helper+0x1079/0x5450 [ 26.327237] kasan_check_range+0x10c/0x1c0 [ 26.327261] __kasan_check_write+0x18/0x20 [ 26.327286] kasan_atomics_helper+0x1079/0x5450 [ 26.327321] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.327344] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.327370] ? kasan_atomics+0x152/0x310 [ 26.327397] kasan_atomics+0x1dc/0x310 [ 26.327420] ? __pfx_kasan_atomics+0x10/0x10 [ 26.327445] ? __pfx_read_tsc+0x10/0x10 [ 26.327469] ? ktime_get_ts64+0x86/0x230 [ 26.327496] kunit_try_run_case+0x1a5/0x480 [ 26.327520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.327544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.327568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.327613] ? __kthread_parkme+0x82/0x180 [ 26.327635] ? preempt_count_sub+0x50/0x80 [ 26.327660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.327684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.327712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.327740] kthread+0x337/0x6f0 [ 26.327760] ? trace_preempt_on+0x20/0xc0 [ 26.327784] ? __pfx_kthread+0x10/0x10 [ 26.327806] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.327828] ? calculate_sigpending+0x7b/0xa0 [ 26.327853] ? __pfx_kthread+0x10/0x10 [ 26.327875] ret_from_fork+0x116/0x1d0 [ 26.327895] ? __pfx_kthread+0x10/0x10 [ 26.327917] ret_from_fork_asm+0x1a/0x30 [ 26.327950] </TASK> [ 26.327961] [ 26.335074] Allocated by task 314: [ 26.335246] kasan_save_stack+0x45/0x70 [ 26.335447] kasan_save_track+0x18/0x40 [ 26.335647] kasan_save_alloc_info+0x3b/0x50 [ 26.335814] __kasan_kmalloc+0xb7/0xc0 [ 26.335976] __kmalloc_cache_noprof+0x189/0x420 [ 26.336172] kasan_atomics+0x95/0x310 [ 26.336341] kunit_try_run_case+0x1a5/0x480 [ 26.336509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.336786] kthread+0x337/0x6f0 [ 26.336939] ret_from_fork+0x116/0x1d0 [ 26.337103] ret_from_fork_asm+0x1a/0x30 [ 26.337272] [ 26.337348] The buggy address belongs to the object at ffff88810623b200 [ 26.337348] which belongs to the cache kmalloc-64 of size 64 [ 26.337855] The buggy address is located 0 bytes to the right of [ 26.337855] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.338344] [ 26.338437] The buggy address belongs to the physical page: [ 26.338663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.338981] flags: 0x200000000000000(node=0|zone=2) [ 26.339184] page_type: f5(slab) [ 26.339323] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.339633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.339858] page dumped because: kasan: bad access detected [ 26.340025] [ 26.340090] Memory state around the buggy address: [ 26.340242] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.340540] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.340879] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.341183] ^ [ 26.341434] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.341776] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.342082] ================================================================== [ 26.653753] ================================================================== [ 26.654135] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 26.654514] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.654979] [ 26.655066] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.655119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.655132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.655156] Call Trace: [ 26.655177] <TASK> [ 26.655195] dump_stack_lvl+0x73/0xb0 [ 26.655369] print_report+0xd1/0x610 [ 26.655395] ? __virt_addr_valid+0x1db/0x2d0 [ 26.655419] ? kasan_atomics_helper+0x177f/0x5450 [ 26.655454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.655483] ? kasan_atomics_helper+0x177f/0x5450 [ 26.655507] kasan_report+0x141/0x180 [ 26.655533] ? kasan_atomics_helper+0x177f/0x5450 [ 26.655561] kasan_check_range+0x10c/0x1c0 [ 26.655618] __kasan_check_write+0x18/0x20 [ 26.655645] kasan_atomics_helper+0x177f/0x5450 [ 26.655668] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.655704] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.655730] ? kasan_atomics+0x152/0x310 [ 26.655758] kasan_atomics+0x1dc/0x310 [ 26.655781] ? __pfx_kasan_atomics+0x10/0x10 [ 26.655807] ? __pfx_read_tsc+0x10/0x10 [ 26.655873] ? ktime_get_ts64+0x86/0x230 [ 26.655900] kunit_try_run_case+0x1a5/0x480 [ 26.655937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.655960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.655984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.656008] ? __kthread_parkme+0x82/0x180 [ 26.656030] ? preempt_count_sub+0x50/0x80 [ 26.656055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.656080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.656108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.656135] kthread+0x337/0x6f0 [ 26.656157] ? trace_preempt_on+0x20/0xc0 [ 26.656182] ? __pfx_kthread+0x10/0x10 [ 26.656203] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.656225] ? calculate_sigpending+0x7b/0xa0 [ 26.656250] ? __pfx_kthread+0x10/0x10 [ 26.656272] ret_from_fork+0x116/0x1d0 [ 26.656293] ? __pfx_kthread+0x10/0x10 [ 26.656323] ret_from_fork_asm+0x1a/0x30 [ 26.656355] </TASK> [ 26.656368] [ 26.665164] Allocated by task 314: [ 26.665296] kasan_save_stack+0x45/0x70 [ 26.665489] kasan_save_track+0x18/0x40 [ 26.665788] kasan_save_alloc_info+0x3b/0x50 [ 26.666074] __kasan_kmalloc+0xb7/0xc0 [ 26.666384] __kmalloc_cache_noprof+0x189/0x420 [ 26.666541] kasan_atomics+0x95/0x310 [ 26.666714] kunit_try_run_case+0x1a5/0x480 [ 26.666961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.667127] kthread+0x337/0x6f0 [ 26.667384] ret_from_fork+0x116/0x1d0 [ 26.667765] ret_from_fork_asm+0x1a/0x30 [ 26.667938] [ 26.668006] The buggy address belongs to the object at ffff88810623b200 [ 26.668006] which belongs to the cache kmalloc-64 of size 64 [ 26.668367] The buggy address is located 0 bytes to the right of [ 26.668367] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.669025] [ 26.669166] The buggy address belongs to the physical page: [ 26.669511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.669936] flags: 0x200000000000000(node=0|zone=2) [ 26.670096] page_type: f5(slab) [ 26.670394] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.670865] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.671339] page dumped because: kasan: bad access detected [ 26.671615] [ 26.671756] Memory state around the buggy address: [ 26.672057] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.672324] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.672606] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.673087] ^ [ 26.673344] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.673662] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.674040] ================================================================== [ 26.582369] ================================================================== [ 26.582934] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 26.583423] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.583767] [ 26.583855] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.583938] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.583952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.583986] Call Trace: [ 26.584007] <TASK> [ 26.584025] dump_stack_lvl+0x73/0xb0 [ 26.584084] print_report+0xd1/0x610 [ 26.584107] ? __virt_addr_valid+0x1db/0x2d0 [ 26.584144] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.584166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.584193] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.584215] kasan_report+0x141/0x180 [ 26.584239] ? kasan_atomics_helper+0x15b6/0x5450 [ 26.584265] kasan_check_range+0x10c/0x1c0 [ 26.584290] __kasan_check_write+0x18/0x20 [ 26.584323] kasan_atomics_helper+0x15b6/0x5450 [ 26.584347] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.584370] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.584395] ? kasan_atomics+0x152/0x310 [ 26.584423] kasan_atomics+0x1dc/0x310 [ 26.584447] ? __pfx_kasan_atomics+0x10/0x10 [ 26.584472] ? __pfx_read_tsc+0x10/0x10 [ 26.584496] ? ktime_get_ts64+0x86/0x230 [ 26.584523] kunit_try_run_case+0x1a5/0x480 [ 26.584549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.584572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.584617] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.584642] ? __kthread_parkme+0x82/0x180 [ 26.584664] ? preempt_count_sub+0x50/0x80 [ 26.584717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.584742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.584770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.584809] kthread+0x337/0x6f0 [ 26.584830] ? trace_preempt_on+0x20/0xc0 [ 26.584872] ? __pfx_kthread+0x10/0x10 [ 26.584903] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.584925] ? calculate_sigpending+0x7b/0xa0 [ 26.584979] ? __pfx_kthread+0x10/0x10 [ 26.585002] ret_from_fork+0x116/0x1d0 [ 26.585023] ? __pfx_kthread+0x10/0x10 [ 26.585045] ret_from_fork_asm+0x1a/0x30 [ 26.585078] </TASK> [ 26.585089] [ 26.598226] Allocated by task 314: [ 26.598548] kasan_save_stack+0x45/0x70 [ 26.599017] kasan_save_track+0x18/0x40 [ 26.599422] kasan_save_alloc_info+0x3b/0x50 [ 26.599843] __kasan_kmalloc+0xb7/0xc0 [ 26.600206] __kmalloc_cache_noprof+0x189/0x420 [ 26.600664] kasan_atomics+0x95/0x310 [ 26.601013] kunit_try_run_case+0x1a5/0x480 [ 26.601157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.601341] kthread+0x337/0x6f0 [ 26.601456] ret_from_fork+0x116/0x1d0 [ 26.601624] ret_from_fork_asm+0x1a/0x30 [ 26.601963] [ 26.602145] The buggy address belongs to the object at ffff88810623b200 [ 26.602145] which belongs to the cache kmalloc-64 of size 64 [ 26.603286] The buggy address is located 0 bytes to the right of [ 26.603286] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.604451] [ 26.604664] The buggy address belongs to the physical page: [ 26.605103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.605358] flags: 0x200000000000000(node=0|zone=2) [ 26.605523] page_type: f5(slab) [ 26.606412] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.607487] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.607771] page dumped because: kasan: bad access detected [ 26.608327] [ 26.608552] Memory state around the buggy address: [ 26.608997] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.609225] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.609448] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.609701] ^ [ 26.609944] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.610309] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.610572] ================================================================== [ 25.789067] ================================================================== [ 25.789429] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 25.790316] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.790662] [ 25.790783] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.790837] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.790851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.790948] Call Trace: [ 25.790966] <TASK> [ 25.790983] dump_stack_lvl+0x73/0xb0 [ 25.791015] print_report+0xd1/0x610 [ 25.791039] ? __virt_addr_valid+0x1db/0x2d0 [ 25.791064] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.791087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.791134] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.791157] kasan_report+0x141/0x180 [ 25.791181] ? kasan_atomics_helper+0x4b88/0x5450 [ 25.791208] __asan_report_load4_noabort+0x18/0x20 [ 25.791233] kasan_atomics_helper+0x4b88/0x5450 [ 25.791258] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.791300] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.791338] ? kasan_atomics+0x152/0x310 [ 25.791366] kasan_atomics+0x1dc/0x310 [ 25.791389] ? __pfx_kasan_atomics+0x10/0x10 [ 25.791414] ? __pfx_read_tsc+0x10/0x10 [ 25.791437] ? ktime_get_ts64+0x86/0x230 [ 25.791463] kunit_try_run_case+0x1a5/0x480 [ 25.791489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.791512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.791536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.791561] ? __kthread_parkme+0x82/0x180 [ 25.791583] ? preempt_count_sub+0x50/0x80 [ 25.791608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.791634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.791663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.791692] kthread+0x337/0x6f0 [ 25.791713] ? trace_preempt_on+0x20/0xc0 [ 25.791758] ? __pfx_kthread+0x10/0x10 [ 25.791780] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.791802] ? calculate_sigpending+0x7b/0xa0 [ 25.791828] ? __pfx_kthread+0x10/0x10 [ 25.791850] ret_from_fork+0x116/0x1d0 [ 25.791918] ? __pfx_kthread+0x10/0x10 [ 25.791941] ret_from_fork_asm+0x1a/0x30 [ 25.791974] </TASK> [ 25.791986] [ 25.800353] Allocated by task 314: [ 25.800539] kasan_save_stack+0x45/0x70 [ 25.800750] kasan_save_track+0x18/0x40 [ 25.800885] kasan_save_alloc_info+0x3b/0x50 [ 25.801076] __kasan_kmalloc+0xb7/0xc0 [ 25.801281] __kmalloc_cache_noprof+0x189/0x420 [ 25.801554] kasan_atomics+0x95/0x310 [ 25.801778] kunit_try_run_case+0x1a5/0x480 [ 25.802078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.802291] kthread+0x337/0x6f0 [ 25.802420] ret_from_fork+0x116/0x1d0 [ 25.802548] ret_from_fork_asm+0x1a/0x30 [ 25.802764] [ 25.802861] The buggy address belongs to the object at ffff88810623b200 [ 25.802861] which belongs to the cache kmalloc-64 of size 64 [ 25.803405] The buggy address is located 0 bytes to the right of [ 25.803405] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.804312] [ 25.804400] The buggy address belongs to the physical page: [ 25.804647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.804886] flags: 0x200000000000000(node=0|zone=2) [ 25.805047] page_type: f5(slab) [ 25.805210] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.805736] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.806064] page dumped because: kasan: bad access detected [ 25.806232] [ 25.806298] Memory state around the buggy address: [ 25.806460] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.807249] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.807601] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.807975] ^ [ 25.808171] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.808547] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.808798] ================================================================== [ 26.471523] ================================================================== [ 26.471778] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 26.472088] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.472419] [ 26.472523] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.472571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.472605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.472626] Call Trace: [ 26.472644] <TASK> [ 26.472660] dump_stack_lvl+0x73/0xb0 [ 26.472689] print_report+0xd1/0x610 [ 26.472712] ? __virt_addr_valid+0x1db/0x2d0 [ 26.472737] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.472759] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.472785] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.472808] kasan_report+0x141/0x180 [ 26.472830] ? kasan_atomics_helper+0x13b5/0x5450 [ 26.472857] kasan_check_range+0x10c/0x1c0 [ 26.472882] __kasan_check_read+0x15/0x20 [ 26.472905] kasan_atomics_helper+0x13b5/0x5450 [ 26.472928] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.472951] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.472976] ? kasan_atomics+0x152/0x310 [ 26.473002] kasan_atomics+0x1dc/0x310 [ 26.473025] ? __pfx_kasan_atomics+0x10/0x10 [ 26.473050] ? __pfx_read_tsc+0x10/0x10 [ 26.473073] ? ktime_get_ts64+0x86/0x230 [ 26.473099] kunit_try_run_case+0x1a5/0x480 [ 26.473124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.473146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.473170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.473194] ? __kthread_parkme+0x82/0x180 [ 26.473215] ? preempt_count_sub+0x50/0x80 [ 26.473241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.473266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.473293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.473331] kthread+0x337/0x6f0 [ 26.473352] ? trace_preempt_on+0x20/0xc0 [ 26.473376] ? __pfx_kthread+0x10/0x10 [ 26.473398] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.473421] ? calculate_sigpending+0x7b/0xa0 [ 26.473445] ? __pfx_kthread+0x10/0x10 [ 26.473467] ret_from_fork+0x116/0x1d0 [ 26.473488] ? __pfx_kthread+0x10/0x10 [ 26.473510] ret_from_fork_asm+0x1a/0x30 [ 26.473542] </TASK> [ 26.473554] [ 26.480427] Allocated by task 314: [ 26.480560] kasan_save_stack+0x45/0x70 [ 26.480718] kasan_save_track+0x18/0x40 [ 26.480856] kasan_save_alloc_info+0x3b/0x50 [ 26.481062] __kasan_kmalloc+0xb7/0xc0 [ 26.481248] __kmalloc_cache_noprof+0x189/0x420 [ 26.481474] kasan_atomics+0x95/0x310 [ 26.481690] kunit_try_run_case+0x1a5/0x480 [ 26.481899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.482157] kthread+0x337/0x6f0 [ 26.482331] ret_from_fork+0x116/0x1d0 [ 26.482517] ret_from_fork_asm+0x1a/0x30 [ 26.482742] [ 26.482835] The buggy address belongs to the object at ffff88810623b200 [ 26.482835] which belongs to the cache kmalloc-64 of size 64 [ 26.483310] The buggy address is located 0 bytes to the right of [ 26.483310] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.483703] [ 26.483773] The buggy address belongs to the physical page: [ 26.483986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.484350] flags: 0x200000000000000(node=0|zone=2) [ 26.484606] page_type: f5(slab) [ 26.484775] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.485113] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.485453] page dumped because: kasan: bad access detected [ 26.485728] [ 26.485805] Memory state around the buggy address: [ 26.486000] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.486211] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.486431] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.486663] ^ [ 26.486816] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.487025] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.487234] ================================================================== [ 26.438108] ================================================================== [ 26.438459] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 26.438802] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.439110] [ 26.439219] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.439269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.439282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.439303] Call Trace: [ 26.439329] <TASK> [ 26.439345] dump_stack_lvl+0x73/0xb0 [ 26.439375] print_report+0xd1/0x610 [ 26.439398] ? __virt_addr_valid+0x1db/0x2d0 [ 26.439422] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.439444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.439472] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.439495] kasan_report+0x141/0x180 [ 26.439517] ? kasan_atomics_helper+0x12e6/0x5450 [ 26.439544] kasan_check_range+0x10c/0x1c0 [ 26.439569] __kasan_check_write+0x18/0x20 [ 26.439613] kasan_atomics_helper+0x12e6/0x5450 [ 26.439637] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.439660] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.439687] ? kasan_atomics+0x152/0x310 [ 26.439714] kasan_atomics+0x1dc/0x310 [ 26.439737] ? __pfx_kasan_atomics+0x10/0x10 [ 26.439762] ? __pfx_read_tsc+0x10/0x10 [ 26.439785] ? ktime_get_ts64+0x86/0x230 [ 26.439811] kunit_try_run_case+0x1a5/0x480 [ 26.439835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.439882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.439906] ? __kthread_parkme+0x82/0x180 [ 26.439928] ? preempt_count_sub+0x50/0x80 [ 26.439954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.439978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.440006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.440034] kthread+0x337/0x6f0 [ 26.440055] ? trace_preempt_on+0x20/0xc0 [ 26.440080] ? __pfx_kthread+0x10/0x10 [ 26.440101] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.440123] ? calculate_sigpending+0x7b/0xa0 [ 26.440148] ? __pfx_kthread+0x10/0x10 [ 26.440170] ret_from_fork+0x116/0x1d0 [ 26.440191] ? __pfx_kthread+0x10/0x10 [ 26.440213] ret_from_fork_asm+0x1a/0x30 [ 26.440244] </TASK> [ 26.440255] [ 26.447168] Allocated by task 314: [ 26.447360] kasan_save_stack+0x45/0x70 [ 26.447525] kasan_save_track+0x18/0x40 [ 26.447731] kasan_save_alloc_info+0x3b/0x50 [ 26.447878] __kasan_kmalloc+0xb7/0xc0 [ 26.448006] __kmalloc_cache_noprof+0x189/0x420 [ 26.448157] kasan_atomics+0x95/0x310 [ 26.448303] kunit_try_run_case+0x1a5/0x480 [ 26.448519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.448781] kthread+0x337/0x6f0 [ 26.448957] ret_from_fork+0x116/0x1d0 [ 26.449145] ret_from_fork_asm+0x1a/0x30 [ 26.449347] [ 26.449443] The buggy address belongs to the object at ffff88810623b200 [ 26.449443] which belongs to the cache kmalloc-64 of size 64 [ 26.449955] The buggy address is located 0 bytes to the right of [ 26.449955] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.450427] [ 26.450503] The buggy address belongs to the physical page: [ 26.450776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.451073] flags: 0x200000000000000(node=0|zone=2) [ 26.451289] page_type: f5(slab) [ 26.451442] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.451754] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.452065] page dumped because: kasan: bad access detected [ 26.452268] [ 26.452367] Memory state around the buggy address: [ 26.452563] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.452863] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.453074] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.453283] ^ [ 26.453514] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.453858] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.454167] ================================================================== [ 26.632767] ================================================================== [ 26.633271] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 26.633569] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.633913] [ 26.634086] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.634218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.634234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.634257] Call Trace: [ 26.634278] <TASK> [ 26.634297] dump_stack_lvl+0x73/0xb0 [ 26.634338] print_report+0xd1/0x610 [ 26.634362] ? __virt_addr_valid+0x1db/0x2d0 [ 26.634388] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.634409] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.634476] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.634499] kasan_report+0x141/0x180 [ 26.634533] ? kasan_atomics_helper+0x16e7/0x5450 [ 26.634603] kasan_check_range+0x10c/0x1c0 [ 26.634629] __kasan_check_write+0x18/0x20 [ 26.634664] kasan_atomics_helper+0x16e7/0x5450 [ 26.634687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.634710] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.634737] ? kasan_atomics+0x152/0x310 [ 26.634763] kasan_atomics+0x1dc/0x310 [ 26.634787] ? __pfx_kasan_atomics+0x10/0x10 [ 26.634812] ? __pfx_read_tsc+0x10/0x10 [ 26.634835] ? ktime_get_ts64+0x86/0x230 [ 26.634861] kunit_try_run_case+0x1a5/0x480 [ 26.634886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.634909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.634934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.634958] ? __kthread_parkme+0x82/0x180 [ 26.634979] ? preempt_count_sub+0x50/0x80 [ 26.635004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.635028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.635056] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.635084] kthread+0x337/0x6f0 [ 26.635104] ? trace_preempt_on+0x20/0xc0 [ 26.635129] ? __pfx_kthread+0x10/0x10 [ 26.635151] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.635173] ? calculate_sigpending+0x7b/0xa0 [ 26.635198] ? __pfx_kthread+0x10/0x10 [ 26.635221] ret_from_fork+0x116/0x1d0 [ 26.635242] ? __pfx_kthread+0x10/0x10 [ 26.635263] ret_from_fork_asm+0x1a/0x30 [ 26.635296] </TASK> [ 26.635308] [ 26.644270] Allocated by task 314: [ 26.644445] kasan_save_stack+0x45/0x70 [ 26.644640] kasan_save_track+0x18/0x40 [ 26.644881] kasan_save_alloc_info+0x3b/0x50 [ 26.645133] __kasan_kmalloc+0xb7/0xc0 [ 26.645262] __kmalloc_cache_noprof+0x189/0x420 [ 26.645567] kasan_atomics+0x95/0x310 [ 26.645854] kunit_try_run_case+0x1a5/0x480 [ 26.646066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.646342] kthread+0x337/0x6f0 [ 26.646459] ret_from_fork+0x116/0x1d0 [ 26.646584] ret_from_fork_asm+0x1a/0x30 [ 26.646781] [ 26.646953] The buggy address belongs to the object at ffff88810623b200 [ 26.646953] which belongs to the cache kmalloc-64 of size 64 [ 26.647831] The buggy address is located 0 bytes to the right of [ 26.647831] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.648349] [ 26.648420] The buggy address belongs to the physical page: [ 26.648670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.649204] flags: 0x200000000000000(node=0|zone=2) [ 26.649447] page_type: f5(slab) [ 26.649614] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.650065] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.650347] page dumped because: kasan: bad access detected [ 26.650687] [ 26.650856] Memory state around the buggy address: [ 26.651029] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.651342] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.651886] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.652135] ^ [ 26.652367] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.652805] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.653049] ================================================================== [ 26.516411] ================================================================== [ 26.517428] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 26.518362] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.518799] [ 26.518981] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.519037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.519051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.519382] Call Trace: [ 26.519409] <TASK> [ 26.519432] dump_stack_lvl+0x73/0xb0 [ 26.519468] print_report+0xd1/0x610 [ 26.519493] ? __virt_addr_valid+0x1db/0x2d0 [ 26.519518] ? kasan_atomics_helper+0x1467/0x5450 [ 26.519540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.519568] ? kasan_atomics_helper+0x1467/0x5450 [ 26.519592] kasan_report+0x141/0x180 [ 26.519629] ? kasan_atomics_helper+0x1467/0x5450 [ 26.519656] kasan_check_range+0x10c/0x1c0 [ 26.519680] __kasan_check_write+0x18/0x20 [ 26.519705] kasan_atomics_helper+0x1467/0x5450 [ 26.519730] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.519753] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.519780] ? kasan_atomics+0x152/0x310 [ 26.519807] kasan_atomics+0x1dc/0x310 [ 26.519830] ? __pfx_kasan_atomics+0x10/0x10 [ 26.519854] ? __pfx_read_tsc+0x10/0x10 [ 26.519881] ? ktime_get_ts64+0x86/0x230 [ 26.519908] kunit_try_run_case+0x1a5/0x480 [ 26.519934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.519958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.519983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.520007] ? __kthread_parkme+0x82/0x180 [ 26.520029] ? preempt_count_sub+0x50/0x80 [ 26.520053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.520079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.520106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.520135] kthread+0x337/0x6f0 [ 26.520155] ? trace_preempt_on+0x20/0xc0 [ 26.520180] ? __pfx_kthread+0x10/0x10 [ 26.520201] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.520224] ? calculate_sigpending+0x7b/0xa0 [ 26.520249] ? __pfx_kthread+0x10/0x10 [ 26.520272] ret_from_fork+0x116/0x1d0 [ 26.520293] ? __pfx_kthread+0x10/0x10 [ 26.520335] ret_from_fork_asm+0x1a/0x30 [ 26.520369] </TASK> [ 26.520381] [ 26.532142] Allocated by task 314: [ 26.532287] kasan_save_stack+0x45/0x70 [ 26.532793] kasan_save_track+0x18/0x40 [ 26.533040] kasan_save_alloc_info+0x3b/0x50 [ 26.533255] __kasan_kmalloc+0xb7/0xc0 [ 26.533403] __kmalloc_cache_noprof+0x189/0x420 [ 26.533551] kasan_atomics+0x95/0x310 [ 26.534004] kunit_try_run_case+0x1a5/0x480 [ 26.534413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.534717] kthread+0x337/0x6f0 [ 26.534843] ret_from_fork+0x116/0x1d0 [ 26.534975] ret_from_fork_asm+0x1a/0x30 [ 26.535111] [ 26.535180] The buggy address belongs to the object at ffff88810623b200 [ 26.535180] which belongs to the cache kmalloc-64 of size 64 [ 26.536122] The buggy address is located 0 bytes to the right of [ 26.536122] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.537265] [ 26.537432] The buggy address belongs to the physical page: [ 26.537964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.538702] flags: 0x200000000000000(node=0|zone=2) [ 26.539043] page_type: f5(slab) [ 26.539165] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.539401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.539790] page dumped because: kasan: bad access detected [ 26.540343] [ 26.540522] Memory state around the buggy address: [ 26.540988] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.541662] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.542280] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.542753] ^ [ 26.542910] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.543119] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.543334] ================================================================== [ 25.850104] ================================================================== [ 25.851015] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 25.851262] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.851498] [ 25.851586] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.851636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.851651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.851674] Call Trace: [ 25.851695] <TASK> [ 25.851712] dump_stack_lvl+0x73/0xb0 [ 25.851742] print_report+0xd1/0x610 [ 25.851766] ? __virt_addr_valid+0x1db/0x2d0 [ 25.851792] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.851814] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.851841] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.851864] kasan_report+0x141/0x180 [ 25.852099] ? kasan_atomics_helper+0x4b54/0x5450 [ 25.852127] __asan_report_load4_noabort+0x18/0x20 [ 25.852154] kasan_atomics_helper+0x4b54/0x5450 [ 25.852177] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.852201] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.852227] ? kasan_atomics+0x152/0x310 [ 25.852254] kasan_atomics+0x1dc/0x310 [ 25.852278] ? __pfx_kasan_atomics+0x10/0x10 [ 25.852315] ? __pfx_read_tsc+0x10/0x10 [ 25.852339] ? ktime_get_ts64+0x86/0x230 [ 25.852365] kunit_try_run_case+0x1a5/0x480 [ 25.852391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.852414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.852440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.852464] ? __kthread_parkme+0x82/0x180 [ 25.852486] ? preempt_count_sub+0x50/0x80 [ 25.852512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.852537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.852565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.852697] kthread+0x337/0x6f0 [ 25.852721] ? trace_preempt_on+0x20/0xc0 [ 25.852746] ? __pfx_kthread+0x10/0x10 [ 25.852768] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.852791] ? calculate_sigpending+0x7b/0xa0 [ 25.852816] ? __pfx_kthread+0x10/0x10 [ 25.852838] ret_from_fork+0x116/0x1d0 [ 25.852859] ? __pfx_kthread+0x10/0x10 [ 25.852896] ret_from_fork_asm+0x1a/0x30 [ 25.852929] </TASK> [ 25.852941] [ 25.863786] Allocated by task 314: [ 25.864126] kasan_save_stack+0x45/0x70 [ 25.864448] kasan_save_track+0x18/0x40 [ 25.864797] kasan_save_alloc_info+0x3b/0x50 [ 25.864946] __kasan_kmalloc+0xb7/0xc0 [ 25.865072] __kmalloc_cache_noprof+0x189/0x420 [ 25.865635] kasan_atomics+0x95/0x310 [ 25.866045] kunit_try_run_case+0x1a5/0x480 [ 25.866478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.867085] kthread+0x337/0x6f0 [ 25.867517] ret_from_fork+0x116/0x1d0 [ 25.867702] ret_from_fork_asm+0x1a/0x30 [ 25.867834] [ 25.868139] The buggy address belongs to the object at ffff88810623b200 [ 25.868139] which belongs to the cache kmalloc-64 of size 64 [ 25.869401] The buggy address is located 0 bytes to the right of [ 25.869401] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.870212] [ 25.870290] The buggy address belongs to the physical page: [ 25.870477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.870726] flags: 0x200000000000000(node=0|zone=2) [ 25.870888] page_type: f5(slab) [ 25.871007] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.871234] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.871467] page dumped because: kasan: bad access detected [ 25.871633] [ 25.871697] Memory state around the buggy address: [ 25.871850] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.872061] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.872273] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.873612] ^ [ 25.874200] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.875353] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.876161] ================================================================== [ 26.757125] ================================================================== [ 26.757468] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 26.758025] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.758517] [ 26.758616] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.758668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.758682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.758825] Call Trace: [ 26.758848] <TASK> [ 26.758866] dump_stack_lvl+0x73/0xb0 [ 26.758898] print_report+0xd1/0x610 [ 26.758921] ? __virt_addr_valid+0x1db/0x2d0 [ 26.758946] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.758968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.758994] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.759017] kasan_report+0x141/0x180 [ 26.759040] ? kasan_atomics_helper+0x1a7f/0x5450 [ 26.759067] kasan_check_range+0x10c/0x1c0 [ 26.759092] __kasan_check_write+0x18/0x20 [ 26.759116] kasan_atomics_helper+0x1a7f/0x5450 [ 26.759141] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.759164] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.759189] ? kasan_atomics+0x152/0x310 [ 26.759216] kasan_atomics+0x1dc/0x310 [ 26.759239] ? __pfx_kasan_atomics+0x10/0x10 [ 26.759264] ? __pfx_read_tsc+0x10/0x10 [ 26.759287] ? ktime_get_ts64+0x86/0x230 [ 26.759312] kunit_try_run_case+0x1a5/0x480 [ 26.759350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.759397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.759420] ? __kthread_parkme+0x82/0x180 [ 26.759442] ? preempt_count_sub+0x50/0x80 [ 26.759467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.759520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.759549] kthread+0x337/0x6f0 [ 26.759569] ? trace_preempt_on+0x20/0xc0 [ 26.759595] ? __pfx_kthread+0x10/0x10 [ 26.759627] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.759649] ? calculate_sigpending+0x7b/0xa0 [ 26.759674] ? __pfx_kthread+0x10/0x10 [ 26.759696] ret_from_fork+0x116/0x1d0 [ 26.759717] ? __pfx_kthread+0x10/0x10 [ 26.759739] ret_from_fork_asm+0x1a/0x30 [ 26.759771] </TASK> [ 26.759783] [ 26.768876] Allocated by task 314: [ 26.770985] kasan_save_stack+0x45/0x70 [ 26.771633] kasan_save_track+0x18/0x40 [ 26.771790] kasan_save_alloc_info+0x3b/0x50 [ 26.771933] __kasan_kmalloc+0xb7/0xc0 [ 26.772057] __kmalloc_cache_noprof+0x189/0x420 [ 26.772202] kasan_atomics+0x95/0x310 [ 26.772357] kunit_try_run_case+0x1a5/0x480 [ 26.772494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.772661] kthread+0x337/0x6f0 [ 26.772774] ret_from_fork+0x116/0x1d0 [ 26.773408] ret_from_fork_asm+0x1a/0x30 [ 26.773760] [ 26.773899] The buggy address belongs to the object at ffff88810623b200 [ 26.773899] which belongs to the cache kmalloc-64 of size 64 [ 26.774294] The buggy address is located 0 bytes to the right of [ 26.774294] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.775273] [ 26.775565] The buggy address belongs to the physical page: [ 26.775873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.776233] flags: 0x200000000000000(node=0|zone=2) [ 26.776784] page_type: f5(slab) [ 26.777102] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.777883] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.778222] page dumped because: kasan: bad access detected [ 26.778466] [ 26.778551] Memory state around the buggy address: [ 26.779113] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.779646] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.780138] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.780726] ^ [ 26.780959] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.781253] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.781822] ================================================================== [ 26.912525] ================================================================== [ 26.912973] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 26.913396] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.913820] [ 26.913978] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.914031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.914046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.914101] Call Trace: [ 26.914120] <TASK> [ 26.914140] dump_stack_lvl+0x73/0xb0 [ 26.914183] print_report+0xd1/0x610 [ 26.914206] ? __virt_addr_valid+0x1db/0x2d0 [ 26.914231] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.914254] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.914281] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.914304] kasan_report+0x141/0x180 [ 26.914370] ? kasan_atomics_helper+0x1eaa/0x5450 [ 26.914399] kasan_check_range+0x10c/0x1c0 [ 26.914448] __kasan_check_write+0x18/0x20 [ 26.914472] kasan_atomics_helper+0x1eaa/0x5450 [ 26.914495] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.914543] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.914568] ? kasan_atomics+0x152/0x310 [ 26.914621] kasan_atomics+0x1dc/0x310 [ 26.914645] ? __pfx_kasan_atomics+0x10/0x10 [ 26.914669] ? __pfx_read_tsc+0x10/0x10 [ 26.914693] ? ktime_get_ts64+0x86/0x230 [ 26.914718] kunit_try_run_case+0x1a5/0x480 [ 26.914743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.914765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.914819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.914854] ? __kthread_parkme+0x82/0x180 [ 26.914887] ? preempt_count_sub+0x50/0x80 [ 26.914913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.914937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.914964] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.914992] kthread+0x337/0x6f0 [ 26.915013] ? trace_preempt_on+0x20/0xc0 [ 26.915037] ? __pfx_kthread+0x10/0x10 [ 26.915059] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.915081] ? calculate_sigpending+0x7b/0xa0 [ 26.915105] ? __pfx_kthread+0x10/0x10 [ 26.915128] ret_from_fork+0x116/0x1d0 [ 26.915147] ? __pfx_kthread+0x10/0x10 [ 26.915169] ret_from_fork_asm+0x1a/0x30 [ 26.915201] </TASK> [ 26.915213] [ 26.922731] Allocated by task 314: [ 26.922898] kasan_save_stack+0x45/0x70 [ 26.923094] kasan_save_track+0x18/0x40 [ 26.923227] kasan_save_alloc_info+0x3b/0x50 [ 26.923380] __kasan_kmalloc+0xb7/0xc0 [ 26.923564] __kmalloc_cache_noprof+0x189/0x420 [ 26.923805] kasan_atomics+0x95/0x310 [ 26.923987] kunit_try_run_case+0x1a5/0x480 [ 26.924158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.924339] kthread+0x337/0x6f0 [ 26.924505] ret_from_fork+0x116/0x1d0 [ 26.924726] ret_from_fork_asm+0x1a/0x30 [ 26.924933] [ 26.925015] The buggy address belongs to the object at ffff88810623b200 [ 26.925015] which belongs to the cache kmalloc-64 of size 64 [ 26.925527] The buggy address is located 0 bytes to the right of [ 26.925527] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.926067] [ 26.926186] The buggy address belongs to the physical page: [ 26.926413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.926786] flags: 0x200000000000000(node=0|zone=2) [ 26.927002] page_type: f5(slab) [ 26.927121] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.927359] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.927602] page dumped because: kasan: bad access detected [ 26.927875] [ 26.927964] Memory state around the buggy address: [ 26.928184] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.928509] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.928871] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.929181] ^ [ 26.929411] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.929653] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.929861] ================================================================== [ 27.024762] ================================================================== [ 27.025397] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 27.025634] Read of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 27.025897] [ 27.026110] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 27.026163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.026177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.026199] Call Trace: [ 27.026219] <TASK> [ 27.026234] dump_stack_lvl+0x73/0xb0 [ 27.026264] print_report+0xd1/0x610 [ 27.026288] ? __virt_addr_valid+0x1db/0x2d0 [ 27.026313] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.026350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.026379] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.026403] kasan_report+0x141/0x180 [ 27.026426] ? kasan_atomics_helper+0x4fb2/0x5450 [ 27.026453] __asan_report_load8_noabort+0x18/0x20 [ 27.026478] kasan_atomics_helper+0x4fb2/0x5450 [ 27.026502] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.026525] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.026550] ? kasan_atomics+0x152/0x310 [ 27.026577] kasan_atomics+0x1dc/0x310 [ 27.026601] ? __pfx_kasan_atomics+0x10/0x10 [ 27.026627] ? __pfx_read_tsc+0x10/0x10 [ 27.026651] ? ktime_get_ts64+0x86/0x230 [ 27.026676] kunit_try_run_case+0x1a5/0x480 [ 27.026701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.026725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.026750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.026774] ? __kthread_parkme+0x82/0x180 [ 27.026795] ? preempt_count_sub+0x50/0x80 [ 27.026820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.026845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.026873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.026901] kthread+0x337/0x6f0 [ 27.026921] ? trace_preempt_on+0x20/0xc0 [ 27.026946] ? __pfx_kthread+0x10/0x10 [ 27.026968] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.026991] ? calculate_sigpending+0x7b/0xa0 [ 27.027016] ? __pfx_kthread+0x10/0x10 [ 27.027037] ret_from_fork+0x116/0x1d0 [ 27.027057] ? __pfx_kthread+0x10/0x10 [ 27.027079] ret_from_fork_asm+0x1a/0x30 [ 27.027110] </TASK> [ 27.027122] [ 27.041469] Allocated by task 314: [ 27.041716] kasan_save_stack+0x45/0x70 [ 27.041880] kasan_save_track+0x18/0x40 [ 27.042017] kasan_save_alloc_info+0x3b/0x50 [ 27.042241] __kasan_kmalloc+0xb7/0xc0 [ 27.042432] __kmalloc_cache_noprof+0x189/0x420 [ 27.042646] kasan_atomics+0x95/0x310 [ 27.042914] kunit_try_run_case+0x1a5/0x480 [ 27.043072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.043305] kthread+0x337/0x6f0 [ 27.043432] ret_from_fork+0x116/0x1d0 [ 27.043595] ret_from_fork_asm+0x1a/0x30 [ 27.043787] [ 27.043890] The buggy address belongs to the object at ffff88810623b200 [ 27.043890] which belongs to the cache kmalloc-64 of size 64 [ 27.044298] The buggy address is located 0 bytes to the right of [ 27.044298] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 27.045038] [ 27.045123] The buggy address belongs to the physical page: [ 27.045295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 27.045683] flags: 0x200000000000000(node=0|zone=2) [ 27.045927] page_type: f5(slab) [ 27.046094] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.046404] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.046711] page dumped because: kasan: bad access detected [ 27.046965] [ 27.047049] Memory state around the buggy address: [ 27.047290] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.047543] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.047898] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.048162] ^ [ 27.048313] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.048625] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.048928] ================================================================== [ 26.675535] ================================================================== [ 26.675912] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 26.676346] Write of size 8 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.676718] [ 26.676824] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.676908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.676922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.676946] Call Trace: [ 26.676979] <TASK> [ 26.676998] dump_stack_lvl+0x73/0xb0 [ 26.677030] print_report+0xd1/0x610 [ 26.677053] ? __virt_addr_valid+0x1db/0x2d0 [ 26.677078] ? kasan_atomics_helper+0x1818/0x5450 [ 26.677101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.677128] ? kasan_atomics_helper+0x1818/0x5450 [ 26.677151] kasan_report+0x141/0x180 [ 26.677173] ? kasan_atomics_helper+0x1818/0x5450 [ 26.677200] kasan_check_range+0x10c/0x1c0 [ 26.677256] __kasan_check_write+0x18/0x20 [ 26.677281] kasan_atomics_helper+0x1818/0x5450 [ 26.677324] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.677347] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.677374] ? kasan_atomics+0x152/0x310 [ 26.677401] kasan_atomics+0x1dc/0x310 [ 26.677424] ? __pfx_kasan_atomics+0x10/0x10 [ 26.677449] ? __pfx_read_tsc+0x10/0x10 [ 26.677473] ? ktime_get_ts64+0x86/0x230 [ 26.677500] kunit_try_run_case+0x1a5/0x480 [ 26.677525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.677548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.677573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.677596] ? __kthread_parkme+0x82/0x180 [ 26.677636] ? preempt_count_sub+0x50/0x80 [ 26.677661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.677686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.677714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.677742] kthread+0x337/0x6f0 [ 26.677763] ? trace_preempt_on+0x20/0xc0 [ 26.677788] ? __pfx_kthread+0x10/0x10 [ 26.677810] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.677833] ? calculate_sigpending+0x7b/0xa0 [ 26.677858] ? __pfx_kthread+0x10/0x10 [ 26.677880] ret_from_fork+0x116/0x1d0 [ 26.677901] ? __pfx_kthread+0x10/0x10 [ 26.677922] ret_from_fork_asm+0x1a/0x30 [ 26.677955] </TASK> [ 26.677966] [ 26.685622] Allocated by task 314: [ 26.685836] kasan_save_stack+0x45/0x70 [ 26.686031] kasan_save_track+0x18/0x40 [ 26.686158] kasan_save_alloc_info+0x3b/0x50 [ 26.686297] __kasan_kmalloc+0xb7/0xc0 [ 26.686489] __kmalloc_cache_noprof+0x189/0x420 [ 26.686795] kasan_atomics+0x95/0x310 [ 26.686990] kunit_try_run_case+0x1a5/0x480 [ 26.687256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.687593] kthread+0x337/0x6f0 [ 26.687752] ret_from_fork+0x116/0x1d0 [ 26.687981] ret_from_fork_asm+0x1a/0x30 [ 26.688194] [ 26.688280] The buggy address belongs to the object at ffff88810623b200 [ 26.688280] which belongs to the cache kmalloc-64 of size 64 [ 26.688913] The buggy address is located 0 bytes to the right of [ 26.688913] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.689362] [ 26.689432] The buggy address belongs to the physical page: [ 26.689596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.689834] flags: 0x200000000000000(node=0|zone=2) [ 26.690066] page_type: f5(slab) [ 26.690286] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.690654] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.691086] page dumped because: kasan: bad access detected [ 26.691251] [ 26.691371] Memory state around the buggy address: [ 26.691641] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.691940] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.692211] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.692426] ^ [ 26.692580] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.693072] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.693396] ================================================================== [ 26.387354] ================================================================== [ 26.387700] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 26.388028] Read of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 26.388530] [ 26.388673] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 26.388725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.388739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.388760] Call Trace: [ 26.388778] <TASK> [ 26.388794] dump_stack_lvl+0x73/0xb0 [ 26.388824] print_report+0xd1/0x610 [ 26.388847] ? __virt_addr_valid+0x1db/0x2d0 [ 26.388873] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.388895] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.388921] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.388944] kasan_report+0x141/0x180 [ 26.388967] ? kasan_atomics_helper+0x4a02/0x5450 [ 26.388994] __asan_report_load4_noabort+0x18/0x20 [ 26.389019] kasan_atomics_helper+0x4a02/0x5450 [ 26.389043] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 26.389066] ? __kmalloc_cache_noprof+0x189/0x420 [ 26.389092] ? kasan_atomics+0x152/0x310 [ 26.389119] kasan_atomics+0x1dc/0x310 [ 26.389142] ? __pfx_kasan_atomics+0x10/0x10 [ 26.389167] ? __pfx_read_tsc+0x10/0x10 [ 26.389191] ? ktime_get_ts64+0x86/0x230 [ 26.389217] kunit_try_run_case+0x1a5/0x480 [ 26.389242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.389265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.389290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.389326] ? __kthread_parkme+0x82/0x180 [ 26.389349] ? preempt_count_sub+0x50/0x80 [ 26.389373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.389398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.389426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.389454] kthread+0x337/0x6f0 [ 26.389476] ? trace_preempt_on+0x20/0xc0 [ 26.389500] ? __pfx_kthread+0x10/0x10 [ 26.389522] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.389544] ? calculate_sigpending+0x7b/0xa0 [ 26.389569] ? __pfx_kthread+0x10/0x10 [ 26.389621] ret_from_fork+0x116/0x1d0 [ 26.389643] ? __pfx_kthread+0x10/0x10 [ 26.389664] ret_from_fork_asm+0x1a/0x30 [ 26.389696] </TASK> [ 26.389709] [ 26.396427] Allocated by task 314: [ 26.396645] kasan_save_stack+0x45/0x70 [ 26.396843] kasan_save_track+0x18/0x40 [ 26.397029] kasan_save_alloc_info+0x3b/0x50 [ 26.397235] __kasan_kmalloc+0xb7/0xc0 [ 26.397424] __kmalloc_cache_noprof+0x189/0x420 [ 26.397649] kasan_atomics+0x95/0x310 [ 26.397809] kunit_try_run_case+0x1a5/0x480 [ 26.397996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.398200] kthread+0x337/0x6f0 [ 26.398377] ret_from_fork+0x116/0x1d0 [ 26.398533] ret_from_fork_asm+0x1a/0x30 [ 26.398746] [ 26.398835] The buggy address belongs to the object at ffff88810623b200 [ 26.398835] which belongs to the cache kmalloc-64 of size 64 [ 26.399288] The buggy address is located 0 bytes to the right of [ 26.399288] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 26.399764] [ 26.399862] The buggy address belongs to the physical page: [ 26.400113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 26.400475] flags: 0x200000000000000(node=0|zone=2) [ 26.400687] page_type: f5(slab) [ 26.400837] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.401157] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.401429] page dumped because: kasan: bad access detected [ 26.401604] [ 26.401679] Memory state around the buggy address: [ 26.401831] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.402041] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.402294] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 26.402649] ^ [ 26.402869] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.403172] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.403485] ================================================================== [ 25.935012] ================================================================== [ 25.935700] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 25.936051] Write of size 4 at addr ffff88810623b230 by task kunit_try_catch/314 [ 25.936650] [ 25.936763] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.936816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.936831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.937053] Call Trace: [ 25.937079] <TASK> [ 25.937095] dump_stack_lvl+0x73/0xb0 [ 25.937128] print_report+0xd1/0x610 [ 25.937151] ? __virt_addr_valid+0x1db/0x2d0 [ 25.937177] ? kasan_atomics_helper+0x565/0x5450 [ 25.937198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.937225] ? kasan_atomics_helper+0x565/0x5450 [ 25.937248] kasan_report+0x141/0x180 [ 25.937272] ? kasan_atomics_helper+0x565/0x5450 [ 25.937300] kasan_check_range+0x10c/0x1c0 [ 25.937339] __kasan_check_write+0x18/0x20 [ 25.937364] kasan_atomics_helper+0x565/0x5450 [ 25.937387] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 25.937411] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.937437] ? kasan_atomics+0x152/0x310 [ 25.937463] kasan_atomics+0x1dc/0x310 [ 25.937487] ? __pfx_kasan_atomics+0x10/0x10 [ 25.937512] ? __pfx_read_tsc+0x10/0x10 [ 25.937538] ? ktime_get_ts64+0x86/0x230 [ 25.937565] kunit_try_run_case+0x1a5/0x480 [ 25.937618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.937642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.937667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.937691] ? __kthread_parkme+0x82/0x180 [ 25.937713] ? preempt_count_sub+0x50/0x80 [ 25.937737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.937762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.937790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.937818] kthread+0x337/0x6f0 [ 25.937839] ? trace_preempt_on+0x20/0xc0 [ 25.937885] ? __pfx_kthread+0x10/0x10 [ 25.937907] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.937929] ? calculate_sigpending+0x7b/0xa0 [ 25.937954] ? __pfx_kthread+0x10/0x10 [ 25.937976] ret_from_fork+0x116/0x1d0 [ 25.937997] ? __pfx_kthread+0x10/0x10 [ 25.938018] ret_from_fork_asm+0x1a/0x30 [ 25.938050] </TASK> [ 25.938062] [ 25.949113] Allocated by task 314: [ 25.949272] kasan_save_stack+0x45/0x70 [ 25.949469] kasan_save_track+0x18/0x40 [ 25.949915] kasan_save_alloc_info+0x3b/0x50 [ 25.950276] __kasan_kmalloc+0xb7/0xc0 [ 25.950441] __kmalloc_cache_noprof+0x189/0x420 [ 25.950688] kasan_atomics+0x95/0x310 [ 25.951029] kunit_try_run_case+0x1a5/0x480 [ 25.951351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.951612] kthread+0x337/0x6f0 [ 25.951770] ret_from_fork+0x116/0x1d0 [ 25.951943] ret_from_fork_asm+0x1a/0x30 [ 25.952138] [ 25.952213] The buggy address belongs to the object at ffff88810623b200 [ 25.952213] which belongs to the cache kmalloc-64 of size 64 [ 25.953160] The buggy address is located 0 bytes to the right of [ 25.953160] allocated 48-byte region [ffff88810623b200, ffff88810623b230) [ 25.953941] [ 25.954042] The buggy address belongs to the physical page: [ 25.954262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10623b [ 25.954617] flags: 0x200000000000000(node=0|zone=2) [ 25.954841] page_type: f5(slab) [ 25.954992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.955720] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.956117] page dumped because: kasan: bad access detected [ 25.956341] [ 25.956433] Memory state around the buggy address: [ 25.956903] ffff88810623b100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.957288] ffff88810623b180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.957760] >ffff88810623b200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.958099] ^ [ 25.958296] ffff88810623b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.958908] ffff88810623b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.959158] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 25.608459] ================================================================== [ 25.608769] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.609042] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.609259] [ 25.609362] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.609409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.609420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.609440] Call Trace: [ 25.609458] <TASK> [ 25.609475] dump_stack_lvl+0x73/0xb0 [ 25.609502] print_report+0xd1/0x610 [ 25.609524] ? __virt_addr_valid+0x1db/0x2d0 [ 25.609547] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.609572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.609601] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.609627] kasan_report+0x141/0x180 [ 25.609648] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.609678] kasan_check_range+0x10c/0x1c0 [ 25.609701] __kasan_check_write+0x18/0x20 [ 25.609724] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 25.609749] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.609778] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.609801] ? finish_task_switch.isra.0+0x156/0x700 [ 25.609822] ? kasan_bitops_generic+0x92/0x1c0 [ 25.609848] kasan_bitops_generic+0x121/0x1c0 [ 25.609870] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.609894] ? __pfx_read_tsc+0x10/0x10 [ 25.609915] ? ktime_get_ts64+0x86/0x230 [ 25.609939] kunit_try_run_case+0x1a5/0x480 [ 25.609962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.609983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.610005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.610027] ? __kthread_parkme+0x82/0x180 [ 25.610047] ? preempt_count_sub+0x50/0x80 [ 25.610069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.610091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.610117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.610143] kthread+0x337/0x6f0 [ 25.610161] ? trace_preempt_on+0x20/0xc0 [ 25.610184] ? __pfx_kthread+0x10/0x10 [ 25.610204] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.610224] ? calculate_sigpending+0x7b/0xa0 [ 25.610248] ? __pfx_kthread+0x10/0x10 [ 25.610268] ret_from_fork+0x116/0x1d0 [ 25.610287] ? __pfx_kthread+0x10/0x10 [ 25.610687] ret_from_fork_asm+0x1a/0x30 [ 25.610727] </TASK> [ 25.610738] [ 25.618319] Allocated by task 310: [ 25.618445] kasan_save_stack+0x45/0x70 [ 25.618609] kasan_save_track+0x18/0x40 [ 25.618740] kasan_save_alloc_info+0x3b/0x50 [ 25.618909] __kasan_kmalloc+0xb7/0xc0 [ 25.619088] __kmalloc_cache_noprof+0x189/0x420 [ 25.619313] kasan_bitops_generic+0x92/0x1c0 [ 25.619518] kunit_try_run_case+0x1a5/0x480 [ 25.619746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.619999] kthread+0x337/0x6f0 [ 25.620163] ret_from_fork+0x116/0x1d0 [ 25.620360] ret_from_fork_asm+0x1a/0x30 [ 25.620552] [ 25.620661] The buggy address belongs to the object at ffff888105376d80 [ 25.620661] which belongs to the cache kmalloc-16 of size 16 [ 25.621187] The buggy address is located 8 bytes inside of [ 25.621187] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.621722] [ 25.621806] The buggy address belongs to the physical page: [ 25.621994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.622272] flags: 0x200000000000000(node=0|zone=2) [ 25.622520] page_type: f5(slab) [ 25.622713] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.622993] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.623316] page dumped because: kasan: bad access detected [ 25.623531] [ 25.623638] Memory state around the buggy address: [ 25.623831] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.624104] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.624359] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.624582] ^ [ 25.624698] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.624905] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.625108] ================================================================== [ 25.571975] ================================================================== [ 25.573213] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.573699] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.573982] [ 25.574083] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.574135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.574148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.574172] Call Trace: [ 25.574189] <TASK> [ 25.574208] dump_stack_lvl+0x73/0xb0 [ 25.574241] print_report+0xd1/0x610 [ 25.574264] ? __virt_addr_valid+0x1db/0x2d0 [ 25.574290] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.574331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.574357] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.574384] kasan_report+0x141/0x180 [ 25.574406] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.574437] kasan_check_range+0x10c/0x1c0 [ 25.574460] __kasan_check_write+0x18/0x20 [ 25.574483] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 25.574509] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.574537] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.574562] ? finish_task_switch.isra.0+0x156/0x700 [ 25.574596] ? kasan_bitops_generic+0x92/0x1c0 [ 25.574622] kasan_bitops_generic+0x121/0x1c0 [ 25.574644] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.574669] ? __pfx_read_tsc+0x10/0x10 [ 25.574692] ? ktime_get_ts64+0x86/0x230 [ 25.574719] kunit_try_run_case+0x1a5/0x480 [ 25.574745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.574767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.574791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.574813] ? __kthread_parkme+0x82/0x180 [ 25.574834] ? preempt_count_sub+0x50/0x80 [ 25.574856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.574879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.574906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.574933] kthread+0x337/0x6f0 [ 25.574952] ? trace_preempt_on+0x20/0xc0 [ 25.574977] ? __pfx_kthread+0x10/0x10 [ 25.574998] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.575019] ? calculate_sigpending+0x7b/0xa0 [ 25.575044] ? __pfx_kthread+0x10/0x10 [ 25.575065] ret_from_fork+0x116/0x1d0 [ 25.575084] ? __pfx_kthread+0x10/0x10 [ 25.575104] ret_from_fork_asm+0x1a/0x30 [ 25.575137] </TASK> [ 25.575148] [ 25.582794] Allocated by task 310: [ 25.582954] kasan_save_stack+0x45/0x70 [ 25.583137] kasan_save_track+0x18/0x40 [ 25.583331] kasan_save_alloc_info+0x3b/0x50 [ 25.583515] __kasan_kmalloc+0xb7/0xc0 [ 25.583685] __kmalloc_cache_noprof+0x189/0x420 [ 25.583836] kasan_bitops_generic+0x92/0x1c0 [ 25.583976] kunit_try_run_case+0x1a5/0x480 [ 25.584114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.584284] kthread+0x337/0x6f0 [ 25.584457] ret_from_fork+0x116/0x1d0 [ 25.584641] ret_from_fork_asm+0x1a/0x30 [ 25.584843] [ 25.584932] The buggy address belongs to the object at ffff888105376d80 [ 25.584932] which belongs to the cache kmalloc-16 of size 16 [ 25.585470] The buggy address is located 8 bytes inside of [ 25.585470] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.585905] [ 25.585972] The buggy address belongs to the physical page: [ 25.586171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.586528] flags: 0x200000000000000(node=0|zone=2) [ 25.586987] page_type: f5(slab) [ 25.587140] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.587438] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.587741] page dumped because: kasan: bad access detected [ 25.587976] [ 25.588050] Memory state around the buggy address: [ 25.588249] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588547] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.588840] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589112] ^ [ 25.589282] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589573] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.589846] ================================================================== [ 25.701107] ================================================================== [ 25.701445] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.702258] Read of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.702635] [ 25.702744] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.702795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.702808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.702830] Call Trace: [ 25.702852] <TASK> [ 25.702869] dump_stack_lvl+0x73/0xb0 [ 25.702900] print_report+0xd1/0x610 [ 25.702922] ? __virt_addr_valid+0x1db/0x2d0 [ 25.702946] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.702972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.702997] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.703024] kasan_report+0x141/0x180 [ 25.703045] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.703076] kasan_check_range+0x10c/0x1c0 [ 25.703099] __kasan_check_read+0x15/0x20 [ 25.703124] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 25.703152] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.703179] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.703204] ? finish_task_switch.isra.0+0x156/0x700 [ 25.703227] ? kasan_bitops_generic+0x92/0x1c0 [ 25.703253] kasan_bitops_generic+0x121/0x1c0 [ 25.703276] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.703312] ? __pfx_read_tsc+0x10/0x10 [ 25.703337] ? ktime_get_ts64+0x86/0x230 [ 25.703363] kunit_try_run_case+0x1a5/0x480 [ 25.703388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.703410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.703433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.703456] ? __kthread_parkme+0x82/0x180 [ 25.703476] ? preempt_count_sub+0x50/0x80 [ 25.703499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.703522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.703549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.703595] kthread+0x337/0x6f0 [ 25.703615] ? trace_preempt_on+0x20/0xc0 [ 25.703639] ? __pfx_kthread+0x10/0x10 [ 25.703659] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.703680] ? calculate_sigpending+0x7b/0xa0 [ 25.703704] ? __pfx_kthread+0x10/0x10 [ 25.703725] ret_from_fork+0x116/0x1d0 [ 25.703745] ? __pfx_kthread+0x10/0x10 [ 25.703765] ret_from_fork_asm+0x1a/0x30 [ 25.703796] </TASK> [ 25.703807] [ 25.711267] Allocated by task 310: [ 25.711446] kasan_save_stack+0x45/0x70 [ 25.711657] kasan_save_track+0x18/0x40 [ 25.711832] kasan_save_alloc_info+0x3b/0x50 [ 25.711976] __kasan_kmalloc+0xb7/0xc0 [ 25.712102] __kmalloc_cache_noprof+0x189/0x420 [ 25.712332] kasan_bitops_generic+0x92/0x1c0 [ 25.712537] kunit_try_run_case+0x1a5/0x480 [ 25.712758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.712991] kthread+0x337/0x6f0 [ 25.713147] ret_from_fork+0x116/0x1d0 [ 25.713319] ret_from_fork_asm+0x1a/0x30 [ 25.713457] [ 25.713548] The buggy address belongs to the object at ffff888105376d80 [ 25.713548] which belongs to the cache kmalloc-16 of size 16 [ 25.714074] The buggy address is located 8 bytes inside of [ 25.714074] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.714519] [ 25.714638] The buggy address belongs to the physical page: [ 25.714863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.715118] flags: 0x200000000000000(node=0|zone=2) [ 25.715277] page_type: f5(slab) [ 25.715403] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.715648] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.715956] page dumped because: kasan: bad access detected [ 25.716200] [ 25.716293] Memory state around the buggy address: [ 25.716521] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.716859] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.717069] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.717274] ^ [ 25.717402] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.717647] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.717962] ================================================================== [ 25.553139] ================================================================== [ 25.553419] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.553760] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.553978] [ 25.554374] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.554433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.554447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.554469] Call Trace: [ 25.554489] <TASK> [ 25.554505] dump_stack_lvl+0x73/0xb0 [ 25.554537] print_report+0xd1/0x610 [ 25.554560] ? __virt_addr_valid+0x1db/0x2d0 [ 25.554583] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.554611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.554636] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.554663] kasan_report+0x141/0x180 [ 25.554685] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.554715] kasan_check_range+0x10c/0x1c0 [ 25.554738] __kasan_check_write+0x18/0x20 [ 25.554761] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 25.554788] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.554816] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.554841] ? finish_task_switch.isra.0+0x156/0x700 [ 25.554864] ? kasan_bitops_generic+0x92/0x1c0 [ 25.555117] kasan_bitops_generic+0x121/0x1c0 [ 25.555141] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.555166] ? __pfx_read_tsc+0x10/0x10 [ 25.555189] ? ktime_get_ts64+0x86/0x230 [ 25.555215] kunit_try_run_case+0x1a5/0x480 [ 25.555239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.555261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.555285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.555323] ? __kthread_parkme+0x82/0x180 [ 25.555344] ? preempt_count_sub+0x50/0x80 [ 25.555367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.555390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.555417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.555443] kthread+0x337/0x6f0 [ 25.555462] ? trace_preempt_on+0x20/0xc0 [ 25.555486] ? __pfx_kthread+0x10/0x10 [ 25.555507] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.555527] ? calculate_sigpending+0x7b/0xa0 [ 25.555552] ? __pfx_kthread+0x10/0x10 [ 25.555572] ret_from_fork+0x116/0x1d0 [ 25.555592] ? __pfx_kthread+0x10/0x10 [ 25.555612] ret_from_fork_asm+0x1a/0x30 [ 25.555643] </TASK> [ 25.555654] [ 25.563748] Allocated by task 310: [ 25.563936] kasan_save_stack+0x45/0x70 [ 25.564141] kasan_save_track+0x18/0x40 [ 25.564320] kasan_save_alloc_info+0x3b/0x50 [ 25.564483] __kasan_kmalloc+0xb7/0xc0 [ 25.564668] __kmalloc_cache_noprof+0x189/0x420 [ 25.564820] kasan_bitops_generic+0x92/0x1c0 [ 25.564962] kunit_try_run_case+0x1a5/0x480 [ 25.565108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.565371] kthread+0x337/0x6f0 [ 25.565542] ret_from_fork+0x116/0x1d0 [ 25.565732] ret_from_fork_asm+0x1a/0x30 [ 25.565943] [ 25.566032] The buggy address belongs to the object at ffff888105376d80 [ 25.566032] which belongs to the cache kmalloc-16 of size 16 [ 25.566569] The buggy address is located 8 bytes inside of [ 25.566569] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.566985] [ 25.567054] The buggy address belongs to the physical page: [ 25.567220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.567561] flags: 0x200000000000000(node=0|zone=2) [ 25.567795] page_type: f5(slab) [ 25.567982] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.568290] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.568527] page dumped because: kasan: bad access detected [ 25.569014] [ 25.569108] Memory state around the buggy address: [ 25.569350] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.569650] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.569876] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.570086] ^ [ 25.570257] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.570583] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.571040] ================================================================== [ 25.591039] ================================================================== [ 25.591353] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.591745] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.592056] [ 25.592164] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.592213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.592225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.592246] Call Trace: [ 25.592266] <TASK> [ 25.592281] dump_stack_lvl+0x73/0xb0 [ 25.592322] print_report+0xd1/0x610 [ 25.592344] ? __virt_addr_valid+0x1db/0x2d0 [ 25.592368] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.592394] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.592419] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.592446] kasan_report+0x141/0x180 [ 25.592467] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.592498] kasan_check_range+0x10c/0x1c0 [ 25.592521] __kasan_check_write+0x18/0x20 [ 25.592544] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 25.592571] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.592608] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.592632] ? finish_task_switch.isra.0+0x156/0x700 [ 25.592654] ? kasan_bitops_generic+0x92/0x1c0 [ 25.592680] kasan_bitops_generic+0x121/0x1c0 [ 25.592704] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.592728] ? __pfx_read_tsc+0x10/0x10 [ 25.592751] ? ktime_get_ts64+0x86/0x230 [ 25.592775] kunit_try_run_case+0x1a5/0x480 [ 25.592800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.592845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.592867] ? __kthread_parkme+0x82/0x180 [ 25.592887] ? preempt_count_sub+0x50/0x80 [ 25.592910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.592933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.592986] kthread+0x337/0x6f0 [ 25.593005] ? trace_preempt_on+0x20/0xc0 [ 25.593029] ? __pfx_kthread+0x10/0x10 [ 25.593050] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.593070] ? calculate_sigpending+0x7b/0xa0 [ 25.593093] ? __pfx_kthread+0x10/0x10 [ 25.593115] ret_from_fork+0x116/0x1d0 [ 25.593134] ? __pfx_kthread+0x10/0x10 [ 25.593154] ret_from_fork_asm+0x1a/0x30 [ 25.593185] </TASK> [ 25.593195] [ 25.600743] Allocated by task 310: [ 25.600899] kasan_save_stack+0x45/0x70 [ 25.601064] kasan_save_track+0x18/0x40 [ 25.601207] kasan_save_alloc_info+0x3b/0x50 [ 25.601358] __kasan_kmalloc+0xb7/0xc0 [ 25.601486] __kmalloc_cache_noprof+0x189/0x420 [ 25.601667] kasan_bitops_generic+0x92/0x1c0 [ 25.601817] kunit_try_run_case+0x1a5/0x480 [ 25.601963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.602134] kthread+0x337/0x6f0 [ 25.602249] ret_from_fork+0x116/0x1d0 [ 25.602426] ret_from_fork_asm+0x1a/0x30 [ 25.602640] [ 25.602730] The buggy address belongs to the object at ffff888105376d80 [ 25.602730] which belongs to the cache kmalloc-16 of size 16 [ 25.603245] The buggy address is located 8 bytes inside of [ 25.603245] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.603786] [ 25.603875] The buggy address belongs to the physical page: [ 25.604122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.604516] flags: 0x200000000000000(node=0|zone=2) [ 25.604771] page_type: f5(slab) [ 25.604937] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.605179] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.605409] page dumped because: kasan: bad access detected [ 25.605602] [ 25.605666] Memory state around the buggy address: [ 25.605849] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.606157] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.606485] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.606824] ^ [ 25.607002] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.607317] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.607652] ================================================================== [ 25.626243] ================================================================== [ 25.626640] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.627081] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.627429] [ 25.627537] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.627607] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.627620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.627640] Call Trace: [ 25.627660] <TASK> [ 25.627677] dump_stack_lvl+0x73/0xb0 [ 25.627706] print_report+0xd1/0x610 [ 25.627728] ? __virt_addr_valid+0x1db/0x2d0 [ 25.627752] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.627779] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.627804] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.627831] kasan_report+0x141/0x180 [ 25.627852] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.627882] kasan_check_range+0x10c/0x1c0 [ 25.627905] __kasan_check_write+0x18/0x20 [ 25.627929] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 25.627956] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.627983] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.628006] ? finish_task_switch.isra.0+0x156/0x700 [ 25.628028] ? kasan_bitops_generic+0x92/0x1c0 [ 25.628054] kasan_bitops_generic+0x121/0x1c0 [ 25.628078] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.628103] ? __pfx_read_tsc+0x10/0x10 [ 25.628125] ? ktime_get_ts64+0x86/0x230 [ 25.628150] kunit_try_run_case+0x1a5/0x480 [ 25.628173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.628195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.628218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.628241] ? __kthread_parkme+0x82/0x180 [ 25.628261] ? preempt_count_sub+0x50/0x80 [ 25.628283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.628316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.628343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.628370] kthread+0x337/0x6f0 [ 25.628389] ? trace_preempt_on+0x20/0xc0 [ 25.628413] ? __pfx_kthread+0x10/0x10 [ 25.628433] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.628454] ? calculate_sigpending+0x7b/0xa0 [ 25.628478] ? __pfx_kthread+0x10/0x10 [ 25.628499] ret_from_fork+0x116/0x1d0 [ 25.628518] ? __pfx_kthread+0x10/0x10 [ 25.628538] ret_from_fork_asm+0x1a/0x30 [ 25.628586] </TASK> [ 25.628596] [ 25.637504] Allocated by task 310: [ 25.637751] kasan_save_stack+0x45/0x70 [ 25.637892] kasan_save_track+0x18/0x40 [ 25.638021] kasan_save_alloc_info+0x3b/0x50 [ 25.638164] __kasan_kmalloc+0xb7/0xc0 [ 25.638290] __kmalloc_cache_noprof+0x189/0x420 [ 25.638447] kasan_bitops_generic+0x92/0x1c0 [ 25.638695] kunit_try_run_case+0x1a5/0x480 [ 25.639053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.639514] kthread+0x337/0x6f0 [ 25.639836] ret_from_fork+0x116/0x1d0 [ 25.640173] ret_from_fork_asm+0x1a/0x30 [ 25.640525] [ 25.640705] The buggy address belongs to the object at ffff888105376d80 [ 25.640705] which belongs to the cache kmalloc-16 of size 16 [ 25.641733] The buggy address is located 8 bytes inside of [ 25.641733] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.642752] [ 25.642905] The buggy address belongs to the physical page: [ 25.643376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.644043] flags: 0x200000000000000(node=0|zone=2) [ 25.644470] page_type: f5(slab) [ 25.644786] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.645423] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.646063] page dumped because: kasan: bad access detected [ 25.646532] [ 25.646702] Memory state around the buggy address: [ 25.646993] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.647204] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.647668] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.648289] ^ [ 25.648651] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649269] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.649798] ================================================================== [ 25.650874] ================================================================== [ 25.651613] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.652824] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.653456] [ 25.653661] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.653716] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.653728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.653750] Call Trace: [ 25.653770] <TASK> [ 25.653789] dump_stack_lvl+0x73/0xb0 [ 25.653823] print_report+0xd1/0x610 [ 25.653845] ? __virt_addr_valid+0x1db/0x2d0 [ 25.653870] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.653896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.653921] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.653948] kasan_report+0x141/0x180 [ 25.653970] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.654000] kasan_check_range+0x10c/0x1c0 [ 25.654023] __kasan_check_write+0x18/0x20 [ 25.654046] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 25.654072] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.654100] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.654124] ? finish_task_switch.isra.0+0x156/0x700 [ 25.654146] ? kasan_bitops_generic+0x92/0x1c0 [ 25.654172] kasan_bitops_generic+0x121/0x1c0 [ 25.654195] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.654219] ? __pfx_read_tsc+0x10/0x10 [ 25.654243] ? ktime_get_ts64+0x86/0x230 [ 25.654269] kunit_try_run_case+0x1a5/0x480 [ 25.654294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.654327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.654351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.654374] ? __kthread_parkme+0x82/0x180 [ 25.654395] ? preempt_count_sub+0x50/0x80 [ 25.654419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.654443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.654470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.654496] kthread+0x337/0x6f0 [ 25.654515] ? trace_preempt_on+0x20/0xc0 [ 25.654539] ? __pfx_kthread+0x10/0x10 [ 25.654559] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.654601] ? calculate_sigpending+0x7b/0xa0 [ 25.654625] ? __pfx_kthread+0x10/0x10 [ 25.654646] ret_from_fork+0x116/0x1d0 [ 25.654666] ? __pfx_kthread+0x10/0x10 [ 25.654686] ret_from_fork_asm+0x1a/0x30 [ 25.654718] </TASK> [ 25.654728] [ 25.667477] Allocated by task 310: [ 25.667825] kasan_save_stack+0x45/0x70 [ 25.668192] kasan_save_track+0x18/0x40 [ 25.668531] kasan_save_alloc_info+0x3b/0x50 [ 25.668933] __kasan_kmalloc+0xb7/0xc0 [ 25.669257] __kmalloc_cache_noprof+0x189/0x420 [ 25.669611] kasan_bitops_generic+0x92/0x1c0 [ 25.669893] kunit_try_run_case+0x1a5/0x480 [ 25.670036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.670207] kthread+0x337/0x6f0 [ 25.670333] ret_from_fork+0x116/0x1d0 [ 25.670461] ret_from_fork_asm+0x1a/0x30 [ 25.670675] [ 25.670824] The buggy address belongs to the object at ffff888105376d80 [ 25.670824] which belongs to the cache kmalloc-16 of size 16 [ 25.671855] The buggy address is located 8 bytes inside of [ 25.671855] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.672859] [ 25.673019] The buggy address belongs to the physical page: [ 25.673496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.674184] flags: 0x200000000000000(node=0|zone=2) [ 25.674651] page_type: f5(slab) [ 25.674940] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.675329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.675550] page dumped because: kasan: bad access detected [ 25.676027] [ 25.676172] Memory state around the buggy address: [ 25.676612] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.677218] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.677847] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.678067] ^ [ 25.678187] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.678619] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.679189] ================================================================== [ 25.680297] ================================================================== [ 25.681518] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.682064] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.682287] [ 25.682387] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.682442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.682454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.682476] Call Trace: [ 25.682499] <TASK> [ 25.682518] dump_stack_lvl+0x73/0xb0 [ 25.682548] print_report+0xd1/0x610 [ 25.682597] ? __virt_addr_valid+0x1db/0x2d0 [ 25.682624] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.682653] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.682679] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.682706] kasan_report+0x141/0x180 [ 25.682728] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.682759] kasan_check_range+0x10c/0x1c0 [ 25.682782] __kasan_check_write+0x18/0x20 [ 25.682805] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 25.682832] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.682859] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.682885] ? finish_task_switch.isra.0+0x156/0x700 [ 25.682907] ? kasan_bitops_generic+0x92/0x1c0 [ 25.682934] kasan_bitops_generic+0x121/0x1c0 [ 25.682959] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.682984] ? __pfx_read_tsc+0x10/0x10 [ 25.683007] ? ktime_get_ts64+0x86/0x230 [ 25.683032] kunit_try_run_case+0x1a5/0x480 [ 25.683057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.683079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.683102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.683125] ? __kthread_parkme+0x82/0x180 [ 25.683145] ? preempt_count_sub+0x50/0x80 [ 25.683168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.683191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.683218] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.683245] kthread+0x337/0x6f0 [ 25.683264] ? trace_preempt_on+0x20/0xc0 [ 25.683288] ? __pfx_kthread+0x10/0x10 [ 25.683319] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.683340] ? calculate_sigpending+0x7b/0xa0 [ 25.683364] ? __pfx_kthread+0x10/0x10 [ 25.683385] ret_from_fork+0x116/0x1d0 [ 25.683404] ? __pfx_kthread+0x10/0x10 [ 25.683425] ret_from_fork_asm+0x1a/0x30 [ 25.683457] </TASK> [ 25.683468] [ 25.693371] Allocated by task 310: [ 25.693558] kasan_save_stack+0x45/0x70 [ 25.693787] kasan_save_track+0x18/0x40 [ 25.693953] kasan_save_alloc_info+0x3b/0x50 [ 25.694121] __kasan_kmalloc+0xb7/0xc0 [ 25.694314] __kmalloc_cache_noprof+0x189/0x420 [ 25.694495] kasan_bitops_generic+0x92/0x1c0 [ 25.694722] kunit_try_run_case+0x1a5/0x480 [ 25.694905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.695122] kthread+0x337/0x6f0 [ 25.695279] ret_from_fork+0x116/0x1d0 [ 25.695418] ret_from_fork_asm+0x1a/0x30 [ 25.695551] [ 25.695634] The buggy address belongs to the object at ffff888105376d80 [ 25.695634] which belongs to the cache kmalloc-16 of size 16 [ 25.696121] The buggy address is located 8 bytes inside of [ 25.696121] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.696647] [ 25.696716] The buggy address belongs to the physical page: [ 25.696884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.697152] flags: 0x200000000000000(node=0|zone=2) [ 25.697393] page_type: f5(slab) [ 25.697559] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.697917] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.698248] page dumped because: kasan: bad access detected [ 25.698461] [ 25.698548] Memory state around the buggy address: [ 25.698764] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.699054] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.699330] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.699625] ^ [ 25.699793] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.700057] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.700316] ================================================================== [ 25.718702] ================================================================== [ 25.719348] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.719854] Read of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.720181] [ 25.720293] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.720358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.720371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.720392] Call Trace: [ 25.720411] <TASK> [ 25.720428] dump_stack_lvl+0x73/0xb0 [ 25.720458] print_report+0xd1/0x610 [ 25.720479] ? __virt_addr_valid+0x1db/0x2d0 [ 25.720503] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.720531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.720557] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.720606] kasan_report+0x141/0x180 [ 25.720628] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.720659] __asan_report_load8_noabort+0x18/0x20 [ 25.720682] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 25.720709] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 25.720737] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.720761] ? finish_task_switch.isra.0+0x156/0x700 [ 25.720785] ? kasan_bitops_generic+0x92/0x1c0 [ 25.720811] kasan_bitops_generic+0x121/0x1c0 [ 25.720834] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.720859] ? __pfx_read_tsc+0x10/0x10 [ 25.720882] ? ktime_get_ts64+0x86/0x230 [ 25.720907] kunit_try_run_case+0x1a5/0x480 [ 25.720932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.720954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.720977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.721000] ? __kthread_parkme+0x82/0x180 [ 25.721020] ? preempt_count_sub+0x50/0x80 [ 25.721042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.721065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721092] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.721118] kthread+0x337/0x6f0 [ 25.721138] ? trace_preempt_on+0x20/0xc0 [ 25.723017] ? __pfx_kthread+0x10/0x10 [ 25.723046] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.723071] ? calculate_sigpending+0x7b/0xa0 [ 25.723096] ? __pfx_kthread+0x10/0x10 [ 25.723118] ret_from_fork+0x116/0x1d0 [ 25.723140] ? __pfx_kthread+0x10/0x10 [ 25.723161] ret_from_fork_asm+0x1a/0x30 [ 25.723192] </TASK> [ 25.723203] [ 25.736651] Allocated by task 310: [ 25.736818] kasan_save_stack+0x45/0x70 [ 25.737023] kasan_save_track+0x18/0x40 [ 25.737210] kasan_save_alloc_info+0x3b/0x50 [ 25.737395] __kasan_kmalloc+0xb7/0xc0 [ 25.737598] __kmalloc_cache_noprof+0x189/0x420 [ 25.737809] kasan_bitops_generic+0x92/0x1c0 [ 25.738003] kunit_try_run_case+0x1a5/0x480 [ 25.738184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.738396] kthread+0x337/0x6f0 [ 25.738559] ret_from_fork+0x116/0x1d0 [ 25.738722] ret_from_fork_asm+0x1a/0x30 [ 25.738894] [ 25.738962] The buggy address belongs to the object at ffff888105376d80 [ 25.738962] which belongs to the cache kmalloc-16 of size 16 [ 25.739480] The buggy address is located 8 bytes inside of [ 25.739480] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.739964] [ 25.740055] The buggy address belongs to the physical page: [ 25.740261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.740622] flags: 0x200000000000000(node=0|zone=2) [ 25.740815] page_type: f5(slab) [ 25.740978] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.741210] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.741572] page dumped because: kasan: bad access detected [ 25.741817] [ 25.741888] Memory state around the buggy address: [ 25.742126] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.742404] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.742716] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.742923] ^ [ 25.743067] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.743408] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.743717] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 25.393929] ================================================================== [ 25.394260] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.394552] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.394889] [ 25.395154] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.395206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.395219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.395240] Call Trace: [ 25.395261] <TASK> [ 25.395276] dump_stack_lvl+0x73/0xb0 [ 25.395318] print_report+0xd1/0x610 [ 25.395341] ? __virt_addr_valid+0x1db/0x2d0 [ 25.395364] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.395389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.395415] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.395440] kasan_report+0x141/0x180 [ 25.395462] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.395492] kasan_check_range+0x10c/0x1c0 [ 25.395515] __kasan_check_write+0x18/0x20 [ 25.395540] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 25.395565] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.395606] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.395630] ? finish_task_switch.isra.0+0x156/0x700 [ 25.395652] ? kasan_bitops_generic+0x92/0x1c0 [ 25.395679] kasan_bitops_generic+0x116/0x1c0 [ 25.395702] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.395726] ? __pfx_read_tsc+0x10/0x10 [ 25.395749] ? ktime_get_ts64+0x86/0x230 [ 25.395775] kunit_try_run_case+0x1a5/0x480 [ 25.395799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.395821] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.395843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.395865] ? __kthread_parkme+0x82/0x180 [ 25.395885] ? preempt_count_sub+0x50/0x80 [ 25.395907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.395929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.395956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.395983] kthread+0x337/0x6f0 [ 25.396002] ? trace_preempt_on+0x20/0xc0 [ 25.396025] ? __pfx_kthread+0x10/0x10 [ 25.396045] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.396066] ? calculate_sigpending+0x7b/0xa0 [ 25.396091] ? __pfx_kthread+0x10/0x10 [ 25.396113] ret_from_fork+0x116/0x1d0 [ 25.396132] ? __pfx_kthread+0x10/0x10 [ 25.396152] ret_from_fork_asm+0x1a/0x30 [ 25.396182] </TASK> [ 25.396193] [ 25.404714] Allocated by task 310: [ 25.404910] kasan_save_stack+0x45/0x70 [ 25.405118] kasan_save_track+0x18/0x40 [ 25.405246] kasan_save_alloc_info+0x3b/0x50 [ 25.405467] __kasan_kmalloc+0xb7/0xc0 [ 25.405612] __kmalloc_cache_noprof+0x189/0x420 [ 25.405802] kasan_bitops_generic+0x92/0x1c0 [ 25.406008] kunit_try_run_case+0x1a5/0x480 [ 25.406208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.406470] kthread+0x337/0x6f0 [ 25.406633] ret_from_fork+0x116/0x1d0 [ 25.406812] ret_from_fork_asm+0x1a/0x30 [ 25.406959] [ 25.407023] The buggy address belongs to the object at ffff888105376d80 [ 25.407023] which belongs to the cache kmalloc-16 of size 16 [ 25.407559] The buggy address is located 8 bytes inside of [ 25.407559] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.408739] [ 25.408814] The buggy address belongs to the physical page: [ 25.409321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.409660] flags: 0x200000000000000(node=0|zone=2) [ 25.409900] page_type: f5(slab) [ 25.410043] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.410350] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.410710] page dumped because: kasan: bad access detected [ 25.410921] [ 25.410995] Memory state around the buggy address: [ 25.411206] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.411499] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.411760] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.411965] ^ [ 25.412082] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412293] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412575] ================================================================== [ 25.374433] ================================================================== [ 25.375033] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.375361] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.375640] [ 25.375729] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.375783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.375796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.375818] Call Trace: [ 25.375857] <TASK> [ 25.376101] dump_stack_lvl+0x73/0xb0 [ 25.376141] print_report+0xd1/0x610 [ 25.376165] ? __virt_addr_valid+0x1db/0x2d0 [ 25.376191] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.376217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.376243] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.376268] kasan_report+0x141/0x180 [ 25.376290] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.376336] kasan_check_range+0x10c/0x1c0 [ 25.376360] __kasan_check_write+0x18/0x20 [ 25.376383] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 25.376408] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.376434] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.376460] ? finish_task_switch.isra.0+0x156/0x700 [ 25.376483] ? kasan_bitops_generic+0x92/0x1c0 [ 25.376511] kasan_bitops_generic+0x116/0x1c0 [ 25.376533] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.376558] ? __pfx_read_tsc+0x10/0x10 [ 25.376580] ? ktime_get_ts64+0x86/0x230 [ 25.376606] kunit_try_run_case+0x1a5/0x480 [ 25.376631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.376678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.376699] ? __kthread_parkme+0x82/0x180 [ 25.376720] ? preempt_count_sub+0x50/0x80 [ 25.376742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.376765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.376792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.376819] kthread+0x337/0x6f0 [ 25.376837] ? trace_preempt_on+0x20/0xc0 [ 25.376861] ? __pfx_kthread+0x10/0x10 [ 25.376945] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.376966] ? calculate_sigpending+0x7b/0xa0 [ 25.376990] ? __pfx_kthread+0x10/0x10 [ 25.377011] ret_from_fork+0x116/0x1d0 [ 25.377032] ? __pfx_kthread+0x10/0x10 [ 25.377052] ret_from_fork_asm+0x1a/0x30 [ 25.377085] </TASK> [ 25.377095] [ 25.385087] Allocated by task 310: [ 25.385265] kasan_save_stack+0x45/0x70 [ 25.385471] kasan_save_track+0x18/0x40 [ 25.385661] kasan_save_alloc_info+0x3b/0x50 [ 25.385864] __kasan_kmalloc+0xb7/0xc0 [ 25.386042] __kmalloc_cache_noprof+0x189/0x420 [ 25.386346] kasan_bitops_generic+0x92/0x1c0 [ 25.386730] kunit_try_run_case+0x1a5/0x480 [ 25.387019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.387311] kthread+0x337/0x6f0 [ 25.387459] ret_from_fork+0x116/0x1d0 [ 25.387617] ret_from_fork_asm+0x1a/0x30 [ 25.387796] [ 25.387861] The buggy address belongs to the object at ffff888105376d80 [ 25.387861] which belongs to the cache kmalloc-16 of size 16 [ 25.388444] The buggy address is located 8 bytes inside of [ 25.388444] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.388833] [ 25.388904] The buggy address belongs to the physical page: [ 25.389070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.389316] flags: 0x200000000000000(node=0|zone=2) [ 25.389567] page_type: f5(slab) [ 25.389827] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.390156] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.390477] page dumped because: kasan: bad access detected [ 25.390641] [ 25.390704] Memory state around the buggy address: [ 25.390854] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.391062] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.391549] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.391913] ^ [ 25.392151] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.392491] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.392948] ================================================================== [ 25.444214] ================================================================== [ 25.444467] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.444918] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.445266] [ 25.445394] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.445447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.445460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.445484] Call Trace: [ 25.445504] <TASK> [ 25.445522] dump_stack_lvl+0x73/0xb0 [ 25.445550] print_report+0xd1/0x610 [ 25.445573] ? __virt_addr_valid+0x1db/0x2d0 [ 25.445771] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.445799] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.445836] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.445861] kasan_report+0x141/0x180 [ 25.445932] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.445963] kasan_check_range+0x10c/0x1c0 [ 25.445987] __kasan_check_write+0x18/0x20 [ 25.446011] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 25.446036] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.446062] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.446086] ? finish_task_switch.isra.0+0x156/0x700 [ 25.446109] ? kasan_bitops_generic+0x92/0x1c0 [ 25.446136] kasan_bitops_generic+0x116/0x1c0 [ 25.446159] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.446182] ? __pfx_read_tsc+0x10/0x10 [ 25.446205] ? ktime_get_ts64+0x86/0x230 [ 25.446229] kunit_try_run_case+0x1a5/0x480 [ 25.446254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.446276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.446314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.446338] ? __kthread_parkme+0x82/0x180 [ 25.446358] ? preempt_count_sub+0x50/0x80 [ 25.446380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.446403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.446429] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.446456] kthread+0x337/0x6f0 [ 25.446476] ? trace_preempt_on+0x20/0xc0 [ 25.446499] ? __pfx_kthread+0x10/0x10 [ 25.446520] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.446542] ? calculate_sigpending+0x7b/0xa0 [ 25.446565] ? __pfx_kthread+0x10/0x10 [ 25.446586] ret_from_fork+0x116/0x1d0 [ 25.446605] ? __pfx_kthread+0x10/0x10 [ 25.446625] ret_from_fork_asm+0x1a/0x30 [ 25.446655] </TASK> [ 25.446666] [ 25.455097] Allocated by task 310: [ 25.455283] kasan_save_stack+0x45/0x70 [ 25.455498] kasan_save_track+0x18/0x40 [ 25.455780] kasan_save_alloc_info+0x3b/0x50 [ 25.455926] __kasan_kmalloc+0xb7/0xc0 [ 25.456053] __kmalloc_cache_noprof+0x189/0x420 [ 25.456236] kasan_bitops_generic+0x92/0x1c0 [ 25.456450] kunit_try_run_case+0x1a5/0x480 [ 25.456646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.456974] kthread+0x337/0x6f0 [ 25.457123] ret_from_fork+0x116/0x1d0 [ 25.457249] ret_from_fork_asm+0x1a/0x30 [ 25.457533] [ 25.457613] The buggy address belongs to the object at ffff888105376d80 [ 25.457613] which belongs to the cache kmalloc-16 of size 16 [ 25.458112] The buggy address is located 8 bytes inside of [ 25.458112] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.460440] [ 25.461001] The buggy address belongs to the physical page: [ 25.461205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.462956] flags: 0x200000000000000(node=0|zone=2) [ 25.463609] page_type: f5(slab) [ 25.464469] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.464864] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.465229] page dumped because: kasan: bad access detected [ 25.465583] [ 25.465727] Memory state around the buggy address: [ 25.465886] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.466843] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.467555] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.468434] ^ [ 25.468596] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.468911] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.469123] ================================================================== [ 25.413378] ================================================================== [ 25.413774] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.414127] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.414679] [ 25.415095] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.415161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.415175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.415198] Call Trace: [ 25.415219] <TASK> [ 25.415237] dump_stack_lvl+0x73/0xb0 [ 25.415268] print_report+0xd1/0x610 [ 25.415290] ? __virt_addr_valid+0x1db/0x2d0 [ 25.415324] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.415351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.415872] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.415903] kasan_report+0x141/0x180 [ 25.415927] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.415958] kasan_check_range+0x10c/0x1c0 [ 25.415982] __kasan_check_write+0x18/0x20 [ 25.416014] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 25.416041] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.416067] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.416091] ? finish_task_switch.isra.0+0x156/0x700 [ 25.416115] ? kasan_bitops_generic+0x92/0x1c0 [ 25.416142] kasan_bitops_generic+0x116/0x1c0 [ 25.416165] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.416189] ? __pfx_read_tsc+0x10/0x10 [ 25.416215] ? ktime_get_ts64+0x86/0x230 [ 25.416241] kunit_try_run_case+0x1a5/0x480 [ 25.416266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416288] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.416323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.416346] ? __kthread_parkme+0x82/0x180 [ 25.416366] ? preempt_count_sub+0x50/0x80 [ 25.416389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.416412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.416438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.416465] kthread+0x337/0x6f0 [ 25.416484] ? trace_preempt_on+0x20/0xc0 [ 25.416508] ? __pfx_kthread+0x10/0x10 [ 25.416528] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.416548] ? calculate_sigpending+0x7b/0xa0 [ 25.416572] ? __pfx_kthread+0x10/0x10 [ 25.416634] ret_from_fork+0x116/0x1d0 [ 25.416652] ? __pfx_kthread+0x10/0x10 [ 25.416673] ret_from_fork_asm+0x1a/0x30 [ 25.416704] </TASK> [ 25.416715] [ 25.430403] Allocated by task 310: [ 25.430578] kasan_save_stack+0x45/0x70 [ 25.430764] kasan_save_track+0x18/0x40 [ 25.431020] kasan_save_alloc_info+0x3b/0x50 [ 25.431212] __kasan_kmalloc+0xb7/0xc0 [ 25.431388] __kmalloc_cache_noprof+0x189/0x420 [ 25.431586] kasan_bitops_generic+0x92/0x1c0 [ 25.431777] kunit_try_run_case+0x1a5/0x480 [ 25.431957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.432179] kthread+0x337/0x6f0 [ 25.432781] ret_from_fork+0x116/0x1d0 [ 25.433421] ret_from_fork_asm+0x1a/0x30 [ 25.433772] [ 25.434011] The buggy address belongs to the object at ffff888105376d80 [ 25.434011] which belongs to the cache kmalloc-16 of size 16 [ 25.434894] The buggy address is located 8 bytes inside of [ 25.434894] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.436007] [ 25.436242] The buggy address belongs to the physical page: [ 25.436508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.437087] flags: 0x200000000000000(node=0|zone=2) [ 25.437856] page_type: f5(slab) [ 25.438220] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.438793] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.439371] page dumped because: kasan: bad access detected [ 25.439845] [ 25.440116] Memory state around the buggy address: [ 25.440449] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.441119] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.441852] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.442371] ^ [ 25.442536] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.443284] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.443738] ================================================================== [ 25.469752] ================================================================== [ 25.469996] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.471675] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.472719] [ 25.473004] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.473072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.473086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.473109] Call Trace: [ 25.473132] <TASK> [ 25.473155] dump_stack_lvl+0x73/0xb0 [ 25.473193] print_report+0xd1/0x610 [ 25.473218] ? __virt_addr_valid+0x1db/0x2d0 [ 25.473242] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.473268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.473294] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.473332] kasan_report+0x141/0x180 [ 25.473354] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.473382] kasan_check_range+0x10c/0x1c0 [ 25.473406] __kasan_check_write+0x18/0x20 [ 25.473430] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 25.473454] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.473480] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.473505] ? finish_task_switch.isra.0+0x156/0x700 [ 25.473527] ? kasan_bitops_generic+0x92/0x1c0 [ 25.473553] kasan_bitops_generic+0x116/0x1c0 [ 25.473582] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.473612] ? __pfx_read_tsc+0x10/0x10 [ 25.473636] ? ktime_get_ts64+0x86/0x230 [ 25.473663] kunit_try_run_case+0x1a5/0x480 [ 25.473687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.473709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.473732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.473755] ? __kthread_parkme+0x82/0x180 [ 25.473774] ? preempt_count_sub+0x50/0x80 [ 25.473798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.473821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.473847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.473874] kthread+0x337/0x6f0 [ 25.473893] ? trace_preempt_on+0x20/0xc0 [ 25.473916] ? __pfx_kthread+0x10/0x10 [ 25.473936] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.473957] ? calculate_sigpending+0x7b/0xa0 [ 25.473980] ? __pfx_kthread+0x10/0x10 [ 25.474001] ret_from_fork+0x116/0x1d0 [ 25.474020] ? __pfx_kthread+0x10/0x10 [ 25.474041] ret_from_fork_asm+0x1a/0x30 [ 25.474072] </TASK> [ 25.474082] [ 25.489356] Allocated by task 310: [ 25.489504] kasan_save_stack+0x45/0x70 [ 25.489844] kasan_save_track+0x18/0x40 [ 25.490269] kasan_save_alloc_info+0x3b/0x50 [ 25.490778] __kasan_kmalloc+0xb7/0xc0 [ 25.491179] __kmalloc_cache_noprof+0x189/0x420 [ 25.491704] kasan_bitops_generic+0x92/0x1c0 [ 25.492129] kunit_try_run_case+0x1a5/0x480 [ 25.492543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.492733] kthread+0x337/0x6f0 [ 25.492850] ret_from_fork+0x116/0x1d0 [ 25.493223] ret_from_fork_asm+0x1a/0x30 [ 25.493682] [ 25.493876] The buggy address belongs to the object at ffff888105376d80 [ 25.493876] which belongs to the cache kmalloc-16 of size 16 [ 25.495069] The buggy address is located 8 bytes inside of [ 25.495069] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.495621] [ 25.495698] The buggy address belongs to the physical page: [ 25.496043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.496803] flags: 0x200000000000000(node=0|zone=2) [ 25.497343] page_type: f5(slab) [ 25.497681] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.498602] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.499160] page dumped because: kasan: bad access detected [ 25.499347] [ 25.499416] Memory state around the buggy address: [ 25.499569] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.499778] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.500516] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.501221] ^ [ 25.501570] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.502281] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.503102] ================================================================== [ 25.533753] ================================================================== [ 25.534010] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.534408] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.534820] [ 25.534920] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.534973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.534986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.535007] Call Trace: [ 25.535029] <TASK> [ 25.535049] dump_stack_lvl+0x73/0xb0 [ 25.535078] print_report+0xd1/0x610 [ 25.535102] ? __virt_addr_valid+0x1db/0x2d0 [ 25.535125] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.535150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.535176] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.535201] kasan_report+0x141/0x180 [ 25.535222] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.535251] kasan_check_range+0x10c/0x1c0 [ 25.535274] __kasan_check_write+0x18/0x20 [ 25.535296] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 25.535334] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.535360] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.535384] ? finish_task_switch.isra.0+0x156/0x700 [ 25.535407] ? kasan_bitops_generic+0x92/0x1c0 [ 25.535432] kasan_bitops_generic+0x116/0x1c0 [ 25.535455] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.535479] ? __pfx_read_tsc+0x10/0x10 [ 25.535502] ? ktime_get_ts64+0x86/0x230 [ 25.535526] kunit_try_run_case+0x1a5/0x480 [ 25.535551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.535573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.535669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.535693] ? __kthread_parkme+0x82/0x180 [ 25.535713] ? preempt_count_sub+0x50/0x80 [ 25.535736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.535760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.535788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.535814] kthread+0x337/0x6f0 [ 25.535834] ? trace_preempt_on+0x20/0xc0 [ 25.535857] ? __pfx_kthread+0x10/0x10 [ 25.535878] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.535898] ? calculate_sigpending+0x7b/0xa0 [ 25.535922] ? __pfx_kthread+0x10/0x10 [ 25.535943] ret_from_fork+0x116/0x1d0 [ 25.535963] ? __pfx_kthread+0x10/0x10 [ 25.535984] ret_from_fork_asm+0x1a/0x30 [ 25.536016] </TASK> [ 25.536027] [ 25.544240] Allocated by task 310: [ 25.544385] kasan_save_stack+0x45/0x70 [ 25.544532] kasan_save_track+0x18/0x40 [ 25.544660] kasan_save_alloc_info+0x3b/0x50 [ 25.545039] __kasan_kmalloc+0xb7/0xc0 [ 25.545235] __kmalloc_cache_noprof+0x189/0x420 [ 25.545463] kasan_bitops_generic+0x92/0x1c0 [ 25.545773] kunit_try_run_case+0x1a5/0x480 [ 25.545964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.546135] kthread+0x337/0x6f0 [ 25.546249] ret_from_fork+0x116/0x1d0 [ 25.546385] ret_from_fork_asm+0x1a/0x30 [ 25.546568] [ 25.546998] The buggy address belongs to the object at ffff888105376d80 [ 25.546998] which belongs to the cache kmalloc-16 of size 16 [ 25.547541] The buggy address is located 8 bytes inside of [ 25.547541] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.548121] [ 25.548218] The buggy address belongs to the physical page: [ 25.548459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.548819] flags: 0x200000000000000(node=0|zone=2) [ 25.549079] page_type: f5(slab) [ 25.549203] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.549512] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.549855] page dumped because: kasan: bad access detected [ 25.550295] [ 25.550407] Memory state around the buggy address: [ 25.550622] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.550836] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.551096] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551415] ^ [ 25.551645] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552103] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552422] ================================================================== [ 25.503984] ================================================================== [ 25.504744] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.505283] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.505520] [ 25.505612] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.505664] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.505676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.505698] Call Trace: [ 25.505720] <TASK> [ 25.505739] dump_stack_lvl+0x73/0xb0 [ 25.505769] print_report+0xd1/0x610 [ 25.505792] ? __virt_addr_valid+0x1db/0x2d0 [ 25.505815] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.505840] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.505867] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.505902] kasan_report+0x141/0x180 [ 25.505924] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.505955] kasan_check_range+0x10c/0x1c0 [ 25.505979] __kasan_check_write+0x18/0x20 [ 25.506001] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 25.506026] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.506052] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.506076] ? finish_task_switch.isra.0+0x156/0x700 [ 25.506099] ? kasan_bitops_generic+0x92/0x1c0 [ 25.506125] kasan_bitops_generic+0x116/0x1c0 [ 25.506148] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.506172] ? __pfx_read_tsc+0x10/0x10 [ 25.506195] ? ktime_get_ts64+0x86/0x230 [ 25.506219] kunit_try_run_case+0x1a5/0x480 [ 25.506244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.506266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.506289] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.506324] ? __kthread_parkme+0x82/0x180 [ 25.506343] ? preempt_count_sub+0x50/0x80 [ 25.506366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.506389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.506415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.506441] kthread+0x337/0x6f0 [ 25.506460] ? trace_preempt_on+0x20/0xc0 [ 25.506485] ? __pfx_kthread+0x10/0x10 [ 25.506505] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.506526] ? calculate_sigpending+0x7b/0xa0 [ 25.506550] ? __pfx_kthread+0x10/0x10 [ 25.506571] ret_from_fork+0x116/0x1d0 [ 25.506608] ? __pfx_kthread+0x10/0x10 [ 25.506629] ret_from_fork_asm+0x1a/0x30 [ 25.506660] </TASK> [ 25.506671] [ 25.520431] Allocated by task 310: [ 25.520583] kasan_save_stack+0x45/0x70 [ 25.520733] kasan_save_track+0x18/0x40 [ 25.521011] kasan_save_alloc_info+0x3b/0x50 [ 25.521412] __kasan_kmalloc+0xb7/0xc0 [ 25.521748] __kmalloc_cache_noprof+0x189/0x420 [ 25.522132] kasan_bitops_generic+0x92/0x1c0 [ 25.522597] kunit_try_run_case+0x1a5/0x480 [ 25.522991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.523508] kthread+0x337/0x6f0 [ 25.523830] ret_from_fork+0x116/0x1d0 [ 25.524224] ret_from_fork_asm+0x1a/0x30 [ 25.524660] [ 25.524830] The buggy address belongs to the object at ffff888105376d80 [ 25.524830] which belongs to the cache kmalloc-16 of size 16 [ 25.526101] The buggy address is located 8 bytes inside of [ 25.526101] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.526482] [ 25.526555] The buggy address belongs to the physical page: [ 25.527020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.527808] flags: 0x200000000000000(node=0|zone=2) [ 25.528274] page_type: f5(slab) [ 25.528639] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.529493] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.529903] page dumped because: kasan: bad access detected [ 25.530074] [ 25.530139] Memory state around the buggy address: [ 25.530293] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.530518] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.531088] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.531722] ^ [ 25.532086] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.532611] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.533238] ================================================================== [ 25.354356] ================================================================== [ 25.354832] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.355295] Write of size 8 at addr ffff888105376d88 by task kunit_try_catch/310 [ 25.355631] [ 25.355726] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.355780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355818] Call Trace: [ 25.355833] <TASK> [ 25.355852] dump_stack_lvl+0x73/0xb0 [ 25.355896] print_report+0xd1/0x610 [ 25.355920] ? __virt_addr_valid+0x1db/0x2d0 [ 25.355944] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.355970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.355996] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.356021] kasan_report+0x141/0x180 [ 25.356044] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.356073] kasan_check_range+0x10c/0x1c0 [ 25.356097] __kasan_check_write+0x18/0x20 [ 25.356121] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 25.356147] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 25.356172] ? __kmalloc_cache_noprof+0x189/0x420 [ 25.356197] ? finish_task_switch.isra.0+0x156/0x700 [ 25.356220] ? kasan_bitops_generic+0x92/0x1c0 [ 25.356246] kasan_bitops_generic+0x116/0x1c0 [ 25.356269] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 25.356293] ? __pfx_read_tsc+0x10/0x10 [ 25.356326] ? ktime_get_ts64+0x86/0x230 [ 25.356352] kunit_try_run_case+0x1a5/0x480 [ 25.356376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356445] ? __kthread_parkme+0x82/0x180 [ 25.356465] ? preempt_count_sub+0x50/0x80 [ 25.356488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356563] kthread+0x337/0x6f0 [ 25.356583] ? trace_preempt_on+0x20/0xc0 [ 25.356607] ? __pfx_kthread+0x10/0x10 [ 25.356628] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356648] ? calculate_sigpending+0x7b/0xa0 [ 25.356673] ? __pfx_kthread+0x10/0x10 [ 25.356695] ret_from_fork+0x116/0x1d0 [ 25.356714] ? __pfx_kthread+0x10/0x10 [ 25.356735] ret_from_fork_asm+0x1a/0x30 [ 25.356766] </TASK> [ 25.356777] [ 25.365329] Allocated by task 310: [ 25.365498] kasan_save_stack+0x45/0x70 [ 25.365708] kasan_save_track+0x18/0x40 [ 25.365895] kasan_save_alloc_info+0x3b/0x50 [ 25.366281] __kasan_kmalloc+0xb7/0xc0 [ 25.366415] __kmalloc_cache_noprof+0x189/0x420 [ 25.366624] kasan_bitops_generic+0x92/0x1c0 [ 25.366908] kunit_try_run_case+0x1a5/0x480 [ 25.367115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.367310] kthread+0x337/0x6f0 [ 25.367428] ret_from_fork+0x116/0x1d0 [ 25.367657] ret_from_fork_asm+0x1a/0x30 [ 25.368111] [ 25.368204] The buggy address belongs to the object at ffff888105376d80 [ 25.368204] which belongs to the cache kmalloc-16 of size 16 [ 25.368734] The buggy address is located 8 bytes inside of [ 25.368734] allocated 9-byte region [ffff888105376d80, ffff888105376d89) [ 25.369269] [ 25.369353] The buggy address belongs to the physical page: [ 25.369525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105376 [ 25.369769] flags: 0x200000000000000(node=0|zone=2) [ 25.369951] page_type: f5(slab) [ 25.370120] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.370461] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.371200] page dumped because: kasan: bad access detected [ 25.371454] [ 25.371519] Memory state around the buggy address: [ 25.371674] ffff888105376c80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.371884] ffff888105376d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.372092] >ffff888105376d80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.372552] ^ [ 25.373118] ffff888105376e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.373476] ffff888105376e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.374021] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 25.315204] ================================================================== [ 25.316533] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 25.317781] Read of size 1 at addr ffff8881053b8d50 by task kunit_try_catch/308 [ 25.318915] [ 25.319153] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.319330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.319347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.319371] Call Trace: [ 25.319394] <TASK> [ 25.319425] dump_stack_lvl+0x73/0xb0 [ 25.319462] print_report+0xd1/0x610 [ 25.319486] ? __virt_addr_valid+0x1db/0x2d0 [ 25.319511] ? strnlen+0x73/0x80 [ 25.319534] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.319560] ? strnlen+0x73/0x80 [ 25.319657] kasan_report+0x141/0x180 [ 25.319681] ? strnlen+0x73/0x80 [ 25.319708] __asan_report_load1_noabort+0x18/0x20 [ 25.319733] strnlen+0x73/0x80 [ 25.319755] kasan_strings+0x615/0xe80 [ 25.319775] ? trace_hardirqs_on+0x37/0xe0 [ 25.319800] ? __pfx_kasan_strings+0x10/0x10 [ 25.319819] ? finish_task_switch.isra.0+0x153/0x700 [ 25.319841] ? __switch_to+0x47/0xf80 [ 25.319928] ? __schedule+0x10c6/0x2b60 [ 25.319956] ? __pfx_read_tsc+0x10/0x10 [ 25.319979] ? ktime_get_ts64+0x86/0x230 [ 25.320007] kunit_try_run_case+0x1a5/0x480 [ 25.320033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.320055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.320078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.320100] ? __kthread_parkme+0x82/0x180 [ 25.320121] ? preempt_count_sub+0x50/0x80 [ 25.320143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.320167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.320193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.320220] kthread+0x337/0x6f0 [ 25.320239] ? trace_preempt_on+0x20/0xc0 [ 25.320261] ? __pfx_kthread+0x10/0x10 [ 25.320282] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.320314] ? calculate_sigpending+0x7b/0xa0 [ 25.320339] ? __pfx_kthread+0x10/0x10 [ 25.320359] ret_from_fork+0x116/0x1d0 [ 25.320380] ? __pfx_kthread+0x10/0x10 [ 25.320399] ret_from_fork_asm+0x1a/0x30 [ 25.320431] </TASK> [ 25.320443] [ 25.333822] Allocated by task 308: [ 25.334330] kasan_save_stack+0x45/0x70 [ 25.334710] kasan_save_track+0x18/0x40 [ 25.335117] kasan_save_alloc_info+0x3b/0x50 [ 25.335576] __kasan_kmalloc+0xb7/0xc0 [ 25.335827] __kmalloc_cache_noprof+0x189/0x420 [ 25.336245] kasan_strings+0xc0/0xe80 [ 25.336441] kunit_try_run_case+0x1a5/0x480 [ 25.336587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.337103] kthread+0x337/0x6f0 [ 25.337448] ret_from_fork+0x116/0x1d0 [ 25.337888] ret_from_fork_asm+0x1a/0x30 [ 25.338375] [ 25.338451] Freed by task 308: [ 25.338560] kasan_save_stack+0x45/0x70 [ 25.338919] kasan_save_track+0x18/0x40 [ 25.339334] kasan_save_free_info+0x3f/0x60 [ 25.339741] __kasan_slab_free+0x56/0x70 [ 25.340146] kfree+0x222/0x3f0 [ 25.340439] kasan_strings+0x2aa/0xe80 [ 25.340568] kunit_try_run_case+0x1a5/0x480 [ 25.340952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.341476] kthread+0x337/0x6f0 [ 25.341648] ret_from_fork+0x116/0x1d0 [ 25.341777] ret_from_fork_asm+0x1a/0x30 [ 25.342139] [ 25.342322] The buggy address belongs to the object at ffff8881053b8d40 [ 25.342322] which belongs to the cache kmalloc-32 of size 32 [ 25.343511] The buggy address is located 16 bytes inside of [ 25.343511] freed 32-byte region [ffff8881053b8d40, ffff8881053b8d60) [ 25.344356] [ 25.344498] The buggy address belongs to the physical page: [ 25.344703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b8 [ 25.345480] flags: 0x200000000000000(node=0|zone=2) [ 25.346082] page_type: f5(slab) [ 25.346346] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.346573] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.347272] page dumped because: kasan: bad access detected [ 25.347865] [ 25.348058] Memory state around the buggy address: [ 25.348381] ffff8881053b8c00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.348630] ffff8881053b8c80: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.349320] >ffff8881053b8d00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.349946] ^ [ 25.350419] ffff8881053b8d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.350669] ffff8881053b8e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.350884] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 25.277458] ================================================================== [ 25.277707] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 25.278188] Read of size 1 at addr ffff8881053b8d50 by task kunit_try_catch/308 [ 25.278872] [ 25.279116] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.279182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.279195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.279217] Call Trace: [ 25.279246] <TASK> [ 25.279264] dump_stack_lvl+0x73/0xb0 [ 25.279312] print_report+0xd1/0x610 [ 25.279335] ? __virt_addr_valid+0x1db/0x2d0 [ 25.279358] ? strlen+0x8f/0xb0 [ 25.279390] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.279417] ? strlen+0x8f/0xb0 [ 25.279438] kasan_report+0x141/0x180 [ 25.279459] ? strlen+0x8f/0xb0 [ 25.279484] __asan_report_load1_noabort+0x18/0x20 [ 25.279508] strlen+0x8f/0xb0 [ 25.279530] kasan_strings+0x57b/0xe80 [ 25.279550] ? trace_hardirqs_on+0x37/0xe0 [ 25.279591] ? __pfx_kasan_strings+0x10/0x10 [ 25.279611] ? finish_task_switch.isra.0+0x153/0x700 [ 25.279632] ? __switch_to+0x47/0xf80 [ 25.279657] ? __schedule+0x10c6/0x2b60 [ 25.279679] ? __pfx_read_tsc+0x10/0x10 [ 25.279701] ? ktime_get_ts64+0x86/0x230 [ 25.279726] kunit_try_run_case+0x1a5/0x480 [ 25.279750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.279771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.279794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.279817] ? __kthread_parkme+0x82/0x180 [ 25.279837] ? preempt_count_sub+0x50/0x80 [ 25.279879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.279902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.279929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.279955] kthread+0x337/0x6f0 [ 25.279974] ? trace_preempt_on+0x20/0xc0 [ 25.279996] ? __pfx_kthread+0x10/0x10 [ 25.280016] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.280037] ? calculate_sigpending+0x7b/0xa0 [ 25.280060] ? __pfx_kthread+0x10/0x10 [ 25.280081] ret_from_fork+0x116/0x1d0 [ 25.280099] ? __pfx_kthread+0x10/0x10 [ 25.280120] ret_from_fork_asm+0x1a/0x30 [ 25.280151] </TASK> [ 25.280162] [ 25.293477] Allocated by task 308: [ 25.293869] kasan_save_stack+0x45/0x70 [ 25.294311] kasan_save_track+0x18/0x40 [ 25.294800] kasan_save_alloc_info+0x3b/0x50 [ 25.295372] __kasan_kmalloc+0xb7/0xc0 [ 25.295754] __kmalloc_cache_noprof+0x189/0x420 [ 25.296146] kasan_strings+0xc0/0xe80 [ 25.296522] kunit_try_run_case+0x1a5/0x480 [ 25.296856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.297161] kthread+0x337/0x6f0 [ 25.297275] ret_from_fork+0x116/0x1d0 [ 25.297774] ret_from_fork_asm+0x1a/0x30 [ 25.298230] [ 25.298559] Freed by task 308: [ 25.298694] kasan_save_stack+0x45/0x70 [ 25.299125] kasan_save_track+0x18/0x40 [ 25.299635] kasan_save_free_info+0x3f/0x60 [ 25.300168] __kasan_slab_free+0x56/0x70 [ 25.300332] kfree+0x222/0x3f0 [ 25.300736] kasan_strings+0x2aa/0xe80 [ 25.301215] kunit_try_run_case+0x1a5/0x480 [ 25.301691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.301907] kthread+0x337/0x6f0 [ 25.302485] ret_from_fork+0x116/0x1d0 [ 25.302970] ret_from_fork_asm+0x1a/0x30 [ 25.303124] [ 25.303192] The buggy address belongs to the object at ffff8881053b8d40 [ 25.303192] which belongs to the cache kmalloc-32 of size 32 [ 25.304618] The buggy address is located 16 bytes inside of [ 25.304618] freed 32-byte region [ffff8881053b8d40, ffff8881053b8d60) [ 25.305380] [ 25.305556] The buggy address belongs to the physical page: [ 25.306064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b8 [ 25.306484] flags: 0x200000000000000(node=0|zone=2) [ 25.306712] page_type: f5(slab) [ 25.306854] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.307122] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.307410] page dumped because: kasan: bad access detected [ 25.307603] [ 25.307675] Memory state around the buggy address: [ 25.307861] ffff8881053b8c00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.308111] ffff8881053b8c80: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.309611] >ffff8881053b8d00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.310658] ^ [ 25.311584] ffff8881053b8d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.312549] ffff8881053b8e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.314186] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 25.240624] ================================================================== [ 25.240976] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 25.242224] Read of size 1 at addr ffff8881053b8d50 by task kunit_try_catch/308 [ 25.242475] [ 25.242575] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.242632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.242646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.242669] Call Trace: [ 25.242691] <TASK> [ 25.242711] dump_stack_lvl+0x73/0xb0 [ 25.242745] print_report+0xd1/0x610 [ 25.242770] ? __virt_addr_valid+0x1db/0x2d0 [ 25.242795] ? kasan_strings+0xcbc/0xe80 [ 25.242816] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.242842] ? kasan_strings+0xcbc/0xe80 [ 25.242863] kasan_report+0x141/0x180 [ 25.242885] ? kasan_strings+0xcbc/0xe80 [ 25.242909] __asan_report_load1_noabort+0x18/0x20 [ 25.242934] kasan_strings+0xcbc/0xe80 [ 25.242952] ? trace_hardirqs_on+0x37/0xe0 [ 25.242976] ? __pfx_kasan_strings+0x10/0x10 [ 25.242995] ? finish_task_switch.isra.0+0x153/0x700 [ 25.243017] ? __switch_to+0x47/0xf80 [ 25.243042] ? __schedule+0x10c6/0x2b60 [ 25.243065] ? __pfx_read_tsc+0x10/0x10 [ 25.243090] ? ktime_get_ts64+0x86/0x230 [ 25.243115] kunit_try_run_case+0x1a5/0x480 [ 25.243140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.243161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.243184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.243207] ? __kthread_parkme+0x82/0x180 [ 25.243228] ? preempt_count_sub+0x50/0x80 [ 25.243250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.243272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.243337] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.243364] kthread+0x337/0x6f0 [ 25.243383] ? trace_preempt_on+0x20/0xc0 [ 25.243405] ? __pfx_kthread+0x10/0x10 [ 25.243424] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.243445] ? calculate_sigpending+0x7b/0xa0 [ 25.243469] ? __pfx_kthread+0x10/0x10 [ 25.243489] ret_from_fork+0x116/0x1d0 [ 25.243508] ? __pfx_kthread+0x10/0x10 [ 25.243529] ret_from_fork_asm+0x1a/0x30 [ 25.243575] </TASK> [ 25.243588] [ 25.259905] Allocated by task 308: [ 25.260282] kasan_save_stack+0x45/0x70 [ 25.260436] kasan_save_track+0x18/0x40 [ 25.260570] kasan_save_alloc_info+0x3b/0x50 [ 25.260713] __kasan_kmalloc+0xb7/0xc0 [ 25.260838] __kmalloc_cache_noprof+0x189/0x420 [ 25.260985] kasan_strings+0xc0/0xe80 [ 25.261109] kunit_try_run_case+0x1a5/0x480 [ 25.261251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.261986] kthread+0x337/0x6f0 [ 25.262331] ret_from_fork+0x116/0x1d0 [ 25.262698] ret_from_fork_asm+0x1a/0x30 [ 25.263126] [ 25.263315] Freed by task 308: [ 25.263631] kasan_save_stack+0x45/0x70 [ 25.264059] kasan_save_track+0x18/0x40 [ 25.264418] kasan_save_free_info+0x3f/0x60 [ 25.264677] __kasan_slab_free+0x56/0x70 [ 25.264813] kfree+0x222/0x3f0 [ 25.265292] kasan_strings+0x2aa/0xe80 [ 25.265737] kunit_try_run_case+0x1a5/0x480 [ 25.266186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.266481] kthread+0x337/0x6f0 [ 25.266722] ret_from_fork+0x116/0x1d0 [ 25.267149] ret_from_fork_asm+0x1a/0x30 [ 25.267498] [ 25.267566] The buggy address belongs to the object at ffff8881053b8d40 [ 25.267566] which belongs to the cache kmalloc-32 of size 32 [ 25.268394] The buggy address is located 16 bytes inside of [ 25.268394] freed 32-byte region [ffff8881053b8d40, ffff8881053b8d60) [ 25.268746] [ 25.268894] The buggy address belongs to the physical page: [ 25.269581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b8 [ 25.270370] flags: 0x200000000000000(node=0|zone=2) [ 25.270843] page_type: f5(slab) [ 25.271211] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.271953] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.272388] page dumped because: kasan: bad access detected [ 25.272556] [ 25.272733] Memory state around the buggy address: [ 25.273382] ffff8881053b8c00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.274088] ffff8881053b8c80: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.274319] >ffff8881053b8d00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.274526] ^ [ 25.275122] ffff8881053b8d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.275752] ffff8881053b8e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.276419] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 25.153535] ================================================================== [ 25.154226] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 25.154834] Read of size 1 at addr ffff8881061efc4a by task kunit_try_catch/302 [ 25.155108] [ 25.155702] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.155760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.155774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.155797] Call Trace: [ 25.155809] <TASK> [ 25.155829] dump_stack_lvl+0x73/0xb0 [ 25.155863] print_report+0xd1/0x610 [ 25.155888] ? __virt_addr_valid+0x1db/0x2d0 [ 25.155913] ? kasan_alloca_oob_right+0x329/0x390 [ 25.155936] ? kasan_addr_to_slab+0x11/0xa0 [ 25.156059] ? kasan_alloca_oob_right+0x329/0x390 [ 25.156082] kasan_report+0x141/0x180 [ 25.156104] ? kasan_alloca_oob_right+0x329/0x390 [ 25.156131] __asan_report_load1_noabort+0x18/0x20 [ 25.156155] kasan_alloca_oob_right+0x329/0x390 [ 25.156177] ? update_curr+0x7d/0x7f0 [ 25.156202] ? finish_task_switch.isra.0+0x153/0x700 [ 25.156224] ? down_interruptible+0x1e/0xa0 [ 25.156250] ? trace_hardirqs_on+0x37/0xe0 [ 25.156276] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 25.156315] ? __schedule+0x10c6/0x2b60 [ 25.156337] ? __pfx_read_tsc+0x10/0x10 [ 25.156360] ? ktime_get_ts64+0x86/0x230 [ 25.156385] kunit_try_run_case+0x1a5/0x480 [ 25.156410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.156432] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.156454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.156477] ? __kthread_parkme+0x82/0x180 [ 25.156498] ? preempt_count_sub+0x50/0x80 [ 25.156519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.156542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.156569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.156596] kthread+0x337/0x6f0 [ 25.156615] ? trace_preempt_on+0x20/0xc0 [ 25.156637] ? __pfx_kthread+0x10/0x10 [ 25.156657] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.156677] ? calculate_sigpending+0x7b/0xa0 [ 25.156703] ? __pfx_kthread+0x10/0x10 [ 25.156723] ret_from_fork+0x116/0x1d0 [ 25.156742] ? __pfx_kthread+0x10/0x10 [ 25.156762] ret_from_fork_asm+0x1a/0x30 [ 25.156793] </TASK> [ 25.156804] [ 25.164404] The buggy address belongs to stack of task kunit_try_catch/302 [ 25.164736] [ 25.164823] The buggy address belongs to the physical page: [ 25.165254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061ef [ 25.165648] flags: 0x200000000000000(node=0|zone=2) [ 25.166060] raw: 0200000000000000 ffffea0004187bc8 ffffea0004187bc8 0000000000000000 [ 25.166287] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.166573] page dumped because: kasan: bad access detected [ 25.166836] [ 25.166996] Memory state around the buggy address: [ 25.167265] ffff8881061efb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.167593] ffff8881061efb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.167833] >ffff8881061efc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.168181] ^ [ 25.168386] ffff8881061efc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.168785] ffff8881061efd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.169089] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 25.136220] ================================================================== [ 25.136758] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 25.137341] Read of size 1 at addr ffff8881061e7c3f by task kunit_try_catch/300 [ 25.137748] [ 25.137866] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.137921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.137935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.137957] Call Trace: [ 25.137971] <TASK> [ 25.137989] dump_stack_lvl+0x73/0xb0 [ 25.138023] print_report+0xd1/0x610 [ 25.138049] ? __virt_addr_valid+0x1db/0x2d0 [ 25.138074] ? kasan_alloca_oob_left+0x320/0x380 [ 25.138097] ? kasan_addr_to_slab+0x11/0xa0 [ 25.138117] ? kasan_alloca_oob_left+0x320/0x380 [ 25.138139] kasan_report+0x141/0x180 [ 25.138161] ? kasan_alloca_oob_left+0x320/0x380 [ 25.138188] __asan_report_load1_noabort+0x18/0x20 [ 25.138212] kasan_alloca_oob_left+0x320/0x380 [ 25.138235] ? finish_task_switch.isra.0+0x153/0x700 [ 25.138258] ? down_interruptible+0x1e/0xa0 [ 25.138283] ? trace_hardirqs_on+0x37/0xe0 [ 25.138323] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 25.138347] ? __schedule+0x10c6/0x2b60 [ 25.138369] ? __pfx_read_tsc+0x10/0x10 [ 25.138391] ? ktime_get_ts64+0x86/0x230 [ 25.138418] kunit_try_run_case+0x1a5/0x480 [ 25.138442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.138487] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.138509] ? __kthread_parkme+0x82/0x180 [ 25.138530] ? preempt_count_sub+0x50/0x80 [ 25.138552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.138575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.138602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.138630] kthread+0x337/0x6f0 [ 25.138649] ? trace_preempt_on+0x20/0xc0 [ 25.138686] ? __pfx_kthread+0x10/0x10 [ 25.138706] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.138727] ? calculate_sigpending+0x7b/0xa0 [ 25.138752] ? __pfx_kthread+0x10/0x10 [ 25.138773] ret_from_fork+0x116/0x1d0 [ 25.138792] ? __pfx_kthread+0x10/0x10 [ 25.138812] ret_from_fork_asm+0x1a/0x30 [ 25.138844] </TASK> [ 25.138855] [ 25.146426] The buggy address belongs to stack of task kunit_try_catch/300 [ 25.146706] [ 25.146772] The buggy address belongs to the physical page: [ 25.147062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e7 [ 25.147475] flags: 0x200000000000000(node=0|zone=2) [ 25.147696] raw: 0200000000000000 ffffea00041879c8 ffffea00041879c8 0000000000000000 [ 25.148017] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.148383] page dumped because: kasan: bad access detected [ 25.148636] [ 25.148704] Memory state around the buggy address: [ 25.148938] ffff8881061e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.149256] ffff8881061e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.149571] >ffff8881061e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 25.149803] ^ [ 25.149961] ffff8881061e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 25.150169] ffff8881061e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.150743] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 25.115897] ================================================================== [ 25.116717] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 25.117053] Read of size 1 at addr ffff888106207d02 by task kunit_try_catch/298 [ 25.117443] [ 25.117633] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.117687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.117701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.117723] Call Trace: [ 25.117737] <TASK> [ 25.117758] dump_stack_lvl+0x73/0xb0 [ 25.117791] print_report+0xd1/0x610 [ 25.117816] ? __virt_addr_valid+0x1db/0x2d0 [ 25.117840] ? kasan_stack_oob+0x2b5/0x300 [ 25.117860] ? kasan_addr_to_slab+0x11/0xa0 [ 25.117880] ? kasan_stack_oob+0x2b5/0x300 [ 25.117899] kasan_report+0x141/0x180 [ 25.117922] ? kasan_stack_oob+0x2b5/0x300 [ 25.117947] __asan_report_load1_noabort+0x18/0x20 [ 25.117971] kasan_stack_oob+0x2b5/0x300 [ 25.117991] ? __pfx_kasan_stack_oob+0x10/0x10 [ 25.118012] ? __kasan_check_write+0x18/0x20 [ 25.118035] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.118061] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.118084] ? __pfx_read_tsc+0x10/0x10 [ 25.118107] ? ktime_get_ts64+0x86/0x230 [ 25.118132] kunit_try_run_case+0x1a5/0x480 [ 25.118157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.118179] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.118201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.118224] ? __kthread_parkme+0x82/0x180 [ 25.118244] ? preempt_count_sub+0x50/0x80 [ 25.118267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.118291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.118330] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.118357] kthread+0x337/0x6f0 [ 25.118377] ? trace_preempt_on+0x20/0xc0 [ 25.118403] ? __pfx_kthread+0x10/0x10 [ 25.118423] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.118444] ? calculate_sigpending+0x7b/0xa0 [ 25.118468] ? __pfx_kthread+0x10/0x10 [ 25.118490] ret_from_fork+0x116/0x1d0 [ 25.118509] ? __pfx_kthread+0x10/0x10 [ 25.118530] ret_from_fork_asm+0x1a/0x30 [ 25.118562] </TASK> [ 25.118573] [ 25.125726] The buggy address belongs to stack of task kunit_try_catch/298 [ 25.126107] and is located at offset 138 in frame: [ 25.126403] kasan_stack_oob+0x0/0x300 [ 25.126736] [ 25.126840] This frame has 4 objects: [ 25.127162] [48, 49) '__assertion' [ 25.127189] [64, 72) 'array' [ 25.127326] [96, 112) '__assertion' [ 25.127462] [128, 138) 'stack_array' [ 25.127727] [ 25.127988] The buggy address belongs to the physical page: [ 25.128272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106207 [ 25.128553] flags: 0x200000000000000(node=0|zone=2) [ 25.128728] raw: 0200000000000000 ffffea00041881c8 ffffea00041881c8 0000000000000000 [ 25.128950] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.129570] page dumped because: kasan: bad access detected [ 25.130249] [ 25.130360] Memory state around the buggy address: [ 25.130629] ffff888106207c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.130993] ffff888106207c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 25.131211] >ffff888106207d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.131430] ^ [ 25.131606] ffff888106207d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 25.131926] ffff888106207e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.132242] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 25.091241] ================================================================== [ 25.092152] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 25.092960] Read of size 1 at addr ffffffffb78c4f8d by task kunit_try_catch/294 [ 25.093182] [ 25.093315] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.093373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.093388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.093410] Call Trace: [ 25.093424] <TASK> [ 25.093443] dump_stack_lvl+0x73/0xb0 [ 25.093476] print_report+0xd1/0x610 [ 25.093502] ? __virt_addr_valid+0x1db/0x2d0 [ 25.093527] ? kasan_global_oob_right+0x286/0x2d0 [ 25.093548] ? kasan_addr_to_slab+0x11/0xa0 [ 25.093569] ? kasan_global_oob_right+0x286/0x2d0 [ 25.093599] kasan_report+0x141/0x180 [ 25.093622] ? kasan_global_oob_right+0x286/0x2d0 [ 25.093648] __asan_report_load1_noabort+0x18/0x20 [ 25.093672] kasan_global_oob_right+0x286/0x2d0 [ 25.093693] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 25.093717] ? __schedule+0x10c6/0x2b60 [ 25.093740] ? __pfx_read_tsc+0x10/0x10 [ 25.093762] ? ktime_get_ts64+0x86/0x230 [ 25.093790] kunit_try_run_case+0x1a5/0x480 [ 25.093817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.093840] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.093862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.093884] ? __kthread_parkme+0x82/0x180 [ 25.093905] ? preempt_count_sub+0x50/0x80 [ 25.093928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.093951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.093979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.094006] kthread+0x337/0x6f0 [ 25.094025] ? trace_preempt_on+0x20/0xc0 [ 25.094049] ? __pfx_kthread+0x10/0x10 [ 25.094068] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.094089] ? calculate_sigpending+0x7b/0xa0 [ 25.094114] ? __pfx_kthread+0x10/0x10 [ 25.094135] ret_from_fork+0x116/0x1d0 [ 25.094154] ? __pfx_kthread+0x10/0x10 [ 25.094174] ret_from_fork_asm+0x1a/0x30 [ 25.094206] </TASK> [ 25.094217] [ 25.105158] The buggy address belongs to the variable: [ 25.105660] global_array+0xd/0x40 [ 25.106111] [ 25.106306] The buggy address belongs to the physical page: [ 25.106828] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48ac4 [ 25.107571] flags: 0x100000000002000(reserved|node=0|zone=1) [ 25.108162] raw: 0100000000002000 ffffea000122b108 ffffea000122b108 0000000000000000 [ 25.108474] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.108699] page dumped because: kasan: bad access detected [ 25.108867] [ 25.108931] Memory state around the buggy address: [ 25.109084] ffffffffb78c4e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.109314] ffffffffb78c4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.109704] >ffffffffb78c4f80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 25.110083] ^ [ 25.110221] ffffffffb78c5000: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 25.110548] ffffffffb78c5080: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 25.110846] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 25.059442] ================================================================== [ 25.060687] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.061199] Free of addr ffff88810627c001 by task kunit_try_catch/292 [ 25.061493] [ 25.061886] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.062224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.062239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.062262] Call Trace: [ 25.062277] <TASK> [ 25.062311] dump_stack_lvl+0x73/0xb0 [ 25.062346] print_report+0xd1/0x610 [ 25.062370] ? __virt_addr_valid+0x1db/0x2d0 [ 25.062396] ? kasan_addr_to_slab+0x11/0xa0 [ 25.062416] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062441] kasan_report_invalid_free+0x10a/0x130 [ 25.062465] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062493] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062517] __kasan_mempool_poison_object+0x102/0x1d0 [ 25.062541] mempool_free+0x2ec/0x380 [ 25.062566] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.062600] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.062626] ? dequeue_entities+0x23f/0x1630 [ 25.062651] ? __kasan_check_write+0x18/0x20 [ 25.062674] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.062695] ? finish_task_switch.isra.0+0x153/0x700 [ 25.062721] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 25.062746] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 25.062772] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.062795] ? __pfx_mempool_kfree+0x10/0x10 [ 25.062818] ? __pfx_read_tsc+0x10/0x10 [ 25.062840] ? ktime_get_ts64+0x86/0x230 [ 25.062926] kunit_try_run_case+0x1a5/0x480 [ 25.062958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.062980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.063004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.063027] ? __kthread_parkme+0x82/0x180 [ 25.063048] ? preempt_count_sub+0x50/0x80 [ 25.063070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.063093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.063120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.063147] kthread+0x337/0x6f0 [ 25.063166] ? trace_preempt_on+0x20/0xc0 [ 25.063190] ? __pfx_kthread+0x10/0x10 [ 25.063210] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.063230] ? calculate_sigpending+0x7b/0xa0 [ 25.063255] ? __pfx_kthread+0x10/0x10 [ 25.063275] ret_from_fork+0x116/0x1d0 [ 25.063308] ? __pfx_kthread+0x10/0x10 [ 25.063328] ret_from_fork_asm+0x1a/0x30 [ 25.063360] </TASK> [ 25.063371] [ 25.077664] The buggy address belongs to the physical page: [ 25.078011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10627c [ 25.078374] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.079042] flags: 0x200000000000040(head|node=0|zone=2) [ 25.079484] page_type: f8(unknown) [ 25.079804] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.080505] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.081014] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.081460] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.082016] head: 0200000000000002 ffffea0004189f01 00000000ffffffff 00000000ffffffff [ 25.082592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.083015] page dumped because: kasan: bad access detected [ 25.083435] [ 25.083525] Memory state around the buggy address: [ 25.084223] ffff88810627bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.084843] ffff88810627bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.085334] >ffff88810627c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.085725] ^ [ 25.086103] ffff88810627c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.086405] ffff88810627c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.086844] ================================================================== [ 25.031602] ================================================================== [ 25.032372] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.033146] Free of addr ffff88810611d601 by task kunit_try_catch/290 [ 25.033446] [ 25.033560] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.033803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.033818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.033842] Call Trace: [ 25.033857] <TASK> [ 25.033889] dump_stack_lvl+0x73/0xb0 [ 25.033928] print_report+0xd1/0x610 [ 25.033996] ? __virt_addr_valid+0x1db/0x2d0 [ 25.034023] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.034048] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034074] kasan_report_invalid_free+0x10a/0x130 [ 25.034099] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034125] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034149] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034172] check_slab_allocation+0x11f/0x130 [ 25.034194] __kasan_mempool_poison_object+0x91/0x1d0 [ 25.034219] mempool_free+0x2ec/0x380 [ 25.034248] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 25.034272] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 25.034308] ? dequeue_entities+0x23f/0x1630 [ 25.034332] ? __kasan_check_write+0x18/0x20 [ 25.034356] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.034377] ? finish_task_switch.isra.0+0x153/0x700 [ 25.034404] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.034427] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 25.034453] ? __pfx_mempool_kmalloc+0x10/0x10 [ 25.034475] ? __pfx_mempool_kfree+0x10/0x10 [ 25.034499] ? __pfx_read_tsc+0x10/0x10 [ 25.034524] ? ktime_get_ts64+0x86/0x230 [ 25.034550] kunit_try_run_case+0x1a5/0x480 [ 25.034577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.034623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.034646] ? __kthread_parkme+0x82/0x180 [ 25.034668] ? preempt_count_sub+0x50/0x80 [ 25.034689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.034712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.034738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.034765] kthread+0x337/0x6f0 [ 25.034785] ? trace_preempt_on+0x20/0xc0 [ 25.034808] ? __pfx_kthread+0x10/0x10 [ 25.034828] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.034848] ? calculate_sigpending+0x7b/0xa0 [ 25.034888] ? __pfx_kthread+0x10/0x10 [ 25.034910] ret_from_fork+0x116/0x1d0 [ 25.034930] ? __pfx_kthread+0x10/0x10 [ 25.034950] ret_from_fork_asm+0x1a/0x30 [ 25.034982] </TASK> [ 25.034993] [ 25.045779] Allocated by task 290: [ 25.046113] kasan_save_stack+0x45/0x70 [ 25.046433] kasan_save_track+0x18/0x40 [ 25.046587] kasan_save_alloc_info+0x3b/0x50 [ 25.046817] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 25.047078] remove_element+0x11e/0x190 [ 25.047386] mempool_alloc_preallocated+0x4d/0x90 [ 25.047672] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 25.048067] mempool_kmalloc_invalid_free+0xed/0x140 [ 25.048328] kunit_try_run_case+0x1a5/0x480 [ 25.048562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.048808] kthread+0x337/0x6f0 [ 25.048974] ret_from_fork+0x116/0x1d0 [ 25.049185] ret_from_fork_asm+0x1a/0x30 [ 25.049339] [ 25.049407] The buggy address belongs to the object at ffff88810611d600 [ 25.049407] which belongs to the cache kmalloc-128 of size 128 [ 25.049948] The buggy address is located 1 bytes inside of [ 25.049948] 128-byte region [ffff88810611d600, ffff88810611d680) [ 25.050450] [ 25.050519] The buggy address belongs to the physical page: [ 25.050762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 25.051729] flags: 0x200000000000000(node=0|zone=2) [ 25.052099] page_type: f5(slab) [ 25.052227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.052467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.052758] page dumped because: kasan: bad access detected [ 25.053030] [ 25.053167] Memory state around the buggy address: [ 25.053408] ffff88810611d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.053865] ffff88810611d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.054281] >ffff88810611d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.054633] ^ [ 25.054756] ffff88810611d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.055054] ffff88810611d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.055563] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 24.968036] ================================================================== [ 24.968986] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.969331] Free of addr ffff888106104000 by task kunit_try_catch/286 [ 24.969756] [ 24.970161] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.970227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.970242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.970266] Call Trace: [ 24.970303] <TASK> [ 24.970325] dump_stack_lvl+0x73/0xb0 [ 24.970363] print_report+0xd1/0x610 [ 24.970388] ? __virt_addr_valid+0x1db/0x2d0 [ 24.970415] ? kasan_addr_to_slab+0x11/0xa0 [ 24.970434] ? mempool_double_free_helper+0x184/0x370 [ 24.970459] kasan_report_invalid_free+0x10a/0x130 [ 24.970482] ? mempool_double_free_helper+0x184/0x370 [ 24.970508] ? mempool_double_free_helper+0x184/0x370 [ 24.970531] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 24.970554] mempool_free+0x2ec/0x380 [ 24.970582] mempool_double_free_helper+0x184/0x370 [ 24.970606] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.970668] ? dequeue_entities+0x23f/0x1630 [ 24.970694] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.970716] ? finish_task_switch.isra.0+0x153/0x700 [ 24.970742] mempool_kmalloc_large_double_free+0xed/0x140 [ 24.970766] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 24.970793] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.970814] ? __pfx_mempool_kfree+0x10/0x10 [ 24.970838] ? __pfx_read_tsc+0x10/0x10 [ 24.970861] ? ktime_get_ts64+0x86/0x230 [ 24.970958] kunit_try_run_case+0x1a5/0x480 [ 24.970985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.971008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.971032] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.971055] ? __kthread_parkme+0x82/0x180 [ 24.971077] ? preempt_count_sub+0x50/0x80 [ 24.971098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.971121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.971148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.971174] kthread+0x337/0x6f0 [ 24.971194] ? trace_preempt_on+0x20/0xc0 [ 24.971218] ? __pfx_kthread+0x10/0x10 [ 24.971237] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.971258] ? calculate_sigpending+0x7b/0xa0 [ 24.971283] ? __pfx_kthread+0x10/0x10 [ 24.971316] ret_from_fork+0x116/0x1d0 [ 24.971336] ? __pfx_kthread+0x10/0x10 [ 24.971356] ret_from_fork_asm+0x1a/0x30 [ 24.971388] </TASK> [ 24.971400] [ 24.986455] The buggy address belongs to the physical page: [ 24.986993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106104 [ 24.987467] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.988009] flags: 0x200000000000040(head|node=0|zone=2) [ 24.988251] page_type: f8(unknown) [ 24.988713] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.989316] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.990141] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.990719] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.991255] head: 0200000000000002 ffffea0004184101 00000000ffffffff 00000000ffffffff [ 24.991779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.992269] page dumped because: kasan: bad access detected [ 24.992514] [ 24.992814] Memory state around the buggy address: [ 24.993266] ffff888106103f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.993737] ffff888106103f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.994243] >ffff888106104000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.994543] ^ [ 24.994885] ffff888106104080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.995682] ffff888106104100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.996191] ================================================================== [ 24.924915] ================================================================== [ 24.925345] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 24.925688] Free of addr ffff88810611d200 by task kunit_try_catch/284 [ 24.926136] [ 24.926236] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.926307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.926323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.926347] Call Trace: [ 24.926363] <TASK> [ 24.926383] dump_stack_lvl+0x73/0xb0 [ 24.926416] print_report+0xd1/0x610 [ 24.926442] ? __virt_addr_valid+0x1db/0x2d0 [ 24.926469] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.926497] ? mempool_double_free_helper+0x184/0x370 [ 24.926524] kasan_report_invalid_free+0x10a/0x130 [ 24.926550] ? mempool_double_free_helper+0x184/0x370 [ 24.926578] ? mempool_double_free_helper+0x184/0x370 [ 24.926602] ? mempool_double_free_helper+0x184/0x370 [ 24.926626] check_slab_allocation+0x101/0x130 [ 24.926650] __kasan_mempool_poison_object+0x91/0x1d0 [ 24.926675] mempool_free+0x2ec/0x380 [ 24.926699] ? __wake_up+0x49/0x60 [ 24.926727] mempool_double_free_helper+0x184/0x370 [ 24.926752] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 24.926777] ? dequeue_entities+0x23f/0x1630 [ 24.926804] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.926826] ? finish_task_switch.isra.0+0x153/0x700 [ 24.926853] mempool_kmalloc_double_free+0xed/0x140 [ 24.926958] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 24.926986] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.927009] ? __pfx_mempool_kfree+0x10/0x10 [ 24.927036] ? __pfx_read_tsc+0x10/0x10 [ 24.927061] ? ktime_get_ts64+0x86/0x230 [ 24.927088] kunit_try_run_case+0x1a5/0x480 [ 24.927115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.927139] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.927165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.927188] ? __kthread_parkme+0x82/0x180 [ 24.927210] ? preempt_count_sub+0x50/0x80 [ 24.927234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.927259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.927288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.927327] kthread+0x337/0x6f0 [ 24.927348] ? trace_preempt_on+0x20/0xc0 [ 24.927373] ? __pfx_kthread+0x10/0x10 [ 24.927395] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.927417] ? calculate_sigpending+0x7b/0xa0 [ 24.927443] ? __pfx_kthread+0x10/0x10 [ 24.927466] ret_from_fork+0x116/0x1d0 [ 24.927486] ? __pfx_kthread+0x10/0x10 [ 24.927508] ret_from_fork_asm+0x1a/0x30 [ 24.927543] </TASK> [ 24.927556] [ 24.942128] Allocated by task 284: [ 24.943143] kasan_save_stack+0x45/0x70 [ 24.943346] kasan_save_track+0x18/0x40 [ 24.944144] kasan_save_alloc_info+0x3b/0x50 [ 24.944835] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.945543] remove_element+0x11e/0x190 [ 24.946071] mempool_alloc_preallocated+0x4d/0x90 [ 24.946592] mempool_double_free_helper+0x8a/0x370 [ 24.947281] mempool_kmalloc_double_free+0xed/0x140 [ 24.947473] kunit_try_run_case+0x1a5/0x480 [ 24.947655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.948423] kthread+0x337/0x6f0 [ 24.948898] ret_from_fork+0x116/0x1d0 [ 24.949465] ret_from_fork_asm+0x1a/0x30 [ 24.950134] [ 24.950328] Freed by task 284: [ 24.950452] kasan_save_stack+0x45/0x70 [ 24.950615] kasan_save_track+0x18/0x40 [ 24.951124] kasan_save_free_info+0x3f/0x60 [ 24.951580] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.952162] mempool_free+0x2ec/0x380 [ 24.952375] mempool_double_free_helper+0x109/0x370 [ 24.952539] mempool_kmalloc_double_free+0xed/0x140 [ 24.953027] kunit_try_run_case+0x1a5/0x480 [ 24.953498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954074] kthread+0x337/0x6f0 [ 24.954432] ret_from_fork+0x116/0x1d0 [ 24.954571] ret_from_fork_asm+0x1a/0x30 [ 24.954712] [ 24.954783] The buggy address belongs to the object at ffff88810611d200 [ 24.954783] which belongs to the cache kmalloc-128 of size 128 [ 24.955844] The buggy address is located 0 bytes inside of [ 24.955844] 128-byte region [ffff88810611d200, ffff88810611d280) [ 24.956988] [ 24.957238] The buggy address belongs to the physical page: [ 24.957743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10611d [ 24.958175] flags: 0x200000000000000(node=0|zone=2) [ 24.958680] page_type: f5(slab) [ 24.959085] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.959735] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.959986] page dumped because: kasan: bad access detected [ 24.960159] [ 24.960226] Memory state around the buggy address: [ 24.960615] ffff88810611d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.961391] ffff88810611d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.961904] >ffff88810611d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.962416] ^ [ 24.962543] ffff88810611d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.963394] ffff88810611d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.964128] ================================================================== [ 25.000235] ================================================================== [ 25.000678] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 25.000921] Free of addr ffff888106104000 by task kunit_try_catch/288 [ 25.001112] [ 25.001197] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 25.001249] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.001262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.001285] Call Trace: [ 25.001801] <TASK> [ 25.001831] dump_stack_lvl+0x73/0xb0 [ 25.002133] print_report+0xd1/0x610 [ 25.002161] ? __virt_addr_valid+0x1db/0x2d0 [ 25.002187] ? kasan_addr_to_slab+0x11/0xa0 [ 25.002207] ? mempool_double_free_helper+0x184/0x370 [ 25.002231] kasan_report_invalid_free+0x10a/0x130 [ 25.002255] ? mempool_double_free_helper+0x184/0x370 [ 25.002281] ? mempool_double_free_helper+0x184/0x370 [ 25.002793] __kasan_mempool_poison_pages+0x115/0x130 [ 25.002824] mempool_free+0x290/0x380 [ 25.002982] mempool_double_free_helper+0x184/0x370 [ 25.003009] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 25.003035] ? dequeue_entities+0x23f/0x1630 [ 25.003061] ? __pfx_sched_clock_cpu+0x10/0x10 [ 25.003083] ? finish_task_switch.isra.0+0x153/0x700 [ 25.003107] mempool_page_alloc_double_free+0xe8/0x140 [ 25.003132] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 25.003160] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 25.003183] ? __pfx_mempool_free_pages+0x10/0x10 [ 25.003208] ? __pfx_read_tsc+0x10/0x10 [ 25.003232] ? ktime_get_ts64+0x86/0x230 [ 25.003258] kunit_try_run_case+0x1a5/0x480 [ 25.003283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.003317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.003341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.003363] ? __kthread_parkme+0x82/0x180 [ 25.003383] ? preempt_count_sub+0x50/0x80 [ 25.003405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.003427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.003454] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.003480] kthread+0x337/0x6f0 [ 25.003499] ? trace_preempt_on+0x20/0xc0 [ 25.003523] ? __pfx_kthread+0x10/0x10 [ 25.003542] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.003582] ? calculate_sigpending+0x7b/0xa0 [ 25.003607] ? __pfx_kthread+0x10/0x10 [ 25.003627] ret_from_fork+0x116/0x1d0 [ 25.003647] ? __pfx_kthread+0x10/0x10 [ 25.003666] ret_from_fork_asm+0x1a/0x30 [ 25.003698] </TASK> [ 25.003709] [ 25.020788] The buggy address belongs to the physical page: [ 25.021450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106104 [ 25.021727] flags: 0x200000000000000(node=0|zone=2) [ 25.022183] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 25.023082] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.023828] page dumped because: kasan: bad access detected [ 25.024139] [ 25.024316] Memory state around the buggy address: [ 25.024923] ffff888106103f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.025190] ffff888106103f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.025413] >ffff888106104000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.025739] ^ [ 25.026105] ffff888106104080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.026822] ffff888106104100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.027636] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 24.837855] ================================================================== [ 24.838329] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.838609] Read of size 1 at addr ffff888106100000 by task kunit_try_catch/278 [ 24.838934] [ 24.839353] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.839411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.839426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.839449] Call Trace: [ 24.839464] <TASK> [ 24.839485] dump_stack_lvl+0x73/0xb0 [ 24.839518] print_report+0xd1/0x610 [ 24.839544] ? __virt_addr_valid+0x1db/0x2d0 [ 24.839570] ? mempool_uaf_helper+0x392/0x400 [ 24.839592] ? kasan_addr_to_slab+0x11/0xa0 [ 24.839614] ? mempool_uaf_helper+0x392/0x400 [ 24.839636] kasan_report+0x141/0x180 [ 24.839659] ? mempool_uaf_helper+0x392/0x400 [ 24.839696] __asan_report_load1_noabort+0x18/0x20 [ 24.839721] mempool_uaf_helper+0x392/0x400 [ 24.839744] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.839767] ? update_load_avg+0x1be/0x21b0 [ 24.839793] ? update_curr+0x7d/0x7f0 [ 24.839815] ? finish_task_switch.isra.0+0x153/0x700 [ 24.839842] mempool_kmalloc_large_uaf+0xef/0x140 [ 24.839865] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 24.839892] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.839916] ? __pfx_mempool_kfree+0x10/0x10 [ 24.839941] ? __pfx_read_tsc+0x10/0x10 [ 24.840189] ? ktime_get_ts64+0x86/0x230 [ 24.840218] kunit_try_run_case+0x1a5/0x480 [ 24.840245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.840268] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.840309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.840333] ? __kthread_parkme+0x82/0x180 [ 24.840354] ? preempt_count_sub+0x50/0x80 [ 24.840377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.840401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.840427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.840454] kthread+0x337/0x6f0 [ 24.840474] ? trace_preempt_on+0x20/0xc0 [ 24.840498] ? __pfx_kthread+0x10/0x10 [ 24.840519] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.840540] ? calculate_sigpending+0x7b/0xa0 [ 24.840565] ? __pfx_kthread+0x10/0x10 [ 24.840598] ret_from_fork+0x116/0x1d0 [ 24.840617] ? __pfx_kthread+0x10/0x10 [ 24.840638] ret_from_fork_asm+0x1a/0x30 [ 24.840670] </TASK> [ 24.840682] [ 24.849146] The buggy address belongs to the physical page: [ 24.849419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106100 [ 24.849752] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.850302] flags: 0x200000000000040(head|node=0|zone=2) [ 24.850501] page_type: f8(unknown) [ 24.850757] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.851052] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.851366] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.851609] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.851841] head: 0200000000000002 ffffea0004184001 00000000ffffffff 00000000ffffffff [ 24.852161] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.852897] page dumped because: kasan: bad access detected [ 24.853164] [ 24.853255] Memory state around the buggy address: [ 24.853488] ffff8881060fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.853851] ffff8881060fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.854189] >ffff888106100000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.854443] ^ [ 24.854560] ffff888106100080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.854917] ffff888106100100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.855245] ================================================================== [ 24.896617] ================================================================== [ 24.897460] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.897727] Read of size 1 at addr ffff888106278000 by task kunit_try_catch/282 [ 24.897948] [ 24.898039] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.898096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.898110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.898133] Call Trace: [ 24.898149] <TASK> [ 24.898170] dump_stack_lvl+0x73/0xb0 [ 24.898204] print_report+0xd1/0x610 [ 24.898228] ? __virt_addr_valid+0x1db/0x2d0 [ 24.898255] ? mempool_uaf_helper+0x392/0x400 [ 24.898277] ? kasan_addr_to_slab+0x11/0xa0 [ 24.898342] ? mempool_uaf_helper+0x392/0x400 [ 24.898365] kasan_report+0x141/0x180 [ 24.898388] ? mempool_uaf_helper+0x392/0x400 [ 24.898414] __asan_report_load1_noabort+0x18/0x20 [ 24.898439] mempool_uaf_helper+0x392/0x400 [ 24.898461] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.898484] ? dequeue_entities+0x23f/0x1630 [ 24.898610] ? __kasan_check_write+0x18/0x20 [ 24.898695] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.898720] ? finish_task_switch.isra.0+0x153/0x700 [ 24.898784] mempool_page_alloc_uaf+0xed/0x140 [ 24.898809] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 24.898835] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 24.898879] ? __pfx_mempool_free_pages+0x10/0x10 [ 24.898904] ? __pfx_read_tsc+0x10/0x10 [ 24.898928] ? ktime_get_ts64+0x86/0x230 [ 24.898954] kunit_try_run_case+0x1a5/0x480 [ 24.898981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.899003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.899028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.899052] ? __kthread_parkme+0x82/0x180 [ 24.899075] ? preempt_count_sub+0x50/0x80 [ 24.899097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.899120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.899146] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.899173] kthread+0x337/0x6f0 [ 24.899192] ? trace_preempt_on+0x20/0xc0 [ 24.899217] ? __pfx_kthread+0x10/0x10 [ 24.899237] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.899258] ? calculate_sigpending+0x7b/0xa0 [ 24.899282] ? __pfx_kthread+0x10/0x10 [ 24.899317] ret_from_fork+0x116/0x1d0 [ 24.899336] ? __pfx_kthread+0x10/0x10 [ 24.899357] ret_from_fork_asm+0x1a/0x30 [ 24.899390] </TASK> [ 24.899404] [ 24.914470] The buggy address belongs to the physical page: [ 24.915122] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106278 [ 24.915621] flags: 0x200000000000000(node=0|zone=2) [ 24.916118] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 24.916455] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.917067] page dumped because: kasan: bad access detected [ 24.917497] [ 24.917737] Memory state around the buggy address: [ 24.918313] ffff888106277f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.918755] ffff888106277f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.919243] >ffff888106278000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.919550] ^ [ 24.919861] ffff888106278080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.920415] ffff888106278100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.920818] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 24.862562] ================================================================== [ 24.863244] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.863564] Read of size 1 at addr ffff888106090240 by task kunit_try_catch/280 [ 24.863878] [ 24.863979] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.864033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.864046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.864068] Call Trace: [ 24.864082] <TASK> [ 24.864101] dump_stack_lvl+0x73/0xb0 [ 24.864135] print_report+0xd1/0x610 [ 24.864160] ? __virt_addr_valid+0x1db/0x2d0 [ 24.864186] ? mempool_uaf_helper+0x392/0x400 [ 24.864208] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.864235] ? mempool_uaf_helper+0x392/0x400 [ 24.864257] kasan_report+0x141/0x180 [ 24.864279] ? mempool_uaf_helper+0x392/0x400 [ 24.864318] __asan_report_load1_noabort+0x18/0x20 [ 24.864343] mempool_uaf_helper+0x392/0x400 [ 24.864366] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.864390] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.864413] ? finish_task_switch.isra.0+0x153/0x700 [ 24.864441] mempool_slab_uaf+0xea/0x140 [ 24.864464] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 24.864490] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.864515] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.864541] ? __pfx_read_tsc+0x10/0x10 [ 24.864564] ? ktime_get_ts64+0x86/0x230 [ 24.864591] kunit_try_run_case+0x1a5/0x480 [ 24.864617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.864639] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.864664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.864687] ? __kthread_parkme+0x82/0x180 [ 24.864709] ? preempt_count_sub+0x50/0x80 [ 24.864732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.864768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.864794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.864821] kthread+0x337/0x6f0 [ 24.864840] ? trace_preempt_on+0x20/0xc0 [ 24.864865] ? __pfx_kthread+0x10/0x10 [ 24.864886] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.864907] ? calculate_sigpending+0x7b/0xa0 [ 24.864932] ? __pfx_kthread+0x10/0x10 [ 24.864952] ret_from_fork+0x116/0x1d0 [ 24.864972] ? __pfx_kthread+0x10/0x10 [ 24.864993] ret_from_fork_asm+0x1a/0x30 [ 24.865026] </TASK> [ 24.865037] [ 24.872426] Allocated by task 280: [ 24.872553] kasan_save_stack+0x45/0x70 [ 24.872761] kasan_save_track+0x18/0x40 [ 24.872951] kasan_save_alloc_info+0x3b/0x50 [ 24.873157] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.873414] remove_element+0x11e/0x190 [ 24.873567] mempool_alloc_preallocated+0x4d/0x90 [ 24.873785] mempool_uaf_helper+0x96/0x400 [ 24.873922] mempool_slab_uaf+0xea/0x140 [ 24.874053] kunit_try_run_case+0x1a5/0x480 [ 24.874235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.874447] kthread+0x337/0x6f0 [ 24.874623] ret_from_fork+0x116/0x1d0 [ 24.874781] ret_from_fork_asm+0x1a/0x30 [ 24.874971] [ 24.875054] Freed by task 280: [ 24.875191] kasan_save_stack+0x45/0x70 [ 24.875362] kasan_save_track+0x18/0x40 [ 24.875531] kasan_save_free_info+0x3f/0x60 [ 24.875706] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.875870] mempool_free+0x2ec/0x380 [ 24.875996] mempool_uaf_helper+0x11a/0x400 [ 24.876132] mempool_slab_uaf+0xea/0x140 [ 24.876262] kunit_try_run_case+0x1a5/0x480 [ 24.876438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.876686] kthread+0x337/0x6f0 [ 24.876849] ret_from_fork+0x116/0x1d0 [ 24.877028] ret_from_fork_asm+0x1a/0x30 [ 24.877391] [ 24.877479] The buggy address belongs to the object at ffff888106090240 [ 24.877479] which belongs to the cache test_cache of size 123 [ 24.878012] The buggy address is located 0 bytes inside of [ 24.878012] freed 123-byte region [ffff888106090240, ffff8881060902bb) [ 24.878365] [ 24.878434] The buggy address belongs to the physical page: [ 24.878681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106090 [ 24.879040] flags: 0x200000000000000(node=0|zone=2) [ 24.879277] page_type: f5(slab) [ 24.879458] raw: 0200000000000000 ffff888106085500 dead000000000122 0000000000000000 [ 24.880107] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.880454] page dumped because: kasan: bad access detected [ 24.880681] [ 24.880772] Memory state around the buggy address: [ 24.880957] ffff888106090100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.881168] ffff888106090180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.881469] >ffff888106090200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.882086] ^ [ 24.882346] ffff888106090280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.882654] ffff888106090300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.882871] ================================================================== [ 24.810861] ================================================================== [ 24.811375] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 24.811895] Read of size 1 at addr ffff888104a24d00 by task kunit_try_catch/276 [ 24.812170] [ 24.812259] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.812327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.812340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.812362] Call Trace: [ 24.812377] <TASK> [ 24.812398] dump_stack_lvl+0x73/0xb0 [ 24.812431] print_report+0xd1/0x610 [ 24.812457] ? __virt_addr_valid+0x1db/0x2d0 [ 24.812482] ? mempool_uaf_helper+0x392/0x400 [ 24.812505] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.812532] ? mempool_uaf_helper+0x392/0x400 [ 24.812554] kasan_report+0x141/0x180 [ 24.812577] ? mempool_uaf_helper+0x392/0x400 [ 24.812632] __asan_report_load1_noabort+0x18/0x20 [ 24.812658] mempool_uaf_helper+0x392/0x400 [ 24.812680] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 24.812706] ? finish_task_switch.isra.0+0x153/0x700 [ 24.812734] mempool_kmalloc_uaf+0xef/0x140 [ 24.812756] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 24.812782] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.812808] ? __pfx_mempool_kfree+0x10/0x10 [ 24.812833] ? __pfx_read_tsc+0x10/0x10 [ 24.812856] ? ktime_get_ts64+0x86/0x230 [ 24.812885] kunit_try_run_case+0x1a5/0x480 [ 24.812911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.812934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.812958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.812982] ? __kthread_parkme+0x82/0x180 [ 24.813006] ? preempt_count_sub+0x50/0x80 [ 24.813029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.813055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.813111] kthread+0x337/0x6f0 [ 24.813131] ? trace_preempt_on+0x20/0xc0 [ 24.813157] ? __pfx_kthread+0x10/0x10 [ 24.813178] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.813199] ? calculate_sigpending+0x7b/0xa0 [ 24.813225] ? __pfx_kthread+0x10/0x10 [ 24.813246] ret_from_fork+0x116/0x1d0 [ 24.813266] ? __pfx_kthread+0x10/0x10 [ 24.813287] ret_from_fork_asm+0x1a/0x30 [ 24.813330] </TASK> [ 24.813342] [ 24.821714] Allocated by task 276: [ 24.821978] kasan_save_stack+0x45/0x70 [ 24.822251] kasan_save_track+0x18/0x40 [ 24.822474] kasan_save_alloc_info+0x3b/0x50 [ 24.822778] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.822963] remove_element+0x11e/0x190 [ 24.823101] mempool_alloc_preallocated+0x4d/0x90 [ 24.823439] mempool_uaf_helper+0x96/0x400 [ 24.823608] mempool_kmalloc_uaf+0xef/0x140 [ 24.823757] kunit_try_run_case+0x1a5/0x480 [ 24.824078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.824390] kthread+0x337/0x6f0 [ 24.824535] ret_from_fork+0x116/0x1d0 [ 24.824665] ret_from_fork_asm+0x1a/0x30 [ 24.824937] [ 24.825098] Freed by task 276: [ 24.825425] kasan_save_stack+0x45/0x70 [ 24.825579] kasan_save_track+0x18/0x40 [ 24.825717] kasan_save_free_info+0x3f/0x60 [ 24.825857] __kasan_mempool_poison_object+0x131/0x1d0 [ 24.826018] mempool_free+0x2ec/0x380 [ 24.826151] mempool_uaf_helper+0x11a/0x400 [ 24.826435] mempool_kmalloc_uaf+0xef/0x140 [ 24.826635] kunit_try_run_case+0x1a5/0x480 [ 24.826833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.827080] kthread+0x337/0x6f0 [ 24.827319] ret_from_fork+0x116/0x1d0 [ 24.827635] ret_from_fork_asm+0x1a/0x30 [ 24.827778] [ 24.827845] The buggy address belongs to the object at ffff888104a24d00 [ 24.827845] which belongs to the cache kmalloc-128 of size 128 [ 24.828392] The buggy address is located 0 bytes inside of [ 24.828392] freed 128-byte region [ffff888104a24d00, ffff888104a24d80) [ 24.828965] [ 24.829040] The buggy address belongs to the physical page: [ 24.829276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 24.829590] flags: 0x200000000000000(node=0|zone=2) [ 24.829824] page_type: f5(slab) [ 24.829973] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.830197] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.830492] page dumped because: kasan: bad access detected [ 24.830945] [ 24.831282] Memory state around the buggy address: [ 24.831517] ffff888104a24c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.831851] ffff888104a24c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.832125] >ffff888104a24d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.832449] ^ [ 24.832605] ffff888104a24d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.832872] ffff888104a24e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.833321] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 24.753112] ================================================================== [ 24.753666] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.754227] Read of size 1 at addr ffff8881060fe001 by task kunit_try_catch/272 [ 24.754739] [ 24.754864] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.754923] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.754937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.754960] Call Trace: [ 24.754977] <TASK> [ 24.755000] dump_stack_lvl+0x73/0xb0 [ 24.755039] print_report+0xd1/0x610 [ 24.755066] ? __virt_addr_valid+0x1db/0x2d0 [ 24.755096] ? mempool_oob_right_helper+0x318/0x380 [ 24.755123] ? kasan_addr_to_slab+0x11/0xa0 [ 24.755146] ? mempool_oob_right_helper+0x318/0x380 [ 24.755171] kasan_report+0x141/0x180 [ 24.755194] ? mempool_oob_right_helper+0x318/0x380 [ 24.755224] __asan_report_load1_noabort+0x18/0x20 [ 24.755249] mempool_oob_right_helper+0x318/0x380 [ 24.755275] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.755315] ? dequeue_entities+0x23f/0x1630 [ 24.755344] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.755369] ? finish_task_switch.isra.0+0x153/0x700 [ 24.755397] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 24.755424] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 24.755455] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.755483] ? __pfx_mempool_kfree+0x10/0x10 [ 24.755510] ? __pfx_read_tsc+0x10/0x10 [ 24.755537] ? ktime_get_ts64+0x86/0x230 [ 24.755565] kunit_try_run_case+0x1a5/0x480 [ 24.755605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.755628] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.755655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.755681] ? __kthread_parkme+0x82/0x180 [ 24.755705] ? preempt_count_sub+0x50/0x80 [ 24.755730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.755756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.755785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.755813] kthread+0x337/0x6f0 [ 24.755834] ? trace_preempt_on+0x20/0xc0 [ 24.755862] ? __pfx_kthread+0x10/0x10 [ 24.755884] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.755908] ? calculate_sigpending+0x7b/0xa0 [ 24.755935] ? __pfx_kthread+0x10/0x10 [ 24.755958] ret_from_fork+0x116/0x1d0 [ 24.755980] ? __pfx_kthread+0x10/0x10 [ 24.756002] ret_from_fork_asm+0x1a/0x30 [ 24.756038] </TASK> [ 24.756051] [ 24.764438] The buggy address belongs to the physical page: [ 24.764835] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060fc [ 24.765265] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.765642] flags: 0x200000000000040(head|node=0|zone=2) [ 24.765869] page_type: f8(unknown) [ 24.766040] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.766356] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.766719] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.766946] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.767171] head: 0200000000000002 ffffea0004183f01 00000000ffffffff 00000000ffffffff [ 24.767509] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.767840] page dumped because: kasan: bad access detected [ 24.768095] [ 24.768184] Memory state around the buggy address: [ 24.768414] ffff8881060fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.768759] ffff8881060fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.769170] >ffff8881060fe000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.769462] ^ [ 24.769592] ffff8881060fe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.769980] ffff8881060fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.770254] ================================================================== [ 24.775519] ================================================================== [ 24.776021] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.776367] Read of size 1 at addr ffff8881053b82bb by task kunit_try_catch/274 [ 24.776762] [ 24.776886] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.776941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.776954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.776977] Call Trace: [ 24.776993] <TASK> [ 24.777013] dump_stack_lvl+0x73/0xb0 [ 24.777045] print_report+0xd1/0x610 [ 24.777069] ? __virt_addr_valid+0x1db/0x2d0 [ 24.777095] ? mempool_oob_right_helper+0x318/0x380 [ 24.777118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.777144] ? mempool_oob_right_helper+0x318/0x380 [ 24.777167] kasan_report+0x141/0x180 [ 24.777188] ? mempool_oob_right_helper+0x318/0x380 [ 24.777217] __asan_report_load1_noabort+0x18/0x20 [ 24.777240] mempool_oob_right_helper+0x318/0x380 [ 24.777264] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.777300] ? __pfx_sched_clock_cpu+0x10/0x10 [ 24.777323] ? finish_task_switch.isra.0+0x153/0x700 [ 24.777347] mempool_slab_oob_right+0xed/0x140 [ 24.777371] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 24.777396] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 24.777421] ? __pfx_mempool_free_slab+0x10/0x10 [ 24.777447] ? __pfx_read_tsc+0x10/0x10 [ 24.777469] ? ktime_get_ts64+0x86/0x230 [ 24.777494] kunit_try_run_case+0x1a5/0x480 [ 24.777519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.777541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.777565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.777594] ? __kthread_parkme+0x82/0x180 [ 24.777615] ? preempt_count_sub+0x50/0x80 [ 24.777636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.777661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.777688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.777714] kthread+0x337/0x6f0 [ 24.777743] ? trace_preempt_on+0x20/0xc0 [ 24.777768] ? __pfx_kthread+0x10/0x10 [ 24.777788] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.777808] ? calculate_sigpending+0x7b/0xa0 [ 24.777833] ? __pfx_kthread+0x10/0x10 [ 24.777855] ret_from_fork+0x116/0x1d0 [ 24.777894] ? __pfx_kthread+0x10/0x10 [ 24.777915] ret_from_fork_asm+0x1a/0x30 [ 24.777947] </TASK> [ 24.777958] [ 24.785947] Allocated by task 274: [ 24.786144] kasan_save_stack+0x45/0x70 [ 24.786341] kasan_save_track+0x18/0x40 [ 24.786492] kasan_save_alloc_info+0x3b/0x50 [ 24.786698] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 24.786866] remove_element+0x11e/0x190 [ 24.786998] mempool_alloc_preallocated+0x4d/0x90 [ 24.787274] mempool_oob_right_helper+0x8a/0x380 [ 24.787505] mempool_slab_oob_right+0xed/0x140 [ 24.787792] kunit_try_run_case+0x1a5/0x480 [ 24.787934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.788105] kthread+0x337/0x6f0 [ 24.788220] ret_from_fork+0x116/0x1d0 [ 24.788356] ret_from_fork_asm+0x1a/0x30 [ 24.788529] [ 24.788617] The buggy address belongs to the object at ffff8881053b8240 [ 24.788617] which belongs to the cache test_cache of size 123 [ 24.789137] The buggy address is located 0 bytes to the right of [ 24.789137] allocated 123-byte region [ffff8881053b8240, ffff8881053b82bb) [ 24.789848] [ 24.792296] The buggy address belongs to the physical page: [ 24.792520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b8 [ 24.792868] flags: 0x200000000000000(node=0|zone=2) [ 24.793066] page_type: f5(slab) [ 24.793224] raw: 0200000000000000 ffff888101a65dc0 dead000000000122 0000000000000000 [ 24.793528] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 24.794134] page dumped because: kasan: bad access detected [ 24.794380] [ 24.794446] Memory state around the buggy address: [ 24.794680] ffff8881053b8180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.794976] ffff8881053b8200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.795250] >ffff8881053b8280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 24.795545] ^ [ 24.795871] ffff8881053b8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796255] ffff8881053b8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796561] ================================================================== [ 24.724658] ================================================================== [ 24.725237] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 24.725576] Read of size 1 at addr ffff88810539fe73 by task kunit_try_catch/270 [ 24.726414] [ 24.726525] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.726586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.726600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.726624] Call Trace: [ 24.726639] <TASK> [ 24.726662] dump_stack_lvl+0x73/0xb0 [ 24.726698] print_report+0xd1/0x610 [ 24.726723] ? __virt_addr_valid+0x1db/0x2d0 [ 24.726750] ? mempool_oob_right_helper+0x318/0x380 [ 24.726772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.726798] ? mempool_oob_right_helper+0x318/0x380 [ 24.726821] kasan_report+0x141/0x180 [ 24.726843] ? mempool_oob_right_helper+0x318/0x380 [ 24.726870] __asan_report_load1_noabort+0x18/0x20 [ 24.726894] mempool_oob_right_helper+0x318/0x380 [ 24.726918] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 24.726945] ? finish_task_switch.isra.0+0x153/0x700 [ 24.726971] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.726994] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 24.727020] ? __pfx_mempool_kmalloc+0x10/0x10 [ 24.727047] ? __pfx_mempool_kfree+0x10/0x10 [ 24.727072] ? __pfx_read_tsc+0x10/0x10 [ 24.727094] ? ktime_get_ts64+0x86/0x230 [ 24.727120] kunit_try_run_case+0x1a5/0x480 [ 24.727147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.727192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.727214] ? __kthread_parkme+0x82/0x180 [ 24.727235] ? preempt_count_sub+0x50/0x80 [ 24.727257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.727279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.727515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.727550] kthread+0x337/0x6f0 [ 24.727573] ? trace_preempt_on+0x20/0xc0 [ 24.727598] ? __pfx_kthread+0x10/0x10 [ 24.727618] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.727639] ? calculate_sigpending+0x7b/0xa0 [ 24.727665] ? __pfx_kthread+0x10/0x10 [ 24.727687] ret_from_fork+0x116/0x1d0 [ 24.727707] ? __pfx_kthread+0x10/0x10 [ 24.727727] ret_from_fork_asm+0x1a/0x30 [ 24.727760] </TASK> [ 24.727772] [ 24.738753] Allocated by task 270: [ 24.738954] kasan_save_stack+0x45/0x70 [ 24.739278] kasan_save_track+0x18/0x40 [ 24.739467] kasan_save_alloc_info+0x3b/0x50 [ 24.739701] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 24.740232] remove_element+0x11e/0x190 [ 24.740397] mempool_alloc_preallocated+0x4d/0x90 [ 24.740556] mempool_oob_right_helper+0x8a/0x380 [ 24.740879] mempool_kmalloc_oob_right+0xf2/0x150 [ 24.741191] kunit_try_run_case+0x1a5/0x480 [ 24.741428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.741784] kthread+0x337/0x6f0 [ 24.742081] ret_from_fork+0x116/0x1d0 [ 24.742280] ret_from_fork_asm+0x1a/0x30 [ 24.742472] [ 24.742566] The buggy address belongs to the object at ffff88810539fe00 [ 24.742566] which belongs to the cache kmalloc-128 of size 128 [ 24.742968] The buggy address is located 0 bytes to the right of [ 24.742968] allocated 115-byte region [ffff88810539fe00, ffff88810539fe73) [ 24.743785] [ 24.743939] The buggy address belongs to the physical page: [ 24.744158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 24.744727] flags: 0x200000000000000(node=0|zone=2) [ 24.745048] page_type: f5(slab) [ 24.745244] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.745565] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.745863] page dumped because: kasan: bad access detected [ 24.746027] [ 24.746185] Memory state around the buggy address: [ 24.746456] ffff88810539fd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.746793] ffff88810539fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.747180] >ffff88810539fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.747422] ^ [ 24.747862] ffff88810539fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.748363] ffff88810539ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.748763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 24.146167] ================================================================== [ 24.147600] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 24.148164] Read of size 1 at addr ffff888101a65b40 by task kunit_try_catch/264 [ 24.148461] [ 24.148581] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.148638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.148651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.148674] Call Trace: [ 24.148688] <TASK> [ 24.148709] dump_stack_lvl+0x73/0xb0 [ 24.148743] print_report+0xd1/0x610 [ 24.148766] ? __virt_addr_valid+0x1db/0x2d0 [ 24.148793] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.148816] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.148843] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.148945] kasan_report+0x141/0x180 [ 24.148971] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.149013] ? kmem_cache_double_destroy+0x1bf/0x380 [ 24.149038] __kasan_check_byte+0x3d/0x50 [ 24.149060] kmem_cache_destroy+0x25/0x1d0 [ 24.149099] kmem_cache_double_destroy+0x1bf/0x380 [ 24.149123] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 24.149146] ? finish_task_switch.isra.0+0x153/0x700 [ 24.149181] ? __switch_to+0x47/0xf80 [ 24.149212] ? __pfx_read_tsc+0x10/0x10 [ 24.149234] ? ktime_get_ts64+0x86/0x230 [ 24.149265] kunit_try_run_case+0x1a5/0x480 [ 24.149299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.149321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.149347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.149370] ? __kthread_parkme+0x82/0x180 [ 24.149390] ? preempt_count_sub+0x50/0x80 [ 24.149412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.149436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.149462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.149488] kthread+0x337/0x6f0 [ 24.149508] ? trace_preempt_on+0x20/0xc0 [ 24.149531] ? __pfx_kthread+0x10/0x10 [ 24.149552] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.149596] ? calculate_sigpending+0x7b/0xa0 [ 24.149621] ? __pfx_kthread+0x10/0x10 [ 24.149642] ret_from_fork+0x116/0x1d0 [ 24.149662] ? __pfx_kthread+0x10/0x10 [ 24.149682] ret_from_fork_asm+0x1a/0x30 [ 24.149713] </TASK> [ 24.149725] [ 24.162366] Allocated by task 264: [ 24.162506] kasan_save_stack+0x45/0x70 [ 24.162906] kasan_save_track+0x18/0x40 [ 24.163377] kasan_save_alloc_info+0x3b/0x50 [ 24.164437] __kasan_slab_alloc+0x91/0xa0 [ 24.165140] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.165416] __kmem_cache_create_args+0x169/0x240 [ 24.165760] kmem_cache_double_destroy+0xd5/0x380 [ 24.165913] kunit_try_run_case+0x1a5/0x480 [ 24.166053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.166958] kthread+0x337/0x6f0 [ 24.167369] ret_from_fork+0x116/0x1d0 [ 24.167730] ret_from_fork_asm+0x1a/0x30 [ 24.168174] [ 24.168269] Freed by task 264: [ 24.168397] kasan_save_stack+0x45/0x70 [ 24.168586] kasan_save_track+0x18/0x40 [ 24.168750] kasan_save_free_info+0x3f/0x60 [ 24.168949] __kasan_slab_free+0x56/0x70 [ 24.169202] kmem_cache_free+0x249/0x420 [ 24.169380] slab_kmem_cache_release+0x2e/0x40 [ 24.169600] kmem_cache_release+0x16/0x20 [ 24.169779] kobject_put+0x181/0x450 [ 24.169904] sysfs_slab_release+0x16/0x20 [ 24.170164] kmem_cache_destroy+0xf0/0x1d0 [ 24.170385] kmem_cache_double_destroy+0x14e/0x380 [ 24.170556] kunit_try_run_case+0x1a5/0x480 [ 24.170767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.171088] kthread+0x337/0x6f0 [ 24.171232] ret_from_fork+0x116/0x1d0 [ 24.171384] ret_from_fork_asm+0x1a/0x30 [ 24.171515] [ 24.171581] The buggy address belongs to the object at ffff888101a65b40 [ 24.171581] which belongs to the cache kmem_cache of size 208 [ 24.172230] The buggy address is located 0 bytes inside of [ 24.172230] freed 208-byte region [ffff888101a65b40, ffff888101a65c10) [ 24.172911] [ 24.173010] The buggy address belongs to the physical page: [ 24.173223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a65 [ 24.173655] flags: 0x200000000000000(node=0|zone=2) [ 24.173848] page_type: f5(slab) [ 24.174023] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 24.174404] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 24.174708] page dumped because: kasan: bad access detected [ 24.174874] [ 24.174937] Memory state around the buggy address: [ 24.175160] ffff888101a65a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.175554] ffff888101a65a80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 24.175940] >ffff888101a65b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 24.176159] ^ [ 24.176553] ffff888101a65b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.176863] ffff888101a65c00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177159] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 24.092059] ================================================================== [ 24.092581] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.093004] Read of size 1 at addr ffff88810608a000 by task kunit_try_catch/262 [ 24.093691] [ 24.093800] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.093858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.093870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.093893] Call Trace: [ 24.093908] <TASK> [ 24.093927] dump_stack_lvl+0x73/0xb0 [ 24.093962] print_report+0xd1/0x610 [ 24.093986] ? __virt_addr_valid+0x1db/0x2d0 [ 24.094297] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.094322] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.094349] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.094372] kasan_report+0x141/0x180 [ 24.094394] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.094422] __asan_report_load1_noabort+0x18/0x20 [ 24.094446] kmem_cache_rcu_uaf+0x3e3/0x510 [ 24.094472] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 24.094495] ? finish_task_switch.isra.0+0x153/0x700 [ 24.094518] ? __switch_to+0x47/0xf80 [ 24.094548] ? __pfx_read_tsc+0x10/0x10 [ 24.094585] ? ktime_get_ts64+0x86/0x230 [ 24.094611] kunit_try_run_case+0x1a5/0x480 [ 24.094637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.094659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.094684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.094706] ? __kthread_parkme+0x82/0x180 [ 24.094728] ? preempt_count_sub+0x50/0x80 [ 24.094749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.094772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.094800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.094826] kthread+0x337/0x6f0 [ 24.094845] ? trace_preempt_on+0x20/0xc0 [ 24.094898] ? __pfx_kthread+0x10/0x10 [ 24.094918] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.094939] ? calculate_sigpending+0x7b/0xa0 [ 24.094965] ? __pfx_kthread+0x10/0x10 [ 24.094986] ret_from_fork+0x116/0x1d0 [ 24.095006] ? __pfx_kthread+0x10/0x10 [ 24.095026] ret_from_fork_asm+0x1a/0x30 [ 24.095059] </TASK> [ 24.095071] [ 24.104844] Allocated by task 262: [ 24.105355] kasan_save_stack+0x45/0x70 [ 24.105536] kasan_save_track+0x18/0x40 [ 24.105761] kasan_save_alloc_info+0x3b/0x50 [ 24.106152] __kasan_slab_alloc+0x91/0xa0 [ 24.106368] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.106571] kmem_cache_rcu_uaf+0x155/0x510 [ 24.106782] kunit_try_run_case+0x1a5/0x480 [ 24.107266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.107499] kthread+0x337/0x6f0 [ 24.107783] ret_from_fork+0x116/0x1d0 [ 24.107977] ret_from_fork_asm+0x1a/0x30 [ 24.108477] [ 24.108564] Freed by task 0: [ 24.108733] kasan_save_stack+0x45/0x70 [ 24.108907] kasan_save_track+0x18/0x40 [ 24.109390] kasan_save_free_info+0x3f/0x60 [ 24.109579] __kasan_slab_free+0x56/0x70 [ 24.109777] slab_free_after_rcu_debug+0xe4/0x310 [ 24.109981] rcu_core+0x66f/0x1c40 [ 24.110379] rcu_core_si+0x12/0x20 [ 24.110534] handle_softirqs+0x209/0x730 [ 24.110867] __irq_exit_rcu+0xc9/0x110 [ 24.111172] irq_exit_rcu+0x12/0x20 [ 24.111375] sysvec_apic_timer_interrupt+0x81/0x90 [ 24.111573] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 24.111956] [ 24.112054] Last potentially related work creation: [ 24.112245] kasan_save_stack+0x45/0x70 [ 24.112435] kasan_record_aux_stack+0xb2/0xc0 [ 24.113046] kmem_cache_free+0x131/0x420 [ 24.113203] kmem_cache_rcu_uaf+0x194/0x510 [ 24.113584] kunit_try_run_case+0x1a5/0x480 [ 24.113767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.114184] kthread+0x337/0x6f0 [ 24.114358] ret_from_fork+0x116/0x1d0 [ 24.114703] ret_from_fork_asm+0x1a/0x30 [ 24.115004] [ 24.115089] The buggy address belongs to the object at ffff88810608a000 [ 24.115089] which belongs to the cache test_cache of size 200 [ 24.115845] The buggy address is located 0 bytes inside of [ 24.115845] freed 200-byte region [ffff88810608a000, ffff88810608a0c8) [ 24.116490] [ 24.116733] The buggy address belongs to the physical page: [ 24.116951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10608a [ 24.117327] flags: 0x200000000000000(node=0|zone=2) [ 24.117575] page_type: f5(slab) [ 24.117732] raw: 0200000000000000 ffff888106085280 dead000000000122 0000000000000000 [ 24.118483] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.118983] page dumped because: kasan: bad access detected [ 24.119249] [ 24.119352] Memory state around the buggy address: [ 24.119768] ffff888106089f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.120241] ffff888106089f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.120637] >ffff88810608a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.120918] ^ [ 24.121292] ffff88810608a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.121721] ffff88810608a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.122159] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 24.032429] ================================================================== [ 24.033029] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 24.033436] Free of addr ffff888106089001 by task kunit_try_catch/260 [ 24.033725] [ 24.033820] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 24.033874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.033886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.033908] Call Trace: [ 24.033922] <TASK> [ 24.033942] dump_stack_lvl+0x73/0xb0 [ 24.033975] print_report+0xd1/0x610 [ 24.033998] ? __virt_addr_valid+0x1db/0x2d0 [ 24.034024] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.034049] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.034074] kasan_report_invalid_free+0x10a/0x130 [ 24.034097] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.034367] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.034391] check_slab_allocation+0x11f/0x130 [ 24.034413] __kasan_slab_pre_free+0x28/0x40 [ 24.034433] kmem_cache_free+0xed/0x420 [ 24.034454] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.034478] ? kmem_cache_invalid_free+0x1d8/0x460 [ 24.034504] kmem_cache_invalid_free+0x1d8/0x460 [ 24.034527] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 24.034550] ? finish_task_switch.isra.0+0x153/0x700 [ 24.034573] ? __switch_to+0x47/0xf80 [ 24.034602] ? __pfx_read_tsc+0x10/0x10 [ 24.034624] ? ktime_get_ts64+0x86/0x230 [ 24.034654] kunit_try_run_case+0x1a5/0x480 [ 24.034680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.034701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.034725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.034747] ? __kthread_parkme+0x82/0x180 [ 24.034768] ? preempt_count_sub+0x50/0x80 [ 24.034789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.034812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.034839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.034865] kthread+0x337/0x6f0 [ 24.034941] ? trace_preempt_on+0x20/0xc0 [ 24.034966] ? __pfx_kthread+0x10/0x10 [ 24.034986] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.035007] ? calculate_sigpending+0x7b/0xa0 [ 24.035031] ? __pfx_kthread+0x10/0x10 [ 24.035052] ret_from_fork+0x116/0x1d0 [ 24.035071] ? __pfx_kthread+0x10/0x10 [ 24.035092] ret_from_fork_asm+0x1a/0x30 [ 24.035123] </TASK> [ 24.035134] [ 24.043233] Allocated by task 260: [ 24.043431] kasan_save_stack+0x45/0x70 [ 24.043638] kasan_save_track+0x18/0x40 [ 24.044088] kasan_save_alloc_info+0x3b/0x50 [ 24.044322] __kasan_slab_alloc+0x91/0xa0 [ 24.044460] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.044615] kmem_cache_invalid_free+0x157/0x460 [ 24.044771] kunit_try_run_case+0x1a5/0x480 [ 24.044972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.045220] kthread+0x337/0x6f0 [ 24.045426] ret_from_fork+0x116/0x1d0 [ 24.045624] ret_from_fork_asm+0x1a/0x30 [ 24.045831] [ 24.045898] The buggy address belongs to the object at ffff888106089000 [ 24.045898] which belongs to the cache test_cache of size 200 [ 24.046247] The buggy address is located 1 bytes inside of [ 24.046247] 200-byte region [ffff888106089000, ffff8881060890c8) [ 24.047023] [ 24.047137] The buggy address belongs to the physical page: [ 24.047650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106089 [ 24.048038] flags: 0x200000000000000(node=0|zone=2) [ 24.048261] page_type: f5(slab) [ 24.048444] raw: 0200000000000000 ffff888106085140 dead000000000122 0000000000000000 [ 24.048775] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.049158] page dumped because: kasan: bad access detected [ 24.049390] [ 24.049455] Memory state around the buggy address: [ 24.049641] ffff888106088f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.050179] ffff888106088f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.050479] >ffff888106089000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.050802] ^ [ 24.051173] ffff888106089080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 24.051412] ffff888106089100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.051868] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 23.990690] ================================================================== [ 23.991173] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 23.991526] Free of addr ffff8881053b2000 by task kunit_try_catch/258 [ 23.992083] [ 23.992191] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.992244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.992256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.992289] Call Trace: [ 23.992303] <TASK> [ 23.992323] dump_stack_lvl+0x73/0xb0 [ 23.992384] print_report+0xd1/0x610 [ 23.992408] ? __virt_addr_valid+0x1db/0x2d0 [ 23.992435] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.992480] ? kmem_cache_double_free+0x1e5/0x480 [ 23.992505] kasan_report_invalid_free+0x10a/0x130 [ 23.992528] ? kmem_cache_double_free+0x1e5/0x480 [ 23.992553] ? kmem_cache_double_free+0x1e5/0x480 [ 23.992592] check_slab_allocation+0x101/0x130 [ 23.992613] __kasan_slab_pre_free+0x28/0x40 [ 23.992647] kmem_cache_free+0xed/0x420 [ 23.992681] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.992705] ? kmem_cache_double_free+0x1e5/0x480 [ 23.992731] kmem_cache_double_free+0x1e5/0x480 [ 23.992755] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 23.992778] ? finish_task_switch.isra.0+0x153/0x700 [ 23.992800] ? __switch_to+0x47/0xf80 [ 23.992830] ? __pfx_read_tsc+0x10/0x10 [ 23.992852] ? ktime_get_ts64+0x86/0x230 [ 23.992878] kunit_try_run_case+0x1a5/0x480 [ 23.992903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.992995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.993019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.993042] ? __kthread_parkme+0x82/0x180 [ 23.993063] ? preempt_count_sub+0x50/0x80 [ 23.993084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.993107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.993133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.993159] kthread+0x337/0x6f0 [ 23.993178] ? trace_preempt_on+0x20/0xc0 [ 23.993202] ? __pfx_kthread+0x10/0x10 [ 23.993221] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.993241] ? calculate_sigpending+0x7b/0xa0 [ 23.993265] ? __pfx_kthread+0x10/0x10 [ 23.993297] ret_from_fork+0x116/0x1d0 [ 23.993316] ? __pfx_kthread+0x10/0x10 [ 23.993336] ret_from_fork_asm+0x1a/0x30 [ 23.993367] </TASK> [ 23.993378] [ 24.005637] Allocated by task 258: [ 24.005910] kasan_save_stack+0x45/0x70 [ 24.006171] kasan_save_track+0x18/0x40 [ 24.006361] kasan_save_alloc_info+0x3b/0x50 [ 24.006562] __kasan_slab_alloc+0x91/0xa0 [ 24.006779] kmem_cache_alloc_noprof+0x123/0x3f0 [ 24.007116] kmem_cache_double_free+0x14f/0x480 [ 24.007321] kunit_try_run_case+0x1a5/0x480 [ 24.007530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.008080] kthread+0x337/0x6f0 [ 24.008241] ret_from_fork+0x116/0x1d0 [ 24.008673] ret_from_fork_asm+0x1a/0x30 [ 24.008979] [ 24.009054] Freed by task 258: [ 24.009184] kasan_save_stack+0x45/0x70 [ 24.009394] kasan_save_track+0x18/0x40 [ 24.009554] kasan_save_free_info+0x3f/0x60 [ 24.009736] __kasan_slab_free+0x56/0x70 [ 24.010407] kmem_cache_free+0x249/0x420 [ 24.010558] kmem_cache_double_free+0x16a/0x480 [ 24.010788] kunit_try_run_case+0x1a5/0x480 [ 24.011056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.011302] kthread+0x337/0x6f0 [ 24.011451] ret_from_fork+0x116/0x1d0 [ 24.011606] ret_from_fork_asm+0x1a/0x30 [ 24.012163] [ 24.012237] The buggy address belongs to the object at ffff8881053b2000 [ 24.012237] which belongs to the cache test_cache of size 200 [ 24.012893] The buggy address is located 0 bytes inside of [ 24.012893] 200-byte region [ffff8881053b2000, ffff8881053b20c8) [ 24.013428] [ 24.013530] The buggy address belongs to the physical page: [ 24.014295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b2 [ 24.014745] flags: 0x200000000000000(node=0|zone=2) [ 24.015000] page_type: f5(slab) [ 24.015353] raw: 0200000000000000 ffff888101a65a00 dead000000000122 0000000000000000 [ 24.015775] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 24.016123] page dumped because: kasan: bad access detected [ 24.016448] [ 24.016541] Memory state around the buggy address: [ 24.017056] ffff8881053b1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.017360] ffff8881053b1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.017781] >ffff8881053b2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.019567] ^ [ 24.019800] ffff8881053b2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 24.020076] ffff8881053b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.020380] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 23.938091] ================================================================== [ 23.939531] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 23.940291] Read of size 1 at addr ffff8881060870c8 by task kunit_try_catch/256 [ 23.940521] [ 23.941117] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.941178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.941191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.941212] Call Trace: [ 23.941227] <TASK> [ 23.941247] dump_stack_lvl+0x73/0xb0 [ 23.941294] print_report+0xd1/0x610 [ 23.941318] ? __virt_addr_valid+0x1db/0x2d0 [ 23.941342] ? kmem_cache_oob+0x402/0x530 [ 23.941363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.941388] ? kmem_cache_oob+0x402/0x530 [ 23.941410] kasan_report+0x141/0x180 [ 23.941431] ? kmem_cache_oob+0x402/0x530 [ 23.941458] __asan_report_load1_noabort+0x18/0x20 [ 23.941482] kmem_cache_oob+0x402/0x530 [ 23.941503] ? trace_hardirqs_on+0x37/0xe0 [ 23.941527] ? __pfx_kmem_cache_oob+0x10/0x10 [ 23.941782] ? finish_task_switch.isra.0+0x153/0x700 [ 23.941813] ? __switch_to+0x47/0xf80 [ 23.941903] ? __pfx_read_tsc+0x10/0x10 [ 23.941928] ? ktime_get_ts64+0x86/0x230 [ 23.941954] kunit_try_run_case+0x1a5/0x480 [ 23.941980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.942002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.942026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.942049] ? __kthread_parkme+0x82/0x180 [ 23.942068] ? preempt_count_sub+0x50/0x80 [ 23.942090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.942113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.942139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.942165] kthread+0x337/0x6f0 [ 23.942184] ? trace_preempt_on+0x20/0xc0 [ 23.942206] ? __pfx_kthread+0x10/0x10 [ 23.942226] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.942246] ? calculate_sigpending+0x7b/0xa0 [ 23.942270] ? __pfx_kthread+0x10/0x10 [ 23.942303] ret_from_fork+0x116/0x1d0 [ 23.942322] ? __pfx_kthread+0x10/0x10 [ 23.942342] ret_from_fork_asm+0x1a/0x30 [ 23.942372] </TASK> [ 23.942384] [ 23.954810] Allocated by task 256: [ 23.955375] kasan_save_stack+0x45/0x70 [ 23.955884] kasan_save_track+0x18/0x40 [ 23.956380] kasan_save_alloc_info+0x3b/0x50 [ 23.956909] __kasan_slab_alloc+0x91/0xa0 [ 23.957428] kmem_cache_alloc_noprof+0x123/0x3f0 [ 23.957998] kmem_cache_oob+0x157/0x530 [ 23.958471] kunit_try_run_case+0x1a5/0x480 [ 23.959006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.959651] kthread+0x337/0x6f0 [ 23.960034] ret_from_fork+0x116/0x1d0 [ 23.960171] ret_from_fork_asm+0x1a/0x30 [ 23.960317] [ 23.960390] The buggy address belongs to the object at ffff888106087000 [ 23.960390] which belongs to the cache test_cache of size 200 [ 23.961514] The buggy address is located 0 bytes to the right of [ 23.961514] allocated 200-byte region [ffff888106087000, ffff8881060870c8) [ 23.963064] [ 23.963234] The buggy address belongs to the physical page: [ 23.963948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106087 [ 23.964236] flags: 0x200000000000000(node=0|zone=2) [ 23.964744] page_type: f5(slab) [ 23.965150] raw: 0200000000000000 ffff888106085000 dead000000000122 0000000000000000 [ 23.965951] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 23.966468] page dumped because: kasan: bad access detected [ 23.966928] [ 23.967117] Memory state around the buggy address: [ 23.967743] ffff888106086f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.968135] ffff888106087000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.968950] >ffff888106087080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 23.969161] ^ [ 23.969837] ffff888106087100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.970404] ffff888106087180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.970669] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 23.893209] ================================================================== [ 23.894032] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 23.894331] Read of size 8 at addr ffff8881053ad6c0 by task kunit_try_catch/249 [ 23.894598] [ 23.894717] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.894771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.894783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.894806] Call Trace: [ 23.894821] <TASK> [ 23.894841] dump_stack_lvl+0x73/0xb0 [ 23.894947] print_report+0xd1/0x610 [ 23.894972] ? __virt_addr_valid+0x1db/0x2d0 [ 23.894999] ? workqueue_uaf+0x4d6/0x560 [ 23.895019] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.895044] ? workqueue_uaf+0x4d6/0x560 [ 23.895066] kasan_report+0x141/0x180 [ 23.895087] ? workqueue_uaf+0x4d6/0x560 [ 23.895112] __asan_report_load8_noabort+0x18/0x20 [ 23.895136] workqueue_uaf+0x4d6/0x560 [ 23.895158] ? __pfx_workqueue_uaf+0x10/0x10 [ 23.895180] ? __schedule+0x10c6/0x2b60 [ 23.895204] ? __pfx_read_tsc+0x10/0x10 [ 23.895227] ? ktime_get_ts64+0x86/0x230 [ 23.895253] kunit_try_run_case+0x1a5/0x480 [ 23.895292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.895314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.895337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.895360] ? __kthread_parkme+0x82/0x180 [ 23.895381] ? preempt_count_sub+0x50/0x80 [ 23.895405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.895428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.895454] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.895481] kthread+0x337/0x6f0 [ 23.895501] ? trace_preempt_on+0x20/0xc0 [ 23.895527] ? __pfx_kthread+0x10/0x10 [ 23.895547] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.895567] ? calculate_sigpending+0x7b/0xa0 [ 23.895591] ? __pfx_kthread+0x10/0x10 [ 23.895612] ret_from_fork+0x116/0x1d0 [ 23.895631] ? __pfx_kthread+0x10/0x10 [ 23.895650] ret_from_fork_asm+0x1a/0x30 [ 23.895682] </TASK> [ 23.895693] [ 23.912692] Allocated by task 249: [ 23.913251] kasan_save_stack+0x45/0x70 [ 23.913471] kasan_save_track+0x18/0x40 [ 23.913841] kasan_save_alloc_info+0x3b/0x50 [ 23.914101] __kasan_kmalloc+0xb7/0xc0 [ 23.914237] __kmalloc_cache_noprof+0x189/0x420 [ 23.914470] workqueue_uaf+0x152/0x560 [ 23.914824] kunit_try_run_case+0x1a5/0x480 [ 23.915082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.915492] kthread+0x337/0x6f0 [ 23.915670] ret_from_fork+0x116/0x1d0 [ 23.915851] ret_from_fork_asm+0x1a/0x30 [ 23.916252] [ 23.916348] Freed by task 9: [ 23.916491] kasan_save_stack+0x45/0x70 [ 23.916679] kasan_save_track+0x18/0x40 [ 23.917108] kasan_save_free_info+0x3f/0x60 [ 23.917297] __kasan_slab_free+0x56/0x70 [ 23.917485] kfree+0x222/0x3f0 [ 23.917627] workqueue_uaf_work+0x12/0x20 [ 23.917876] process_one_work+0x5ee/0xf60 [ 23.918480] worker_thread+0x758/0x1220 [ 23.918672] kthread+0x337/0x6f0 [ 23.919125] ret_from_fork+0x116/0x1d0 [ 23.919292] ret_from_fork_asm+0x1a/0x30 [ 23.919668] [ 23.919771] Last potentially related work creation: [ 23.920192] kasan_save_stack+0x45/0x70 [ 23.920358] kasan_record_aux_stack+0xb2/0xc0 [ 23.920579] __queue_work+0x61a/0xe70 [ 23.920724] queue_work_on+0xb6/0xc0 [ 23.920932] workqueue_uaf+0x26d/0x560 [ 23.921371] kunit_try_run_case+0x1a5/0x480 [ 23.921577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.921989] kthread+0x337/0x6f0 [ 23.922273] ret_from_fork+0x116/0x1d0 [ 23.922425] ret_from_fork_asm+0x1a/0x30 [ 23.922562] [ 23.922628] The buggy address belongs to the object at ffff8881053ad6c0 [ 23.922628] which belongs to the cache kmalloc-32 of size 32 [ 23.923004] The buggy address is located 0 bytes inside of [ 23.923004] freed 32-byte region [ffff8881053ad6c0, ffff8881053ad6e0) [ 23.923824] [ 23.924338] The buggy address belongs to the physical page: [ 23.924551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053ad [ 23.924869] flags: 0x200000000000000(node=0|zone=2) [ 23.925217] page_type: f5(slab) [ 23.925383] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.925867] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.926362] page dumped because: kasan: bad access detected [ 23.926558] [ 23.926842] Memory state around the buggy address: [ 23.927081] ffff8881053ad580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.927578] ffff8881053ad600: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 23.928191] >ffff8881053ad680: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 23.928494] ^ [ 23.928804] ffff8881053ad700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.929203] ffff8881053ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.929531] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 23.860005] ================================================================== [ 23.860599] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 23.861180] Read of size 4 at addr ffff888106025e00 by task swapper/1/0 [ 23.861425] [ 23.861541] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 23.861614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.861627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.861648] Call Trace: [ 23.861675] <IRQ> [ 23.861696] dump_stack_lvl+0x73/0xb0 [ 23.861731] print_report+0xd1/0x610 [ 23.861756] ? __virt_addr_valid+0x1db/0x2d0 [ 23.861779] ? rcu_uaf_reclaim+0x50/0x60 [ 23.861799] ? kasan_complete_mode_report_info+0x64/0x200 [ 23.861824] ? rcu_uaf_reclaim+0x50/0x60 [ 23.861843] kasan_report+0x141/0x180 [ 23.861864] ? rcu_uaf_reclaim+0x50/0x60 [ 23.862003] __asan_report_load4_noabort+0x18/0x20 [ 23.862028] rcu_uaf_reclaim+0x50/0x60 [ 23.862048] rcu_core+0x66f/0x1c40 [ 23.862078] ? __pfx_rcu_core+0x10/0x10 [ 23.862099] ? ktime_get+0x6b/0x150 [ 23.862126] rcu_core_si+0x12/0x20 [ 23.862145] handle_softirqs+0x209/0x730 [ 23.862166] ? hrtimer_interrupt+0x2fe/0x780 [ 23.862194] ? __pfx_handle_softirqs+0x10/0x10 [ 23.862218] __irq_exit_rcu+0xc9/0x110 [ 23.862237] irq_exit_rcu+0x12/0x20 [ 23.862256] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.862295] </IRQ> [ 23.862327] <TASK> [ 23.862338] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.862433] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 23.862656] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d e3 e2 16 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 23.862742] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010212 [ 23.862830] RAX: ffff8881a3913000 RBX: ffff88810085b000 RCX: ffffffffb531da25 [ 23.862898] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001d74c [ 23.862943] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 23.862986] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 23.863029] R13: ffffed102010b600 R14: ffffffffb6ffabd0 R15: 0000000000000000 [ 23.863086] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 23.863137] ? default_idle+0xd/0x20 [ 23.863159] arch_cpu_idle+0xd/0x20 [ 23.863180] default_idle_call+0x48/0x80 [ 23.863202] do_idle+0x379/0x4f0 [ 23.863227] ? __pfx_do_idle+0x10/0x10 [ 23.863247] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 23.863270] ? complete+0x15b/0x1d0 [ 23.863311] cpu_startup_entry+0x5c/0x70 [ 23.863334] start_secondary+0x211/0x290 [ 23.863357] ? __pfx_start_secondary+0x10/0x10 [ 23.863382] common_startup_64+0x13e/0x148 [ 23.863414] </TASK> [ 23.863425] [ 23.873222] Allocated by task 247: [ 23.873400] kasan_save_stack+0x45/0x70 [ 23.873596] kasan_save_track+0x18/0x40 [ 23.873783] kasan_save_alloc_info+0x3b/0x50 [ 23.874946] __kasan_kmalloc+0xb7/0xc0 [ 23.875103] __kmalloc_cache_noprof+0x189/0x420 [ 23.875317] rcu_uaf+0xb0/0x330 [ 23.875436] kunit_try_run_case+0x1a5/0x480 [ 23.875659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.875910] kthread+0x337/0x6f0 [ 23.876082] ret_from_fork+0x116/0x1d0 [ 23.876217] ret_from_fork_asm+0x1a/0x30 [ 23.877220] [ 23.877318] Freed by task 0: [ 23.877424] kasan_save_stack+0x45/0x70 [ 23.877628] kasan_save_track+0x18/0x40 [ 23.877791] kasan_save_free_info+0x3f/0x60 [ 23.878038] __kasan_slab_free+0x56/0x70 [ 23.878173] kfree+0x222/0x3f0 [ 23.878321] rcu_uaf_reclaim+0x1f/0x60 [ 23.878633] rcu_core+0x66f/0x1c40 [ 23.878916] rcu_core_si+0x12/0x20 [ 23.879039] handle_softirqs+0x209/0x730 [ 23.879301] __irq_exit_rcu+0xc9/0x110 [ 23.879491] irq_exit_rcu+0x12/0x20 [ 23.879651] sysvec_apic_timer_interrupt+0x81/0x90 [ 23.880028] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 23.880193] [ 23.880296] Last potentially related work creation: [ 23.880514] kasan_save_stack+0x45/0x70 [ 23.880735] kasan_record_aux_stack+0xb2/0xc0 [ 23.881079] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 23.881405] call_rcu+0x12/0x20 [ 23.881602] rcu_uaf+0x168/0x330 [ 23.881733] kunit_try_run_case+0x1a5/0x480 [ 23.881988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.882189] kthread+0x337/0x6f0 [ 23.882393] ret_from_fork+0x116/0x1d0 [ 23.882599] ret_from_fork_asm+0x1a/0x30 [ 23.882768] [ 23.882845] The buggy address belongs to the object at ffff888106025e00 [ 23.882845] which belongs to the cache kmalloc-32 of size 32 [ 23.883382] The buggy address is located 0 bytes inside of [ 23.883382] freed 32-byte region [ffff888106025e00, ffff888106025e20) [ 23.884115] [ 23.884190] The buggy address belongs to the physical page: [ 23.884431] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106025 [ 23.884948] flags: 0x200000000000000(node=0|zone=2) [ 23.885195] page_type: f5(slab) [ 23.885378] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 23.885827] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 23.886128] page dumped because: kasan: bad access detected [ 23.886432] [ 23.886523] Memory state around the buggy address: [ 23.886743] ffff888106025d00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 23.886948] ffff888106025d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 23.887238] >ffff888106025e00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 23.887567] ^ [ 23.887743] ffff888106025e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.888031] ffff888106025f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.888231] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 22.841763] ================================================================== [ 22.842438] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 22.842660] Read of size 1 at addr ffff8881061d0000 by task kunit_try_catch/203 [ 22.842877] [ 22.842954] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.843001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.843013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.843033] Call Trace: [ 22.843045] <TASK> [ 22.843061] dump_stack_lvl+0x73/0xb0 [ 22.843089] print_report+0xd1/0x610 [ 22.843111] ? __virt_addr_valid+0x1db/0x2d0 [ 22.843133] ? page_alloc_uaf+0x356/0x3d0 [ 22.843154] ? kasan_addr_to_slab+0x11/0xa0 [ 22.843173] ? page_alloc_uaf+0x356/0x3d0 [ 22.843195] kasan_report+0x141/0x180 [ 22.843215] ? page_alloc_uaf+0x356/0x3d0 [ 22.843241] __asan_report_load1_noabort+0x18/0x20 [ 22.843275] page_alloc_uaf+0x356/0x3d0 [ 22.843296] ? __pfx_page_alloc_uaf+0x10/0x10 [ 22.843318] ? __schedule+0x10c6/0x2b60 [ 22.843340] ? __pfx_read_tsc+0x10/0x10 [ 22.843361] ? ktime_get_ts64+0x86/0x230 [ 22.843385] kunit_try_run_case+0x1a5/0x480 [ 22.843408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.843429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.843451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.843473] ? __kthread_parkme+0x82/0x180 [ 22.843494] ? preempt_count_sub+0x50/0x80 [ 22.843517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.843539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.843565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.843590] kthread+0x337/0x6f0 [ 22.843609] ? trace_preempt_on+0x20/0xc0 [ 22.843631] ? __pfx_kthread+0x10/0x10 [ 22.843651] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.843671] ? calculate_sigpending+0x7b/0xa0 [ 22.843694] ? __pfx_kthread+0x10/0x10 [ 22.843715] ret_from_fork+0x116/0x1d0 [ 22.843733] ? __pfx_kthread+0x10/0x10 [ 22.843753] ret_from_fork_asm+0x1a/0x30 [ 22.843784] </TASK> [ 22.843795] [ 22.863690] The buggy address belongs to the physical page: [ 22.864127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061d0 [ 22.865117] flags: 0x200000000000000(node=0|zone=2) [ 22.865813] page_type: f0(buddy) [ 22.866348] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 22.866589] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 22.866827] page dumped because: kasan: bad access detected [ 22.866994] [ 22.867058] Memory state around the buggy address: [ 22.867213] ffff8881061cff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.867646] ffff8881061cff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.868093] >ffff8881061d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.868424] ^ [ 22.868623] ffff8881061d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.869141] ffff8881061d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.869482] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 22.813784] ================================================================== [ 22.815213] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 22.815542] Free of addr ffff8881050ec001 by task kunit_try_catch/199 [ 22.815745] [ 22.815828] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.815888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.815902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.815921] Call Trace: [ 22.815934] <TASK> [ 22.815950] dump_stack_lvl+0x73/0xb0 [ 22.815979] print_report+0xd1/0x610 [ 22.816002] ? __virt_addr_valid+0x1db/0x2d0 [ 22.816028] ? kasan_addr_to_slab+0x11/0xa0 [ 22.816047] ? kfree+0x274/0x3f0 [ 22.816068] kasan_report_invalid_free+0x10a/0x130 [ 22.816092] ? kfree+0x274/0x3f0 [ 22.816114] ? kfree+0x274/0x3f0 [ 22.816134] __kasan_kfree_large+0x86/0xd0 [ 22.816155] free_large_kmalloc+0x52/0x110 [ 22.816177] kfree+0x274/0x3f0 [ 22.816201] kmalloc_large_invalid_free+0x120/0x2b0 [ 22.816223] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 22.816246] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 22.816282] ? __pfx_read_tsc+0x10/0x10 [ 22.816304] ? ktime_get_ts64+0x86/0x230 [ 22.816329] kunit_try_run_case+0x1a5/0x480 [ 22.816354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.816376] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 22.816397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.816419] ? __kthread_parkme+0x82/0x180 [ 22.816439] ? preempt_count_sub+0x50/0x80 [ 22.816462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.816485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.816511] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.816537] kthread+0x337/0x6f0 [ 22.816556] ? trace_preempt_on+0x20/0xc0 [ 22.816579] ? __pfx_kthread+0x10/0x10 [ 22.816607] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.816628] ? calculate_sigpending+0x7b/0xa0 [ 22.816651] ? __pfx_kthread+0x10/0x10 [ 22.816672] ret_from_fork+0x116/0x1d0 [ 22.816691] ? __pfx_kthread+0x10/0x10 [ 22.816711] ret_from_fork_asm+0x1a/0x30 [ 22.816742] </TASK> [ 22.816752] [ 22.829747] The buggy address belongs to the physical page: [ 22.830061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050ec [ 22.830319] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.830542] flags: 0x200000000000040(head|node=0|zone=2) [ 22.830766] page_type: f8(unknown) [ 22.830887] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.831323] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.831612] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.831904] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.832355] head: 0200000000000002 ffffea0004143b01 00000000ffffffff 00000000ffffffff [ 22.832605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.832990] page dumped because: kasan: bad access detected [ 22.833310] [ 22.833392] Memory state around the buggy address: [ 22.833546] ffff8881050ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.833872] ffff8881050ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.834323] >ffff8881050ec000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.834672] ^ [ 22.834819] ffff8881050ec080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.835113] ffff8881050ec100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.835443] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 22.789363] ================================================================== [ 22.790510] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 22.791007] Read of size 1 at addr ffff8881060ec000 by task kunit_try_catch/197 [ 22.791493] [ 22.791664] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.791717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.791729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.791750] Call Trace: [ 22.791763] <TASK> [ 22.791779] dump_stack_lvl+0x73/0xb0 [ 22.791807] print_report+0xd1/0x610 [ 22.791828] ? __virt_addr_valid+0x1db/0x2d0 [ 22.791851] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.791870] ? kasan_addr_to_slab+0x11/0xa0 [ 22.791890] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.791910] kasan_report+0x141/0x180 [ 22.791931] ? kmalloc_large_uaf+0x2f1/0x340 [ 22.791955] __asan_report_load1_noabort+0x18/0x20 [ 22.791978] kmalloc_large_uaf+0x2f1/0x340 [ 22.791999] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 22.792020] ? __schedule+0x10c6/0x2b60 [ 22.792042] ? __pfx_read_tsc+0x10/0x10 [ 22.792064] ? ktime_get_ts64+0x86/0x230 [ 22.792089] kunit_try_run_case+0x1a5/0x480 [ 22.792113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.792155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.792177] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.792199] ? __kthread_parkme+0x82/0x180 [ 22.792219] ? preempt_count_sub+0x50/0x80 [ 22.792242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.792273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.792299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.792325] kthread+0x337/0x6f0 [ 22.792344] ? trace_preempt_on+0x20/0xc0 [ 22.792368] ? __pfx_kthread+0x10/0x10 [ 22.792388] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.792407] ? calculate_sigpending+0x7b/0xa0 [ 22.792431] ? __pfx_kthread+0x10/0x10 [ 22.792452] ret_from_fork+0x116/0x1d0 [ 22.792470] ? __pfx_kthread+0x10/0x10 [ 22.792490] ret_from_fork_asm+0x1a/0x30 [ 22.792520] </TASK> [ 22.792546] [ 22.801104] The buggy address belongs to the physical page: [ 22.801389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ec [ 22.802056] flags: 0x200000000000000(node=0|zone=2) [ 22.802501] raw: 0200000000000000 ffffea0004183c08 ffff88815b139fc0 0000000000000000 [ 22.803329] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 22.804047] page dumped because: kasan: bad access detected [ 22.804619] [ 22.804773] Memory state around the buggy address: [ 22.805234] ffff8881060ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.805906] ffff8881060ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.806409] >ffff8881060ec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.806637] ^ [ 22.806924] ffff8881060ec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.807612] ffff8881060ec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.808314] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 22.763455] ================================================================== [ 22.764481] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 22.765124] Write of size 1 at addr ffff8881050ee00a by task kunit_try_catch/195 [ 22.765448] [ 22.765533] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.765662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.765674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.765936] Call Trace: [ 22.765951] <TASK> [ 22.765967] dump_stack_lvl+0x73/0xb0 [ 22.765999] print_report+0xd1/0x610 [ 22.766020] ? __virt_addr_valid+0x1db/0x2d0 [ 22.766042] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.766063] ? kasan_addr_to_slab+0x11/0xa0 [ 22.766082] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.766104] kasan_report+0x141/0x180 [ 22.766125] ? kmalloc_large_oob_right+0x2e9/0x330 [ 22.766151] __asan_report_store1_noabort+0x1b/0x30 [ 22.766174] kmalloc_large_oob_right+0x2e9/0x330 [ 22.766196] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 22.766218] ? __schedule+0x10c6/0x2b60 [ 22.766239] ? __pfx_read_tsc+0x10/0x10 [ 22.766275] ? ktime_get_ts64+0x86/0x230 [ 22.766300] kunit_try_run_case+0x1a5/0x480 [ 22.766322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.766344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.766365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.766387] ? __kthread_parkme+0x82/0x180 [ 22.766407] ? preempt_count_sub+0x50/0x80 [ 22.766429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.766453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.766480] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.766505] kthread+0x337/0x6f0 [ 22.766524] ? trace_preempt_on+0x20/0xc0 [ 22.766734] ? __pfx_kthread+0x10/0x10 [ 22.766757] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.766777] ? calculate_sigpending+0x7b/0xa0 [ 22.766801] ? __pfx_kthread+0x10/0x10 [ 22.766822] ret_from_fork+0x116/0x1d0 [ 22.766841] ? __pfx_kthread+0x10/0x10 [ 22.766861] ret_from_fork_asm+0x1a/0x30 [ 22.766946] </TASK> [ 22.766956] [ 22.778304] The buggy address belongs to the physical page: [ 22.778556] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1050ec [ 22.779225] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.779750] flags: 0x200000000000040(head|node=0|zone=2) [ 22.780166] page_type: f8(unknown) [ 22.780418] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.780657] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.780877] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 22.781096] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 22.781346] head: 0200000000000002 ffffea0004143b01 00000000ffffffff 00000000ffffffff [ 22.781688] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 22.782192] page dumped because: kasan: bad access detected [ 22.782633] [ 22.782795] Memory state around the buggy address: [ 22.783220] ffff8881050edf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.783447] ffff8881050edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.784029] >ffff8881050ee000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.784673] ^ [ 22.785098] ffff8881050ee080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.785464] ffff8881050ee100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 22.786103] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 22.732692] ================================================================== [ 22.733227] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 22.733483] Write of size 1 at addr ffff8881060d1f00 by task kunit_try_catch/193 [ 22.734181] [ 22.734500] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.734569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.734581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.734603] Call Trace: [ 22.734615] <TASK> [ 22.734633] dump_stack_lvl+0x73/0xb0 [ 22.734664] print_report+0xd1/0x610 [ 22.734686] ? __virt_addr_valid+0x1db/0x2d0 [ 22.734710] ? kmalloc_big_oob_right+0x316/0x370 [ 22.734741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.734766] ? kmalloc_big_oob_right+0x316/0x370 [ 22.734787] kasan_report+0x141/0x180 [ 22.734819] ? kmalloc_big_oob_right+0x316/0x370 [ 22.734844] __asan_report_store1_noabort+0x1b/0x30 [ 22.734868] kmalloc_big_oob_right+0x316/0x370 [ 22.734934] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 22.734957] ? __schedule+0x10c6/0x2b60 [ 22.734981] ? __pfx_read_tsc+0x10/0x10 [ 22.735003] ? ktime_get_ts64+0x86/0x230 [ 22.735029] kunit_try_run_case+0x1a5/0x480 [ 22.735053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.735096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.735119] ? __kthread_parkme+0x82/0x180 [ 22.735139] ? preempt_count_sub+0x50/0x80 [ 22.735162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.735211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.735236] kthread+0x337/0x6f0 [ 22.735255] ? trace_preempt_on+0x20/0xc0 [ 22.735290] ? __pfx_kthread+0x10/0x10 [ 22.735310] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.735330] ? calculate_sigpending+0x7b/0xa0 [ 22.735354] ? __pfx_kthread+0x10/0x10 [ 22.735374] ret_from_fork+0x116/0x1d0 [ 22.735393] ? __pfx_kthread+0x10/0x10 [ 22.735413] ret_from_fork_asm+0x1a/0x30 [ 22.735443] </TASK> [ 22.735453] [ 22.747390] Allocated by task 193: [ 22.747764] kasan_save_stack+0x45/0x70 [ 22.748184] kasan_save_track+0x18/0x40 [ 22.748687] kasan_save_alloc_info+0x3b/0x50 [ 22.748841] __kasan_kmalloc+0xb7/0xc0 [ 22.749270] __kmalloc_cache_noprof+0x189/0x420 [ 22.749714] kmalloc_big_oob_right+0xa9/0x370 [ 22.750147] kunit_try_run_case+0x1a5/0x480 [ 22.750308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.750479] kthread+0x337/0x6f0 [ 22.750691] ret_from_fork+0x116/0x1d0 [ 22.751036] ret_from_fork_asm+0x1a/0x30 [ 22.751446] [ 22.751625] The buggy address belongs to the object at ffff8881060d0000 [ 22.751625] which belongs to the cache kmalloc-8k of size 8192 [ 22.752802] The buggy address is located 0 bytes to the right of [ 22.752802] allocated 7936-byte region [ffff8881060d0000, ffff8881060d1f00) [ 22.753841] [ 22.754005] The buggy address belongs to the physical page: [ 22.754501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d0 [ 22.755068] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.755320] flags: 0x200000000000040(head|node=0|zone=2) [ 22.755552] page_type: f5(slab) [ 22.755721] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.756109] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.756598] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 22.756963] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 22.757312] head: 0200000000000003 ffffea0004183401 00000000ffffffff 00000000ffffffff [ 22.757643] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.758126] page dumped because: kasan: bad access detected [ 22.758384] [ 22.758453] Memory state around the buggy address: [ 22.758642] ffff8881060d1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.759025] ffff8881060d1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.759567] >ffff8881060d1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.759869] ^ [ 22.760091] ffff8881060d1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.760441] ffff8881060d2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.760782] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 22.663405] ================================================================== [ 22.664023] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.664295] Write of size 1 at addr ffff888104a24678 by task kunit_try_catch/191 [ 22.664514] [ 22.664596] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.664643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.664655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.664675] Call Trace: [ 22.664688] <TASK> [ 22.664705] dump_stack_lvl+0x73/0xb0 [ 22.664733] print_report+0xd1/0x610 [ 22.664754] ? __virt_addr_valid+0x1db/0x2d0 [ 22.664776] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.664798] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.664822] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.664845] kasan_report+0x141/0x180 [ 22.664865] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.664893] __asan_report_store1_noabort+0x1b/0x30 [ 22.664915] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 22.664938] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.664962] ? __schedule+0x10c6/0x2b60 [ 22.664984] ? __pfx_read_tsc+0x10/0x10 [ 22.665005] ? ktime_get_ts64+0x86/0x230 [ 22.665030] kunit_try_run_case+0x1a5/0x480 [ 22.665052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.665073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.665094] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.665115] ? __kthread_parkme+0x82/0x180 [ 22.665135] ? preempt_count_sub+0x50/0x80 [ 22.665157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.665179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.665204] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.665229] kthread+0x337/0x6f0 [ 22.665247] ? trace_preempt_on+0x20/0xc0 [ 22.665640] ? __pfx_kthread+0x10/0x10 [ 22.665668] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.665691] ? calculate_sigpending+0x7b/0xa0 [ 22.665716] ? __pfx_kthread+0x10/0x10 [ 22.665737] ret_from_fork+0x116/0x1d0 [ 22.665976] ? __pfx_kthread+0x10/0x10 [ 22.665999] ret_from_fork_asm+0x1a/0x30 [ 22.666031] </TASK> [ 22.666043] [ 22.682225] Allocated by task 191: [ 22.682822] kasan_save_stack+0x45/0x70 [ 22.683466] kasan_save_track+0x18/0x40 [ 22.683898] kasan_save_alloc_info+0x3b/0x50 [ 22.684461] __kasan_kmalloc+0xb7/0xc0 [ 22.684658] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.684838] kmalloc_track_caller_oob_right+0x99/0x520 [ 22.685380] kunit_try_run_case+0x1a5/0x480 [ 22.685814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.686421] kthread+0x337/0x6f0 [ 22.686695] ret_from_fork+0x116/0x1d0 [ 22.686825] ret_from_fork_asm+0x1a/0x30 [ 22.687018] [ 22.687176] The buggy address belongs to the object at ffff888104a24600 [ 22.687176] which belongs to the cache kmalloc-128 of size 128 [ 22.688420] The buggy address is located 0 bytes to the right of [ 22.688420] allocated 120-byte region [ffff888104a24600, ffff888104a24678) [ 22.689342] [ 22.689417] The buggy address belongs to the physical page: [ 22.689726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 22.690502] flags: 0x200000000000000(node=0|zone=2) [ 22.690964] page_type: f5(slab) [ 22.691412] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.692123] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.692478] page dumped because: kasan: bad access detected [ 22.692940] [ 22.693090] Memory state around the buggy address: [ 22.693575] ffff888104a24500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.694016] ffff888104a24580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.694704] >ffff888104a24600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.695321] ^ [ 22.695716] ffff888104a24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.696078] ffff888104a24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.696734] ================================================================== [ 22.697812] ================================================================== [ 22.698478] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.698768] Write of size 1 at addr ffff888104a24778 by task kunit_try_catch/191 [ 22.699411] [ 22.699617] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.699695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.699708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.699728] Call Trace: [ 22.699741] <TASK> [ 22.699756] dump_stack_lvl+0x73/0xb0 [ 22.699784] print_report+0xd1/0x610 [ 22.699805] ? __virt_addr_valid+0x1db/0x2d0 [ 22.699828] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.699851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.699883] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.699906] kasan_report+0x141/0x180 [ 22.699927] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.699955] __asan_report_store1_noabort+0x1b/0x30 [ 22.699979] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 22.700002] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.700027] ? __schedule+0x10c6/0x2b60 [ 22.700048] ? __pfx_read_tsc+0x10/0x10 [ 22.700071] ? ktime_get_ts64+0x86/0x230 [ 22.700096] kunit_try_run_case+0x1a5/0x480 [ 22.700120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.700142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.700163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.700185] ? __kthread_parkme+0x82/0x180 [ 22.700205] ? preempt_count_sub+0x50/0x80 [ 22.700228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.700252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.700289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.700316] kthread+0x337/0x6f0 [ 22.700336] ? trace_preempt_on+0x20/0xc0 [ 22.700359] ? __pfx_kthread+0x10/0x10 [ 22.700379] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.700399] ? calculate_sigpending+0x7b/0xa0 [ 22.700422] ? __pfx_kthread+0x10/0x10 [ 22.700442] ret_from_fork+0x116/0x1d0 [ 22.700461] ? __pfx_kthread+0x10/0x10 [ 22.700481] ret_from_fork_asm+0x1a/0x30 [ 22.700511] </TASK> [ 22.700521] [ 22.713553] Allocated by task 191: [ 22.713928] kasan_save_stack+0x45/0x70 [ 22.714351] kasan_save_track+0x18/0x40 [ 22.714973] kasan_save_alloc_info+0x3b/0x50 [ 22.715131] __kasan_kmalloc+0xb7/0xc0 [ 22.715257] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 22.715449] kmalloc_track_caller_oob_right+0x19a/0x520 [ 22.715797] kunit_try_run_case+0x1a5/0x480 [ 22.716213] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.716788] kthread+0x337/0x6f0 [ 22.717199] ret_from_fork+0x116/0x1d0 [ 22.717762] ret_from_fork_asm+0x1a/0x30 [ 22.718196] [ 22.718374] The buggy address belongs to the object at ffff888104a24700 [ 22.718374] which belongs to the cache kmalloc-128 of size 128 [ 22.719584] The buggy address is located 0 bytes to the right of [ 22.719584] allocated 120-byte region [ffff888104a24700, ffff888104a24778) [ 22.720188] [ 22.720273] The buggy address belongs to the physical page: [ 22.720440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a24 [ 22.720910] flags: 0x200000000000000(node=0|zone=2) [ 22.721669] page_type: f5(slab) [ 22.721975] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.722715] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.723437] page dumped because: kasan: bad access detected [ 22.724059] [ 22.724282] Memory state around the buggy address: [ 22.724762] ffff888104a24600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.725474] ffff888104a24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.726275] >ffff888104a24700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.726495] ^ [ 22.726894] ffff888104a24780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.727675] ffff888104a24800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.728390] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 22.630991] ================================================================== [ 22.631564] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 22.632653] Read of size 1 at addr ffff888105f97000 by task kunit_try_catch/189 [ 22.633643] [ 22.633848] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.633903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.633916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.633978] Call Trace: [ 22.633994] <TASK> [ 22.634014] dump_stack_lvl+0x73/0xb0 [ 22.634191] print_report+0xd1/0x610 [ 22.634214] ? __virt_addr_valid+0x1db/0x2d0 [ 22.634240] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.634276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.634301] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.634324] kasan_report+0x141/0x180 [ 22.634345] ? kmalloc_node_oob_right+0x369/0x3c0 [ 22.634372] __asan_report_load1_noabort+0x18/0x20 [ 22.634395] kmalloc_node_oob_right+0x369/0x3c0 [ 22.634421] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 22.634445] ? __schedule+0x10c6/0x2b60 [ 22.634468] ? __pfx_read_tsc+0x10/0x10 [ 22.634492] ? ktime_get_ts64+0x86/0x230 [ 22.634519] kunit_try_run_case+0x1a5/0x480 [ 22.634554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.634576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.634598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.634620] ? __kthread_parkme+0x82/0x180 [ 22.634642] ? preempt_count_sub+0x50/0x80 [ 22.634665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.634687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.634713] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.634739] kthread+0x337/0x6f0 [ 22.634759] ? trace_preempt_on+0x20/0xc0 [ 22.634783] ? __pfx_kthread+0x10/0x10 [ 22.634804] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.634829] ? calculate_sigpending+0x7b/0xa0 [ 22.634855] ? __pfx_kthread+0x10/0x10 [ 22.634888] ret_from_fork+0x116/0x1d0 [ 22.634907] ? __pfx_kthread+0x10/0x10 [ 22.634927] ret_from_fork_asm+0x1a/0x30 [ 22.634960] </TASK> [ 22.634971] [ 22.647302] Allocated by task 189: [ 22.647712] kasan_save_stack+0x45/0x70 [ 22.648143] kasan_save_track+0x18/0x40 [ 22.648290] kasan_save_alloc_info+0x3b/0x50 [ 22.648431] __kasan_kmalloc+0xb7/0xc0 [ 22.648590] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.649154] kmalloc_node_oob_right+0xab/0x3c0 [ 22.649667] kunit_try_run_case+0x1a5/0x480 [ 22.650388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.650953] kthread+0x337/0x6f0 [ 22.651244] ret_from_fork+0x116/0x1d0 [ 22.651581] ret_from_fork_asm+0x1a/0x30 [ 22.651953] [ 22.652113] The buggy address belongs to the object at ffff888105f96000 [ 22.652113] which belongs to the cache kmalloc-4k of size 4096 [ 22.652824] The buggy address is located 0 bytes to the right of [ 22.652824] allocated 4096-byte region [ffff888105f96000, ffff888105f97000) [ 22.653996] [ 22.654070] The buggy address belongs to the physical page: [ 22.654322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f90 [ 22.654776] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 22.655273] flags: 0x200000000000040(head|node=0|zone=2) [ 22.655628] page_type: f5(slab) [ 22.655781] raw: 0200000000000040 ffff888100042140 ffffea0004181200 dead000000000002 [ 22.656208] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.656566] head: 0200000000000040 ffff888100042140 ffffea0004181200 dead000000000002 [ 22.656911] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 22.657248] head: 0200000000000003 ffffea000417e401 00000000ffffffff 00000000ffffffff [ 22.657609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 22.657925] page dumped because: kasan: bad access detected [ 22.658225] [ 22.658329] Memory state around the buggy address: [ 22.658547] ffff888105f96f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.658841] ffff888105f96f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.659195] >ffff888105f97000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.659531] ^ [ 22.659698] ffff888105f97080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.660109] ffff888105f97100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.660413] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 22.584665] ================================================================== [ 22.585287] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 22.585613] Read of size 1 at addr ffff88810168397f by task kunit_try_catch/187 [ 22.585878] [ 22.586003] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.586053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.586065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.586087] Call Trace: [ 22.586100] <TASK> [ 22.586116] dump_stack_lvl+0x73/0xb0 [ 22.586147] print_report+0xd1/0x610 [ 22.586169] ? __virt_addr_valid+0x1db/0x2d0 [ 22.586192] ? kmalloc_oob_left+0x361/0x3c0 [ 22.586212] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.586238] ? kmalloc_oob_left+0x361/0x3c0 [ 22.586269] kasan_report+0x141/0x180 [ 22.586290] ? kmalloc_oob_left+0x361/0x3c0 [ 22.586315] __asan_report_load1_noabort+0x18/0x20 [ 22.586338] kmalloc_oob_left+0x361/0x3c0 [ 22.586359] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.586380] ? __schedule+0x10c6/0x2b60 [ 22.586403] ? __pfx_read_tsc+0x10/0x10 [ 22.586424] ? ktime_get_ts64+0x86/0x230 [ 22.586449] kunit_try_run_case+0x1a5/0x480 [ 22.586473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.586494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.586516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.586539] ? __kthread_parkme+0x82/0x180 [ 22.586558] ? preempt_count_sub+0x50/0x80 [ 22.586581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.586604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.586629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.587013] kthread+0x337/0x6f0 [ 22.587033] ? trace_preempt_on+0x20/0xc0 [ 22.587057] ? __pfx_kthread+0x10/0x10 [ 22.587077] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.587098] ? calculate_sigpending+0x7b/0xa0 [ 22.587121] ? __pfx_kthread+0x10/0x10 [ 22.587141] ret_from_fork+0x116/0x1d0 [ 22.587160] ? __pfx_kthread+0x10/0x10 [ 22.587180] ret_from_fork_asm+0x1a/0x30 [ 22.587210] </TASK> [ 22.587222] [ 22.601897] Allocated by task 21: [ 22.602428] kasan_save_stack+0x45/0x70 [ 22.603120] kasan_save_track+0x18/0x40 [ 22.603783] kasan_save_alloc_info+0x3b/0x50 [ 22.604483] __kasan_kmalloc+0xb7/0xc0 [ 22.605285] __kmalloc_cache_node_noprof+0x188/0x420 [ 22.605884] build_sched_domains+0x38c/0x5d80 [ 22.606491] partition_sched_domains+0x471/0x9c0 [ 22.607091] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.607694] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.608500] sched_cpu_activate+0x2bf/0x330 [ 22.608980] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.609397] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.609555] smpboot_thread_fn+0x2bc/0x730 [ 22.610350] kthread+0x337/0x6f0 [ 22.610684] ret_from_fork+0x116/0x1d0 [ 22.611030] ret_from_fork_asm+0x1a/0x30 [ 22.611180] [ 22.611290] Freed by task 21: [ 22.611414] kasan_save_stack+0x45/0x70 [ 22.611553] kasan_save_track+0x18/0x40 [ 22.611680] kasan_save_free_info+0x3f/0x60 [ 22.611818] __kasan_slab_free+0x56/0x70 [ 22.612504] kfree+0x222/0x3f0 [ 22.612794] build_sched_domains+0x2072/0x5d80 [ 22.613340] partition_sched_domains+0x471/0x9c0 [ 22.613835] rebuild_sched_domains_locked+0x97d/0xd50 [ 22.614353] cpuset_update_active_cpus+0x80f/0x1a90 [ 22.614914] sched_cpu_activate+0x2bf/0x330 [ 22.615372] cpuhp_invoke_callback+0x2a1/0xf00 [ 22.615810] cpuhp_thread_fun+0x2ce/0x5c0 [ 22.616407] smpboot_thread_fn+0x2bc/0x730 [ 22.616926] kthread+0x337/0x6f0 [ 22.617295] ret_from_fork+0x116/0x1d0 [ 22.617548] ret_from_fork_asm+0x1a/0x30 [ 22.618038] [ 22.618115] The buggy address belongs to the object at ffff888101683960 [ 22.618115] which belongs to the cache kmalloc-16 of size 16 [ 22.618478] The buggy address is located 15 bytes to the right of [ 22.618478] allocated 16-byte region [ffff888101683960, ffff888101683970) [ 22.619563] [ 22.619774] The buggy address belongs to the physical page: [ 22.620430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101683 [ 22.621452] flags: 0x200000000000000(node=0|zone=2) [ 22.621987] page_type: f5(slab) [ 22.622375] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 22.622769] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.623521] page dumped because: kasan: bad access detected [ 22.624130] [ 22.624338] Memory state around the buggy address: [ 22.624630] ffff888101683800: fa fb fc fc fa fb fc fc fa fb fc fc 00 06 fc fc [ 22.625257] ffff888101683880: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc [ 22.625681] >ffff888101683900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 22.626442] ^ [ 22.627004] ffff888101683980: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.627220] ffff888101683a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.627438] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 22.563756] ================================================================== [ 22.564133] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 22.564379] Read of size 1 at addr ffff88810539f780 by task kunit_try_catch/185 [ 22.564868] [ 22.565014] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.565060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.565072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.565092] Call Trace: [ 22.565108] <TASK> [ 22.565121] dump_stack_lvl+0x73/0xb0 [ 22.565148] print_report+0xd1/0x610 [ 22.565169] ? __virt_addr_valid+0x1db/0x2d0 [ 22.565191] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.565211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.565236] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.565268] kasan_report+0x141/0x180 [ 22.565289] ? kmalloc_oob_right+0x68a/0x7f0 [ 22.565314] __asan_report_load1_noabort+0x18/0x20 [ 22.565337] kmalloc_oob_right+0x68a/0x7f0 [ 22.565358] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.565380] ? __schedule+0x10c6/0x2b60 [ 22.565401] ? __pfx_read_tsc+0x10/0x10 [ 22.565423] ? ktime_get_ts64+0x86/0x230 [ 22.565447] kunit_try_run_case+0x1a5/0x480 [ 22.565470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.565491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.565513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.565535] ? __kthread_parkme+0x82/0x180 [ 22.565570] ? preempt_count_sub+0x50/0x80 [ 22.565594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.565617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.565642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.565668] kthread+0x337/0x6f0 [ 22.565687] ? trace_preempt_on+0x20/0xc0 [ 22.565708] ? __pfx_kthread+0x10/0x10 [ 22.565728] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.565748] ? calculate_sigpending+0x7b/0xa0 [ 22.565770] ? __pfx_kthread+0x10/0x10 [ 22.565791] ret_from_fork+0x116/0x1d0 [ 22.565809] ? __pfx_kthread+0x10/0x10 [ 22.565829] ret_from_fork_asm+0x1a/0x30 [ 22.565859] </TASK> [ 22.565869] [ 22.573145] Allocated by task 185: [ 22.573333] kasan_save_stack+0x45/0x70 [ 22.573717] kasan_save_track+0x18/0x40 [ 22.573893] kasan_save_alloc_info+0x3b/0x50 [ 22.574083] __kasan_kmalloc+0xb7/0xc0 [ 22.574208] __kmalloc_cache_noprof+0x189/0x420 [ 22.574382] kmalloc_oob_right+0xa9/0x7f0 [ 22.574579] kunit_try_run_case+0x1a5/0x480 [ 22.574896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.575192] kthread+0x337/0x6f0 [ 22.575330] ret_from_fork+0x116/0x1d0 [ 22.575456] ret_from_fork_asm+0x1a/0x30 [ 22.575617] [ 22.575704] The buggy address belongs to the object at ffff88810539f700 [ 22.575704] which belongs to the cache kmalloc-128 of size 128 [ 22.576198] The buggy address is located 13 bytes to the right of [ 22.576198] allocated 115-byte region [ffff88810539f700, ffff88810539f773) [ 22.576793] [ 22.576935] The buggy address belongs to the physical page: [ 22.577142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 22.577453] flags: 0x200000000000000(node=0|zone=2) [ 22.577725] page_type: f5(slab) [ 22.577853] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.578130] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.578471] page dumped because: kasan: bad access detected [ 22.578834] [ 22.579015] Memory state around the buggy address: [ 22.579206] ffff88810539f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.579498] ffff88810539f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.579778] >ffff88810539f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.579982] ^ [ 22.580091] ffff88810539f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.580335] ffff88810539f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.580731] ================================================================== [ 22.546084] ================================================================== [ 22.546417] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 22.546716] Write of size 1 at addr ffff88810539f778 by task kunit_try_catch/185 [ 22.547016] [ 22.547325] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.547377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.547389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.547408] Call Trace: [ 22.547420] <TASK> [ 22.547435] dump_stack_lvl+0x73/0xb0 [ 22.547464] print_report+0xd1/0x610 [ 22.547486] ? __virt_addr_valid+0x1db/0x2d0 [ 22.547508] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.547528] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.547563] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.547584] kasan_report+0x141/0x180 [ 22.547605] ? kmalloc_oob_right+0x6bd/0x7f0 [ 22.547630] __asan_report_store1_noabort+0x1b/0x30 [ 22.547654] kmalloc_oob_right+0x6bd/0x7f0 [ 22.547675] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.547697] ? __schedule+0x10c6/0x2b60 [ 22.547718] ? __pfx_read_tsc+0x10/0x10 [ 22.547740] ? ktime_get_ts64+0x86/0x230 [ 22.547764] kunit_try_run_case+0x1a5/0x480 [ 22.547786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.547807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.547829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.547851] ? __kthread_parkme+0x82/0x180 [ 22.547871] ? preempt_count_sub+0x50/0x80 [ 22.547905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.547928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.547954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.547980] kthread+0x337/0x6f0 [ 22.547999] ? trace_preempt_on+0x20/0xc0 [ 22.548023] ? __pfx_kthread+0x10/0x10 [ 22.548044] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.548066] ? calculate_sigpending+0x7b/0xa0 [ 22.548089] ? __pfx_kthread+0x10/0x10 [ 22.548110] ret_from_fork+0x116/0x1d0 [ 22.548129] ? __pfx_kthread+0x10/0x10 [ 22.548149] ret_from_fork_asm+0x1a/0x30 [ 22.548179] </TASK> [ 22.548189] [ 22.555379] Allocated by task 185: [ 22.555506] kasan_save_stack+0x45/0x70 [ 22.555642] kasan_save_track+0x18/0x40 [ 22.555774] kasan_save_alloc_info+0x3b/0x50 [ 22.556015] __kasan_kmalloc+0xb7/0xc0 [ 22.556244] __kmalloc_cache_noprof+0x189/0x420 [ 22.556466] kmalloc_oob_right+0xa9/0x7f0 [ 22.556670] kunit_try_run_case+0x1a5/0x480 [ 22.556809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.557055] kthread+0x337/0x6f0 [ 22.557273] ret_from_fork+0x116/0x1d0 [ 22.557453] ret_from_fork_asm+0x1a/0x30 [ 22.557705] [ 22.557771] The buggy address belongs to the object at ffff88810539f700 [ 22.557771] which belongs to the cache kmalloc-128 of size 128 [ 22.558448] The buggy address is located 5 bytes to the right of [ 22.558448] allocated 115-byte region [ffff88810539f700, ffff88810539f773) [ 22.558822] [ 22.558887] The buggy address belongs to the physical page: [ 22.559095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 22.559456] flags: 0x200000000000000(node=0|zone=2) [ 22.559774] page_type: f5(slab) [ 22.560043] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.560530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.560889] page dumped because: kasan: bad access detected [ 22.561091] [ 22.561181] Memory state around the buggy address: [ 22.561380] ffff88810539f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.561702] ffff88810539f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.562142] >ffff88810539f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.562432] ^ [ 22.562767] ffff88810539f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.562977] ffff88810539f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.563290] ================================================================== [ 22.510538] ================================================================== [ 22.511743] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 22.513175] Write of size 1 at addr ffff88810539f773 by task kunit_try_catch/185 [ 22.514347] [ 22.515975] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 22.516346] Tainted: [N]=TEST [ 22.516379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.516590] Call Trace: [ 22.516657] <TASK> [ 22.516799] dump_stack_lvl+0x73/0xb0 [ 22.516913] print_report+0xd1/0x610 [ 22.516942] ? __virt_addr_valid+0x1db/0x2d0 [ 22.516968] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.516988] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.517013] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.517034] kasan_report+0x141/0x180 [ 22.517055] ? kmalloc_oob_right+0x6f0/0x7f0 [ 22.517081] __asan_report_store1_noabort+0x1b/0x30 [ 22.517104] kmalloc_oob_right+0x6f0/0x7f0 [ 22.517125] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 22.517147] ? __schedule+0x10c6/0x2b60 [ 22.517170] ? __pfx_read_tsc+0x10/0x10 [ 22.517195] ? ktime_get_ts64+0x86/0x230 [ 22.517223] kunit_try_run_case+0x1a5/0x480 [ 22.517249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.517306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.517328] ? __kthread_parkme+0x82/0x180 [ 22.517349] ? preempt_count_sub+0x50/0x80 [ 22.517374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.517397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.517423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.517449] kthread+0x337/0x6f0 [ 22.517468] ? trace_preempt_on+0x20/0xc0 [ 22.517492] ? __pfx_kthread+0x10/0x10 [ 22.517512] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.517532] ? calculate_sigpending+0x7b/0xa0 [ 22.517564] ? __pfx_kthread+0x10/0x10 [ 22.517584] ret_from_fork+0x116/0x1d0 [ 22.517603] ? __pfx_kthread+0x10/0x10 [ 22.517623] ret_from_fork_asm+0x1a/0x30 [ 22.517677] </TASK> [ 22.517741] [ 22.529080] Allocated by task 185: [ 22.529528] kasan_save_stack+0x45/0x70 [ 22.529947] kasan_save_track+0x18/0x40 [ 22.530244] kasan_save_alloc_info+0x3b/0x50 [ 22.530654] __kasan_kmalloc+0xb7/0xc0 [ 22.530788] __kmalloc_cache_noprof+0x189/0x420 [ 22.531082] kmalloc_oob_right+0xa9/0x7f0 [ 22.531458] kunit_try_run_case+0x1a5/0x480 [ 22.531849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.532385] kthread+0x337/0x6f0 [ 22.532511] ret_from_fork+0x116/0x1d0 [ 22.532851] ret_from_fork_asm+0x1a/0x30 [ 22.533304] [ 22.533583] The buggy address belongs to the object at ffff88810539f700 [ 22.533583] which belongs to the cache kmalloc-128 of size 128 [ 22.534460] The buggy address is located 0 bytes to the right of [ 22.534460] allocated 115-byte region [ffff88810539f700, ffff88810539f773) [ 22.535484] [ 22.535762] The buggy address belongs to the physical page: [ 22.536507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10539f [ 22.537352] flags: 0x200000000000000(node=0|zone=2) [ 22.538220] page_type: f5(slab) [ 22.538696] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.539436] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.540226] page dumped because: kasan: bad access detected [ 22.540431] [ 22.540505] Memory state around the buggy address: [ 22.541148] ffff88810539f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.541891] ffff88810539f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.542757] >ffff88810539f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 22.543305] ^ [ 22.543993] ffff88810539f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.544211] ffff88810539f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.544488] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 194.693860] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2943 [ 194.695533] Modules linked in: [ 194.695715] CPU: 0 UID: 0 PID: 2943 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 194.697145] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.697328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.697580] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 194.697757] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 25 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.699424] RSP: 0000:ffff88810b67fc78 EFLAGS: 00010286 [ 194.700098] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 194.700849] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb5862b9c [ 194.701761] RBP: ffff88810b67fca0 R08: 0000000000000000 R09: ffffed102050a080 [ 194.702498] R10: ffff888102850407 R11: 0000000000000000 R12: ffffffffb5862b88 [ 194.703461] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810b67fd38 [ 194.703860] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 194.704658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.704842] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 194.705678] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 194.706521] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.706745] Call Trace: [ 194.706845] <TASK> [ 194.707317] drm_test_rect_calc_vscale+0x108/0x270 [ 194.707831] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 194.708538] ? __schedule+0x10c6/0x2b60 [ 194.709033] ? __pfx_read_tsc+0x10/0x10 [ 194.709449] ? ktime_get_ts64+0x86/0x230 [ 194.709798] kunit_try_run_case+0x1a5/0x480 [ 194.710291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.710654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.710813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.711262] ? __kthread_parkme+0x82/0x180 [ 194.711702] ? preempt_count_sub+0x50/0x80 [ 194.712181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.712553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.712742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.712957] kthread+0x337/0x6f0 [ 194.713346] ? trace_preempt_on+0x20/0xc0 [ 194.713796] ? __pfx_kthread+0x10/0x10 [ 194.714214] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.714722] ? calculate_sigpending+0x7b/0xa0 [ 194.715190] ? __pfx_kthread+0x10/0x10 [ 194.715613] ret_from_fork+0x116/0x1d0 [ 194.715991] ? __pfx_kthread+0x10/0x10 [ 194.716266] ret_from_fork_asm+0x1a/0x30 [ 194.716585] </TASK> [ 194.716817] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 194.725538] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2945 [ 194.727121] Modules linked in: [ 194.728059] CPU: 1 UID: 0 PID: 2945 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 194.728534] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.729234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.729748] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 194.730216] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 c0 25 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.731635] RSP: 0000:ffff88810bb3fc78 EFLAGS: 00010286 [ 194.731827] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 194.732548] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb5862bd4 [ 194.733293] RBP: ffff88810bb3fca0 R08: 0000000000000000 R09: ffffed10204d2980 [ 194.734007] R10: ffff888102694c07 R11: 0000000000000000 R12: ffffffffb5862bc0 [ 194.734364] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810bb3fd38 [ 194.734570] FS: 0000000000000000(0000) GS:ffff8881a3913000(0000) knlGS:0000000000000000 [ 194.734794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.734977] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 194.735392] DR0: ffffffffb78b3544 DR1: ffffffffb78b3549 DR2: ffffffffb78b354a [ 194.736013] DR3: ffffffffb78b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.736338] Call Trace: [ 194.736448] <TASK> [ 194.736582] drm_test_rect_calc_vscale+0x108/0x270 [ 194.736805] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 194.737177] ? __schedule+0x10c6/0x2b60 [ 194.737419] ? __pfx_read_tsc+0x10/0x10 [ 194.737620] ? ktime_get_ts64+0x86/0x230 [ 194.737803] kunit_try_run_case+0x1a5/0x480 [ 194.738154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.738340] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.738570] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.738911] ? __kthread_parkme+0x82/0x180 [ 194.739061] ? preempt_count_sub+0x50/0x80 [ 194.739778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.740129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.740475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.740685] kthread+0x337/0x6f0 [ 194.740853] ? trace_preempt_on+0x20/0xc0 [ 194.741139] ? __pfx_kthread+0x10/0x10 [ 194.741330] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.741576] ? calculate_sigpending+0x7b/0xa0 [ 194.741755] ? __pfx_kthread+0x10/0x10 [ 194.742062] ret_from_fork+0x116/0x1d0 [ 194.742208] ? __pfx_kthread+0x10/0x10 [ 194.742438] ret_from_fork_asm+0x1a/0x30 [ 194.742649] </TASK> [ 194.742762] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 194.639237] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2931 [ 194.640865] Modules linked in: [ 194.641254] CPU: 0 UID: 0 PID: 2931 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 194.642060] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.642760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.643603] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 194.643798] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.644560] RSP: 0000:ffff88810bd4fc78 EFLAGS: 00010286 [ 194.644841] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 194.645253] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb5862ba0 [ 194.645634] RBP: ffff88810bd4fca0 R08: 0000000000000000 R09: ffffed10205095a0 [ 194.646025] R10: ffff88810284ad07 R11: 0000000000000000 R12: ffffffffb5862b88 [ 194.646335] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810bd4fd38 [ 194.646661] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 194.647214] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.647522] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 194.647824] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 194.648267] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.648625] Call Trace: [ 194.648859] <TASK> [ 194.649307] drm_test_rect_calc_hscale+0x108/0x270 [ 194.649560] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 194.649809] ? __schedule+0x10c6/0x2b60 [ 194.650248] ? __pfx_read_tsc+0x10/0x10 [ 194.650600] ? ktime_get_ts64+0x86/0x230 [ 194.651157] kunit_try_run_case+0x1a5/0x480 [ 194.651435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.651648] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.652180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.652571] ? __kthread_parkme+0x82/0x180 [ 194.652803] ? preempt_count_sub+0x50/0x80 [ 194.653208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.653630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.653873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.654423] kthread+0x337/0x6f0 [ 194.654829] ? trace_preempt_on+0x20/0xc0 [ 194.655325] ? __pfx_kthread+0x10/0x10 [ 194.655477] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.655625] ? calculate_sigpending+0x7b/0xa0 [ 194.655773] ? __pfx_kthread+0x10/0x10 [ 194.655924] ret_from_fork+0x116/0x1d0 [ 194.656067] ? __pfx_kthread+0x10/0x10 [ 194.656569] ret_from_fork_asm+0x1a/0x30 [ 194.656812] </TASK> [ 194.657326] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 194.660659] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2933 [ 194.661486] Modules linked in: [ 194.661832] CPU: 1 UID: 0 PID: 2933 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 194.662829] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.663577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.664540] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 194.664910] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.665972] RSP: 0000:ffff88810bbd7c78 EFLAGS: 00010286 [ 194.666383] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 194.666798] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb5862bd8 [ 194.667577] RBP: ffff88810bbd7ca0 R08: 0000000000000000 R09: ffffed10204d28e0 [ 194.668263] R10: ffff888102694707 R11: 0000000000000000 R12: ffffffffb5862bc0 [ 194.668570] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810bbd7d38 [ 194.668782] FS: 0000000000000000(0000) GS:ffff8881a3913000(0000) knlGS:0000000000000000 [ 194.669529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.670168] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 194.670814] DR0: ffffffffb78b3544 DR1: ffffffffb78b3549 DR2: ffffffffb78b354a [ 194.671596] DR3: ffffffffb78b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.672051] Call Trace: [ 194.672153] <TASK> [ 194.672253] drm_test_rect_calc_hscale+0x108/0x270 [ 194.672557] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 194.673050] ? __schedule+0x10c6/0x2b60 [ 194.673503] ? __pfx_read_tsc+0x10/0x10 [ 194.673932] ? ktime_get_ts64+0x86/0x230 [ 194.674310] kunit_try_run_case+0x1a5/0x480 [ 194.674690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.675204] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.675568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.675733] ? __kthread_parkme+0x82/0x180 [ 194.675874] ? preempt_count_sub+0x50/0x80 [ 194.676410] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.676844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.677417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.677627] kthread+0x337/0x6f0 [ 194.677749] ? trace_preempt_on+0x20/0xc0 [ 194.677908] ? __pfx_kthread+0x10/0x10 [ 194.678053] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.678444] ? calculate_sigpending+0x7b/0xa0 [ 194.678692] ? __pfx_kthread+0x10/0x10 [ 194.679166] ret_from_fork+0x116/0x1d0 [ 194.679454] ? __pfx_kthread+0x10/0x10 [ 194.679592] ret_from_fork_asm+0x1a/0x30 [ 194.679740] </TASK> [ 194.679835] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 193.952404] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 193.952538] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2736 [ 193.954387] Modules linked in: [ 193.954637] CPU: 0 UID: 0 PID: 2736 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 193.955223] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.955540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.955905] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 193.956276] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 5d d0 81 00 48 c7 c1 c0 6a 81 b5 4c 89 f2 48 c7 c7 e0 66 81 b5 48 89 c6 e8 54 9d 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 193.957385] RSP: 0000:ffff88810b30fd18 EFLAGS: 00010286 [ 193.957670] RAX: 0000000000000000 RBX: ffff88810317e800 RCX: 1ffffffff6ca4aac [ 193.957958] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 193.958474] RBP: ffff88810b30fd48 R08: 0000000000000000 R09: fffffbfff6ca4aac [ 193.958758] R10: 0000000000000003 R11: 000000000003c0b0 R12: ffff88810b474800 [ 193.959131] R13: ffff88810317e8f8 R14: ffff888102bcd100 R15: ffff8881003c7b48 [ 193.959562] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 193.960058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.960330] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 193.960712] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 193.961075] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.961423] Call Trace: [ 193.961558] <TASK> [ 193.961695] ? trace_preempt_on+0x20/0xc0 [ 193.961853] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 193.962238] drm_gem_shmem_free_wrapper+0x12/0x20 [ 193.962557] __kunit_action_free+0x57/0x70 [ 193.962774] kunit_remove_resource+0x133/0x200 [ 193.963285] ? preempt_count_sub+0x50/0x80 [ 193.963477] kunit_cleanup+0x7a/0x120 [ 193.963671] kunit_try_run_case_cleanup+0xbd/0xf0 [ 193.963908] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 193.964302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.964623] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.965131] kthread+0x337/0x6f0 [ 193.965311] ? trace_preempt_on+0x20/0xc0 [ 193.965502] ? __pfx_kthread+0x10/0x10 [ 193.965679] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.965873] ? calculate_sigpending+0x7b/0xa0 [ 193.966700] ? __pfx_kthread+0x10/0x10 [ 193.966864] ret_from_fork+0x116/0x1d0 [ 193.967132] ? __pfx_kthread+0x10/0x10 [ 193.967314] ret_from_fork_asm+0x1a/0x30 [ 193.967526] </TASK> [ 193.967703] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 193.820752] WARNING: drivers/gpu/drm/drm_framebuffer.c:869 at drm_framebuffer_init+0x49/0x8d0, CPU#1: kunit_try_catch/2717 [ 193.821667] Modules linked in: [ 193.821945] CPU: 1 UID: 0 PID: 2717 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 193.822733] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.823225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.823724] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 193.824167] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 193.824978] RSP: 0000:ffff88810b117b20 EFLAGS: 00010246 [ 193.825197] RAX: ffff88810b117ba8 RBX: ffff88810b117c28 RCX: 1ffff11021622f8e [ 193.825493] RDX: dffffc0000000000 RSI: ffff88810b317000 RDI: ffff88810b317000 [ 193.825762] RBP: ffff88810b117b70 R08: ffff88810b317000 R09: ffffffffb58068e0 [ 193.826118] R10: 0000000000000003 R11: 0000000015bd3d30 R12: 1ffff11021622f71 [ 193.826422] R13: ffff88810b117c70 R14: ffff88810b117db8 R15: 0000000000000000 [ 193.826671] FS: 0000000000000000(0000) GS:ffff8881a3913000(0000) knlGS:0000000000000000 [ 193.827046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.827270] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 193.827522] DR0: ffffffffb78b3544 DR1: ffffffffb78b3549 DR2: ffffffffb78b354a [ 193.827814] DR3: ffffffffb78b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.828094] Call Trace: [ 193.828208] <TASK> [ 193.828296] ? trace_preempt_on+0x20/0xc0 [ 193.828497] ? add_dr+0xc1/0x1d0 [ 193.828672] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 193.828904] ? add_dr+0x148/0x1d0 [ 193.829106] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 193.829461] ? __drmm_add_action+0x1a4/0x280 [ 193.829643] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.829978] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.830226] ? __drmm_add_action_or_reset+0x22/0x50 [ 193.830472] ? __schedule+0x10c6/0x2b60 [ 193.830646] ? __pfx_read_tsc+0x10/0x10 [ 193.830811] ? ktime_get_ts64+0x86/0x230 [ 193.831204] kunit_try_run_case+0x1a5/0x480 [ 193.831423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.831581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.831800] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.832133] ? __kthread_parkme+0x82/0x180 [ 193.832363] ? preempt_count_sub+0x50/0x80 [ 193.832565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.832755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.833067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.833372] kthread+0x337/0x6f0 [ 193.833559] ? trace_preempt_on+0x20/0xc0 [ 193.833746] ? __pfx_kthread+0x10/0x10 [ 193.833995] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.834211] ? calculate_sigpending+0x7b/0xa0 [ 193.834426] ? __pfx_kthread+0x10/0x10 [ 193.834616] ret_from_fork+0x116/0x1d0 [ 193.834789] ? __pfx_kthread+0x10/0x10 [ 193.835166] ret_from_fork_asm+0x1a/0x30 [ 193.835335] </TASK> [ 193.835474] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 193.784661] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 193.784792] WARNING: drivers/gpu/drm/drm_framebuffer.c:832 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2713 [ 193.787827] Modules linked in: [ 193.788093] CPU: 0 UID: 0 PID: 2713 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 193.789089] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.789631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.790014] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 193.790604] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 1b 08 89 00 48 c7 c1 80 13 80 b5 4c 89 fa 48 c7 c7 e0 13 80 b5 48 89 c6 e8 12 d5 77 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 193.791825] RSP: 0000:ffff88810b117b68 EFLAGS: 00010282 [ 193.792481] RAX: 0000000000000000 RBX: ffff88810b117c40 RCX: 1ffffffff6ca4aac [ 193.793103] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 193.793636] RBP: ffff88810b117b90 R08: 0000000000000000 R09: fffffbfff6ca4aac [ 193.793846] R10: 0000000000000003 R11: 000000000003a7e8 R12: ffff88810b117c18 [ 193.794544] R13: ffff88810b0fd800 R14: ffff88810b20e000 R15: ffff88810de27780 [ 193.795241] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 193.795652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.795836] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 193.796602] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 193.797385] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.798118] Call Trace: [ 193.798533] <TASK> [ 193.798678] drm_test_framebuffer_free+0x1ab/0x610 [ 193.798939] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 193.799693] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.800333] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.800698] ? __drmm_add_action_or_reset+0x22/0x50 [ 193.800872] ? __schedule+0x10c6/0x2b60 [ 193.801144] ? __pfx_read_tsc+0x10/0x10 [ 193.801541] ? ktime_get_ts64+0x86/0x230 [ 193.801777] kunit_try_run_case+0x1a5/0x480 [ 193.802089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.802310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.802467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.802629] ? __kthread_parkme+0x82/0x180 [ 193.802769] ? preempt_count_sub+0x50/0x80 [ 193.802927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.803126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.803547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.804019] kthread+0x337/0x6f0 [ 193.804304] ? trace_preempt_on+0x20/0xc0 [ 193.804487] ? __pfx_kthread+0x10/0x10 [ 193.804669] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.804874] ? calculate_sigpending+0x7b/0xa0 [ 193.805230] ? __pfx_kthread+0x10/0x10 [ 193.805569] ret_from_fork+0x116/0x1d0 [ 193.805781] ? __pfx_kthread+0x10/0x10 [ 193.806084] ret_from_fork_asm+0x1a/0x30 [ 193.806252] </TASK> [ 193.806339] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 192.556589] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2161 [ 192.557490] Modules linked in: [ 192.557865] CPU: 0 UID: 0 PID: 2161 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 192.558536] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.559150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.559788] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 192.560457] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 192.562081] RSP: 0000:ffff8881044afc90 EFLAGS: 00010246 [ 192.562275] RAX: dffffc0000000000 RBX: ffff8881044ec000 RCX: 0000000000000000 [ 192.562482] RDX: 1ffff1102089d834 RSI: ffffffffb2a0c1b8 RDI: ffff8881044ec1a0 [ 192.562690] RBP: ffff8881044afca0 R08: 1ffff11020078f6a R09: ffffed1020895f65 [ 192.563234] R10: 0000000000000003 R11: ffffffffb1f83138 R12: 0000000000000000 [ 192.563759] R13: ffff8881044afd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 192.564293] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 192.564765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.565335] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 192.565764] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 192.566434] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.566846] Call Trace: [ 192.567137] <TASK> [ 192.567278] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 192.567570] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 192.567868] ? __schedule+0x10c6/0x2b60 [ 192.568474] ? __pfx_read_tsc+0x10/0x10 [ 192.568675] ? ktime_get_ts64+0x86/0x230 [ 192.568864] kunit_try_run_case+0x1a5/0x480 [ 192.569063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.569266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.569499] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.569842] ? __kthread_parkme+0x82/0x180 [ 192.570138] ? preempt_count_sub+0x50/0x80 [ 192.570338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.570561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.570791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.571381] kthread+0x337/0x6f0 [ 192.571675] ? trace_preempt_on+0x20/0xc0 [ 192.571866] ? __pfx_kthread+0x10/0x10 [ 192.572189] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.572459] ? calculate_sigpending+0x7b/0xa0 [ 192.572651] ? __pfx_kthread+0x10/0x10 [ 192.572826] ret_from_fork+0x116/0x1d0 [ 192.573041] ? __pfx_kthread+0x10/0x10 [ 192.573336] ret_from_fork_asm+0x1a/0x30 [ 192.573638] </TASK> [ 192.573796] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 192.479684] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2153 [ 192.480572] Modules linked in: [ 192.480767] CPU: 1 UID: 0 PID: 2153 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 192.481728] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.482179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.482765] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 192.483019] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 192.483754] RSP: 0000:ffff888105f2fc90 EFLAGS: 00010246 [ 192.483935] RAX: dffffc0000000000 RBX: ffff88810403a000 RCX: 0000000000000000 [ 192.484150] RDX: 1ffff11020807434 RSI: ffffffffb2a0c1b8 RDI: ffff88810403a1a0 [ 192.484361] RBP: ffff888105f2fca0 R08: 1ffff11020078f6a R09: ffffed1020be5f65 [ 192.484564] R10: 0000000000000003 R11: ffffffffb140496a R12: 0000000000000000 [ 192.485107] R13: ffff888105f2fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 192.485442] FS: 0000000000000000(0000) GS:ffff8881a3913000(0000) knlGS:0000000000000000 [ 192.485791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.486104] CR2: 00007ffff7ffe000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 192.486493] DR0: ffffffffb78b3544 DR1: ffffffffb78b3549 DR2: ffffffffb78b354a [ 192.487164] DR3: ffffffffb78b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.487613] Call Trace: [ 192.487761] <TASK> [ 192.488062] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 192.488419] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 192.488843] ? __schedule+0x10c6/0x2b60 [ 192.489328] ? __pfx_read_tsc+0x10/0x10 [ 192.489774] ? ktime_get_ts64+0x86/0x230 [ 192.490165] kunit_try_run_case+0x1a5/0x480 [ 192.490393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.490610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.490811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.491130] ? __kthread_parkme+0x82/0x180 [ 192.491595] ? preempt_count_sub+0x50/0x80 [ 192.491952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.492202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.492583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.492878] kthread+0x337/0x6f0 [ 192.493152] ? trace_preempt_on+0x20/0xc0 [ 192.493504] ? __pfx_kthread+0x10/0x10 [ 192.493644] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.493890] ? calculate_sigpending+0x7b/0xa0 [ 192.494252] ? __pfx_kthread+0x10/0x10 [ 192.494401] ret_from_fork+0x116/0x1d0 [ 192.494588] ? __pfx_kthread+0x10/0x10 [ 192.494774] ret_from_fork_asm+0x1a/0x30 [ 192.495193] </TASK> [ 192.495339] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 120.846486] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 120.847698] Modules linked in: [ 120.848277] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 120.849603] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 120.850387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.851177] RIP: 0010:intlog10+0x2a/0x40 [ 120.851744] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 c7 cc 90 02 90 <0f> 0b 90 31 c0 e9 bc cc 90 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 120.853296] RSP: 0000:ffff88810d367cb0 EFLAGS: 00010246 [ 120.853744] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021a6cfb4 [ 120.854152] RDX: 1ffffffff6ad3480 RSI: 1ffff11021a6cfb3 RDI: 0000000000000000 [ 120.854987] RBP: ffff88810d367d60 R08: 0000000000000000 R09: ffffed1020ce3420 [ 120.855873] R10: ffff88810671a107 R11: 0000000000000000 R12: 1ffff11021a6cf97 [ 120.856369] R13: ffffffffb569a400 R14: 0000000000000000 R15: ffff88810d367d38 [ 120.856628] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 120.856878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.857718] CR2: dffffc0000000000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 120.858635] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 120.859670] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.860390] Call Trace: [ 120.860702] <TASK> [ 120.860797] ? intlog10_test+0xf2/0x220 [ 120.861403] ? __pfx_intlog10_test+0x10/0x10 [ 120.861802] ? __schedule+0x10c6/0x2b60 [ 120.862302] ? __pfx_read_tsc+0x10/0x10 [ 120.862751] ? ktime_get_ts64+0x86/0x230 [ 120.863131] kunit_try_run_case+0x1a5/0x480 [ 120.863302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.863458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.863613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.863772] ? __kthread_parkme+0x82/0x180 [ 120.863936] ? preempt_count_sub+0x50/0x80 [ 120.864488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.864720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.865375] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.865744] kthread+0x337/0x6f0 [ 120.865920] ? trace_preempt_on+0x20/0xc0 [ 120.866405] ? __pfx_kthread+0x10/0x10 [ 120.866701] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.867125] ? calculate_sigpending+0x7b/0xa0 [ 120.867480] ? __pfx_kthread+0x10/0x10 [ 120.867666] ret_from_fork+0x116/0x1d0 [ 120.868161] ? __pfx_kthread+0x10/0x10 [ 120.868420] ret_from_fork_asm+0x1a/0x30 [ 120.868649] </TASK> [ 120.869068] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 120.807666] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/689 [ 120.808040] Modules linked in: [ 120.808476] CPU: 0 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc6-next-20250716 #1 PREEMPT(voluntary) [ 120.809332] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 120.809780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.810530] RIP: 0010:intlog2+0xdf/0x110 [ 120.810825] Code: 69 b5 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 2f 49 55 ff 8b 45 e4 eb [ 120.811570] RSP: 0000:ffff88810d3c7cb0 EFLAGS: 00010246 [ 120.811751] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021a78fb4 [ 120.812273] RDX: 1ffffffff6ad34d4 RSI: 1ffff11021a78fb3 RDI: 0000000000000000 [ 120.812953] RBP: ffff88810d3c7d60 R08: 0000000000000000 R09: ffffed1020c868e0 [ 120.813623] R10: ffff888106434707 R11: 0000000000000000 R12: 1ffff11021a78f97 [ 120.814326] R13: ffffffffb569a6a0 R14: 0000000000000000 R15: ffff88810d3c7d38 [ 120.814592] FS: 0000000000000000(0000) GS:ffff8881a3813000(0000) knlGS:0000000000000000 [ 120.814814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.815278] CR2: dffffc0000000000 CR3: 00000000476bc000 CR4: 00000000000006f0 [ 120.815912] DR0: ffffffffb78b3540 DR1: ffffffffb78b3541 DR2: ffffffffb78b3543 [ 120.816595] DR3: ffffffffb78b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.816807] Call Trace: [ 120.816966] <TASK> [ 120.817172] ? intlog2_test+0xf2/0x220 [ 120.817573] ? __pfx_intlog2_test+0x10/0x10 [ 120.818018] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 120.818486] ? trace_hardirqs_on+0x37/0xe0 [ 120.818632] ? __pfx_read_tsc+0x10/0x10 [ 120.818765] ? ktime_get_ts64+0x86/0x230 [ 120.818967] kunit_try_run_case+0x1a5/0x480 [ 120.819395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.819817] ? queued_spin_lock_slowpath+0x116/0xb40 [ 120.820383] ? __kthread_parkme+0x82/0x180 [ 120.820768] ? preempt_count_sub+0x50/0x80 [ 120.821222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.821453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.821627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.821811] kthread+0x337/0x6f0 [ 120.822118] ? trace_preempt_on+0x20/0xc0 [ 120.822488] ? __pfx_kthread+0x10/0x10 [ 120.822827] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.823256] ? calculate_sigpending+0x7b/0xa0 [ 120.823665] ? __pfx_kthread+0x10/0x10 [ 120.824032] ret_from_fork+0x116/0x1d0 [ 120.824238] ? __pfx_kthread+0x10/0x10 [ 120.824582] ret_from_fork_asm+0x1a/0x30 [ 120.824810] </TASK> [ 120.824941] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 120.217402] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI