Date
July 17, 2025, 10:12 a.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.493835] ================================================================== [ 29.494643] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.495435] Read of size 8 at addr ffff88810618b478 by task kunit_try_catch/330 [ 29.496376] [ 29.496704] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.496764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.496777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.496800] Call Trace: [ 29.496814] <TASK> [ 29.496835] dump_stack_lvl+0x73/0xb0 [ 29.496870] print_report+0xd1/0x610 [ 29.496895] ? __virt_addr_valid+0x1db/0x2d0 [ 29.496920] ? copy_to_kernel_nofault+0x225/0x260 [ 29.496944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.496971] ? copy_to_kernel_nofault+0x225/0x260 [ 29.496995] kasan_report+0x141/0x180 [ 29.497017] ? copy_to_kernel_nofault+0x225/0x260 [ 29.497047] __asan_report_load8_noabort+0x18/0x20 [ 29.497072] copy_to_kernel_nofault+0x225/0x260 [ 29.497110] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.497264] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.497319] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.497348] ? trace_hardirqs_on+0x37/0xe0 [ 29.497381] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.497409] kunit_try_run_case+0x1a5/0x480 [ 29.497436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.497459] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.497483] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.497508] ? __kthread_parkme+0x82/0x180 [ 29.497533] ? preempt_count_sub+0x50/0x80 [ 29.497557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.497581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.497605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.497629] kthread+0x337/0x6f0 [ 29.497649] ? trace_preempt_on+0x20/0xc0 [ 29.497673] ? __pfx_kthread+0x10/0x10 [ 29.497694] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.497717] ? calculate_sigpending+0x7b/0xa0 [ 29.497741] ? __pfx_kthread+0x10/0x10 [ 29.497763] ret_from_fork+0x116/0x1d0 [ 29.497783] ? __pfx_kthread+0x10/0x10 [ 29.497804] ret_from_fork_asm+0x1a/0x30 [ 29.497836] </TASK> [ 29.497848] [ 29.509765] Allocated by task 330: [ 29.510155] kasan_save_stack+0x45/0x70 [ 29.510618] kasan_save_track+0x18/0x40 [ 29.511070] kasan_save_alloc_info+0x3b/0x50 [ 29.511489] __kasan_kmalloc+0xb7/0xc0 [ 29.511784] __kmalloc_cache_noprof+0x189/0x420 [ 29.511934] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.512095] kunit_try_run_case+0x1a5/0x480 [ 29.512230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.512847] kthread+0x337/0x6f0 [ 29.513313] ret_from_fork+0x116/0x1d0 [ 29.513766] ret_from_fork_asm+0x1a/0x30 [ 29.514169] [ 29.514329] The buggy address belongs to the object at ffff88810618b400 [ 29.514329] which belongs to the cache kmalloc-128 of size 128 [ 29.515588] The buggy address is located 0 bytes to the right of [ 29.515588] allocated 120-byte region [ffff88810618b400, ffff88810618b478) [ 29.516740] [ 29.516878] The buggy address belongs to the physical page: [ 29.517447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618b [ 29.517772] flags: 0x200000000000000(node=0|zone=2) [ 29.518310] page_type: f5(slab) [ 29.518728] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.519209] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.519720] page dumped because: kasan: bad access detected [ 29.520055] [ 29.520131] Memory state around the buggy address: [ 29.520306] ffff88810618b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.520826] ffff88810618b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.521306] >ffff88810618b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.521508] ^ [ 29.521852] ffff88810618b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.522698] ffff88810618b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.523337] ================================================================== [ 29.524380] ================================================================== [ 29.525066] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.525721] Write of size 8 at addr ffff88810618b478 by task kunit_try_catch/330 [ 29.525955] [ 29.526034] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.526096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.526109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.526131] Call Trace: [ 29.526144] <TASK> [ 29.526160] dump_stack_lvl+0x73/0xb0 [ 29.526190] print_report+0xd1/0x610 [ 29.526213] ? __virt_addr_valid+0x1db/0x2d0 [ 29.526236] ? copy_to_kernel_nofault+0x99/0x260 [ 29.526292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.526319] ? copy_to_kernel_nofault+0x99/0x260 [ 29.526343] kasan_report+0x141/0x180 [ 29.526365] ? copy_to_kernel_nofault+0x99/0x260 [ 29.526530] kasan_check_range+0x10c/0x1c0 [ 29.526561] __kasan_check_write+0x18/0x20 [ 29.526585] copy_to_kernel_nofault+0x99/0x260 [ 29.526611] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.526636] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.526659] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.526685] ? trace_hardirqs_on+0x37/0xe0 [ 29.526718] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.526745] kunit_try_run_case+0x1a5/0x480 [ 29.526771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.526794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.526817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.526841] ? __kthread_parkme+0x82/0x180 [ 29.526866] ? preempt_count_sub+0x50/0x80 [ 29.526890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.526913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.526937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.526960] kthread+0x337/0x6f0 [ 29.526980] ? trace_preempt_on+0x20/0xc0 [ 29.527002] ? __pfx_kthread+0x10/0x10 [ 29.527023] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.527045] ? calculate_sigpending+0x7b/0xa0 [ 29.527069] ? __pfx_kthread+0x10/0x10 [ 29.527105] ret_from_fork+0x116/0x1d0 [ 29.527124] ? __pfx_kthread+0x10/0x10 [ 29.527145] ret_from_fork_asm+0x1a/0x30 [ 29.527177] </TASK> [ 29.527188] [ 29.540892] Allocated by task 330: [ 29.541106] kasan_save_stack+0x45/0x70 [ 29.541340] kasan_save_track+0x18/0x40 [ 29.541577] kasan_save_alloc_info+0x3b/0x50 [ 29.541726] __kasan_kmalloc+0xb7/0xc0 [ 29.541930] __kmalloc_cache_noprof+0x189/0x420 [ 29.542183] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.542410] kunit_try_run_case+0x1a5/0x480 [ 29.542666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.542861] kthread+0x337/0x6f0 [ 29.542983] ret_from_fork+0x116/0x1d0 [ 29.543180] ret_from_fork_asm+0x1a/0x30 [ 29.543390] [ 29.543497] The buggy address belongs to the object at ffff88810618b400 [ 29.543497] which belongs to the cache kmalloc-128 of size 128 [ 29.544052] The buggy address is located 0 bytes to the right of [ 29.544052] allocated 120-byte region [ffff88810618b400, ffff88810618b478) [ 29.544610] [ 29.544707] The buggy address belongs to the physical page: [ 29.544901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618b [ 29.545260] flags: 0x200000000000000(node=0|zone=2) [ 29.545491] page_type: f5(slab) [ 29.545662] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.545891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.546124] page dumped because: kasan: bad access detected [ 29.546376] [ 29.546474] Memory state around the buggy address: [ 29.546702] ffff88810618b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.547045] ffff88810618b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.547411] >ffff88810618b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.547800] ^ [ 29.548095] ffff88810618b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.548576] ffff88810618b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.548883] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 28.775636] ================================================================== [ 28.776042] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 28.776838] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.777446] [ 28.777560] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.777770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.777785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.777807] Call Trace: [ 28.777822] <TASK> [ 28.777839] dump_stack_lvl+0x73/0xb0 [ 28.777870] print_report+0xd1/0x610 [ 28.777892] ? __virt_addr_valid+0x1db/0x2d0 [ 28.777915] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.777943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.777969] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.777990] kasan_report+0x141/0x180 [ 28.778013] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.778040] kasan_check_range+0x10c/0x1c0 [ 28.778063] __kasan_check_write+0x18/0x20 [ 28.778097] kasan_atomics_helper+0x12e6/0x5450 [ 28.778120] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.778142] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.778168] ? kasan_atomics+0x152/0x310 [ 28.778194] kasan_atomics+0x1dc/0x310 [ 28.778217] ? __pfx_kasan_atomics+0x10/0x10 [ 28.778242] ? __pfx_read_tsc+0x10/0x10 [ 28.778264] ? ktime_get_ts64+0x86/0x230 [ 28.778299] kunit_try_run_case+0x1a5/0x480 [ 28.778323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.778346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.778369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.778393] ? __kthread_parkme+0x82/0x180 [ 28.778417] ? preempt_count_sub+0x50/0x80 [ 28.778441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.778465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.778489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.778512] kthread+0x337/0x6f0 [ 28.778532] ? trace_preempt_on+0x20/0xc0 [ 28.778554] ? __pfx_kthread+0x10/0x10 [ 28.778575] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.778597] ? calculate_sigpending+0x7b/0xa0 [ 28.778620] ? __pfx_kthread+0x10/0x10 [ 28.778641] ret_from_fork+0x116/0x1d0 [ 28.778660] ? __pfx_kthread+0x10/0x10 [ 28.778681] ret_from_fork_asm+0x1a/0x30 [ 28.778713] </TASK> [ 28.778724] [ 28.788155] Allocated by task 314: [ 28.788438] kasan_save_stack+0x45/0x70 [ 28.788783] kasan_save_track+0x18/0x40 [ 28.789019] kasan_save_alloc_info+0x3b/0x50 [ 28.789317] __kasan_kmalloc+0xb7/0xc0 [ 28.789498] __kmalloc_cache_noprof+0x189/0x420 [ 28.789818] kasan_atomics+0x95/0x310 [ 28.790015] kunit_try_run_case+0x1a5/0x480 [ 28.790318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.790650] kthread+0x337/0x6f0 [ 28.790779] ret_from_fork+0x116/0x1d0 [ 28.791087] ret_from_fork_asm+0x1a/0x30 [ 28.791260] [ 28.791364] The buggy address belongs to the object at ffff88810458d180 [ 28.791364] which belongs to the cache kmalloc-64 of size 64 [ 28.791844] The buggy address is located 0 bytes to the right of [ 28.791844] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.792671] [ 28.792771] The buggy address belongs to the physical page: [ 28.792967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.793474] flags: 0x200000000000000(node=0|zone=2) [ 28.793742] page_type: f5(slab) [ 28.793893] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.794206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.794710] page dumped because: kasan: bad access detected [ 28.794997] [ 28.795086] Memory state around the buggy address: [ 28.795277] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.795772] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.796062] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.796549] ^ [ 28.796765] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.797173] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.797578] ================================================================== [ 28.819823] ================================================================== [ 28.820215] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 28.820769] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.821361] [ 28.821455] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.821502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.821514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.821534] Call Trace: [ 28.821548] <TASK> [ 28.821562] dump_stack_lvl+0x73/0xb0 [ 28.821786] print_report+0xd1/0x610 [ 28.821812] ? __virt_addr_valid+0x1db/0x2d0 [ 28.821835] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.821856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.821882] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.821905] kasan_report+0x141/0x180 [ 28.821936] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.821963] kasan_check_range+0x10c/0x1c0 [ 28.821986] __kasan_check_read+0x15/0x20 [ 28.822009] kasan_atomics_helper+0x13b5/0x5450 [ 28.822032] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.822055] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.822090] ? kasan_atomics+0x152/0x310 [ 28.822117] kasan_atomics+0x1dc/0x310 [ 28.822139] ? __pfx_kasan_atomics+0x10/0x10 [ 28.822163] ? __pfx_read_tsc+0x10/0x10 [ 28.822184] ? ktime_get_ts64+0x86/0x230 [ 28.822208] kunit_try_run_case+0x1a5/0x480 [ 28.822232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.822254] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.822279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.822302] ? __kthread_parkme+0x82/0x180 [ 28.822326] ? preempt_count_sub+0x50/0x80 [ 28.822350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.822373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.822398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.822421] kthread+0x337/0x6f0 [ 28.822441] ? trace_preempt_on+0x20/0xc0 [ 28.822463] ? __pfx_kthread+0x10/0x10 [ 28.822485] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.822507] ? calculate_sigpending+0x7b/0xa0 [ 28.822530] ? __pfx_kthread+0x10/0x10 [ 28.822552] ret_from_fork+0x116/0x1d0 [ 28.822571] ? __pfx_kthread+0x10/0x10 [ 28.822591] ret_from_fork_asm+0x1a/0x30 [ 28.822623] </TASK> [ 28.822633] [ 28.831885] Allocated by task 314: [ 28.832230] kasan_save_stack+0x45/0x70 [ 28.832473] kasan_save_track+0x18/0x40 [ 28.832770] kasan_save_alloc_info+0x3b/0x50 [ 28.832943] __kasan_kmalloc+0xb7/0xc0 [ 28.833140] __kmalloc_cache_noprof+0x189/0x420 [ 28.833563] kasan_atomics+0x95/0x310 [ 28.833737] kunit_try_run_case+0x1a5/0x480 [ 28.833916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.834165] kthread+0x337/0x6f0 [ 28.834542] ret_from_fork+0x116/0x1d0 [ 28.834732] ret_from_fork_asm+0x1a/0x30 [ 28.834974] [ 28.835053] The buggy address belongs to the object at ffff88810458d180 [ 28.835053] which belongs to the cache kmalloc-64 of size 64 [ 28.835743] The buggy address is located 0 bytes to the right of [ 28.835743] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.836246] [ 28.836554] The buggy address belongs to the physical page: [ 28.836775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.837115] flags: 0x200000000000000(node=0|zone=2) [ 28.837322] page_type: f5(slab) [ 28.837460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.837768] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.838074] page dumped because: kasan: bad access detected [ 28.838620] [ 28.838706] Memory state around the buggy address: [ 28.838887] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.839354] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.839723] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.840021] ^ [ 28.840332] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.840695] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.840946] ================================================================== [ 29.106341] ================================================================== [ 29.107250] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 29.107683] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.107906] [ 29.107985] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.108033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.108045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.108067] Call Trace: [ 29.108093] <TASK> [ 29.108109] dump_stack_lvl+0x73/0xb0 [ 29.108139] print_report+0xd1/0x610 [ 29.108161] ? __virt_addr_valid+0x1db/0x2d0 [ 29.108184] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.108206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.108232] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.108254] kasan_report+0x141/0x180 [ 29.108297] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.108325] kasan_check_range+0x10c/0x1c0 [ 29.108348] __kasan_check_write+0x18/0x20 [ 29.108371] kasan_atomics_helper+0x1b22/0x5450 [ 29.108394] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.108416] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.108441] ? kasan_atomics+0x152/0x310 [ 29.108468] kasan_atomics+0x1dc/0x310 [ 29.108491] ? __pfx_kasan_atomics+0x10/0x10 [ 29.108515] ? __pfx_read_tsc+0x10/0x10 [ 29.108537] ? ktime_get_ts64+0x86/0x230 [ 29.108561] kunit_try_run_case+0x1a5/0x480 [ 29.108586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.108607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.108631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.108656] ? __kthread_parkme+0x82/0x180 [ 29.108680] ? preempt_count_sub+0x50/0x80 [ 29.108704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.108727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.108751] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.108774] kthread+0x337/0x6f0 [ 29.108794] ? trace_preempt_on+0x20/0xc0 [ 29.108817] ? __pfx_kthread+0x10/0x10 [ 29.108837] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.108859] ? calculate_sigpending+0x7b/0xa0 [ 29.108883] ? __pfx_kthread+0x10/0x10 [ 29.108905] ret_from_fork+0x116/0x1d0 [ 29.108925] ? __pfx_kthread+0x10/0x10 [ 29.108946] ret_from_fork_asm+0x1a/0x30 [ 29.108978] </TASK> [ 29.108989] [ 29.115813] Allocated by task 314: [ 29.115982] kasan_save_stack+0x45/0x70 [ 29.116182] kasan_save_track+0x18/0x40 [ 29.116387] kasan_save_alloc_info+0x3b/0x50 [ 29.116578] __kasan_kmalloc+0xb7/0xc0 [ 29.116703] __kmalloc_cache_noprof+0x189/0x420 [ 29.116851] kasan_atomics+0x95/0x310 [ 29.116978] kunit_try_run_case+0x1a5/0x480 [ 29.117175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.117453] kthread+0x337/0x6f0 [ 29.117617] ret_from_fork+0x116/0x1d0 [ 29.117806] ret_from_fork_asm+0x1a/0x30 [ 29.117999] [ 29.118099] The buggy address belongs to the object at ffff88810458d180 [ 29.118099] which belongs to the cache kmalloc-64 of size 64 [ 29.118640] The buggy address is located 0 bytes to the right of [ 29.118640] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.119125] [ 29.119201] The buggy address belongs to the physical page: [ 29.119445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.119777] flags: 0x200000000000000(node=0|zone=2) [ 29.119973] page_type: f5(slab) [ 29.120142] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.120458] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.120736] page dumped because: kasan: bad access detected [ 29.120901] [ 29.120964] Memory state around the buggy address: [ 29.121120] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.121356] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.121615] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.121927] ^ [ 29.122149] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.122482] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.122698] ================================================================== [ 28.053131] ================================================================== [ 28.054991] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 28.055872] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.056107] [ 28.056192] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.056251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.056264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.056286] Call Trace: [ 28.056298] <TASK> [ 28.056315] dump_stack_lvl+0x73/0xb0 [ 28.056345] print_report+0xd1/0x610 [ 28.056366] ? __virt_addr_valid+0x1db/0x2d0 [ 28.056390] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.056410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.056435] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.056456] kasan_report+0x141/0x180 [ 28.056477] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.056503] __asan_report_load4_noabort+0x18/0x20 [ 28.056527] kasan_atomics_helper+0x4bbc/0x5450 [ 28.056549] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.056570] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.056593] ? kasan_atomics+0x152/0x310 [ 28.056618] kasan_atomics+0x1dc/0x310 [ 28.056639] ? __pfx_kasan_atomics+0x10/0x10 [ 28.056662] ? __pfx_read_tsc+0x10/0x10 [ 28.056683] ? ktime_get_ts64+0x86/0x230 [ 28.056707] kunit_try_run_case+0x1a5/0x480 [ 28.056730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.056773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.056796] ? __kthread_parkme+0x82/0x180 [ 28.056818] ? preempt_count_sub+0x50/0x80 [ 28.056841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.056886] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.056909] kthread+0x337/0x6f0 [ 28.056927] ? trace_preempt_on+0x20/0xc0 [ 28.056949] ? __pfx_kthread+0x10/0x10 [ 28.056968] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.056989] ? calculate_sigpending+0x7b/0xa0 [ 28.057012] ? __pfx_kthread+0x10/0x10 [ 28.057032] ret_from_fork+0x116/0x1d0 [ 28.057050] ? __pfx_kthread+0x10/0x10 [ 28.057070] ret_from_fork_asm+0x1a/0x30 [ 28.057672] </TASK> [ 28.057685] [ 28.065564] Allocated by task 314: [ 28.065688] kasan_save_stack+0x45/0x70 [ 28.065826] kasan_save_track+0x18/0x40 [ 28.065967] kasan_save_alloc_info+0x3b/0x50 [ 28.066272] __kasan_kmalloc+0xb7/0xc0 [ 28.066562] __kmalloc_cache_noprof+0x189/0x420 [ 28.066841] kasan_atomics+0x95/0x310 [ 28.067042] kunit_try_run_case+0x1a5/0x480 [ 28.067324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.067611] kthread+0x337/0x6f0 [ 28.067771] ret_from_fork+0x116/0x1d0 [ 28.067961] ret_from_fork_asm+0x1a/0x30 [ 28.068153] [ 28.068219] The buggy address belongs to the object at ffff88810458d180 [ 28.068219] which belongs to the cache kmalloc-64 of size 64 [ 28.068800] The buggy address is located 0 bytes to the right of [ 28.068800] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.069219] [ 28.069306] The buggy address belongs to the physical page: [ 28.069580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.069930] flags: 0x200000000000000(node=0|zone=2) [ 28.070160] page_type: f5(slab) [ 28.070538] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.070780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.071092] page dumped because: kasan: bad access detected [ 28.071427] [ 28.071524] Memory state around the buggy address: [ 28.071723] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.072016] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.072356] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.072726] ^ [ 28.072970] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073334] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.073681] ================================================================== [ 28.396770] ================================================================== [ 28.397105] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 28.397421] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.397707] [ 28.397788] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.397835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.397848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.397869] Call Trace: [ 28.397883] <TASK> [ 28.397901] dump_stack_lvl+0x73/0xb0 [ 28.397966] print_report+0xd1/0x610 [ 28.397989] ? __virt_addr_valid+0x1db/0x2d0 [ 28.398012] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.398046] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.398072] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.398135] kasan_report+0x141/0x180 [ 28.398159] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.398185] kasan_check_range+0x10c/0x1c0 [ 28.398220] __kasan_check_write+0x18/0x20 [ 28.398244] kasan_atomics_helper+0xa2b/0x5450 [ 28.398267] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.398301] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.398326] ? kasan_atomics+0x152/0x310 [ 28.398353] kasan_atomics+0x1dc/0x310 [ 28.398393] ? __pfx_kasan_atomics+0x10/0x10 [ 28.398418] ? __pfx_read_tsc+0x10/0x10 [ 28.398453] ? ktime_get_ts64+0x86/0x230 [ 28.398487] kunit_try_run_case+0x1a5/0x480 [ 28.398510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.398532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.398568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.398592] ? __kthread_parkme+0x82/0x180 [ 28.398620] ? preempt_count_sub+0x50/0x80 [ 28.398644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.398668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.398691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.398714] kthread+0x337/0x6f0 [ 28.398734] ? trace_preempt_on+0x20/0xc0 [ 28.398757] ? __pfx_kthread+0x10/0x10 [ 28.398778] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.398800] ? calculate_sigpending+0x7b/0xa0 [ 28.398824] ? __pfx_kthread+0x10/0x10 [ 28.398845] ret_from_fork+0x116/0x1d0 [ 28.398865] ? __pfx_kthread+0x10/0x10 [ 28.398885] ret_from_fork_asm+0x1a/0x30 [ 28.398917] </TASK> [ 28.398927] [ 28.409211] Allocated by task 314: [ 28.409451] kasan_save_stack+0x45/0x70 [ 28.409919] kasan_save_track+0x18/0x40 [ 28.410117] kasan_save_alloc_info+0x3b/0x50 [ 28.410276] __kasan_kmalloc+0xb7/0xc0 [ 28.410581] __kmalloc_cache_noprof+0x189/0x420 [ 28.410806] kasan_atomics+0x95/0x310 [ 28.411216] kunit_try_run_case+0x1a5/0x480 [ 28.411407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.411722] kthread+0x337/0x6f0 [ 28.411890] ret_from_fork+0x116/0x1d0 [ 28.412334] ret_from_fork_asm+0x1a/0x30 [ 28.412548] [ 28.412755] The buggy address belongs to the object at ffff88810458d180 [ 28.412755] which belongs to the cache kmalloc-64 of size 64 [ 28.413392] The buggy address is located 0 bytes to the right of [ 28.413392] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.414126] [ 28.414221] The buggy address belongs to the physical page: [ 28.414666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.415044] flags: 0x200000000000000(node=0|zone=2) [ 28.415303] page_type: f5(slab) [ 28.415568] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.415881] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.416200] page dumped because: kasan: bad access detected [ 28.416656] [ 28.416774] Memory state around the buggy address: [ 28.417112] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.417642] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.418013] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.418458] ^ [ 28.418751] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.419137] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.419592] ================================================================== [ 28.527743] ================================================================== [ 28.528042] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.528390] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.529040] [ 28.529171] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.529221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.529234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.529257] Call Trace: [ 28.529274] <TASK> [ 28.529291] dump_stack_lvl+0x73/0xb0 [ 28.529322] print_report+0xd1/0x610 [ 28.529344] ? __virt_addr_valid+0x1db/0x2d0 [ 28.529367] ? kasan_atomics_helper+0xde0/0x5450 [ 28.529401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.529428] ? kasan_atomics_helper+0xde0/0x5450 [ 28.529450] kasan_report+0x141/0x180 [ 28.529485] ? kasan_atomics_helper+0xde0/0x5450 [ 28.529511] kasan_check_range+0x10c/0x1c0 [ 28.529535] __kasan_check_write+0x18/0x20 [ 28.529559] kasan_atomics_helper+0xde0/0x5450 [ 28.529582] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.529605] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.529630] ? kasan_atomics+0x152/0x310 [ 28.529657] kasan_atomics+0x1dc/0x310 [ 28.529680] ? __pfx_kasan_atomics+0x10/0x10 [ 28.529705] ? __pfx_read_tsc+0x10/0x10 [ 28.529728] ? ktime_get_ts64+0x86/0x230 [ 28.529762] kunit_try_run_case+0x1a5/0x480 [ 28.529786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.529808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.529843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.529867] ? __kthread_parkme+0x82/0x180 [ 28.529891] ? preempt_count_sub+0x50/0x80 [ 28.529916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.529953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.529977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.530001] kthread+0x337/0x6f0 [ 28.530032] ? trace_preempt_on+0x20/0xc0 [ 28.530056] ? __pfx_kthread+0x10/0x10 [ 28.530085] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.530107] ? calculate_sigpending+0x7b/0xa0 [ 28.530131] ? __pfx_kthread+0x10/0x10 [ 28.530153] ret_from_fork+0x116/0x1d0 [ 28.530173] ? __pfx_kthread+0x10/0x10 [ 28.530195] ret_from_fork_asm+0x1a/0x30 [ 28.530228] </TASK> [ 28.530239] [ 28.537763] Allocated by task 314: [ 28.537930] kasan_save_stack+0x45/0x70 [ 28.538152] kasan_save_track+0x18/0x40 [ 28.538284] kasan_save_alloc_info+0x3b/0x50 [ 28.538426] __kasan_kmalloc+0xb7/0xc0 [ 28.538607] __kmalloc_cache_noprof+0x189/0x420 [ 28.538825] kasan_atomics+0x95/0x310 [ 28.539030] kunit_try_run_case+0x1a5/0x480 [ 28.539243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.539460] kthread+0x337/0x6f0 [ 28.539575] ret_from_fork+0x116/0x1d0 [ 28.539799] ret_from_fork_asm+0x1a/0x30 [ 28.539990] [ 28.540087] The buggy address belongs to the object at ffff88810458d180 [ 28.540087] which belongs to the cache kmalloc-64 of size 64 [ 28.540639] The buggy address is located 0 bytes to the right of [ 28.540639] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.541156] [ 28.541246] The buggy address belongs to the physical page: [ 28.541515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.541909] flags: 0x200000000000000(node=0|zone=2) [ 28.542129] page_type: f5(slab) [ 28.542312] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.542641] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.542894] page dumped because: kasan: bad access detected [ 28.543059] [ 28.543132] Memory state around the buggy address: [ 28.543282] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.543492] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.544156] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.544617] ^ [ 28.544928] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.545210] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.545599] ================================================================== [ 29.341242] ================================================================== [ 29.341598] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 29.341905] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.342212] [ 29.342319] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.342365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.342378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.342400] Call Trace: [ 29.342413] <TASK> [ 29.342428] dump_stack_lvl+0x73/0xb0 [ 29.342455] print_report+0xd1/0x610 [ 29.342477] ? __virt_addr_valid+0x1db/0x2d0 [ 29.342499] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.342521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.342547] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.342569] kasan_report+0x141/0x180 [ 29.342591] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.342617] kasan_check_range+0x10c/0x1c0 [ 29.342641] __kasan_check_write+0x18/0x20 [ 29.342664] kasan_atomics_helper+0x20c8/0x5450 [ 29.342687] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.342709] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.342734] ? kasan_atomics+0x152/0x310 [ 29.342760] kasan_atomics+0x1dc/0x310 [ 29.342783] ? __pfx_kasan_atomics+0x10/0x10 [ 29.342808] ? __pfx_read_tsc+0x10/0x10 [ 29.342829] ? ktime_get_ts64+0x86/0x230 [ 29.342853] kunit_try_run_case+0x1a5/0x480 [ 29.342877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.342900] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.342923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.342947] ? __kthread_parkme+0x82/0x180 [ 29.342971] ? preempt_count_sub+0x50/0x80 [ 29.342994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.343018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.343041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.343065] kthread+0x337/0x6f0 [ 29.343096] ? trace_preempt_on+0x20/0xc0 [ 29.343119] ? __pfx_kthread+0x10/0x10 [ 29.343139] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.343161] ? calculate_sigpending+0x7b/0xa0 [ 29.343184] ? __pfx_kthread+0x10/0x10 [ 29.343208] ret_from_fork+0x116/0x1d0 [ 29.343226] ? __pfx_kthread+0x10/0x10 [ 29.343248] ret_from_fork_asm+0x1a/0x30 [ 29.343279] </TASK> [ 29.343290] [ 29.351189] Allocated by task 314: [ 29.352200] kasan_save_stack+0x45/0x70 [ 29.353032] kasan_save_track+0x18/0x40 [ 29.353238] kasan_save_alloc_info+0x3b/0x50 [ 29.353441] __kasan_kmalloc+0xb7/0xc0 [ 29.353566] __kmalloc_cache_noprof+0x189/0x420 [ 29.353710] kasan_atomics+0x95/0x310 [ 29.353832] kunit_try_run_case+0x1a5/0x480 [ 29.353970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.354165] kthread+0x337/0x6f0 [ 29.354781] ret_from_fork+0x116/0x1d0 [ 29.355036] ret_from_fork_asm+0x1a/0x30 [ 29.355538] [ 29.355779] The buggy address belongs to the object at ffff88810458d180 [ 29.355779] which belongs to the cache kmalloc-64 of size 64 [ 29.356564] The buggy address is located 0 bytes to the right of [ 29.356564] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.357095] [ 29.357181] The buggy address belongs to the physical page: [ 29.357824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.358259] flags: 0x200000000000000(node=0|zone=2) [ 29.358766] page_type: f5(slab) [ 29.359010] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.359570] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.359882] page dumped because: kasan: bad access detected [ 29.360125] [ 29.360209] Memory state around the buggy address: [ 29.360763] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.361201] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.361520] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.361805] ^ [ 29.362012] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.362565] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.363015] ================================================================== [ 29.409569] ================================================================== [ 29.409873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 29.410311] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.410635] [ 29.410752] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.410799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.410812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.410832] Call Trace: [ 29.410864] <TASK> [ 29.410879] dump_stack_lvl+0x73/0xb0 [ 29.410906] print_report+0xd1/0x610 [ 29.410946] ? __virt_addr_valid+0x1db/0x2d0 [ 29.410969] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.411007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.411034] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.411056] kasan_report+0x141/0x180 [ 29.411091] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.411118] __asan_report_load8_noabort+0x18/0x20 [ 29.411159] kasan_atomics_helper+0x4fa5/0x5450 [ 29.411184] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.411220] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.411269] ? kasan_atomics+0x152/0x310 [ 29.411296] kasan_atomics+0x1dc/0x310 [ 29.411332] ? __pfx_kasan_atomics+0x10/0x10 [ 29.411369] ? __pfx_read_tsc+0x10/0x10 [ 29.411391] ? ktime_get_ts64+0x86/0x230 [ 29.411415] kunit_try_run_case+0x1a5/0x480 [ 29.411439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.411485] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.411509] ? __kthread_parkme+0x82/0x180 [ 29.411533] ? preempt_count_sub+0x50/0x80 [ 29.411556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.411604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.411628] kthread+0x337/0x6f0 [ 29.411647] ? trace_preempt_on+0x20/0xc0 [ 29.411669] ? __pfx_kthread+0x10/0x10 [ 29.411690] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.411716] ? calculate_sigpending+0x7b/0xa0 [ 29.411741] ? __pfx_kthread+0x10/0x10 [ 29.411763] ret_from_fork+0x116/0x1d0 [ 29.411783] ? __pfx_kthread+0x10/0x10 [ 29.411805] ret_from_fork_asm+0x1a/0x30 [ 29.411836] </TASK> [ 29.411847] [ 29.419437] Allocated by task 314: [ 29.419616] kasan_save_stack+0x45/0x70 [ 29.419811] kasan_save_track+0x18/0x40 [ 29.420006] kasan_save_alloc_info+0x3b/0x50 [ 29.420197] __kasan_kmalloc+0xb7/0xc0 [ 29.420423] __kmalloc_cache_noprof+0x189/0x420 [ 29.420580] kasan_atomics+0x95/0x310 [ 29.420774] kunit_try_run_case+0x1a5/0x480 [ 29.420914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.421086] kthread+0x337/0x6f0 [ 29.421441] ret_from_fork+0x116/0x1d0 [ 29.423105] ret_from_fork_asm+0x1a/0x30 [ 29.423339] [ 29.423539] The buggy address belongs to the object at ffff88810458d180 [ 29.423539] which belongs to the cache kmalloc-64 of size 64 [ 29.424136] The buggy address is located 0 bytes to the right of [ 29.424136] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.424495] [ 29.424560] The buggy address belongs to the physical page: [ 29.424719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.424993] flags: 0x200000000000000(node=0|zone=2) [ 29.425178] page_type: f5(slab) [ 29.425294] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.425518] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.425736] page dumped because: kasan: bad access detected [ 29.425899] [ 29.425968] Memory state around the buggy address: [ 29.426126] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.426336] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.426549] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.427675] ^ [ 29.427912] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.430289] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.431565] ================================================================== [ 29.037946] ================================================================== [ 29.038591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 29.038819] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.039088] [ 29.039187] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.039233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.039245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.039310] Call Trace: [ 29.039323] <TASK> [ 29.039338] dump_stack_lvl+0x73/0xb0 [ 29.039366] print_report+0xd1/0x610 [ 29.039388] ? __virt_addr_valid+0x1db/0x2d0 [ 29.039411] ? kasan_atomics_helper+0x194a/0x5450 [ 29.039432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.039494] ? kasan_atomics_helper+0x194a/0x5450 [ 29.039517] kasan_report+0x141/0x180 [ 29.039540] ? kasan_atomics_helper+0x194a/0x5450 [ 29.039568] kasan_check_range+0x10c/0x1c0 [ 29.039591] __kasan_check_write+0x18/0x20 [ 29.039646] kasan_atomics_helper+0x194a/0x5450 [ 29.039671] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.039693] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.039718] ? kasan_atomics+0x152/0x310 [ 29.039744] kasan_atomics+0x1dc/0x310 [ 29.039798] ? __pfx_kasan_atomics+0x10/0x10 [ 29.039822] ? __pfx_read_tsc+0x10/0x10 [ 29.039844] ? ktime_get_ts64+0x86/0x230 [ 29.039868] kunit_try_run_case+0x1a5/0x480 [ 29.039894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.039916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.039939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.039963] ? __kthread_parkme+0x82/0x180 [ 29.039987] ? preempt_count_sub+0x50/0x80 [ 29.040010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.040034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.040058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.040091] kthread+0x337/0x6f0 [ 29.040111] ? trace_preempt_on+0x20/0xc0 [ 29.040134] ? __pfx_kthread+0x10/0x10 [ 29.040154] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.040176] ? calculate_sigpending+0x7b/0xa0 [ 29.040200] ? __pfx_kthread+0x10/0x10 [ 29.040221] ret_from_fork+0x116/0x1d0 [ 29.040241] ? __pfx_kthread+0x10/0x10 [ 29.040261] ret_from_fork_asm+0x1a/0x30 [ 29.040327] </TASK> [ 29.040338] [ 29.048177] Allocated by task 314: [ 29.048414] kasan_save_stack+0x45/0x70 [ 29.048775] kasan_save_track+0x18/0x40 [ 29.048998] kasan_save_alloc_info+0x3b/0x50 [ 29.049272] __kasan_kmalloc+0xb7/0xc0 [ 29.049521] __kmalloc_cache_noprof+0x189/0x420 [ 29.049768] kasan_atomics+0x95/0x310 [ 29.049939] kunit_try_run_case+0x1a5/0x480 [ 29.050090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.050258] kthread+0x337/0x6f0 [ 29.050387] ret_from_fork+0x116/0x1d0 [ 29.050604] ret_from_fork_asm+0x1a/0x30 [ 29.050796] [ 29.050884] The buggy address belongs to the object at ffff88810458d180 [ 29.050884] which belongs to the cache kmalloc-64 of size 64 [ 29.051453] The buggy address is located 0 bytes to the right of [ 29.051453] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.051950] [ 29.052018] The buggy address belongs to the physical page: [ 29.052285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.052633] flags: 0x200000000000000(node=0|zone=2) [ 29.052807] page_type: f5(slab) [ 29.053000] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.053371] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.053698] page dumped because: kasan: bad access detected [ 29.053939] [ 29.054029] Memory state around the buggy address: [ 29.054282] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.054598] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.054934] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.055259] ^ [ 29.055487] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.055790] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.056047] ================================================================== [ 28.752444] ================================================================== [ 28.752780] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 28.753246] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.753476] [ 28.753577] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.753624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.753636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.753658] Call Trace: [ 28.753673] <TASK> [ 28.753688] dump_stack_lvl+0x73/0xb0 [ 28.753716] print_report+0xd1/0x610 [ 28.753748] ? __virt_addr_valid+0x1db/0x2d0 [ 28.753950] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.753978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.754005] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.754111] kasan_report+0x141/0x180 [ 28.754193] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.754221] __asan_report_load4_noabort+0x18/0x20 [ 28.754297] kasan_atomics_helper+0x49e8/0x5450 [ 28.754321] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.754344] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.754369] ? kasan_atomics+0x152/0x310 [ 28.754395] kasan_atomics+0x1dc/0x310 [ 28.754417] ? __pfx_kasan_atomics+0x10/0x10 [ 28.754442] ? __pfx_read_tsc+0x10/0x10 [ 28.754463] ? ktime_get_ts64+0x86/0x230 [ 28.754487] kunit_try_run_case+0x1a5/0x480 [ 28.754635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.754660] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.754683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.754707] ? __kthread_parkme+0x82/0x180 [ 28.754731] ? preempt_count_sub+0x50/0x80 [ 28.754755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.754779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.754802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.754826] kthread+0x337/0x6f0 [ 28.754845] ? trace_preempt_on+0x20/0xc0 [ 28.754868] ? __pfx_kthread+0x10/0x10 [ 28.754889] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.754911] ? calculate_sigpending+0x7b/0xa0 [ 28.754934] ? __pfx_kthread+0x10/0x10 [ 28.754956] ret_from_fork+0x116/0x1d0 [ 28.754975] ? __pfx_kthread+0x10/0x10 [ 28.754995] ret_from_fork_asm+0x1a/0x30 [ 28.755027] </TASK> [ 28.755039] [ 28.764521] Allocated by task 314: [ 28.764813] kasan_save_stack+0x45/0x70 [ 28.764982] kasan_save_track+0x18/0x40 [ 28.765183] kasan_save_alloc_info+0x3b/0x50 [ 28.765819] __kasan_kmalloc+0xb7/0xc0 [ 28.765993] __kmalloc_cache_noprof+0x189/0x420 [ 28.766491] kasan_atomics+0x95/0x310 [ 28.766672] kunit_try_run_case+0x1a5/0x480 [ 28.766987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.767240] kthread+0x337/0x6f0 [ 28.767598] ret_from_fork+0x116/0x1d0 [ 28.767863] ret_from_fork_asm+0x1a/0x30 [ 28.768029] [ 28.768212] The buggy address belongs to the object at ffff88810458d180 [ 28.768212] which belongs to the cache kmalloc-64 of size 64 [ 28.768904] The buggy address is located 0 bytes to the right of [ 28.768904] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.769482] [ 28.769811] The buggy address belongs to the physical page: [ 28.770070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.770605] flags: 0x200000000000000(node=0|zone=2) [ 28.770923] page_type: f5(slab) [ 28.771225] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.771677] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.772003] page dumped because: kasan: bad access detected [ 28.772357] [ 28.772457] Memory state around the buggy address: [ 28.772679] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.772992] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.773568] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.773854] ^ [ 28.774074] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.774611] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.774977] ================================================================== [ 28.638303] ================================================================== [ 28.638676] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.638991] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.639285] [ 28.639420] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.639482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.639495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.639517] Call Trace: [ 28.639531] <TASK> [ 28.639549] dump_stack_lvl+0x73/0xb0 [ 28.639577] print_report+0xd1/0x610 [ 28.639600] ? __virt_addr_valid+0x1db/0x2d0 [ 28.639623] ? kasan_atomics_helper+0x1079/0x5450 [ 28.639645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.639671] ? kasan_atomics_helper+0x1079/0x5450 [ 28.639703] kasan_report+0x141/0x180 [ 28.639726] ? kasan_atomics_helper+0x1079/0x5450 [ 28.639752] kasan_check_range+0x10c/0x1c0 [ 28.639787] __kasan_check_write+0x18/0x20 [ 28.639811] kasan_atomics_helper+0x1079/0x5450 [ 28.639835] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.639857] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.639882] ? kasan_atomics+0x152/0x310 [ 28.639909] kasan_atomics+0x1dc/0x310 [ 28.639932] ? __pfx_kasan_atomics+0x10/0x10 [ 28.639957] ? __pfx_read_tsc+0x10/0x10 [ 28.639979] ? ktime_get_ts64+0x86/0x230 [ 28.640003] kunit_try_run_case+0x1a5/0x480 [ 28.640028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.640051] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.640075] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.640109] ? __kthread_parkme+0x82/0x180 [ 28.640133] ? preempt_count_sub+0x50/0x80 [ 28.640157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.640192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.640216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.640239] kthread+0x337/0x6f0 [ 28.640270] ? trace_preempt_on+0x20/0xc0 [ 28.640294] ? __pfx_kthread+0x10/0x10 [ 28.640332] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.640355] ? calculate_sigpending+0x7b/0xa0 [ 28.640389] ? __pfx_kthread+0x10/0x10 [ 28.640411] ret_from_fork+0x116/0x1d0 [ 28.640430] ? __pfx_kthread+0x10/0x10 [ 28.640451] ret_from_fork_asm+0x1a/0x30 [ 28.640483] </TASK> [ 28.640494] [ 28.653783] Allocated by task 314: [ 28.653941] kasan_save_stack+0x45/0x70 [ 28.654374] kasan_save_track+0x18/0x40 [ 28.654547] kasan_save_alloc_info+0x3b/0x50 [ 28.654897] __kasan_kmalloc+0xb7/0xc0 [ 28.655074] __kmalloc_cache_noprof+0x189/0x420 [ 28.655433] kasan_atomics+0x95/0x310 [ 28.655624] kunit_try_run_case+0x1a5/0x480 [ 28.655821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.656107] kthread+0x337/0x6f0 [ 28.656464] ret_from_fork+0x116/0x1d0 [ 28.656655] ret_from_fork_asm+0x1a/0x30 [ 28.656975] [ 28.657074] The buggy address belongs to the object at ffff88810458d180 [ 28.657074] which belongs to the cache kmalloc-64 of size 64 [ 28.657734] The buggy address is located 0 bytes to the right of [ 28.657734] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.658467] [ 28.658665] The buggy address belongs to the physical page: [ 28.658986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.659431] flags: 0x200000000000000(node=0|zone=2) [ 28.659612] page_type: f5(slab) [ 28.659951] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.660392] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.660743] page dumped because: kasan: bad access detected [ 28.661075] [ 28.661183] Memory state around the buggy address: [ 28.661621] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.661994] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.662522] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.662900] ^ [ 28.663154] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.663659] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.663984] ================================================================== [ 29.196252] ================================================================== [ 29.197074] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 29.197819] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.198546] [ 29.198755] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.198804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.198817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.198839] Call Trace: [ 29.198855] <TASK> [ 29.198902] dump_stack_lvl+0x73/0xb0 [ 29.198932] print_report+0xd1/0x610 [ 29.198955] ? __virt_addr_valid+0x1db/0x2d0 [ 29.198985] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.199007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.199032] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.199054] kasan_report+0x141/0x180 [ 29.199084] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.199111] kasan_check_range+0x10c/0x1c0 [ 29.199135] __kasan_check_write+0x18/0x20 [ 29.199158] kasan_atomics_helper+0x1d7a/0x5450 [ 29.199181] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.199203] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.199228] ? kasan_atomics+0x152/0x310 [ 29.199255] kasan_atomics+0x1dc/0x310 [ 29.199283] ? __pfx_kasan_atomics+0x10/0x10 [ 29.199307] ? __pfx_read_tsc+0x10/0x10 [ 29.199328] ? ktime_get_ts64+0x86/0x230 [ 29.199352] kunit_try_run_case+0x1a5/0x480 [ 29.199376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.199399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.199423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.199446] ? __kthread_parkme+0x82/0x180 [ 29.199470] ? preempt_count_sub+0x50/0x80 [ 29.199494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.199517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.199542] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.199565] kthread+0x337/0x6f0 [ 29.199584] ? trace_preempt_on+0x20/0xc0 [ 29.199607] ? __pfx_kthread+0x10/0x10 [ 29.199627] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.199650] ? calculate_sigpending+0x7b/0xa0 [ 29.199673] ? __pfx_kthread+0x10/0x10 [ 29.199695] ret_from_fork+0x116/0x1d0 [ 29.199714] ? __pfx_kthread+0x10/0x10 [ 29.199734] ret_from_fork_asm+0x1a/0x30 [ 29.199766] </TASK> [ 29.199777] [ 29.211019] Allocated by task 314: [ 29.211412] kasan_save_stack+0x45/0x70 [ 29.211804] kasan_save_track+0x18/0x40 [ 29.212190] kasan_save_alloc_info+0x3b/0x50 [ 29.212619] __kasan_kmalloc+0xb7/0xc0 [ 29.212988] __kmalloc_cache_noprof+0x189/0x420 [ 29.213451] kasan_atomics+0x95/0x310 [ 29.213863] kunit_try_run_case+0x1a5/0x480 [ 29.214299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.214793] kthread+0x337/0x6f0 [ 29.215044] ret_from_fork+0x116/0x1d0 [ 29.215180] ret_from_fork_asm+0x1a/0x30 [ 29.215440] [ 29.215603] The buggy address belongs to the object at ffff88810458d180 [ 29.215603] which belongs to the cache kmalloc-64 of size 64 [ 29.216687] The buggy address is located 0 bytes to the right of [ 29.216687] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.217036] [ 29.217109] The buggy address belongs to the physical page: [ 29.217269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.218031] flags: 0x200000000000000(node=0|zone=2) [ 29.218518] page_type: f5(slab) [ 29.218834] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.219582] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.220266] page dumped because: kasan: bad access detected [ 29.220491] [ 29.220666] Memory state around the buggy address: [ 29.221105] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.221489] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.221695] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.221894] ^ [ 29.222043] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.222518] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.222897] ================================================================== [ 28.457689] ================================================================== [ 28.457988] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 28.458232] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.458863] [ 28.458965] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.459014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.459045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.459067] Call Trace: [ 28.459107] <TASK> [ 28.459124] dump_stack_lvl+0x73/0xb0 [ 28.459153] print_report+0xd1/0x610 [ 28.459194] ? __virt_addr_valid+0x1db/0x2d0 [ 28.459220] ? kasan_atomics_helper+0xc70/0x5450 [ 28.459258] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.459295] ? kasan_atomics_helper+0xc70/0x5450 [ 28.459318] kasan_report+0x141/0x180 [ 28.459342] ? kasan_atomics_helper+0xc70/0x5450 [ 28.459369] kasan_check_range+0x10c/0x1c0 [ 28.459393] __kasan_check_write+0x18/0x20 [ 28.459416] kasan_atomics_helper+0xc70/0x5450 [ 28.459439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.459461] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.459486] ? kasan_atomics+0x152/0x310 [ 28.459513] kasan_atomics+0x1dc/0x310 [ 28.459552] ? __pfx_kasan_atomics+0x10/0x10 [ 28.459590] ? __pfx_read_tsc+0x10/0x10 [ 28.459625] ? ktime_get_ts64+0x86/0x230 [ 28.459650] kunit_try_run_case+0x1a5/0x480 [ 28.459674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.459696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.459720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.459745] ? __kthread_parkme+0x82/0x180 [ 28.459768] ? preempt_count_sub+0x50/0x80 [ 28.459791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.459815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.459839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.459862] kthread+0x337/0x6f0 [ 28.459882] ? trace_preempt_on+0x20/0xc0 [ 28.459905] ? __pfx_kthread+0x10/0x10 [ 28.459926] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.459948] ? calculate_sigpending+0x7b/0xa0 [ 28.459971] ? __pfx_kthread+0x10/0x10 [ 28.459994] ret_from_fork+0x116/0x1d0 [ 28.460013] ? __pfx_kthread+0x10/0x10 [ 28.460034] ret_from_fork_asm+0x1a/0x30 [ 28.460066] </TASK> [ 28.460087] [ 28.467467] Allocated by task 314: [ 28.467639] kasan_save_stack+0x45/0x70 [ 28.467826] kasan_save_track+0x18/0x40 [ 28.468005] kasan_save_alloc_info+0x3b/0x50 [ 28.468216] __kasan_kmalloc+0xb7/0xc0 [ 28.468404] __kmalloc_cache_noprof+0x189/0x420 [ 28.468600] kasan_atomics+0x95/0x310 [ 28.468721] kunit_try_run_case+0x1a5/0x480 [ 28.468922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.469195] kthread+0x337/0x6f0 [ 28.469405] ret_from_fork+0x116/0x1d0 [ 28.469541] ret_from_fork_asm+0x1a/0x30 [ 28.469752] [ 28.469837] The buggy address belongs to the object at ffff88810458d180 [ 28.469837] which belongs to the cache kmalloc-64 of size 64 [ 28.470294] The buggy address is located 0 bytes to the right of [ 28.470294] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.470847] [ 28.470945] The buggy address belongs to the physical page: [ 28.471194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.471501] flags: 0x200000000000000(node=0|zone=2) [ 28.471723] page_type: f5(slab) [ 28.471890] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.472179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.472632] page dumped because: kasan: bad access detected [ 28.472824] [ 28.472905] Memory state around the buggy address: [ 28.473153] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.473493] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.473750] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.474063] ^ [ 28.474282] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.474673] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.475001] ================================================================== [ 28.882360] ================================================================== [ 28.882743] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 28.883496] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.884061] [ 28.884319] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.884468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.884487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.884511] Call Trace: [ 28.884527] <TASK> [ 28.884543] dump_stack_lvl+0x73/0xb0 [ 28.884573] print_report+0xd1/0x610 [ 28.884596] ? __virt_addr_valid+0x1db/0x2d0 [ 28.884620] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.884641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.884668] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.884689] kasan_report+0x141/0x180 [ 28.884712] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.884739] __asan_report_store8_noabort+0x1b/0x30 [ 28.884763] kasan_atomics_helper+0x50d4/0x5450 [ 28.884786] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.884808] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.884833] ? kasan_atomics+0x152/0x310 [ 28.884860] kasan_atomics+0x1dc/0x310 [ 28.884882] ? __pfx_kasan_atomics+0x10/0x10 [ 28.884906] ? __pfx_read_tsc+0x10/0x10 [ 28.884928] ? ktime_get_ts64+0x86/0x230 [ 28.884952] kunit_try_run_case+0x1a5/0x480 [ 28.884976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.884999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.885022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.885046] ? __kthread_parkme+0x82/0x180 [ 28.885070] ? preempt_count_sub+0x50/0x80 [ 28.885106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.885130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.885154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.885178] kthread+0x337/0x6f0 [ 28.885197] ? trace_preempt_on+0x20/0xc0 [ 28.885221] ? __pfx_kthread+0x10/0x10 [ 28.885241] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.885263] ? calculate_sigpending+0x7b/0xa0 [ 28.885286] ? __pfx_kthread+0x10/0x10 [ 28.885308] ret_from_fork+0x116/0x1d0 [ 28.885327] ? __pfx_kthread+0x10/0x10 [ 28.885348] ret_from_fork_asm+0x1a/0x30 [ 28.885379] </TASK> [ 28.885390] [ 28.894893] Allocated by task 314: [ 28.895068] kasan_save_stack+0x45/0x70 [ 28.895278] kasan_save_track+0x18/0x40 [ 28.895851] kasan_save_alloc_info+0x3b/0x50 [ 28.896010] __kasan_kmalloc+0xb7/0xc0 [ 28.896348] __kmalloc_cache_noprof+0x189/0x420 [ 28.896658] kasan_atomics+0x95/0x310 [ 28.896831] kunit_try_run_case+0x1a5/0x480 [ 28.897176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.897535] kthread+0x337/0x6f0 [ 28.897824] ret_from_fork+0x116/0x1d0 [ 28.898003] ret_from_fork_asm+0x1a/0x30 [ 28.898303] [ 28.898379] The buggy address belongs to the object at ffff88810458d180 [ 28.898379] which belongs to the cache kmalloc-64 of size 64 [ 28.898937] The buggy address is located 0 bytes to the right of [ 28.898937] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.899353] [ 28.899842] The buggy address belongs to the physical page: [ 28.900122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.900512] flags: 0x200000000000000(node=0|zone=2) [ 28.900679] page_type: f5(slab) [ 28.900800] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.901034] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.901271] page dumped because: kasan: bad access detected [ 28.901438] [ 28.901502] Memory state around the buggy address: [ 28.901651] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.901878] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.902117] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.902325] ^ [ 28.902474] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.902683] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.902890] ================================================================== [ 28.841567] ================================================================== [ 28.841962] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 28.842615] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.843015] [ 28.843116] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.843164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.843176] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.843197] Call Trace: [ 28.843211] <TASK> [ 28.843226] dump_stack_lvl+0x73/0xb0 [ 28.843256] print_report+0xd1/0x610 [ 28.843278] ? __virt_addr_valid+0x1db/0x2d0 [ 28.843303] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.843324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.843351] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.843373] kasan_report+0x141/0x180 [ 28.843395] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.843422] __asan_report_load8_noabort+0x18/0x20 [ 28.843446] kasan_atomics_helper+0x4eae/0x5450 [ 28.843469] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.843491] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.843516] ? kasan_atomics+0x152/0x310 [ 28.843542] kasan_atomics+0x1dc/0x310 [ 28.843567] ? __pfx_kasan_atomics+0x10/0x10 [ 28.843592] ? __pfx_read_tsc+0x10/0x10 [ 28.843615] ? ktime_get_ts64+0x86/0x230 [ 28.843639] kunit_try_run_case+0x1a5/0x480 [ 28.843663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.843685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.843708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.843732] ? __kthread_parkme+0x82/0x180 [ 28.843756] ? preempt_count_sub+0x50/0x80 [ 28.843779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.843803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.843826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.843850] kthread+0x337/0x6f0 [ 28.843869] ? trace_preempt_on+0x20/0xc0 [ 28.843892] ? __pfx_kthread+0x10/0x10 [ 28.843913] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.843935] ? calculate_sigpending+0x7b/0xa0 [ 28.843959] ? __pfx_kthread+0x10/0x10 [ 28.843980] ret_from_fork+0x116/0x1d0 [ 28.843999] ? __pfx_kthread+0x10/0x10 [ 28.844020] ret_from_fork_asm+0x1a/0x30 [ 28.844052] </TASK> [ 28.844062] [ 28.850984] Allocated by task 314: [ 28.851114] kasan_save_stack+0x45/0x70 [ 28.851321] kasan_save_track+0x18/0x40 [ 28.851510] kasan_save_alloc_info+0x3b/0x50 [ 28.851710] __kasan_kmalloc+0xb7/0xc0 [ 28.851889] __kmalloc_cache_noprof+0x189/0x420 [ 28.852112] kasan_atomics+0x95/0x310 [ 28.852239] kunit_try_run_case+0x1a5/0x480 [ 28.852376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.852544] kthread+0x337/0x6f0 [ 28.852684] ret_from_fork+0x116/0x1d0 [ 28.852996] ret_from_fork_asm+0x1a/0x30 [ 28.853200] [ 28.853288] The buggy address belongs to the object at ffff88810458d180 [ 28.853288] which belongs to the cache kmalloc-64 of size 64 [ 28.853678] The buggy address is located 0 bytes to the right of [ 28.853678] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.854087] [ 28.854178] The buggy address belongs to the physical page: [ 28.854419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.854769] flags: 0x200000000000000(node=0|zone=2) [ 28.855125] page_type: f5(slab) [ 28.855293] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.855599] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.855818] page dumped because: kasan: bad access detected [ 28.855980] [ 28.856041] Memory state around the buggy address: [ 28.856273] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.856589] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.856902] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.857182] ^ [ 28.857427] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.857692] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.857932] ================================================================== [ 29.322911] ================================================================== [ 29.323335] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 29.323682] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.324012] [ 29.324123] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.324168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.324180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.324201] Call Trace: [ 29.324214] <TASK> [ 29.324227] dump_stack_lvl+0x73/0xb0 [ 29.324254] print_report+0xd1/0x610 [ 29.324276] ? __virt_addr_valid+0x1db/0x2d0 [ 29.324311] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.324333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.324359] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.324381] kasan_report+0x141/0x180 [ 29.324403] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.324430] __asan_report_load8_noabort+0x18/0x20 [ 29.324455] kasan_atomics_helper+0x4f98/0x5450 [ 29.324477] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.324499] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.324524] ? kasan_atomics+0x152/0x310 [ 29.324551] kasan_atomics+0x1dc/0x310 [ 29.324574] ? __pfx_kasan_atomics+0x10/0x10 [ 29.324598] ? __pfx_read_tsc+0x10/0x10 [ 29.324620] ? ktime_get_ts64+0x86/0x230 [ 29.324644] kunit_try_run_case+0x1a5/0x480 [ 29.324669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.324691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.324715] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.324739] ? __kthread_parkme+0x82/0x180 [ 29.324763] ? preempt_count_sub+0x50/0x80 [ 29.324786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.324810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.324834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.324857] kthread+0x337/0x6f0 [ 29.324876] ? trace_preempt_on+0x20/0xc0 [ 29.324899] ? __pfx_kthread+0x10/0x10 [ 29.324919] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.324941] ? calculate_sigpending+0x7b/0xa0 [ 29.324964] ? __pfx_kthread+0x10/0x10 [ 29.324986] ret_from_fork+0x116/0x1d0 [ 29.325005] ? __pfx_kthread+0x10/0x10 [ 29.325026] ret_from_fork_asm+0x1a/0x30 [ 29.325057] </TASK> [ 29.325068] [ 29.333472] Allocated by task 314: [ 29.333635] kasan_save_stack+0x45/0x70 [ 29.333810] kasan_save_track+0x18/0x40 [ 29.333976] kasan_save_alloc_info+0x3b/0x50 [ 29.334153] __kasan_kmalloc+0xb7/0xc0 [ 29.334374] __kmalloc_cache_noprof+0x189/0x420 [ 29.334576] kasan_atomics+0x95/0x310 [ 29.334727] kunit_try_run_case+0x1a5/0x480 [ 29.334886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.335124] kthread+0x337/0x6f0 [ 29.335265] ret_from_fork+0x116/0x1d0 [ 29.335447] ret_from_fork_asm+0x1a/0x30 [ 29.335578] [ 29.335668] The buggy address belongs to the object at ffff88810458d180 [ 29.335668] which belongs to the cache kmalloc-64 of size 64 [ 29.336145] The buggy address is located 0 bytes to the right of [ 29.336145] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.336605] [ 29.336694] The buggy address belongs to the physical page: [ 29.336918] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.337222] flags: 0x200000000000000(node=0|zone=2) [ 29.337552] page_type: f5(slab) [ 29.337710] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.338011] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.338331] page dumped because: kasan: bad access detected [ 29.338553] [ 29.338624] Memory state around the buggy address: [ 29.338823] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.339091] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.339405] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.339675] ^ [ 29.339861] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.340067] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.340293] ================================================================== [ 28.944523] ================================================================== [ 28.944858] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 28.945207] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.945654] [ 28.945733] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.945779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.945792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.945813] Call Trace: [ 28.945827] <TASK> [ 28.945841] dump_stack_lvl+0x73/0xb0 [ 28.945869] print_report+0xd1/0x610 [ 28.945890] ? __virt_addr_valid+0x1db/0x2d0 [ 28.945913] ? kasan_atomics_helper+0x164f/0x5450 [ 28.945939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.945965] ? kasan_atomics_helper+0x164f/0x5450 [ 28.945987] kasan_report+0x141/0x180 [ 28.946009] ? kasan_atomics_helper+0x164f/0x5450 [ 28.946037] kasan_check_range+0x10c/0x1c0 [ 28.946060] __kasan_check_write+0x18/0x20 [ 28.946095] kasan_atomics_helper+0x164f/0x5450 [ 28.946118] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.946141] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.946166] ? kasan_atomics+0x152/0x310 [ 28.946221] kasan_atomics+0x1dc/0x310 [ 28.946245] ? __pfx_kasan_atomics+0x10/0x10 [ 28.946269] ? __pfx_read_tsc+0x10/0x10 [ 28.946301] ? ktime_get_ts64+0x86/0x230 [ 28.946324] kunit_try_run_case+0x1a5/0x480 [ 28.946348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.946371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.946413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.946437] ? __kthread_parkme+0x82/0x180 [ 28.946461] ? preempt_count_sub+0x50/0x80 [ 28.946484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.946509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.946532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.946557] kthread+0x337/0x6f0 [ 28.946577] ? trace_preempt_on+0x20/0xc0 [ 28.946600] ? __pfx_kthread+0x10/0x10 [ 28.946620] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.946643] ? calculate_sigpending+0x7b/0xa0 [ 28.946667] ? __pfx_kthread+0x10/0x10 [ 28.946689] ret_from_fork+0x116/0x1d0 [ 28.946708] ? __pfx_kthread+0x10/0x10 [ 28.946729] ret_from_fork_asm+0x1a/0x30 [ 28.946760] </TASK> [ 28.946771] [ 28.954251] Allocated by task 314: [ 28.954374] kasan_save_stack+0x45/0x70 [ 28.954508] kasan_save_track+0x18/0x40 [ 28.954817] kasan_save_alloc_info+0x3b/0x50 [ 28.955026] __kasan_kmalloc+0xb7/0xc0 [ 28.955239] __kmalloc_cache_noprof+0x189/0x420 [ 28.955445] kasan_atomics+0x95/0x310 [ 28.955571] kunit_try_run_case+0x1a5/0x480 [ 28.955786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.956047] kthread+0x337/0x6f0 [ 28.956239] ret_from_fork+0x116/0x1d0 [ 28.956420] ret_from_fork_asm+0x1a/0x30 [ 28.956555] [ 28.956618] The buggy address belongs to the object at ffff88810458d180 [ 28.956618] which belongs to the cache kmalloc-64 of size 64 [ 28.957041] The buggy address is located 0 bytes to the right of [ 28.957041] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.957650] [ 28.957738] The buggy address belongs to the physical page: [ 28.958015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.958368] flags: 0x200000000000000(node=0|zone=2) [ 28.958525] page_type: f5(slab) [ 28.958639] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.958862] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.959090] page dumped because: kasan: bad access detected [ 28.959334] [ 28.959421] Memory state around the buggy address: [ 28.959638] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.959958] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.960333] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.960540] ^ [ 28.960687] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.961016] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.961411] ================================================================== [ 29.306756] ================================================================== [ 29.307111] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 29.307494] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.307792] [ 29.307887] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.307933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.307945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.307966] Call Trace: [ 29.307981] <TASK> [ 29.307996] dump_stack_lvl+0x73/0xb0 [ 29.308023] print_report+0xd1/0x610 [ 29.308046] ? __virt_addr_valid+0x1db/0x2d0 [ 29.308069] ? kasan_atomics_helper+0x2006/0x5450 [ 29.308104] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.308131] ? kasan_atomics_helper+0x2006/0x5450 [ 29.308153] kasan_report+0x141/0x180 [ 29.308176] ? kasan_atomics_helper+0x2006/0x5450 [ 29.308202] kasan_check_range+0x10c/0x1c0 [ 29.308227] __kasan_check_write+0x18/0x20 [ 29.308250] kasan_atomics_helper+0x2006/0x5450 [ 29.308273] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.308306] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.308331] ? kasan_atomics+0x152/0x310 [ 29.308358] kasan_atomics+0x1dc/0x310 [ 29.308381] ? __pfx_kasan_atomics+0x10/0x10 [ 29.308405] ? __pfx_read_tsc+0x10/0x10 [ 29.308426] ? ktime_get_ts64+0x86/0x230 [ 29.308450] kunit_try_run_case+0x1a5/0x480 [ 29.308474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.308497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.308520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.308544] ? __kthread_parkme+0x82/0x180 [ 29.308568] ? preempt_count_sub+0x50/0x80 [ 29.308590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.308614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.308637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.308661] kthread+0x337/0x6f0 [ 29.308680] ? trace_preempt_on+0x20/0xc0 [ 29.308703] ? __pfx_kthread+0x10/0x10 [ 29.308724] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.308745] ? calculate_sigpending+0x7b/0xa0 [ 29.308769] ? __pfx_kthread+0x10/0x10 [ 29.308790] ret_from_fork+0x116/0x1d0 [ 29.308809] ? __pfx_kthread+0x10/0x10 [ 29.308829] ret_from_fork_asm+0x1a/0x30 [ 29.308860] </TASK> [ 29.308871] [ 29.316054] Allocated by task 314: [ 29.316203] kasan_save_stack+0x45/0x70 [ 29.316376] kasan_save_track+0x18/0x40 [ 29.316547] kasan_save_alloc_info+0x3b/0x50 [ 29.316744] __kasan_kmalloc+0xb7/0xc0 [ 29.316895] __kmalloc_cache_noprof+0x189/0x420 [ 29.317098] kasan_atomics+0x95/0x310 [ 29.317245] kunit_try_run_case+0x1a5/0x480 [ 29.317428] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.317649] kthread+0x337/0x6f0 [ 29.317773] ret_from_fork+0x116/0x1d0 [ 29.317956] ret_from_fork_asm+0x1a/0x30 [ 29.318099] [ 29.318164] The buggy address belongs to the object at ffff88810458d180 [ 29.318164] which belongs to the cache kmalloc-64 of size 64 [ 29.318703] The buggy address is located 0 bytes to the right of [ 29.318703] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.319059] [ 29.319131] The buggy address belongs to the physical page: [ 29.319296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.319526] flags: 0x200000000000000(node=0|zone=2) [ 29.319682] page_type: f5(slab) [ 29.319795] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.320092] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.320423] page dumped because: kasan: bad access detected [ 29.320672] [ 29.320758] Memory state around the buggy address: [ 29.320973] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.321590] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.321814] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.322023] ^ [ 29.322180] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.322387] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.322592] ================================================================== [ 28.798201] ================================================================== [ 28.798585] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 28.799153] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.799709] [ 28.799805] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.799854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.799867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.799887] Call Trace: [ 28.799902] <TASK> [ 28.799918] dump_stack_lvl+0x73/0xb0 [ 28.799949] print_report+0xd1/0x610 [ 28.799971] ? __virt_addr_valid+0x1db/0x2d0 [ 28.799995] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.800016] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.800042] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.800064] kasan_report+0x141/0x180 [ 28.800099] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.800126] __asan_report_load4_noabort+0x18/0x20 [ 28.800150] kasan_atomics_helper+0x49ce/0x5450 [ 28.800173] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.800195] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.800220] ? kasan_atomics+0x152/0x310 [ 28.800246] kasan_atomics+0x1dc/0x310 [ 28.800269] ? __pfx_kasan_atomics+0x10/0x10 [ 28.800458] ? __pfx_read_tsc+0x10/0x10 [ 28.800481] ? ktime_get_ts64+0x86/0x230 [ 28.800505] kunit_try_run_case+0x1a5/0x480 [ 28.800531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.800554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.800577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.800601] ? __kthread_parkme+0x82/0x180 [ 28.800625] ? preempt_count_sub+0x50/0x80 [ 28.800648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.800672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.800696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.800720] kthread+0x337/0x6f0 [ 28.800739] ? trace_preempt_on+0x20/0xc0 [ 28.800763] ? __pfx_kthread+0x10/0x10 [ 28.800784] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.800806] ? calculate_sigpending+0x7b/0xa0 [ 28.800829] ? __pfx_kthread+0x10/0x10 [ 28.800850] ret_from_fork+0x116/0x1d0 [ 28.800872] ? __pfx_kthread+0x10/0x10 [ 28.800893] ret_from_fork_asm+0x1a/0x30 [ 28.800925] </TASK> [ 28.800936] [ 28.810018] Allocated by task 314: [ 28.810178] kasan_save_stack+0x45/0x70 [ 28.810680] kasan_save_track+0x18/0x40 [ 28.810849] kasan_save_alloc_info+0x3b/0x50 [ 28.811127] __kasan_kmalloc+0xb7/0xc0 [ 28.811276] __kmalloc_cache_noprof+0x189/0x420 [ 28.811542] kasan_atomics+0x95/0x310 [ 28.811870] kunit_try_run_case+0x1a5/0x480 [ 28.812058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.812289] kthread+0x337/0x6f0 [ 28.812625] ret_from_fork+0x116/0x1d0 [ 28.812808] ret_from_fork_asm+0x1a/0x30 [ 28.812971] [ 28.813042] The buggy address belongs to the object at ffff88810458d180 [ 28.813042] which belongs to the cache kmalloc-64 of size 64 [ 28.813776] The buggy address is located 0 bytes to the right of [ 28.813776] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.814344] [ 28.814531] The buggy address belongs to the physical page: [ 28.814785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.815243] flags: 0x200000000000000(node=0|zone=2) [ 28.815555] page_type: f5(slab) [ 28.815686] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.816001] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.816321] page dumped because: kasan: bad access detected [ 28.816745] [ 28.816837] Memory state around the buggy address: [ 28.817144] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.817508] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.817864] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.818176] ^ [ 28.818567] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.818863] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.819160] ================================================================== [ 28.335309] ================================================================== [ 28.335657] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 28.335971] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.336507] [ 28.336631] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.336709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.336722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.336754] Call Trace: [ 28.336768] <TASK> [ 28.336785] dump_stack_lvl+0x73/0xb0 [ 28.336814] print_report+0xd1/0x610 [ 28.336836] ? __virt_addr_valid+0x1db/0x2d0 [ 28.336859] ? kasan_atomics_helper+0x860/0x5450 [ 28.336880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.336907] ? kasan_atomics_helper+0x860/0x5450 [ 28.336928] kasan_report+0x141/0x180 [ 28.336950] ? kasan_atomics_helper+0x860/0x5450 [ 28.336977] kasan_check_range+0x10c/0x1c0 [ 28.337001] __kasan_check_write+0x18/0x20 [ 28.337024] kasan_atomics_helper+0x860/0x5450 [ 28.337046] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.337071] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.337105] ? kasan_atomics+0x152/0x310 [ 28.337131] kasan_atomics+0x1dc/0x310 [ 28.337187] ? __pfx_kasan_atomics+0x10/0x10 [ 28.337212] ? __pfx_read_tsc+0x10/0x10 [ 28.337243] ? ktime_get_ts64+0x86/0x230 [ 28.337268] kunit_try_run_case+0x1a5/0x480 [ 28.337293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.337316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.337339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.337363] ? __kthread_parkme+0x82/0x180 [ 28.337388] ? preempt_count_sub+0x50/0x80 [ 28.337413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.337562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.337594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.337618] kthread+0x337/0x6f0 [ 28.337638] ? trace_preempt_on+0x20/0xc0 [ 28.337662] ? __pfx_kthread+0x10/0x10 [ 28.337683] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.337706] ? calculate_sigpending+0x7b/0xa0 [ 28.337730] ? __pfx_kthread+0x10/0x10 [ 28.337751] ret_from_fork+0x116/0x1d0 [ 28.337771] ? __pfx_kthread+0x10/0x10 [ 28.337791] ret_from_fork_asm+0x1a/0x30 [ 28.337824] </TASK> [ 28.337835] [ 28.345426] Allocated by task 314: [ 28.345607] kasan_save_stack+0x45/0x70 [ 28.345785] kasan_save_track+0x18/0x40 [ 28.345955] kasan_save_alloc_info+0x3b/0x50 [ 28.346129] __kasan_kmalloc+0xb7/0xc0 [ 28.346258] __kmalloc_cache_noprof+0x189/0x420 [ 28.346605] kasan_atomics+0x95/0x310 [ 28.346805] kunit_try_run_case+0x1a5/0x480 [ 28.346994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.347260] kthread+0x337/0x6f0 [ 28.347418] ret_from_fork+0x116/0x1d0 [ 28.347626] ret_from_fork_asm+0x1a/0x30 [ 28.347914] [ 28.347998] The buggy address belongs to the object at ffff88810458d180 [ 28.347998] which belongs to the cache kmalloc-64 of size 64 [ 28.348588] The buggy address is located 0 bytes to the right of [ 28.348588] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.348953] [ 28.349017] The buggy address belongs to the physical page: [ 28.349196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.349437] flags: 0x200000000000000(node=0|zone=2) [ 28.349645] page_type: f5(slab) [ 28.349810] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.350206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.350542] page dumped because: kasan: bad access detected [ 28.350789] [ 28.350875] Memory state around the buggy address: [ 28.351105] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.351595] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.351915] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.352174] ^ [ 28.352489] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.352771] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.353066] ================================================================== [ 29.289757] ================================================================== [ 29.290206] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 29.290435] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.290650] [ 29.290724] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.290770] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.290782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.290803] Call Trace: [ 29.290816] <TASK> [ 29.290830] dump_stack_lvl+0x73/0xb0 [ 29.290856] print_report+0xd1/0x610 [ 29.290878] ? __virt_addr_valid+0x1db/0x2d0 [ 29.290900] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.290921] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.290947] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.290969] kasan_report+0x141/0x180 [ 29.290991] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.291017] __asan_report_load8_noabort+0x18/0x20 [ 29.291041] kasan_atomics_helper+0x4f71/0x5450 [ 29.291075] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.291111] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.291136] ? kasan_atomics+0x152/0x310 [ 29.291163] kasan_atomics+0x1dc/0x310 [ 29.291185] ? __pfx_kasan_atomics+0x10/0x10 [ 29.291210] ? __pfx_read_tsc+0x10/0x10 [ 29.291231] ? ktime_get_ts64+0x86/0x230 [ 29.291256] kunit_try_run_case+0x1a5/0x480 [ 29.291280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.291325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.291349] ? __kthread_parkme+0x82/0x180 [ 29.291372] ? preempt_count_sub+0x50/0x80 [ 29.291396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.291420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.291451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.291475] kthread+0x337/0x6f0 [ 29.291494] ? trace_preempt_on+0x20/0xc0 [ 29.291518] ? __pfx_kthread+0x10/0x10 [ 29.291538] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.291560] ? calculate_sigpending+0x7b/0xa0 [ 29.291584] ? __pfx_kthread+0x10/0x10 [ 29.291605] ret_from_fork+0x116/0x1d0 [ 29.291625] ? __pfx_kthread+0x10/0x10 [ 29.291645] ret_from_fork_asm+0x1a/0x30 [ 29.291678] </TASK> [ 29.291688] [ 29.298854] Allocated by task 314: [ 29.299009] kasan_save_stack+0x45/0x70 [ 29.299204] kasan_save_track+0x18/0x40 [ 29.299458] kasan_save_alloc_info+0x3b/0x50 [ 29.299646] __kasan_kmalloc+0xb7/0xc0 [ 29.299773] __kmalloc_cache_noprof+0x189/0x420 [ 29.299921] kasan_atomics+0x95/0x310 [ 29.300046] kunit_try_run_case+0x1a5/0x480 [ 29.300255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.300507] kthread+0x337/0x6f0 [ 29.300804] ret_from_fork+0x116/0x1d0 [ 29.300989] ret_from_fork_asm+0x1a/0x30 [ 29.301167] [ 29.301251] The buggy address belongs to the object at ffff88810458d180 [ 29.301251] which belongs to the cache kmalloc-64 of size 64 [ 29.301705] The buggy address is located 0 bytes to the right of [ 29.301705] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.302152] [ 29.302240] The buggy address belongs to the physical page: [ 29.302528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.302806] flags: 0x200000000000000(node=0|zone=2) [ 29.302964] page_type: f5(slab) [ 29.303088] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.303313] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.303566] page dumped because: kasan: bad access detected [ 29.303818] [ 29.303903] Memory state around the buggy address: [ 29.304124] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.304730] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.305035] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.305450] ^ [ 29.305666] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.305904] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.306124] ================================================================== [ 29.223770] ================================================================== [ 29.224620] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 29.224861] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.225091] [ 29.225200] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.225289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.225302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.225324] Call Trace: [ 29.225340] <TASK> [ 29.225358] dump_stack_lvl+0x73/0xb0 [ 29.225388] print_report+0xd1/0x610 [ 29.225411] ? __virt_addr_valid+0x1db/0x2d0 [ 29.225435] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.225456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.225482] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.225504] kasan_report+0x141/0x180 [ 29.225554] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.225581] kasan_check_range+0x10c/0x1c0 [ 29.225631] __kasan_check_write+0x18/0x20 [ 29.225664] kasan_atomics_helper+0x1e12/0x5450 [ 29.225686] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.225719] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.225743] ? kasan_atomics+0x152/0x310 [ 29.225770] kasan_atomics+0x1dc/0x310 [ 29.225792] ? __pfx_kasan_atomics+0x10/0x10 [ 29.225817] ? __pfx_read_tsc+0x10/0x10 [ 29.225839] ? ktime_get_ts64+0x86/0x230 [ 29.225890] kunit_try_run_case+0x1a5/0x480 [ 29.225915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.225941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.225975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.225999] ? __kthread_parkme+0x82/0x180 [ 29.226024] ? preempt_count_sub+0x50/0x80 [ 29.226048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.226071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.226104] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.226127] kthread+0x337/0x6f0 [ 29.226147] ? trace_preempt_on+0x20/0xc0 [ 29.226170] ? __pfx_kthread+0x10/0x10 [ 29.226192] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.226214] ? calculate_sigpending+0x7b/0xa0 [ 29.226237] ? __pfx_kthread+0x10/0x10 [ 29.226259] ret_from_fork+0x116/0x1d0 [ 29.226296] ? __pfx_kthread+0x10/0x10 [ 29.226327] ret_from_fork_asm+0x1a/0x30 [ 29.226358] </TASK> [ 29.226370] [ 29.237933] Allocated by task 314: [ 29.238108] kasan_save_stack+0x45/0x70 [ 29.238510] kasan_save_track+0x18/0x40 [ 29.238687] kasan_save_alloc_info+0x3b/0x50 [ 29.238882] __kasan_kmalloc+0xb7/0xc0 [ 29.239054] __kmalloc_cache_noprof+0x189/0x420 [ 29.239234] kasan_atomics+0x95/0x310 [ 29.239430] kunit_try_run_case+0x1a5/0x480 [ 29.239634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.239883] kthread+0x337/0x6f0 [ 29.240009] ret_from_fork+0x116/0x1d0 [ 29.240188] ret_from_fork_asm+0x1a/0x30 [ 29.240466] [ 29.240580] The buggy address belongs to the object at ffff88810458d180 [ 29.240580] which belongs to the cache kmalloc-64 of size 64 [ 29.241061] The buggy address is located 0 bytes to the right of [ 29.241061] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.242209] [ 29.242318] The buggy address belongs to the physical page: [ 29.242529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.242881] flags: 0x200000000000000(node=0|zone=2) [ 29.243113] page_type: f5(slab) [ 29.243253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.243867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.244279] page dumped because: kasan: bad access detected [ 29.244546] [ 29.244780] Memory state around the buggy address: [ 29.245072] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.245552] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.245909] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.246233] ^ [ 29.246641] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.247058] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.247533] ================================================================== [ 28.979887] ================================================================== [ 28.980243] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 28.980612] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.980848] [ 28.980946] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.980991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.981003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.981023] Call Trace: [ 28.981037] <TASK> [ 28.981051] dump_stack_lvl+0x73/0xb0 [ 28.981090] print_report+0xd1/0x610 [ 28.981111] ? __virt_addr_valid+0x1db/0x2d0 [ 28.981134] ? kasan_atomics_helper+0x177f/0x5450 [ 28.981156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.981182] ? kasan_atomics_helper+0x177f/0x5450 [ 28.981204] kasan_report+0x141/0x180 [ 28.981226] ? kasan_atomics_helper+0x177f/0x5450 [ 28.981253] kasan_check_range+0x10c/0x1c0 [ 28.981277] __kasan_check_write+0x18/0x20 [ 28.981336] kasan_atomics_helper+0x177f/0x5450 [ 28.981360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.981382] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.981407] ? kasan_atomics+0x152/0x310 [ 28.981433] kasan_atomics+0x1dc/0x310 [ 28.981456] ? __pfx_kasan_atomics+0x10/0x10 [ 28.981481] ? __pfx_read_tsc+0x10/0x10 [ 28.981502] ? ktime_get_ts64+0x86/0x230 [ 28.981527] kunit_try_run_case+0x1a5/0x480 [ 28.981551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.981573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.981598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.981642] ? __kthread_parkme+0x82/0x180 [ 28.981666] ? preempt_count_sub+0x50/0x80 [ 28.981690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.981714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.981738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.981762] kthread+0x337/0x6f0 [ 28.981782] ? trace_preempt_on+0x20/0xc0 [ 28.981804] ? __pfx_kthread+0x10/0x10 [ 28.981825] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.981866] ? calculate_sigpending+0x7b/0xa0 [ 28.981890] ? __pfx_kthread+0x10/0x10 [ 28.981912] ret_from_fork+0x116/0x1d0 [ 28.981940] ? __pfx_kthread+0x10/0x10 [ 28.981960] ret_from_fork_asm+0x1a/0x30 [ 28.981992] </TASK> [ 28.982003] [ 28.989605] Allocated by task 314: [ 28.989797] kasan_save_stack+0x45/0x70 [ 28.990001] kasan_save_track+0x18/0x40 [ 28.990233] kasan_save_alloc_info+0x3b/0x50 [ 28.990465] __kasan_kmalloc+0xb7/0xc0 [ 28.990643] __kmalloc_cache_noprof+0x189/0x420 [ 28.990876] kasan_atomics+0x95/0x310 [ 28.991064] kunit_try_run_case+0x1a5/0x480 [ 28.991320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.991564] kthread+0x337/0x6f0 [ 28.991726] ret_from_fork+0x116/0x1d0 [ 28.991926] ret_from_fork_asm+0x1a/0x30 [ 28.992131] [ 28.992223] The buggy address belongs to the object at ffff88810458d180 [ 28.992223] which belongs to the cache kmalloc-64 of size 64 [ 28.992754] The buggy address is located 0 bytes to the right of [ 28.992754] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.993289] [ 28.993435] The buggy address belongs to the physical page: [ 28.993654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.993889] flags: 0x200000000000000(node=0|zone=2) [ 28.994051] page_type: f5(slab) [ 28.994177] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.994491] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.994817] page dumped because: kasan: bad access detected [ 28.995366] [ 28.995458] Memory state around the buggy address: [ 28.995672] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.995958] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.996177] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.996695] ^ [ 28.996913] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.997297] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.997599] ================================================================== [ 28.113137] ================================================================== [ 28.113468] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 28.113746] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.113970] [ 28.114045] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.114175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.114188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.114211] Call Trace: [ 28.114226] <TASK> [ 28.114270] dump_stack_lvl+0x73/0xb0 [ 28.114313] print_report+0xd1/0x610 [ 28.114336] ? __virt_addr_valid+0x1db/0x2d0 [ 28.114371] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.114393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.114419] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.114442] kasan_report+0x141/0x180 [ 28.114466] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.114492] __asan_report_store4_noabort+0x1b/0x30 [ 28.114517] kasan_atomics_helper+0x4b6e/0x5450 [ 28.114540] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.114562] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.114587] ? kasan_atomics+0x152/0x310 [ 28.114614] kasan_atomics+0x1dc/0x310 [ 28.114637] ? __pfx_kasan_atomics+0x10/0x10 [ 28.114661] ? __pfx_read_tsc+0x10/0x10 [ 28.114682] ? ktime_get_ts64+0x86/0x230 [ 28.114707] kunit_try_run_case+0x1a5/0x480 [ 28.114731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.114753] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.114777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.114800] ? __kthread_parkme+0x82/0x180 [ 28.114824] ? preempt_count_sub+0x50/0x80 [ 28.114848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.114882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.114904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.114928] kthread+0x337/0x6f0 [ 28.114959] ? trace_preempt_on+0x20/0xc0 [ 28.114982] ? __pfx_kthread+0x10/0x10 [ 28.115004] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.115028] ? calculate_sigpending+0x7b/0xa0 [ 28.115052] ? __pfx_kthread+0x10/0x10 [ 28.115075] ret_from_fork+0x116/0x1d0 [ 28.115103] ? __pfx_kthread+0x10/0x10 [ 28.115126] ret_from_fork_asm+0x1a/0x30 [ 28.115158] </TASK> [ 28.115170] [ 28.122618] Allocated by task 314: [ 28.122744] kasan_save_stack+0x45/0x70 [ 28.122880] kasan_save_track+0x18/0x40 [ 28.123004] kasan_save_alloc_info+0x3b/0x50 [ 28.123152] __kasan_kmalloc+0xb7/0xc0 [ 28.123274] __kmalloc_cache_noprof+0x189/0x420 [ 28.124341] kasan_atomics+0x95/0x310 [ 28.125073] kunit_try_run_case+0x1a5/0x480 [ 28.125287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.125534] kthread+0x337/0x6f0 [ 28.125787] ret_from_fork+0x116/0x1d0 [ 28.126099] ret_from_fork_asm+0x1a/0x30 [ 28.129097] [ 28.129452] The buggy address belongs to the object at ffff88810458d180 [ 28.129452] which belongs to the cache kmalloc-64 of size 64 [ 28.130994] The buggy address is located 0 bytes to the right of [ 28.130994] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.132089] [ 28.132462] The buggy address belongs to the physical page: [ 28.133137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.133973] flags: 0x200000000000000(node=0|zone=2) [ 28.134686] page_type: f5(slab) [ 28.135094] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.135785] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.136023] page dumped because: kasan: bad access detected [ 28.136204] [ 28.136569] Memory state around the buggy address: [ 28.137311] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.138146] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.139118] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.139999] ^ [ 28.140178] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.141002] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.141863] ================================================================== [ 29.432859] ================================================================== [ 29.433639] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.434055] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.434730] [ 29.434917] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.434972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.434988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.435013] Call Trace: [ 29.435028] <TASK> [ 29.435044] dump_stack_lvl+0x73/0xb0 [ 29.435074] print_report+0xd1/0x610 [ 29.435210] ? __virt_addr_valid+0x1db/0x2d0 [ 29.435235] ? kasan_atomics_helper+0x224c/0x5450 [ 29.435257] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.435298] ? kasan_atomics_helper+0x224c/0x5450 [ 29.435320] kasan_report+0x141/0x180 [ 29.435343] ? kasan_atomics_helper+0x224c/0x5450 [ 29.435369] kasan_check_range+0x10c/0x1c0 [ 29.435393] __kasan_check_write+0x18/0x20 [ 29.435417] kasan_atomics_helper+0x224c/0x5450 [ 29.435440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.435462] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.435486] ? kasan_atomics+0x152/0x310 [ 29.435513] kasan_atomics+0x1dc/0x310 [ 29.435538] ? __pfx_kasan_atomics+0x10/0x10 [ 29.435563] ? __pfx_read_tsc+0x10/0x10 [ 29.435585] ? ktime_get_ts64+0x86/0x230 [ 29.435611] kunit_try_run_case+0x1a5/0x480 [ 29.435635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.435658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.435681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.435706] ? __kthread_parkme+0x82/0x180 [ 29.435731] ? preempt_count_sub+0x50/0x80 [ 29.435754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.435778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.435802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.435825] kthread+0x337/0x6f0 [ 29.435845] ? trace_preempt_on+0x20/0xc0 [ 29.435868] ? __pfx_kthread+0x10/0x10 [ 29.435889] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.435911] ? calculate_sigpending+0x7b/0xa0 [ 29.435935] ? __pfx_kthread+0x10/0x10 [ 29.435956] ret_from_fork+0x116/0x1d0 [ 29.435976] ? __pfx_kthread+0x10/0x10 [ 29.435996] ret_from_fork_asm+0x1a/0x30 [ 29.436028] </TASK> [ 29.436040] [ 29.445185] Allocated by task 314: [ 29.445316] kasan_save_stack+0x45/0x70 [ 29.445500] kasan_save_track+0x18/0x40 [ 29.445719] kasan_save_alloc_info+0x3b/0x50 [ 29.445872] __kasan_kmalloc+0xb7/0xc0 [ 29.446004] __kmalloc_cache_noprof+0x189/0x420 [ 29.446162] kasan_atomics+0x95/0x310 [ 29.446338] kunit_try_run_case+0x1a5/0x480 [ 29.446547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.446822] kthread+0x337/0x6f0 [ 29.446990] ret_from_fork+0x116/0x1d0 [ 29.447203] ret_from_fork_asm+0x1a/0x30 [ 29.447462] [ 29.447528] The buggy address belongs to the object at ffff88810458d180 [ 29.447528] which belongs to the cache kmalloc-64 of size 64 [ 29.448043] The buggy address is located 0 bytes to the right of [ 29.448043] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.448632] [ 29.448745] The buggy address belongs to the physical page: [ 29.448978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.449267] flags: 0x200000000000000(node=0|zone=2) [ 29.449424] page_type: f5(slab) [ 29.449542] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.449908] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.450254] page dumped because: kasan: bad access detected [ 29.450508] [ 29.450596] Memory state around the buggy address: [ 29.450800] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.451011] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.451300] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.451625] ^ [ 29.451908] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.452130] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.452496] ================================================================== [ 28.372799] ================================================================== [ 28.373181] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 28.373555] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.373819] [ 28.373934] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.373981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.373994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.374015] Call Trace: [ 28.374029] <TASK> [ 28.374045] dump_stack_lvl+0x73/0xb0 [ 28.374072] print_report+0xd1/0x610 [ 28.374104] ? __virt_addr_valid+0x1db/0x2d0 [ 28.374127] ? kasan_atomics_helper+0x992/0x5450 [ 28.374148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.374174] ? kasan_atomics_helper+0x992/0x5450 [ 28.374196] kasan_report+0x141/0x180 [ 28.374218] ? kasan_atomics_helper+0x992/0x5450 [ 28.374244] kasan_check_range+0x10c/0x1c0 [ 28.374268] __kasan_check_write+0x18/0x20 [ 28.374336] kasan_atomics_helper+0x992/0x5450 [ 28.374360] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.374392] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.374444] ? kasan_atomics+0x152/0x310 [ 28.374471] kasan_atomics+0x1dc/0x310 [ 28.374494] ? __pfx_kasan_atomics+0x10/0x10 [ 28.374529] ? __pfx_read_tsc+0x10/0x10 [ 28.374551] ? ktime_get_ts64+0x86/0x230 [ 28.374575] kunit_try_run_case+0x1a5/0x480 [ 28.374601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.374624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.374674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.374699] ? __kthread_parkme+0x82/0x180 [ 28.374744] ? preempt_count_sub+0x50/0x80 [ 28.374768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.374792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.374816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.374840] kthread+0x337/0x6f0 [ 28.374860] ? trace_preempt_on+0x20/0xc0 [ 28.374884] ? __pfx_kthread+0x10/0x10 [ 28.374905] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.374927] ? calculate_sigpending+0x7b/0xa0 [ 28.374952] ? __pfx_kthread+0x10/0x10 [ 28.374974] ret_from_fork+0x116/0x1d0 [ 28.374994] ? __pfx_kthread+0x10/0x10 [ 28.375015] ret_from_fork_asm+0x1a/0x30 [ 28.375047] </TASK> [ 28.375059] [ 28.384011] Allocated by task 314: [ 28.385237] kasan_save_stack+0x45/0x70 [ 28.385614] kasan_save_track+0x18/0x40 [ 28.385977] kasan_save_alloc_info+0x3b/0x50 [ 28.386206] __kasan_kmalloc+0xb7/0xc0 [ 28.386388] __kmalloc_cache_noprof+0x189/0x420 [ 28.386604] kasan_atomics+0x95/0x310 [ 28.386788] kunit_try_run_case+0x1a5/0x480 [ 28.388255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.388558] kthread+0x337/0x6f0 [ 28.388684] ret_from_fork+0x116/0x1d0 [ 28.388811] ret_from_fork_asm+0x1a/0x30 [ 28.388944] [ 28.389011] The buggy address belongs to the object at ffff88810458d180 [ 28.389011] which belongs to the cache kmalloc-64 of size 64 [ 28.390424] The buggy address is located 0 bytes to the right of [ 28.390424] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.391172] [ 28.391361] The buggy address belongs to the physical page: [ 28.391618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.391942] flags: 0x200000000000000(node=0|zone=2) [ 28.392178] page_type: f5(slab) [ 28.392382] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.392722] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.393052] page dumped because: kasan: bad access detected [ 28.393371] [ 28.393484] Memory state around the buggy address: [ 28.393690] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.394004] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.394399] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.394716] ^ [ 28.394932] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.395216] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.395567] ================================================================== [ 28.290422] ================================================================== [ 28.290787] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 28.291242] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.291579] [ 28.291747] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.292056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.292092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.292113] Call Trace: [ 28.292125] <TASK> [ 28.292141] dump_stack_lvl+0x73/0xb0 [ 28.292170] print_report+0xd1/0x610 [ 28.292193] ? __virt_addr_valid+0x1db/0x2d0 [ 28.292217] ? kasan_atomics_helper+0x72f/0x5450 [ 28.292238] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.292265] ? kasan_atomics_helper+0x72f/0x5450 [ 28.292287] kasan_report+0x141/0x180 [ 28.292310] ? kasan_atomics_helper+0x72f/0x5450 [ 28.292413] kasan_check_range+0x10c/0x1c0 [ 28.292455] __kasan_check_write+0x18/0x20 [ 28.292480] kasan_atomics_helper+0x72f/0x5450 [ 28.292503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.292525] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.292551] ? kasan_atomics+0x152/0x310 [ 28.292577] kasan_atomics+0x1dc/0x310 [ 28.292600] ? __pfx_kasan_atomics+0x10/0x10 [ 28.292625] ? __pfx_read_tsc+0x10/0x10 [ 28.292647] ? ktime_get_ts64+0x86/0x230 [ 28.292672] kunit_try_run_case+0x1a5/0x480 [ 28.292696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.292719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.292743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.292767] ? __kthread_parkme+0x82/0x180 [ 28.292791] ? preempt_count_sub+0x50/0x80 [ 28.292815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.292839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.292863] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.292886] kthread+0x337/0x6f0 [ 28.292906] ? trace_preempt_on+0x20/0xc0 [ 28.292932] ? __pfx_kthread+0x10/0x10 [ 28.292953] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.292975] ? calculate_sigpending+0x7b/0xa0 [ 28.292999] ? __pfx_kthread+0x10/0x10 [ 28.293021] ret_from_fork+0x116/0x1d0 [ 28.293041] ? __pfx_kthread+0x10/0x10 [ 28.293062] ret_from_fork_asm+0x1a/0x30 [ 28.293103] </TASK> [ 28.293115] [ 28.303291] Allocated by task 314: [ 28.303684] kasan_save_stack+0x45/0x70 [ 28.303834] kasan_save_track+0x18/0x40 [ 28.303964] kasan_save_alloc_info+0x3b/0x50 [ 28.304118] __kasan_kmalloc+0xb7/0xc0 [ 28.304299] __kmalloc_cache_noprof+0x189/0x420 [ 28.304814] kasan_atomics+0x95/0x310 [ 28.305182] kunit_try_run_case+0x1a5/0x480 [ 28.305737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.306276] kthread+0x337/0x6f0 [ 28.306795] ret_from_fork+0x116/0x1d0 [ 28.307181] ret_from_fork_asm+0x1a/0x30 [ 28.307685] [ 28.307842] The buggy address belongs to the object at ffff88810458d180 [ 28.307842] which belongs to the cache kmalloc-64 of size 64 [ 28.308926] The buggy address is located 0 bytes to the right of [ 28.308926] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.309693] [ 28.309878] The buggy address belongs to the physical page: [ 28.310545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.311252] flags: 0x200000000000000(node=0|zone=2) [ 28.311667] page_type: f5(slab) [ 28.311890] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.312510] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.312739] page dumped because: kasan: bad access detected [ 28.312906] [ 28.312970] Memory state around the buggy address: [ 28.313136] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.313434] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.313939] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.314434] ^ [ 28.314631] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.314959] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.315352] ================================================================== [ 28.204091] ================================================================== [ 28.204518] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 28.204853] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.205190] [ 28.205366] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.205416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.205429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.205450] Call Trace: [ 28.205464] <TASK> [ 28.205480] dump_stack_lvl+0x73/0xb0 [ 28.205509] print_report+0xd1/0x610 [ 28.205532] ? __virt_addr_valid+0x1db/0x2d0 [ 28.205557] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.205578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.205604] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.205627] kasan_report+0x141/0x180 [ 28.205649] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.205676] __asan_report_store4_noabort+0x1b/0x30 [ 28.205701] kasan_atomics_helper+0x4b3a/0x5450 [ 28.205724] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.205746] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.205771] ? kasan_atomics+0x152/0x310 [ 28.205798] kasan_atomics+0x1dc/0x310 [ 28.205821] ? __pfx_kasan_atomics+0x10/0x10 [ 28.205846] ? __pfx_read_tsc+0x10/0x10 [ 28.205868] ? ktime_get_ts64+0x86/0x230 [ 28.205893] kunit_try_run_case+0x1a5/0x480 [ 28.205917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.205947] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.205971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.205996] ? __kthread_parkme+0x82/0x180 [ 28.206020] ? preempt_count_sub+0x50/0x80 [ 28.206044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.206068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.206103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.206127] kthread+0x337/0x6f0 [ 28.206146] ? trace_preempt_on+0x20/0xc0 [ 28.206170] ? __pfx_kthread+0x10/0x10 [ 28.206191] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.206213] ? calculate_sigpending+0x7b/0xa0 [ 28.206256] ? __pfx_kthread+0x10/0x10 [ 28.206312] ret_from_fork+0x116/0x1d0 [ 28.206332] ? __pfx_kthread+0x10/0x10 [ 28.206353] ret_from_fork_asm+0x1a/0x30 [ 28.206385] </TASK> [ 28.206397] [ 28.213849] Allocated by task 314: [ 28.214022] kasan_save_stack+0x45/0x70 [ 28.214213] kasan_save_track+0x18/0x40 [ 28.214555] kasan_save_alloc_info+0x3b/0x50 [ 28.214770] __kasan_kmalloc+0xb7/0xc0 [ 28.214921] __kmalloc_cache_noprof+0x189/0x420 [ 28.215129] kasan_atomics+0x95/0x310 [ 28.215396] kunit_try_run_case+0x1a5/0x480 [ 28.215561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.215818] kthread+0x337/0x6f0 [ 28.215958] ret_from_fork+0x116/0x1d0 [ 28.216125] ret_from_fork_asm+0x1a/0x30 [ 28.216392] [ 28.216487] The buggy address belongs to the object at ffff88810458d180 [ 28.216487] which belongs to the cache kmalloc-64 of size 64 [ 28.216891] The buggy address is located 0 bytes to the right of [ 28.216891] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.217354] [ 28.217451] The buggy address belongs to the physical page: [ 28.217696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.218053] flags: 0x200000000000000(node=0|zone=2) [ 28.218457] page_type: f5(slab) [ 28.218631] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.218931] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.219194] page dumped because: kasan: bad access detected [ 28.219467] [ 28.219545] Memory state around the buggy address: [ 28.219765] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.220094] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.220482] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.220786] ^ [ 28.220980] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.221345] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.221637] ================================================================== [ 29.018098] ================================================================== [ 29.018327] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 29.018934] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.019318] [ 29.019478] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.019558] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.019594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.019615] Call Trace: [ 29.019629] <TASK> [ 29.019644] dump_stack_lvl+0x73/0xb0 [ 29.019672] print_report+0xd1/0x610 [ 29.019694] ? __virt_addr_valid+0x1db/0x2d0 [ 29.019717] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.019738] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.019765] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.019787] kasan_report+0x141/0x180 [ 29.019809] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.019835] kasan_check_range+0x10c/0x1c0 [ 29.019859] __kasan_check_write+0x18/0x20 [ 29.019882] kasan_atomics_helper+0x18b1/0x5450 [ 29.019938] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.019960] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.019985] ? kasan_atomics+0x152/0x310 [ 29.020013] kasan_atomics+0x1dc/0x310 [ 29.020036] ? __pfx_kasan_atomics+0x10/0x10 [ 29.020101] ? __pfx_read_tsc+0x10/0x10 [ 29.020123] ? ktime_get_ts64+0x86/0x230 [ 29.020147] kunit_try_run_case+0x1a5/0x480 [ 29.020171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.020194] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.020250] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.020274] ? __kthread_parkme+0x82/0x180 [ 29.020302] ? preempt_count_sub+0x50/0x80 [ 29.020334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.020359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.020413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.020440] kthread+0x337/0x6f0 [ 29.020460] ? trace_preempt_on+0x20/0xc0 [ 29.020483] ? __pfx_kthread+0x10/0x10 [ 29.020505] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.020527] ? calculate_sigpending+0x7b/0xa0 [ 29.020584] ? __pfx_kthread+0x10/0x10 [ 29.020606] ret_from_fork+0x116/0x1d0 [ 29.020625] ? __pfx_kthread+0x10/0x10 [ 29.020645] ret_from_fork_asm+0x1a/0x30 [ 29.020678] </TASK> [ 29.020688] [ 29.028570] Allocated by task 314: [ 29.028805] kasan_save_stack+0x45/0x70 [ 29.029264] kasan_save_track+0x18/0x40 [ 29.029524] kasan_save_alloc_info+0x3b/0x50 [ 29.029751] __kasan_kmalloc+0xb7/0xc0 [ 29.029896] __kmalloc_cache_noprof+0x189/0x420 [ 29.030051] kasan_atomics+0x95/0x310 [ 29.030189] kunit_try_run_case+0x1a5/0x480 [ 29.030528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.030842] kthread+0x337/0x6f0 [ 29.031008] ret_from_fork+0x116/0x1d0 [ 29.031204] ret_from_fork_asm+0x1a/0x30 [ 29.031422] [ 29.031488] The buggy address belongs to the object at ffff88810458d180 [ 29.031488] which belongs to the cache kmalloc-64 of size 64 [ 29.032016] The buggy address is located 0 bytes to the right of [ 29.032016] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.032673] [ 29.032758] The buggy address belongs to the physical page: [ 29.033015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.033414] flags: 0x200000000000000(node=0|zone=2) [ 29.033639] page_type: f5(slab) [ 29.033836] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.034194] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.034547] page dumped because: kasan: bad access detected [ 29.034801] [ 29.034885] Memory state around the buggy address: [ 29.035118] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.035465] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.035823] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.036384] ^ [ 29.036764] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037075] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037389] ================================================================== [ 29.453170] ================================================================== [ 29.453864] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.454211] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.454496] [ 29.454575] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.454622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.454634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.454656] Call Trace: [ 29.454671] <TASK> [ 29.454686] dump_stack_lvl+0x73/0xb0 [ 29.454715] print_report+0xd1/0x610 [ 29.454737] ? __virt_addr_valid+0x1db/0x2d0 [ 29.454784] ? kasan_atomics_helper+0x5115/0x5450 [ 29.454805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.454832] ? kasan_atomics_helper+0x5115/0x5450 [ 29.454854] kasan_report+0x141/0x180 [ 29.454876] ? kasan_atomics_helper+0x5115/0x5450 [ 29.454903] __asan_report_load8_noabort+0x18/0x20 [ 29.454928] kasan_atomics_helper+0x5115/0x5450 [ 29.454951] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.454991] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.455015] ? kasan_atomics+0x152/0x310 [ 29.455044] kasan_atomics+0x1dc/0x310 [ 29.455067] ? __pfx_kasan_atomics+0x10/0x10 [ 29.455102] ? __pfx_read_tsc+0x10/0x10 [ 29.455125] ? ktime_get_ts64+0x86/0x230 [ 29.455151] kunit_try_run_case+0x1a5/0x480 [ 29.455177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.455202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.455227] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.455274] ? __kthread_parkme+0x82/0x180 [ 29.455300] ? preempt_count_sub+0x50/0x80 [ 29.455325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.455351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.455378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.455403] kthread+0x337/0x6f0 [ 29.455424] ? trace_preempt_on+0x20/0xc0 [ 29.455448] ? __pfx_kthread+0x10/0x10 [ 29.455469] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.455492] ? calculate_sigpending+0x7b/0xa0 [ 29.455516] ? __pfx_kthread+0x10/0x10 [ 29.455546] ret_from_fork+0x116/0x1d0 [ 29.455567] ? __pfx_kthread+0x10/0x10 [ 29.455588] ret_from_fork_asm+0x1a/0x30 [ 29.455620] </TASK> [ 29.455631] [ 29.464138] Allocated by task 314: [ 29.464715] kasan_save_stack+0x45/0x70 [ 29.464980] kasan_save_track+0x18/0x40 [ 29.465279] kasan_save_alloc_info+0x3b/0x50 [ 29.465676] __kasan_kmalloc+0xb7/0xc0 [ 29.465980] __kmalloc_cache_noprof+0x189/0x420 [ 29.466380] kasan_atomics+0x95/0x310 [ 29.466675] kunit_try_run_case+0x1a5/0x480 [ 29.466883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.467124] kthread+0x337/0x6f0 [ 29.467271] ret_from_fork+0x116/0x1d0 [ 29.467728] ret_from_fork_asm+0x1a/0x30 [ 29.468019] [ 29.468240] The buggy address belongs to the object at ffff88810458d180 [ 29.468240] which belongs to the cache kmalloc-64 of size 64 [ 29.468857] The buggy address is located 0 bytes to the right of [ 29.468857] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.469561] [ 29.469774] The buggy address belongs to the physical page: [ 29.470241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.470727] flags: 0x200000000000000(node=0|zone=2) [ 29.471061] page_type: f5(slab) [ 29.471234] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.471857] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.472369] page dumped because: kasan: bad access detected [ 29.472607] [ 29.472690] Memory state around the buggy address: [ 29.472893] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.473189] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.473799] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.474299] ^ [ 29.474633] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.475202] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.475508] ================================================================== [ 28.353759] ================================================================== [ 28.354170] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 28.354678] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.354937] [ 28.355017] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.355063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.355075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.355107] Call Trace: [ 28.355124] <TASK> [ 28.355140] dump_stack_lvl+0x73/0xb0 [ 28.355168] print_report+0xd1/0x610 [ 28.355191] ? __virt_addr_valid+0x1db/0x2d0 [ 28.355214] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.355235] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.355261] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.355294] kasan_report+0x141/0x180 [ 28.355316] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.355343] kasan_check_range+0x10c/0x1c0 [ 28.355401] __kasan_check_write+0x18/0x20 [ 28.355425] kasan_atomics_helper+0x8f9/0x5450 [ 28.355459] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.355481] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.355506] ? kasan_atomics+0x152/0x310 [ 28.355533] kasan_atomics+0x1dc/0x310 [ 28.355555] ? __pfx_kasan_atomics+0x10/0x10 [ 28.355607] ? __pfx_read_tsc+0x10/0x10 [ 28.355630] ? ktime_get_ts64+0x86/0x230 [ 28.355654] kunit_try_run_case+0x1a5/0x480 [ 28.355689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.355712] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.355735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.355760] ? __kthread_parkme+0x82/0x180 [ 28.355784] ? preempt_count_sub+0x50/0x80 [ 28.355809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.355833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.355856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.355880] kthread+0x337/0x6f0 [ 28.355900] ? trace_preempt_on+0x20/0xc0 [ 28.355952] ? __pfx_kthread+0x10/0x10 [ 28.355974] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.356008] ? calculate_sigpending+0x7b/0xa0 [ 28.356042] ? __pfx_kthread+0x10/0x10 [ 28.356063] ret_from_fork+0x116/0x1d0 [ 28.356092] ? __pfx_kthread+0x10/0x10 [ 28.356113] ret_from_fork_asm+0x1a/0x30 [ 28.356145] </TASK> [ 28.356156] [ 28.364116] Allocated by task 314: [ 28.364390] kasan_save_stack+0x45/0x70 [ 28.364598] kasan_save_track+0x18/0x40 [ 28.364783] kasan_save_alloc_info+0x3b/0x50 [ 28.364955] __kasan_kmalloc+0xb7/0xc0 [ 28.365090] __kmalloc_cache_noprof+0x189/0x420 [ 28.365239] kasan_atomics+0x95/0x310 [ 28.365625] kunit_try_run_case+0x1a5/0x480 [ 28.365829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.366164] kthread+0x337/0x6f0 [ 28.366435] ret_from_fork+0x116/0x1d0 [ 28.366662] ret_from_fork_asm+0x1a/0x30 [ 28.366799] [ 28.366863] The buggy address belongs to the object at ffff88810458d180 [ 28.366863] which belongs to the cache kmalloc-64 of size 64 [ 28.367530] The buggy address is located 0 bytes to the right of [ 28.367530] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.368099] [ 28.368166] The buggy address belongs to the physical page: [ 28.368488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.368898] flags: 0x200000000000000(node=0|zone=2) [ 28.369115] page_type: f5(slab) [ 28.369251] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.369571] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.369799] page dumped because: kasan: bad access detected [ 28.369971] [ 28.370034] Memory state around the buggy address: [ 28.370261] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.370622] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.370951] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.371336] ^ [ 28.371489] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.371910] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.372156] ================================================================== [ 28.315975] ================================================================== [ 28.316354] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 28.316756] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.317075] [ 28.317163] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.317241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.317255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.317287] Call Trace: [ 28.317301] <TASK> [ 28.317316] dump_stack_lvl+0x73/0xb0 [ 28.317344] print_report+0xd1/0x610 [ 28.317366] ? __virt_addr_valid+0x1db/0x2d0 [ 28.317389] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.317410] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.317491] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.317518] kasan_report+0x141/0x180 [ 28.317542] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.317604] kasan_check_range+0x10c/0x1c0 [ 28.317652] __kasan_check_write+0x18/0x20 [ 28.317676] kasan_atomics_helper+0x7c7/0x5450 [ 28.317698] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.317721] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.317746] ? kasan_atomics+0x152/0x310 [ 28.317773] kasan_atomics+0x1dc/0x310 [ 28.317796] ? __pfx_kasan_atomics+0x10/0x10 [ 28.317820] ? __pfx_read_tsc+0x10/0x10 [ 28.317842] ? ktime_get_ts64+0x86/0x230 [ 28.317895] kunit_try_run_case+0x1a5/0x480 [ 28.317925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.317970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.317994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.318018] ? __kthread_parkme+0x82/0x180 [ 28.318043] ? preempt_count_sub+0x50/0x80 [ 28.318067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.318099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.318123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.318148] kthread+0x337/0x6f0 [ 28.318168] ? trace_preempt_on+0x20/0xc0 [ 28.318191] ? __pfx_kthread+0x10/0x10 [ 28.318211] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.318234] ? calculate_sigpending+0x7b/0xa0 [ 28.318398] ? __pfx_kthread+0x10/0x10 [ 28.318422] ret_from_fork+0x116/0x1d0 [ 28.318442] ? __pfx_kthread+0x10/0x10 [ 28.318463] ret_from_fork_asm+0x1a/0x30 [ 28.318496] </TASK> [ 28.318509] [ 28.326963] Allocated by task 314: [ 28.327173] kasan_save_stack+0x45/0x70 [ 28.327433] kasan_save_track+0x18/0x40 [ 28.327619] kasan_save_alloc_info+0x3b/0x50 [ 28.327771] __kasan_kmalloc+0xb7/0xc0 [ 28.327900] __kmalloc_cache_noprof+0x189/0x420 [ 28.328075] kasan_atomics+0x95/0x310 [ 28.328267] kunit_try_run_case+0x1a5/0x480 [ 28.328531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.328783] kthread+0x337/0x6f0 [ 28.328984] ret_from_fork+0x116/0x1d0 [ 28.329176] ret_from_fork_asm+0x1a/0x30 [ 28.329313] [ 28.329378] The buggy address belongs to the object at ffff88810458d180 [ 28.329378] which belongs to the cache kmalloc-64 of size 64 [ 28.330190] The buggy address is located 0 bytes to the right of [ 28.330190] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.330879] [ 28.330980] The buggy address belongs to the physical page: [ 28.331284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.331523] flags: 0x200000000000000(node=0|zone=2) [ 28.331679] page_type: f5(slab) [ 28.331796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.332219] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.332611] page dumped because: kasan: bad access detected [ 28.332868] [ 28.332960] Memory state around the buggy address: [ 28.333191] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.333486] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.333836] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.334151] ^ [ 28.334376] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.334599] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.334807] ================================================================== [ 28.687357] ================================================================== [ 28.687655] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 28.687943] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.688179] [ 28.688303] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.688350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.688363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.688385] Call Trace: [ 28.688402] <TASK> [ 28.688417] dump_stack_lvl+0x73/0xb0 [ 28.688445] print_report+0xd1/0x610 [ 28.688467] ? __virt_addr_valid+0x1db/0x2d0 [ 28.688490] ? kasan_atomics_helper+0x1148/0x5450 [ 28.688511] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.688537] ? kasan_atomics_helper+0x1148/0x5450 [ 28.688559] kasan_report+0x141/0x180 [ 28.688583] ? kasan_atomics_helper+0x1148/0x5450 [ 28.688610] kasan_check_range+0x10c/0x1c0 [ 28.688634] __kasan_check_write+0x18/0x20 [ 28.688658] kasan_atomics_helper+0x1148/0x5450 [ 28.688681] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.688703] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.688727] ? kasan_atomics+0x152/0x310 [ 28.688754] kasan_atomics+0x1dc/0x310 [ 28.688777] ? __pfx_kasan_atomics+0x10/0x10 [ 28.688801] ? __pfx_read_tsc+0x10/0x10 [ 28.688822] ? ktime_get_ts64+0x86/0x230 [ 28.688846] kunit_try_run_case+0x1a5/0x480 [ 28.688870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.688892] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.688916] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.688940] ? __kthread_parkme+0x82/0x180 [ 28.688964] ? preempt_count_sub+0x50/0x80 [ 28.688988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.689012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.689035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.689060] kthread+0x337/0x6f0 [ 28.689090] ? trace_preempt_on+0x20/0xc0 [ 28.689114] ? __pfx_kthread+0x10/0x10 [ 28.689136] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.689158] ? calculate_sigpending+0x7b/0xa0 [ 28.689182] ? __pfx_kthread+0x10/0x10 [ 28.689203] ret_from_fork+0x116/0x1d0 [ 28.689223] ? __pfx_kthread+0x10/0x10 [ 28.689243] ret_from_fork_asm+0x1a/0x30 [ 28.689276] </TASK> [ 28.689288] [ 28.698543] Allocated by task 314: [ 28.698867] kasan_save_stack+0x45/0x70 [ 28.699045] kasan_save_track+0x18/0x40 [ 28.699236] kasan_save_alloc_info+0x3b/0x50 [ 28.699490] __kasan_kmalloc+0xb7/0xc0 [ 28.699930] __kmalloc_cache_noprof+0x189/0x420 [ 28.700148] kasan_atomics+0x95/0x310 [ 28.700491] kunit_try_run_case+0x1a5/0x480 [ 28.700649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.701009] kthread+0x337/0x6f0 [ 28.701193] ret_from_fork+0x116/0x1d0 [ 28.701348] ret_from_fork_asm+0x1a/0x30 [ 28.701689] [ 28.701761] The buggy address belongs to the object at ffff88810458d180 [ 28.701761] which belongs to the cache kmalloc-64 of size 64 [ 28.702398] The buggy address is located 0 bytes to the right of [ 28.702398] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.703003] [ 28.703119] The buggy address belongs to the physical page: [ 28.703478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.703920] flags: 0x200000000000000(node=0|zone=2) [ 28.704149] page_type: f5(slab) [ 28.704285] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.704755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.705137] page dumped because: kasan: bad access detected [ 28.705417] [ 28.705492] Memory state around the buggy address: [ 28.705809] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.706117] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.706438] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.706724] ^ [ 28.706925] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.707534] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.707787] ================================================================== [ 28.858482] ================================================================== [ 28.859224] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 28.860331] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.860628] [ 28.860717] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.860764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.860777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.860799] Call Trace: [ 28.860814] <TASK> [ 28.860830] dump_stack_lvl+0x73/0xb0 [ 28.860859] print_report+0xd1/0x610 [ 28.860882] ? __virt_addr_valid+0x1db/0x2d0 [ 28.860905] ? kasan_atomics_helper+0x1467/0x5450 [ 28.860926] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.860953] ? kasan_atomics_helper+0x1467/0x5450 [ 28.860975] kasan_report+0x141/0x180 [ 28.860997] ? kasan_atomics_helper+0x1467/0x5450 [ 28.861024] kasan_check_range+0x10c/0x1c0 [ 28.861048] __kasan_check_write+0x18/0x20 [ 28.861071] kasan_atomics_helper+0x1467/0x5450 [ 28.861105] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.861129] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.861154] ? kasan_atomics+0x152/0x310 [ 28.861180] kasan_atomics+0x1dc/0x310 [ 28.861204] ? __pfx_kasan_atomics+0x10/0x10 [ 28.861228] ? __pfx_read_tsc+0x10/0x10 [ 28.861250] ? ktime_get_ts64+0x86/0x230 [ 28.861274] kunit_try_run_case+0x1a5/0x480 [ 28.861771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.861796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.861820] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.861845] ? __kthread_parkme+0x82/0x180 [ 28.861869] ? preempt_count_sub+0x50/0x80 [ 28.861892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.861916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.861948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.861972] kthread+0x337/0x6f0 [ 28.861992] ? trace_preempt_on+0x20/0xc0 [ 28.862014] ? __pfx_kthread+0x10/0x10 [ 28.862035] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.862058] ? calculate_sigpending+0x7b/0xa0 [ 28.862092] ? __pfx_kthread+0x10/0x10 [ 28.862113] ret_from_fork+0x116/0x1d0 [ 28.862133] ? __pfx_kthread+0x10/0x10 [ 28.862153] ret_from_fork_asm+0x1a/0x30 [ 28.862185] </TASK> [ 28.862197] [ 28.871684] Allocated by task 314: [ 28.871853] kasan_save_stack+0x45/0x70 [ 28.872029] kasan_save_track+0x18/0x40 [ 28.872203] kasan_save_alloc_info+0x3b/0x50 [ 28.872736] __kasan_kmalloc+0xb7/0xc0 [ 28.872921] __kmalloc_cache_noprof+0x189/0x420 [ 28.873135] kasan_atomics+0x95/0x310 [ 28.873406] kunit_try_run_case+0x1a5/0x480 [ 28.873840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.874073] kthread+0x337/0x6f0 [ 28.874406] ret_from_fork+0x116/0x1d0 [ 28.874583] ret_from_fork_asm+0x1a/0x30 [ 28.874751] [ 28.874848] The buggy address belongs to the object at ffff88810458d180 [ 28.874848] which belongs to the cache kmalloc-64 of size 64 [ 28.875350] The buggy address is located 0 bytes to the right of [ 28.875350] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.876182] [ 28.876459] The buggy address belongs to the physical page: [ 28.876675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.877150] flags: 0x200000000000000(node=0|zone=2) [ 28.877337] page_type: f5(slab) [ 28.877608] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.878026] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.878554] page dumped because: kasan: bad access detected [ 28.878880] [ 28.878970] Memory state around the buggy address: [ 28.879299] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.879615] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.880017] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.880582] ^ [ 28.880867] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.881288] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.881628] ================================================================== [ 28.998021] ================================================================== [ 28.998510] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 28.999227] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.999636] [ 28.999718] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.999763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.999775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.999829] Call Trace: [ 28.999844] <TASK> [ 28.999858] dump_stack_lvl+0x73/0xb0 [ 28.999887] print_report+0xd1/0x610 [ 28.999909] ? __virt_addr_valid+0x1db/0x2d0 [ 28.999931] ? kasan_atomics_helper+0x1818/0x5450 [ 28.999953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.999979] ? kasan_atomics_helper+0x1818/0x5450 [ 29.000001] kasan_report+0x141/0x180 [ 29.000023] ? kasan_atomics_helper+0x1818/0x5450 [ 29.000049] kasan_check_range+0x10c/0x1c0 [ 29.000073] __kasan_check_write+0x18/0x20 [ 29.000107] kasan_atomics_helper+0x1818/0x5450 [ 29.000129] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.000152] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.000176] ? kasan_atomics+0x152/0x310 [ 29.000237] kasan_atomics+0x1dc/0x310 [ 29.000260] ? __pfx_kasan_atomics+0x10/0x10 [ 29.000284] ? __pfx_read_tsc+0x10/0x10 [ 29.000315] ? ktime_get_ts64+0x86/0x230 [ 29.000340] kunit_try_run_case+0x1a5/0x480 [ 29.000396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.000418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.000442] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.000467] ? __kthread_parkme+0x82/0x180 [ 29.000490] ? preempt_count_sub+0x50/0x80 [ 29.000544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.000569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.000592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.000616] kthread+0x337/0x6f0 [ 29.000636] ? trace_preempt_on+0x20/0xc0 [ 29.000689] ? __pfx_kthread+0x10/0x10 [ 29.000713] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.000735] ? calculate_sigpending+0x7b/0xa0 [ 29.000759] ? __pfx_kthread+0x10/0x10 [ 29.000781] ret_from_fork+0x116/0x1d0 [ 29.000831] ? __pfx_kthread+0x10/0x10 [ 29.000853] ret_from_fork_asm+0x1a/0x30 [ 29.000885] </TASK> [ 29.000897] [ 29.008716] Allocated by task 314: [ 29.008851] kasan_save_stack+0x45/0x70 [ 29.009074] kasan_save_track+0x18/0x40 [ 29.009254] kasan_save_alloc_info+0x3b/0x50 [ 29.009475] __kasan_kmalloc+0xb7/0xc0 [ 29.009680] __kmalloc_cache_noprof+0x189/0x420 [ 29.009864] kasan_atomics+0x95/0x310 [ 29.010089] kunit_try_run_case+0x1a5/0x480 [ 29.010331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.010653] kthread+0x337/0x6f0 [ 29.010975] ret_from_fork+0x116/0x1d0 [ 29.011140] ret_from_fork_asm+0x1a/0x30 [ 29.011329] [ 29.011420] The buggy address belongs to the object at ffff88810458d180 [ 29.011420] which belongs to the cache kmalloc-64 of size 64 [ 29.011936] The buggy address is located 0 bytes to the right of [ 29.011936] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.012383] [ 29.012449] The buggy address belongs to the physical page: [ 29.012813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.013170] flags: 0x200000000000000(node=0|zone=2) [ 29.013500] page_type: f5(slab) [ 29.013651] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.014032] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.014776] page dumped because: kasan: bad access detected [ 29.014978] [ 29.015044] Memory state around the buggy address: [ 29.015208] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.015795] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.016047] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.016267] ^ [ 29.016643] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.016973] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.017296] ================================================================== [ 28.546119] ================================================================== [ 28.546349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.546570] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.547047] [ 28.547147] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.547210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.547224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.547246] Call Trace: [ 28.547261] <TASK> [ 28.547289] dump_stack_lvl+0x73/0xb0 [ 28.547320] print_report+0xd1/0x610 [ 28.547343] ? __virt_addr_valid+0x1db/0x2d0 [ 28.547367] ? kasan_atomics_helper+0xe78/0x5450 [ 28.547409] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.547436] ? kasan_atomics_helper+0xe78/0x5450 [ 28.547469] kasan_report+0x141/0x180 [ 28.547493] ? kasan_atomics_helper+0xe78/0x5450 [ 28.547521] kasan_check_range+0x10c/0x1c0 [ 28.547547] __kasan_check_write+0x18/0x20 [ 28.547572] kasan_atomics_helper+0xe78/0x5450 [ 28.547596] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.547619] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.547645] ? kasan_atomics+0x152/0x310 [ 28.547673] kasan_atomics+0x1dc/0x310 [ 28.547696] ? __pfx_kasan_atomics+0x10/0x10 [ 28.547721] ? __pfx_read_tsc+0x10/0x10 [ 28.547743] ? ktime_get_ts64+0x86/0x230 [ 28.547769] kunit_try_run_case+0x1a5/0x480 [ 28.547794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.547818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.547843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.547868] ? __kthread_parkme+0x82/0x180 [ 28.547892] ? preempt_count_sub+0x50/0x80 [ 28.547916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.547941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.547974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.547998] kthread+0x337/0x6f0 [ 28.548018] ? trace_preempt_on+0x20/0xc0 [ 28.548053] ? __pfx_kthread+0x10/0x10 [ 28.548074] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.548105] ? calculate_sigpending+0x7b/0xa0 [ 28.548129] ? __pfx_kthread+0x10/0x10 [ 28.548151] ret_from_fork+0x116/0x1d0 [ 28.548171] ? __pfx_kthread+0x10/0x10 [ 28.548192] ret_from_fork_asm+0x1a/0x30 [ 28.548224] </TASK> [ 28.548235] [ 28.556223] Allocated by task 314: [ 28.556441] kasan_save_stack+0x45/0x70 [ 28.556633] kasan_save_track+0x18/0x40 [ 28.556763] kasan_save_alloc_info+0x3b/0x50 [ 28.556904] __kasan_kmalloc+0xb7/0xc0 [ 28.557030] __kmalloc_cache_noprof+0x189/0x420 [ 28.557270] kasan_atomics+0x95/0x310 [ 28.557615] kunit_try_run_case+0x1a5/0x480 [ 28.557818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.558067] kthread+0x337/0x6f0 [ 28.558276] ret_from_fork+0x116/0x1d0 [ 28.558406] ret_from_fork_asm+0x1a/0x30 [ 28.558539] [ 28.558602] The buggy address belongs to the object at ffff88810458d180 [ 28.558602] which belongs to the cache kmalloc-64 of size 64 [ 28.559121] The buggy address is located 0 bytes to the right of [ 28.559121] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.559695] [ 28.559809] The buggy address belongs to the physical page: [ 28.560074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.560474] flags: 0x200000000000000(node=0|zone=2) [ 28.560670] page_type: f5(slab) [ 28.560829] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.561143] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.561511] page dumped because: kasan: bad access detected [ 28.561677] [ 28.561741] Memory state around the buggy address: [ 28.561890] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.562116] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.562326] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.562600] ^ [ 28.562815] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.563354] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.563655] ================================================================== [ 29.144456] ================================================================== [ 29.144780] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 29.145068] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.145299] [ 29.145374] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.145424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.145437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.145457] Call Trace: [ 29.145472] <TASK> [ 29.145512] dump_stack_lvl+0x73/0xb0 [ 29.145539] print_report+0xd1/0x610 [ 29.145560] ? __virt_addr_valid+0x1db/0x2d0 [ 29.145583] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.145603] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.145665] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.145689] kasan_report+0x141/0x180 [ 29.145711] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.145738] __asan_report_load8_noabort+0x18/0x20 [ 29.145762] kasan_atomics_helper+0x4f30/0x5450 [ 29.145785] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.145808] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.145833] ? kasan_atomics+0x152/0x310 [ 29.145859] kasan_atomics+0x1dc/0x310 [ 29.145896] ? __pfx_kasan_atomics+0x10/0x10 [ 29.145927] ? __pfx_read_tsc+0x10/0x10 [ 29.145949] ? ktime_get_ts64+0x86/0x230 [ 29.145973] kunit_try_run_case+0x1a5/0x480 [ 29.145997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.146020] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.146043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.146091] ? __kthread_parkme+0x82/0x180 [ 29.146115] ? preempt_count_sub+0x50/0x80 [ 29.146139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.146162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.146186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.146210] kthread+0x337/0x6f0 [ 29.146229] ? trace_preempt_on+0x20/0xc0 [ 29.146252] ? __pfx_kthread+0x10/0x10 [ 29.146272] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.146306] ? calculate_sigpending+0x7b/0xa0 [ 29.146328] ? __pfx_kthread+0x10/0x10 [ 29.146349] ret_from_fork+0x116/0x1d0 [ 29.146369] ? __pfx_kthread+0x10/0x10 [ 29.146390] ret_from_fork_asm+0x1a/0x30 [ 29.146421] </TASK> [ 29.146431] [ 29.155009] Allocated by task 314: [ 29.155185] kasan_save_stack+0x45/0x70 [ 29.155642] kasan_save_track+0x18/0x40 [ 29.155953] kasan_save_alloc_info+0x3b/0x50 [ 29.156367] __kasan_kmalloc+0xb7/0xc0 [ 29.156657] __kmalloc_cache_noprof+0x189/0x420 [ 29.156986] kasan_atomics+0x95/0x310 [ 29.157184] kunit_try_run_case+0x1a5/0x480 [ 29.157575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.158022] kthread+0x337/0x6f0 [ 29.158262] ret_from_fork+0x116/0x1d0 [ 29.158455] ret_from_fork_asm+0x1a/0x30 [ 29.158631] [ 29.158711] The buggy address belongs to the object at ffff88810458d180 [ 29.158711] which belongs to the cache kmalloc-64 of size 64 [ 29.159183] The buggy address is located 0 bytes to the right of [ 29.159183] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.160112] [ 29.160332] The buggy address belongs to the physical page: [ 29.160808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.161323] flags: 0x200000000000000(node=0|zone=2) [ 29.161549] page_type: f5(slab) [ 29.162344] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.162590] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.162819] page dumped because: kasan: bad access detected [ 29.162988] [ 29.163053] Memory state around the buggy address: [ 29.163215] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.163435] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.163644] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.163850] ^ [ 29.163998] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.165172] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.165824] ================================================================== [ 29.273192] ================================================================== [ 29.273653] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 29.273966] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.274308] [ 29.274423] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.274471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.274484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.274506] Call Trace: [ 29.274522] <TASK> [ 29.274538] dump_stack_lvl+0x73/0xb0 [ 29.274567] print_report+0xd1/0x610 [ 29.274590] ? __virt_addr_valid+0x1db/0x2d0 [ 29.274613] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.274634] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.274661] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.274683] kasan_report+0x141/0x180 [ 29.274705] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.274732] kasan_check_range+0x10c/0x1c0 [ 29.274755] __kasan_check_write+0x18/0x20 [ 29.274779] kasan_atomics_helper+0x1f43/0x5450 [ 29.274802] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.274825] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.274850] ? kasan_atomics+0x152/0x310 [ 29.274877] kasan_atomics+0x1dc/0x310 [ 29.274899] ? __pfx_kasan_atomics+0x10/0x10 [ 29.274923] ? __pfx_read_tsc+0x10/0x10 [ 29.274944] ? ktime_get_ts64+0x86/0x230 [ 29.274968] kunit_try_run_case+0x1a5/0x480 [ 29.274992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275015] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.275040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.275063] ? __kthread_parkme+0x82/0x180 [ 29.275099] ? preempt_count_sub+0x50/0x80 [ 29.275123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.275147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.275170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.275193] kthread+0x337/0x6f0 [ 29.275213] ? trace_preempt_on+0x20/0xc0 [ 29.275236] ? __pfx_kthread+0x10/0x10 [ 29.275257] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.275290] ? calculate_sigpending+0x7b/0xa0 [ 29.275314] ? __pfx_kthread+0x10/0x10 [ 29.275335] ret_from_fork+0x116/0x1d0 [ 29.275354] ? __pfx_kthread+0x10/0x10 [ 29.275375] ret_from_fork_asm+0x1a/0x30 [ 29.275407] </TASK> [ 29.275418] [ 29.282358] Allocated by task 314: [ 29.282478] kasan_save_stack+0x45/0x70 [ 29.282640] kasan_save_track+0x18/0x40 [ 29.282827] kasan_save_alloc_info+0x3b/0x50 [ 29.283035] __kasan_kmalloc+0xb7/0xc0 [ 29.283227] __kmalloc_cache_noprof+0x189/0x420 [ 29.283446] kasan_atomics+0x95/0x310 [ 29.283635] kunit_try_run_case+0x1a5/0x480 [ 29.283838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.284094] kthread+0x337/0x6f0 [ 29.284255] ret_from_fork+0x116/0x1d0 [ 29.284435] ret_from_fork_asm+0x1a/0x30 [ 29.284583] [ 29.284646] The buggy address belongs to the object at ffff88810458d180 [ 29.284646] which belongs to the cache kmalloc-64 of size 64 [ 29.284989] The buggy address is located 0 bytes to the right of [ 29.284989] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.285656] [ 29.285759] The buggy address belongs to the physical page: [ 29.285927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.286168] flags: 0x200000000000000(node=0|zone=2) [ 29.286321] page_type: f5(slab) [ 29.286434] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.286665] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.286995] page dumped because: kasan: bad access detected [ 29.287252] [ 29.287339] Memory state around the buggy address: [ 29.287557] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.287874] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.288199] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.288562] ^ [ 29.288761] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.288972] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.289304] ================================================================== [ 28.165369] ================================================================== [ 28.165716] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 28.166054] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.166622] [ 28.166732] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.166781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.166794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.166817] Call Trace: [ 28.166831] <TASK> [ 28.166847] dump_stack_lvl+0x73/0xb0 [ 28.166878] print_report+0xd1/0x610 [ 28.166900] ? __virt_addr_valid+0x1db/0x2d0 [ 28.166923] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.166945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.166971] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.166993] kasan_report+0x141/0x180 [ 28.167016] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.167043] __asan_report_load4_noabort+0x18/0x20 [ 28.167067] kasan_atomics_helper+0x4b54/0x5450 [ 28.167105] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.167127] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.167152] ? kasan_atomics+0x152/0x310 [ 28.167178] kasan_atomics+0x1dc/0x310 [ 28.167202] ? __pfx_kasan_atomics+0x10/0x10 [ 28.167308] ? __pfx_read_tsc+0x10/0x10 [ 28.167336] ? ktime_get_ts64+0x86/0x230 [ 28.167361] kunit_try_run_case+0x1a5/0x480 [ 28.167386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.167409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.167433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.167457] ? __kthread_parkme+0x82/0x180 [ 28.167481] ? preempt_count_sub+0x50/0x80 [ 28.167505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.167529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.167552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.167576] kthread+0x337/0x6f0 [ 28.167596] ? trace_preempt_on+0x20/0xc0 [ 28.167619] ? __pfx_kthread+0x10/0x10 [ 28.167640] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.167661] ? calculate_sigpending+0x7b/0xa0 [ 28.167685] ? __pfx_kthread+0x10/0x10 [ 28.167707] ret_from_fork+0x116/0x1d0 [ 28.167727] ? __pfx_kthread+0x10/0x10 [ 28.167747] ret_from_fork_asm+0x1a/0x30 [ 28.167780] </TASK> [ 28.167792] [ 28.175440] Allocated by task 314: [ 28.175567] kasan_save_stack+0x45/0x70 [ 28.175759] kasan_save_track+0x18/0x40 [ 28.175945] kasan_save_alloc_info+0x3b/0x50 [ 28.176183] __kasan_kmalloc+0xb7/0xc0 [ 28.176475] __kmalloc_cache_noprof+0x189/0x420 [ 28.176726] kasan_atomics+0x95/0x310 [ 28.176921] kunit_try_run_case+0x1a5/0x480 [ 28.177120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.177469] kthread+0x337/0x6f0 [ 28.177629] ret_from_fork+0x116/0x1d0 [ 28.177811] ret_from_fork_asm+0x1a/0x30 [ 28.177999] [ 28.178096] The buggy address belongs to the object at ffff88810458d180 [ 28.178096] which belongs to the cache kmalloc-64 of size 64 [ 28.178793] The buggy address is located 0 bytes to the right of [ 28.178793] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.179385] [ 28.179459] The buggy address belongs to the physical page: [ 28.179626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.179959] flags: 0x200000000000000(node=0|zone=2) [ 28.180195] page_type: f5(slab) [ 28.180444] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.180806] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.181149] page dumped because: kasan: bad access detected [ 28.181455] [ 28.181571] Memory state around the buggy address: [ 28.181736] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.181971] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.182508] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.182821] ^ [ 28.183019] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.183418] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.183629] ================================================================== [ 28.184001] ================================================================== [ 28.184445] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 28.184795] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.185124] [ 28.185319] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.185370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.185383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.185405] Call Trace: [ 28.185421] <TASK> [ 28.185437] dump_stack_lvl+0x73/0xb0 [ 28.185467] print_report+0xd1/0x610 [ 28.185491] ? __virt_addr_valid+0x1db/0x2d0 [ 28.185514] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.185558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.185586] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.185608] kasan_report+0x141/0x180 [ 28.185631] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.185658] kasan_check_range+0x10c/0x1c0 [ 28.185683] __kasan_check_write+0x18/0x20 [ 28.185707] kasan_atomics_helper+0x4a0/0x5450 [ 28.185730] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.185752] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.185778] ? kasan_atomics+0x152/0x310 [ 28.185805] kasan_atomics+0x1dc/0x310 [ 28.185828] ? __pfx_kasan_atomics+0x10/0x10 [ 28.185853] ? __pfx_read_tsc+0x10/0x10 [ 28.185874] ? ktime_get_ts64+0x86/0x230 [ 28.185899] kunit_try_run_case+0x1a5/0x480 [ 28.185928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.185952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.185976] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.186000] ? __kthread_parkme+0x82/0x180 [ 28.186025] ? preempt_count_sub+0x50/0x80 [ 28.186048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.186073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.186108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.186132] kthread+0x337/0x6f0 [ 28.186152] ? trace_preempt_on+0x20/0xc0 [ 28.186175] ? __pfx_kthread+0x10/0x10 [ 28.186196] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.186219] ? calculate_sigpending+0x7b/0xa0 [ 28.186451] ? __pfx_kthread+0x10/0x10 [ 28.186474] ret_from_fork+0x116/0x1d0 [ 28.186495] ? __pfx_kthread+0x10/0x10 [ 28.186516] ret_from_fork_asm+0x1a/0x30 [ 28.186548] </TASK> [ 28.186559] [ 28.195488] Allocated by task 314: [ 28.195667] kasan_save_stack+0x45/0x70 [ 28.195820] kasan_save_track+0x18/0x40 [ 28.195949] kasan_save_alloc_info+0x3b/0x50 [ 28.196103] __kasan_kmalloc+0xb7/0xc0 [ 28.196375] __kmalloc_cache_noprof+0x189/0x420 [ 28.196625] kasan_atomics+0x95/0x310 [ 28.196827] kunit_try_run_case+0x1a5/0x480 [ 28.197045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.197391] kthread+0x337/0x6f0 [ 28.197562] ret_from_fork+0x116/0x1d0 [ 28.197738] ret_from_fork_asm+0x1a/0x30 [ 28.197949] [ 28.198032] The buggy address belongs to the object at ffff88810458d180 [ 28.198032] which belongs to the cache kmalloc-64 of size 64 [ 28.198654] The buggy address is located 0 bytes to the right of [ 28.198654] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.199200] [ 28.199320] The buggy address belongs to the physical page: [ 28.199528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.199964] flags: 0x200000000000000(node=0|zone=2) [ 28.200294] page_type: f5(slab) [ 28.200468] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.200730] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.201065] page dumped because: kasan: bad access detected [ 28.201344] [ 28.201414] Memory state around the buggy address: [ 28.201616] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.201967] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.202480] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.202791] ^ [ 28.203004] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.203409] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.203677] ================================================================== [ 28.269689] ================================================================== [ 28.270123] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 28.270685] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.271041] [ 28.271134] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.271193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.271205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.271237] Call Trace: [ 28.271255] <TASK> [ 28.271271] dump_stack_lvl+0x73/0xb0 [ 28.271300] print_report+0xd1/0x610 [ 28.271322] ? __virt_addr_valid+0x1db/0x2d0 [ 28.271345] ? kasan_atomics_helper+0x697/0x5450 [ 28.271367] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.271393] ? kasan_atomics_helper+0x697/0x5450 [ 28.271415] kasan_report+0x141/0x180 [ 28.271438] ? kasan_atomics_helper+0x697/0x5450 [ 28.271535] kasan_check_range+0x10c/0x1c0 [ 28.271560] __kasan_check_write+0x18/0x20 [ 28.271595] kasan_atomics_helper+0x697/0x5450 [ 28.271618] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.271641] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.271685] ? kasan_atomics+0x152/0x310 [ 28.271712] kasan_atomics+0x1dc/0x310 [ 28.271735] ? __pfx_kasan_atomics+0x10/0x10 [ 28.271770] ? __pfx_read_tsc+0x10/0x10 [ 28.271792] ? ktime_get_ts64+0x86/0x230 [ 28.271816] kunit_try_run_case+0x1a5/0x480 [ 28.271840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.271863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.271887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.271911] ? __kthread_parkme+0x82/0x180 [ 28.271945] ? preempt_count_sub+0x50/0x80 [ 28.271968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.271993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.272026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.272050] kthread+0x337/0x6f0 [ 28.272070] ? trace_preempt_on+0x20/0xc0 [ 28.272102] ? __pfx_kthread+0x10/0x10 [ 28.272132] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.272153] ? calculate_sigpending+0x7b/0xa0 [ 28.272178] ? __pfx_kthread+0x10/0x10 [ 28.272210] ret_from_fork+0x116/0x1d0 [ 28.272230] ? __pfx_kthread+0x10/0x10 [ 28.272261] ret_from_fork_asm+0x1a/0x30 [ 28.272303] </TASK> [ 28.272314] [ 28.280585] Allocated by task 314: [ 28.280750] kasan_save_stack+0x45/0x70 [ 28.281071] kasan_save_track+0x18/0x40 [ 28.281393] kasan_save_alloc_info+0x3b/0x50 [ 28.281624] __kasan_kmalloc+0xb7/0xc0 [ 28.281823] __kmalloc_cache_noprof+0x189/0x420 [ 28.281983] kasan_atomics+0x95/0x310 [ 28.282120] kunit_try_run_case+0x1a5/0x480 [ 28.282332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.282584] kthread+0x337/0x6f0 [ 28.282746] ret_from_fork+0x116/0x1d0 [ 28.282928] ret_from_fork_asm+0x1a/0x30 [ 28.283132] [ 28.283223] The buggy address belongs to the object at ffff88810458d180 [ 28.283223] which belongs to the cache kmalloc-64 of size 64 [ 28.283953] The buggy address is located 0 bytes to the right of [ 28.283953] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.284779] [ 28.284854] The buggy address belongs to the physical page: [ 28.285020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.285455] flags: 0x200000000000000(node=0|zone=2) [ 28.285876] page_type: f5(slab) [ 28.286068] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.286421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.286756] page dumped because: kasan: bad access detected [ 28.287102] [ 28.287180] Memory state around the buggy address: [ 28.287385] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.287913] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.288146] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.288541] ^ [ 28.288765] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.289396] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.289717] ================================================================== [ 28.093998] ================================================================== [ 28.094389] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 28.094617] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.094887] [ 28.094983] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.095031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.095042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.095062] Call Trace: [ 28.095084] <TASK> [ 28.095099] dump_stack_lvl+0x73/0xb0 [ 28.095125] print_report+0xd1/0x610 [ 28.095145] ? __virt_addr_valid+0x1db/0x2d0 [ 28.095168] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.095188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.095213] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.095234] kasan_report+0x141/0x180 [ 28.095257] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.095283] __asan_report_load4_noabort+0x18/0x20 [ 28.095306] kasan_atomics_helper+0x4b88/0x5450 [ 28.095328] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.095349] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.095372] ? kasan_atomics+0x152/0x310 [ 28.095397] kasan_atomics+0x1dc/0x310 [ 28.095418] ? __pfx_kasan_atomics+0x10/0x10 [ 28.095442] ? __pfx_read_tsc+0x10/0x10 [ 28.095463] ? ktime_get_ts64+0x86/0x230 [ 28.095486] kunit_try_run_case+0x1a5/0x480 [ 28.095525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.095593] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.095616] ? __kthread_parkme+0x82/0x180 [ 28.095639] ? preempt_count_sub+0x50/0x80 [ 28.095661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.095684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.095707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.095730] kthread+0x337/0x6f0 [ 28.095752] ? trace_preempt_on+0x20/0xc0 [ 28.095775] ? __pfx_kthread+0x10/0x10 [ 28.095797] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.095819] ? calculate_sigpending+0x7b/0xa0 [ 28.095853] ? __pfx_kthread+0x10/0x10 [ 28.095875] ret_from_fork+0x116/0x1d0 [ 28.095894] ? __pfx_kthread+0x10/0x10 [ 28.095926] ret_from_fork_asm+0x1a/0x30 [ 28.095957] </TASK> [ 28.095969] [ 28.104137] Allocated by task 314: [ 28.104414] kasan_save_stack+0x45/0x70 [ 28.104629] kasan_save_track+0x18/0x40 [ 28.104760] kasan_save_alloc_info+0x3b/0x50 [ 28.104902] __kasan_kmalloc+0xb7/0xc0 [ 28.105028] __kmalloc_cache_noprof+0x189/0x420 [ 28.105236] kasan_atomics+0x95/0x310 [ 28.105416] kunit_try_run_case+0x1a5/0x480 [ 28.105614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.105884] kthread+0x337/0x6f0 [ 28.106180] ret_from_fork+0x116/0x1d0 [ 28.106434] ret_from_fork_asm+0x1a/0x30 [ 28.106573] [ 28.106637] The buggy address belongs to the object at ffff88810458d180 [ 28.106637] which belongs to the cache kmalloc-64 of size 64 [ 28.107117] The buggy address is located 0 bytes to the right of [ 28.107117] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.108033] [ 28.108146] The buggy address belongs to the physical page: [ 28.108502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.108839] flags: 0x200000000000000(node=0|zone=2) [ 28.109071] page_type: f5(slab) [ 28.109227] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.109660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.109987] page dumped because: kasan: bad access detected [ 28.110203] [ 28.110377] Memory state around the buggy address: [ 28.110676] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.110987] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.111476] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.111783] ^ [ 28.112023] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.112402] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.112752] ================================================================== [ 28.585410] ================================================================== [ 28.585725] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.586029] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.586585] [ 28.586933] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.586988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.587001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.587022] Call Trace: [ 28.587038] <TASK> [ 28.587052] dump_stack_lvl+0x73/0xb0 [ 28.587094] print_report+0xd1/0x610 [ 28.587117] ? __virt_addr_valid+0x1db/0x2d0 [ 28.587140] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.587161] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.587188] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.587210] kasan_report+0x141/0x180 [ 28.587233] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.587259] kasan_check_range+0x10c/0x1c0 [ 28.587657] __kasan_check_write+0x18/0x20 [ 28.587702] kasan_atomics_helper+0xfa9/0x5450 [ 28.587727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.587750] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.587775] ? kasan_atomics+0x152/0x310 [ 28.587842] kasan_atomics+0x1dc/0x310 [ 28.587865] ? __pfx_kasan_atomics+0x10/0x10 [ 28.587889] ? __pfx_read_tsc+0x10/0x10 [ 28.587911] ? ktime_get_ts64+0x86/0x230 [ 28.587935] kunit_try_run_case+0x1a5/0x480 [ 28.587961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.587983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.588007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.588031] ? __kthread_parkme+0x82/0x180 [ 28.588056] ? preempt_count_sub+0x50/0x80 [ 28.588090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.588114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.588139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.588162] kthread+0x337/0x6f0 [ 28.588183] ? trace_preempt_on+0x20/0xc0 [ 28.588206] ? __pfx_kthread+0x10/0x10 [ 28.588227] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.588249] ? calculate_sigpending+0x7b/0xa0 [ 28.588273] ? __pfx_kthread+0x10/0x10 [ 28.588296] ret_from_fork+0x116/0x1d0 [ 28.588316] ? __pfx_kthread+0x10/0x10 [ 28.588337] ret_from_fork_asm+0x1a/0x30 [ 28.588369] </TASK> [ 28.588380] [ 28.599214] Allocated by task 314: [ 28.599712] kasan_save_stack+0x45/0x70 [ 28.600166] kasan_save_track+0x18/0x40 [ 28.600404] kasan_save_alloc_info+0x3b/0x50 [ 28.600605] __kasan_kmalloc+0xb7/0xc0 [ 28.600772] __kmalloc_cache_noprof+0x189/0x420 [ 28.600965] kasan_atomics+0x95/0x310 [ 28.601148] kunit_try_run_case+0x1a5/0x480 [ 28.601685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.602011] kthread+0x337/0x6f0 [ 28.602322] ret_from_fork+0x116/0x1d0 [ 28.602709] ret_from_fork_asm+0x1a/0x30 [ 28.602902] [ 28.602991] The buggy address belongs to the object at ffff88810458d180 [ 28.602991] which belongs to the cache kmalloc-64 of size 64 [ 28.603755] The buggy address is located 0 bytes to the right of [ 28.603755] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.604682] [ 28.604776] The buggy address belongs to the physical page: [ 28.604996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.605525] flags: 0x200000000000000(node=0|zone=2) [ 28.605950] page_type: f5(slab) [ 28.606270] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.606896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.607242] page dumped because: kasan: bad access detected [ 28.607845] [ 28.607949] Memory state around the buggy address: [ 28.608167] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.608928] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.609339] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.609631] ^ [ 28.609830] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610123] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.610553] ================================================================== [ 28.222039] ================================================================== [ 28.222539] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 28.222822] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.223134] [ 28.223248] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.223311] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.223324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.223346] Call Trace: [ 28.223360] <TASK> [ 28.223374] dump_stack_lvl+0x73/0xb0 [ 28.223401] print_report+0xd1/0x610 [ 28.223424] ? __virt_addr_valid+0x1db/0x2d0 [ 28.223447] ? kasan_atomics_helper+0x565/0x5450 [ 28.223468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.223494] ? kasan_atomics_helper+0x565/0x5450 [ 28.223516] kasan_report+0x141/0x180 [ 28.223539] ? kasan_atomics_helper+0x565/0x5450 [ 28.223566] kasan_check_range+0x10c/0x1c0 [ 28.223590] __kasan_check_write+0x18/0x20 [ 28.223613] kasan_atomics_helper+0x565/0x5450 [ 28.223636] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.223659] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.223683] ? kasan_atomics+0x152/0x310 [ 28.223710] kasan_atomics+0x1dc/0x310 [ 28.223733] ? __pfx_kasan_atomics+0x10/0x10 [ 28.223757] ? __pfx_read_tsc+0x10/0x10 [ 28.223778] ? ktime_get_ts64+0x86/0x230 [ 28.223802] kunit_try_run_case+0x1a5/0x480 [ 28.223826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.223849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.223872] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.223896] ? __kthread_parkme+0x82/0x180 [ 28.223920] ? preempt_count_sub+0x50/0x80 [ 28.223943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.223967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.223991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.224015] kthread+0x337/0x6f0 [ 28.224035] ? trace_preempt_on+0x20/0xc0 [ 28.224058] ? __pfx_kthread+0x10/0x10 [ 28.224153] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.224183] ? calculate_sigpending+0x7b/0xa0 [ 28.224207] ? __pfx_kthread+0x10/0x10 [ 28.224289] ret_from_fork+0x116/0x1d0 [ 28.224315] ? __pfx_kthread+0x10/0x10 [ 28.224337] ret_from_fork_asm+0x1a/0x30 [ 28.224369] </TASK> [ 28.224380] [ 28.231842] Allocated by task 314: [ 28.232016] kasan_save_stack+0x45/0x70 [ 28.232296] kasan_save_track+0x18/0x40 [ 28.232498] kasan_save_alloc_info+0x3b/0x50 [ 28.232649] __kasan_kmalloc+0xb7/0xc0 [ 28.232776] __kmalloc_cache_noprof+0x189/0x420 [ 28.232924] kasan_atomics+0x95/0x310 [ 28.233051] kunit_try_run_case+0x1a5/0x480 [ 28.233338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.233552] kthread+0x337/0x6f0 [ 28.233698] ret_from_fork+0x116/0x1d0 [ 28.233878] ret_from_fork_asm+0x1a/0x30 [ 28.234046] [ 28.234146] The buggy address belongs to the object at ffff88810458d180 [ 28.234146] which belongs to the cache kmalloc-64 of size 64 [ 28.234783] The buggy address is located 0 bytes to the right of [ 28.234783] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.235397] [ 28.235485] The buggy address belongs to the physical page: [ 28.235690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.235924] flags: 0x200000000000000(node=0|zone=2) [ 28.236099] page_type: f5(slab) [ 28.236267] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.236572] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.236880] page dumped because: kasan: bad access detected [ 28.237115] [ 28.237197] Memory state around the buggy address: [ 28.237392] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.237677] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.237960] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.239013] ^ [ 28.239205] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.240041] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.241011] ================================================================== [ 28.420532] ================================================================== [ 28.420832] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 28.421401] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.421785] [ 28.422178] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.422230] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.422244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.422266] Call Trace: [ 28.422283] <TASK> [ 28.422298] dump_stack_lvl+0x73/0xb0 [ 28.422327] print_report+0xd1/0x610 [ 28.422350] ? __virt_addr_valid+0x1db/0x2d0 [ 28.422373] ? kasan_atomics_helper+0xac7/0x5450 [ 28.422395] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.422421] ? kasan_atomics_helper+0xac7/0x5450 [ 28.422442] kasan_report+0x141/0x180 [ 28.422465] ? kasan_atomics_helper+0xac7/0x5450 [ 28.422491] kasan_check_range+0x10c/0x1c0 [ 28.422515] __kasan_check_write+0x18/0x20 [ 28.422539] kasan_atomics_helper+0xac7/0x5450 [ 28.422562] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.422585] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.422611] ? kasan_atomics+0x152/0x310 [ 28.422637] kasan_atomics+0x1dc/0x310 [ 28.422660] ? __pfx_kasan_atomics+0x10/0x10 [ 28.422684] ? __pfx_read_tsc+0x10/0x10 [ 28.422706] ? ktime_get_ts64+0x86/0x230 [ 28.422730] kunit_try_run_case+0x1a5/0x480 [ 28.422755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.422777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.422802] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.422826] ? __kthread_parkme+0x82/0x180 [ 28.422850] ? preempt_count_sub+0x50/0x80 [ 28.422874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.422899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.422922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.422946] kthread+0x337/0x6f0 [ 28.422966] ? trace_preempt_on+0x20/0xc0 [ 28.422989] ? __pfx_kthread+0x10/0x10 [ 28.423010] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.423032] ? calculate_sigpending+0x7b/0xa0 [ 28.423055] ? __pfx_kthread+0x10/0x10 [ 28.423089] ret_from_fork+0x116/0x1d0 [ 28.423109] ? __pfx_kthread+0x10/0x10 [ 28.423130] ret_from_fork_asm+0x1a/0x30 [ 28.423162] </TASK> [ 28.423174] [ 28.430747] Allocated by task 314: [ 28.430920] kasan_save_stack+0x45/0x70 [ 28.431143] kasan_save_track+0x18/0x40 [ 28.431270] kasan_save_alloc_info+0x3b/0x50 [ 28.431489] __kasan_kmalloc+0xb7/0xc0 [ 28.431685] __kmalloc_cache_noprof+0x189/0x420 [ 28.431901] kasan_atomics+0x95/0x310 [ 28.432095] kunit_try_run_case+0x1a5/0x480 [ 28.432268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.432556] kthread+0x337/0x6f0 [ 28.432714] ret_from_fork+0x116/0x1d0 [ 28.432933] ret_from_fork_asm+0x1a/0x30 [ 28.433218] [ 28.433333] The buggy address belongs to the object at ffff88810458d180 [ 28.433333] which belongs to the cache kmalloc-64 of size 64 [ 28.433708] The buggy address is located 0 bytes to the right of [ 28.433708] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.434251] [ 28.434361] The buggy address belongs to the physical page: [ 28.434663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.434978] flags: 0x200000000000000(node=0|zone=2) [ 28.435256] page_type: f5(slab) [ 28.435439] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.435800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.436130] page dumped because: kasan: bad access detected [ 28.436368] [ 28.436455] Memory state around the buggy address: [ 28.436703] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.437008] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.437255] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.437553] ^ [ 28.437695] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.437898] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.438138] ================================================================== [ 28.438999] ================================================================== [ 28.439469] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 28.439750] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.440018] [ 28.440150] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.440198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.440211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.440249] Call Trace: [ 28.440266] <TASK> [ 28.440292] dump_stack_lvl+0x73/0xb0 [ 28.440321] print_report+0xd1/0x610 [ 28.440364] ? __virt_addr_valid+0x1db/0x2d0 [ 28.440387] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.440408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.440434] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.440456] kasan_report+0x141/0x180 [ 28.440478] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.440521] kasan_check_range+0x10c/0x1c0 [ 28.440546] __kasan_check_write+0x18/0x20 [ 28.440571] kasan_atomics_helper+0xb6a/0x5450 [ 28.440595] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.440617] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.440642] ? kasan_atomics+0x152/0x310 [ 28.440686] kasan_atomics+0x1dc/0x310 [ 28.440709] ? __pfx_kasan_atomics+0x10/0x10 [ 28.440734] ? __pfx_read_tsc+0x10/0x10 [ 28.440756] ? ktime_get_ts64+0x86/0x230 [ 28.440780] kunit_try_run_case+0x1a5/0x480 [ 28.440804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.440843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.440868] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.440892] ? __kthread_parkme+0x82/0x180 [ 28.440916] ? preempt_count_sub+0x50/0x80 [ 28.440939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.440963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.440987] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.441011] kthread+0x337/0x6f0 [ 28.441031] ? trace_preempt_on+0x20/0xc0 [ 28.441053] ? __pfx_kthread+0x10/0x10 [ 28.441073] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.441106] ? calculate_sigpending+0x7b/0xa0 [ 28.441129] ? __pfx_kthread+0x10/0x10 [ 28.441150] ret_from_fork+0x116/0x1d0 [ 28.441170] ? __pfx_kthread+0x10/0x10 [ 28.441191] ret_from_fork_asm+0x1a/0x30 [ 28.441241] </TASK> [ 28.441252] [ 28.449151] Allocated by task 314: [ 28.449269] kasan_save_stack+0x45/0x70 [ 28.449470] kasan_save_track+0x18/0x40 [ 28.449656] kasan_save_alloc_info+0x3b/0x50 [ 28.449881] __kasan_kmalloc+0xb7/0xc0 [ 28.450102] __kmalloc_cache_noprof+0x189/0x420 [ 28.450322] kasan_atomics+0x95/0x310 [ 28.450501] kunit_try_run_case+0x1a5/0x480 [ 28.450658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.450818] kthread+0x337/0x6f0 [ 28.450929] ret_from_fork+0x116/0x1d0 [ 28.451101] ret_from_fork_asm+0x1a/0x30 [ 28.451364] [ 28.451452] The buggy address belongs to the object at ffff88810458d180 [ 28.451452] which belongs to the cache kmalloc-64 of size 64 [ 28.451993] The buggy address is located 0 bytes to the right of [ 28.451993] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.452511] [ 28.452601] The buggy address belongs to the physical page: [ 28.452846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.453175] flags: 0x200000000000000(node=0|zone=2) [ 28.453415] page_type: f5(slab) [ 28.453626] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.454012] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.454381] page dumped because: kasan: bad access detected [ 28.454624] [ 28.454712] Memory state around the buggy address: [ 28.454934] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.455585] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.455846] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.456043] ^ [ 28.456196] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.456731] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.457035] ================================================================== [ 29.075967] ================================================================== [ 29.076761] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 29.077101] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.077815] [ 29.078459] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.078513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.078525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.078547] Call Trace: [ 29.078708] <TASK> [ 29.078733] dump_stack_lvl+0x73/0xb0 [ 29.078817] print_report+0xd1/0x610 [ 29.078842] ? __virt_addr_valid+0x1db/0x2d0 [ 29.078880] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.078901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.078929] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.078963] kasan_report+0x141/0x180 [ 29.078986] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.079013] kasan_check_range+0x10c/0x1c0 [ 29.079047] __kasan_check_write+0x18/0x20 [ 29.079070] kasan_atomics_helper+0x1a7f/0x5450 [ 29.079109] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.079131] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.079157] ? kasan_atomics+0x152/0x310 [ 29.079194] kasan_atomics+0x1dc/0x310 [ 29.079217] ? __pfx_kasan_atomics+0x10/0x10 [ 29.079254] ? __pfx_read_tsc+0x10/0x10 [ 29.079276] ? ktime_get_ts64+0x86/0x230 [ 29.079302] kunit_try_run_case+0x1a5/0x480 [ 29.079336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.079359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.079383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.079418] ? __kthread_parkme+0x82/0x180 [ 29.079442] ? preempt_count_sub+0x50/0x80 [ 29.079466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.079501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.079524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.079548] kthread+0x337/0x6f0 [ 29.079579] ? trace_preempt_on+0x20/0xc0 [ 29.079602] ? __pfx_kthread+0x10/0x10 [ 29.079623] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.079658] ? calculate_sigpending+0x7b/0xa0 [ 29.079681] ? __pfx_kthread+0x10/0x10 [ 29.079703] ret_from_fork+0x116/0x1d0 [ 29.079755] ? __pfx_kthread+0x10/0x10 [ 29.079776] ret_from_fork_asm+0x1a/0x30 [ 29.079819] </TASK> [ 29.079831] [ 29.092820] Allocated by task 314: [ 29.093164] kasan_save_stack+0x45/0x70 [ 29.093692] kasan_save_track+0x18/0x40 [ 29.093953] kasan_save_alloc_info+0x3b/0x50 [ 29.094534] __kasan_kmalloc+0xb7/0xc0 [ 29.094933] __kmalloc_cache_noprof+0x189/0x420 [ 29.095602] kasan_atomics+0x95/0x310 [ 29.095874] kunit_try_run_case+0x1a5/0x480 [ 29.096328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.096577] kthread+0x337/0x6f0 [ 29.096727] ret_from_fork+0x116/0x1d0 [ 29.096896] ret_from_fork_asm+0x1a/0x30 [ 29.097071] [ 29.097165] The buggy address belongs to the object at ffff88810458d180 [ 29.097165] which belongs to the cache kmalloc-64 of size 64 [ 29.098474] The buggy address is located 0 bytes to the right of [ 29.098474] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.099488] [ 29.099582] The buggy address belongs to the physical page: [ 29.099756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.099996] flags: 0x200000000000000(node=0|zone=2) [ 29.100468] page_type: f5(slab) [ 29.100882] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.101128] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.101584] page dumped because: kasan: bad access detected [ 29.102053] [ 29.102214] Memory state around the buggy address: [ 29.102637] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.103173] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.103667] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.104050] ^ [ 29.104216] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.104823] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.105440] ================================================================== [ 29.391220] ================================================================== [ 29.392017] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 29.392628] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.392937] [ 29.393036] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.393098] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.393111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.393133] Call Trace: [ 29.393148] <TASK> [ 29.393165] dump_stack_lvl+0x73/0xb0 [ 29.393194] print_report+0xd1/0x610 [ 29.393217] ? __virt_addr_valid+0x1db/0x2d0 [ 29.393241] ? kasan_atomics_helper+0x218a/0x5450 [ 29.393262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.393290] ? kasan_atomics_helper+0x218a/0x5450 [ 29.393312] kasan_report+0x141/0x180 [ 29.393335] ? kasan_atomics_helper+0x218a/0x5450 [ 29.393361] kasan_check_range+0x10c/0x1c0 [ 29.393386] __kasan_check_write+0x18/0x20 [ 29.393432] kasan_atomics_helper+0x218a/0x5450 [ 29.393455] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.393491] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.393515] ? kasan_atomics+0x152/0x310 [ 29.393555] kasan_atomics+0x1dc/0x310 [ 29.393578] ? __pfx_kasan_atomics+0x10/0x10 [ 29.393604] ? __pfx_read_tsc+0x10/0x10 [ 29.393625] ? ktime_get_ts64+0x86/0x230 [ 29.393650] kunit_try_run_case+0x1a5/0x480 [ 29.393674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.393696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.393720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.393744] ? __kthread_parkme+0x82/0x180 [ 29.393768] ? preempt_count_sub+0x50/0x80 [ 29.393792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.393815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.393839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.393863] kthread+0x337/0x6f0 [ 29.393882] ? trace_preempt_on+0x20/0xc0 [ 29.393906] ? __pfx_kthread+0x10/0x10 [ 29.393934] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.393956] ? calculate_sigpending+0x7b/0xa0 [ 29.393980] ? __pfx_kthread+0x10/0x10 [ 29.394002] ret_from_fork+0x116/0x1d0 [ 29.394021] ? __pfx_kthread+0x10/0x10 [ 29.394042] ret_from_fork_asm+0x1a/0x30 [ 29.394074] </TASK> [ 29.394095] [ 29.401622] Allocated by task 314: [ 29.401764] kasan_save_stack+0x45/0x70 [ 29.401894] kasan_save_track+0x18/0x40 [ 29.402021] kasan_save_alloc_info+0x3b/0x50 [ 29.402169] __kasan_kmalloc+0xb7/0xc0 [ 29.402425] __kmalloc_cache_noprof+0x189/0x420 [ 29.402641] kasan_atomics+0x95/0x310 [ 29.402835] kunit_try_run_case+0x1a5/0x480 [ 29.403037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.403355] kthread+0x337/0x6f0 [ 29.403541] ret_from_fork+0x116/0x1d0 [ 29.403732] ret_from_fork_asm+0x1a/0x30 [ 29.403911] [ 29.404014] The buggy address belongs to the object at ffff88810458d180 [ 29.404014] which belongs to the cache kmalloc-64 of size 64 [ 29.404523] The buggy address is located 0 bytes to the right of [ 29.404523] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.405088] [ 29.405183] The buggy address belongs to the physical page: [ 29.405445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.405729] flags: 0x200000000000000(node=0|zone=2) [ 29.405978] page_type: f5(slab) [ 29.406149] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.406511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.406749] page dumped because: kasan: bad access detected [ 29.406994] [ 29.407115] Memory state around the buggy address: [ 29.407346] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.407587] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.407893] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.408169] ^ [ 29.408495] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.408807] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.409149] ================================================================== [ 28.500821] ================================================================== [ 28.501662] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.502313] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.503035] [ 28.503237] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.503294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.503306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.503328] Call Trace: [ 28.503344] <TASK> [ 28.503359] dump_stack_lvl+0x73/0xb0 [ 28.503401] print_report+0xd1/0x610 [ 28.503423] ? __virt_addr_valid+0x1db/0x2d0 [ 28.503447] ? kasan_atomics_helper+0xd47/0x5450 [ 28.503479] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.503506] ? kasan_atomics_helper+0xd47/0x5450 [ 28.503527] kasan_report+0x141/0x180 [ 28.503550] ? kasan_atomics_helper+0xd47/0x5450 [ 28.503577] kasan_check_range+0x10c/0x1c0 [ 28.503601] __kasan_check_write+0x18/0x20 [ 28.503624] kasan_atomics_helper+0xd47/0x5450 [ 28.503647] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.503669] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.503695] ? kasan_atomics+0x152/0x310 [ 28.503721] kasan_atomics+0x1dc/0x310 [ 28.503744] ? __pfx_kasan_atomics+0x10/0x10 [ 28.503769] ? __pfx_read_tsc+0x10/0x10 [ 28.503790] ? ktime_get_ts64+0x86/0x230 [ 28.503814] kunit_try_run_case+0x1a5/0x480 [ 28.503839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.503861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.503885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.503909] ? __kthread_parkme+0x82/0x180 [ 28.503932] ? preempt_count_sub+0x50/0x80 [ 28.503955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.503979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.504003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.504026] kthread+0x337/0x6f0 [ 28.504046] ? trace_preempt_on+0x20/0xc0 [ 28.504069] ? __pfx_kthread+0x10/0x10 [ 28.504100] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.504122] ? calculate_sigpending+0x7b/0xa0 [ 28.504147] ? __pfx_kthread+0x10/0x10 [ 28.504169] ret_from_fork+0x116/0x1d0 [ 28.504189] ? __pfx_kthread+0x10/0x10 [ 28.504210] ret_from_fork_asm+0x1a/0x30 [ 28.504242] </TASK> [ 28.504253] [ 28.516398] Allocated by task 314: [ 28.516826] kasan_save_stack+0x45/0x70 [ 28.517193] kasan_save_track+0x18/0x40 [ 28.517571] kasan_save_alloc_info+0x3b/0x50 [ 28.517969] __kasan_kmalloc+0xb7/0xc0 [ 28.518323] __kmalloc_cache_noprof+0x189/0x420 [ 28.518813] kasan_atomics+0x95/0x310 [ 28.519168] kunit_try_run_case+0x1a5/0x480 [ 28.519589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.519988] kthread+0x337/0x6f0 [ 28.520114] ret_from_fork+0x116/0x1d0 [ 28.520241] ret_from_fork_asm+0x1a/0x30 [ 28.520435] [ 28.520602] The buggy address belongs to the object at ffff88810458d180 [ 28.520602] which belongs to the cache kmalloc-64 of size 64 [ 28.521662] The buggy address is located 0 bytes to the right of [ 28.521662] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.522757] [ 28.522930] The buggy address belongs to the physical page: [ 28.523427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.523758] flags: 0x200000000000000(node=0|zone=2) [ 28.523917] page_type: f5(slab) [ 28.524033] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.524364] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.524660] page dumped because: kasan: bad access detected [ 28.524870] [ 28.524958] Memory state around the buggy address: [ 28.525176] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.525510] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.525798] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.526073] ^ [ 28.526278] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.526584] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.526817] ================================================================== [ 29.056630] ================================================================== [ 29.057049] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 29.057516] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.057739] [ 29.057814] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.057860] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.057873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.057894] Call Trace: [ 29.057907] <TASK> [ 29.057929] dump_stack_lvl+0x73/0xb0 [ 29.057957] print_report+0xd1/0x610 [ 29.057979] ? __virt_addr_valid+0x1db/0x2d0 [ 29.058002] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.058063] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.058104] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.058125] kasan_report+0x141/0x180 [ 29.058148] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.058175] kasan_check_range+0x10c/0x1c0 [ 29.058199] __kasan_check_write+0x18/0x20 [ 29.058222] kasan_atomics_helper+0x19e3/0x5450 [ 29.058245] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.058267] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.058305] ? kasan_atomics+0x152/0x310 [ 29.058332] kasan_atomics+0x1dc/0x310 [ 29.058354] ? __pfx_kasan_atomics+0x10/0x10 [ 29.058378] ? __pfx_read_tsc+0x10/0x10 [ 29.058399] ? ktime_get_ts64+0x86/0x230 [ 29.058424] kunit_try_run_case+0x1a5/0x480 [ 29.058447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.058469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.058493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.058516] ? __kthread_parkme+0x82/0x180 [ 29.058539] ? preempt_count_sub+0x50/0x80 [ 29.058562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.058586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.058609] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.058633] kthread+0x337/0x6f0 [ 29.058652] ? trace_preempt_on+0x20/0xc0 [ 29.058676] ? __pfx_kthread+0x10/0x10 [ 29.058696] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.058718] ? calculate_sigpending+0x7b/0xa0 [ 29.058741] ? __pfx_kthread+0x10/0x10 [ 29.058764] ret_from_fork+0x116/0x1d0 [ 29.058783] ? __pfx_kthread+0x10/0x10 [ 29.058803] ret_from_fork_asm+0x1a/0x30 [ 29.058836] </TASK> [ 29.058846] [ 29.066958] Allocated by task 314: [ 29.067205] kasan_save_stack+0x45/0x70 [ 29.067631] kasan_save_track+0x18/0x40 [ 29.067851] kasan_save_alloc_info+0x3b/0x50 [ 29.068020] __kasan_kmalloc+0xb7/0xc0 [ 29.068192] __kmalloc_cache_noprof+0x189/0x420 [ 29.068522] kasan_atomics+0x95/0x310 [ 29.068703] kunit_try_run_case+0x1a5/0x480 [ 29.068893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.069162] kthread+0x337/0x6f0 [ 29.069278] ret_from_fork+0x116/0x1d0 [ 29.069415] ret_from_fork_asm+0x1a/0x30 [ 29.069712] [ 29.069832] The buggy address belongs to the object at ffff88810458d180 [ 29.069832] which belongs to the cache kmalloc-64 of size 64 [ 29.070349] The buggy address is located 0 bytes to the right of [ 29.070349] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.070927] [ 29.071012] The buggy address belongs to the physical page: [ 29.071260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.071614] flags: 0x200000000000000(node=0|zone=2) [ 29.071836] page_type: f5(slab) [ 29.071971] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.072342] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.072698] page dumped because: kasan: bad access detected [ 29.072946] [ 29.073034] Memory state around the buggy address: [ 29.073279] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.073690] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.074025] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.074312] ^ [ 29.074592] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.074799] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.075002] ================================================================== [ 29.166915] ================================================================== [ 29.167576] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 29.168469] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.169478] [ 29.169836] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.169888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.169901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.169929] Call Trace: [ 29.169944] <TASK> [ 29.169961] dump_stack_lvl+0x73/0xb0 [ 29.169991] print_report+0xd1/0x610 [ 29.170013] ? __virt_addr_valid+0x1db/0x2d0 [ 29.170035] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.170056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.170148] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.170172] kasan_report+0x141/0x180 [ 29.170195] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.170221] kasan_check_range+0x10c/0x1c0 [ 29.170245] __kasan_check_write+0x18/0x20 [ 29.170298] kasan_atomics_helper+0x1ce1/0x5450 [ 29.170321] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.170344] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.170369] ? kasan_atomics+0x152/0x310 [ 29.170396] kasan_atomics+0x1dc/0x310 [ 29.170418] ? __pfx_kasan_atomics+0x10/0x10 [ 29.170443] ? __pfx_read_tsc+0x10/0x10 [ 29.170463] ? ktime_get_ts64+0x86/0x230 [ 29.170488] kunit_try_run_case+0x1a5/0x480 [ 29.170512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.170534] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.170557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.170581] ? __kthread_parkme+0x82/0x180 [ 29.170605] ? preempt_count_sub+0x50/0x80 [ 29.170628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.170652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.170675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.170699] kthread+0x337/0x6f0 [ 29.170718] ? trace_preempt_on+0x20/0xc0 [ 29.170741] ? __pfx_kthread+0x10/0x10 [ 29.170761] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.170783] ? calculate_sigpending+0x7b/0xa0 [ 29.170807] ? __pfx_kthread+0x10/0x10 [ 29.170829] ret_from_fork+0x116/0x1d0 [ 29.170848] ? __pfx_kthread+0x10/0x10 [ 29.170944] ret_from_fork_asm+0x1a/0x30 [ 29.170989] </TASK> [ 29.171001] [ 29.184028] Allocated by task 314: [ 29.184339] kasan_save_stack+0x45/0x70 [ 29.184482] kasan_save_track+0x18/0x40 [ 29.184612] kasan_save_alloc_info+0x3b/0x50 [ 29.184755] __kasan_kmalloc+0xb7/0xc0 [ 29.184880] __kmalloc_cache_noprof+0x189/0x420 [ 29.185028] kasan_atomics+0x95/0x310 [ 29.185428] kunit_try_run_case+0x1a5/0x480 [ 29.185818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.186348] kthread+0x337/0x6f0 [ 29.186660] ret_from_fork+0x116/0x1d0 [ 29.187041] ret_from_fork_asm+0x1a/0x30 [ 29.187447] [ 29.187624] The buggy address belongs to the object at ffff88810458d180 [ 29.187624] which belongs to the cache kmalloc-64 of size 64 [ 29.188714] The buggy address is located 0 bytes to the right of [ 29.188714] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.189580] [ 29.189650] The buggy address belongs to the physical page: [ 29.189815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.190065] flags: 0x200000000000000(node=0|zone=2) [ 29.190587] page_type: f5(slab) [ 29.190917] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.191592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.192252] page dumped because: kasan: bad access detected [ 29.192758] [ 29.192907] Memory state around the buggy address: [ 29.193193] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.193757] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.194185] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.194725] ^ [ 29.195171] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.195539] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.195750] ================================================================== [ 28.475506] ================================================================== [ 28.475763] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 28.476212] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.476530] [ 28.476604] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.476648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.476660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.476681] Call Trace: [ 28.476712] <TASK> [ 28.476725] dump_stack_lvl+0x73/0xb0 [ 28.476767] print_report+0xd1/0x610 [ 28.476789] ? __virt_addr_valid+0x1db/0x2d0 [ 28.476825] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.476846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.476873] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.476895] kasan_report+0x141/0x180 [ 28.476917] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.476959] __asan_report_load4_noabort+0x18/0x20 [ 28.476984] kasan_atomics_helper+0x4a84/0x5450 [ 28.477034] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.477071] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.477120] ? kasan_atomics+0x152/0x310 [ 28.477159] kasan_atomics+0x1dc/0x310 [ 28.477195] ? __pfx_kasan_atomics+0x10/0x10 [ 28.477245] ? __pfx_read_tsc+0x10/0x10 [ 28.477280] ? ktime_get_ts64+0x86/0x230 [ 28.477318] kunit_try_run_case+0x1a5/0x480 [ 28.477354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.477402] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.477439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.477476] ? __kthread_parkme+0x82/0x180 [ 28.477526] ? preempt_count_sub+0x50/0x80 [ 28.477562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.477599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.477635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.477685] kthread+0x337/0x6f0 [ 28.477718] ? trace_preempt_on+0x20/0xc0 [ 28.477754] ? __pfx_kthread+0x10/0x10 [ 28.477787] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.477822] ? calculate_sigpending+0x7b/0xa0 [ 28.477871] ? __pfx_kthread+0x10/0x10 [ 28.477906] ret_from_fork+0x116/0x1d0 [ 28.477929] ? __pfx_kthread+0x10/0x10 [ 28.477950] ret_from_fork_asm+0x1a/0x30 [ 28.477982] </TASK> [ 28.477993] [ 28.485817] Allocated by task 314: [ 28.485996] kasan_save_stack+0x45/0x70 [ 28.486186] kasan_save_track+0x18/0x40 [ 28.486389] kasan_save_alloc_info+0x3b/0x50 [ 28.486609] __kasan_kmalloc+0xb7/0xc0 [ 28.486785] __kmalloc_cache_noprof+0x189/0x420 [ 28.486978] kasan_atomics+0x95/0x310 [ 28.487169] kunit_try_run_case+0x1a5/0x480 [ 28.487521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.488200] kthread+0x337/0x6f0 [ 28.489099] ret_from_fork+0x116/0x1d0 [ 28.489452] ret_from_fork_asm+0x1a/0x30 [ 28.489895] [ 28.490259] The buggy address belongs to the object at ffff88810458d180 [ 28.490259] which belongs to the cache kmalloc-64 of size 64 [ 28.491453] The buggy address is located 0 bytes to the right of [ 28.491453] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.492030] [ 28.492367] The buggy address belongs to the physical page: [ 28.493156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.494414] flags: 0x200000000000000(node=0|zone=2) [ 28.494712] page_type: f5(slab) [ 28.495150] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.495908] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.496151] page dumped because: kasan: bad access detected [ 28.496675] [ 28.496983] Memory state around the buggy address: [ 28.497670] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.498567] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.499457] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.499685] ^ [ 28.499838] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.500052] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.500272] ================================================================== [ 28.611817] ================================================================== [ 28.612199] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.612775] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.613240] [ 28.613558] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.613635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.613649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.613671] Call Trace: [ 28.613722] <TASK> [ 28.613739] dump_stack_lvl+0x73/0xb0 [ 28.613769] print_report+0xd1/0x610 [ 28.613792] ? __virt_addr_valid+0x1db/0x2d0 [ 28.613816] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.613838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.613864] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.613887] kasan_report+0x141/0x180 [ 28.613909] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.613941] __asan_report_load4_noabort+0x18/0x20 [ 28.613966] kasan_atomics_helper+0x4a36/0x5450 [ 28.613991] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.614013] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.614038] ? kasan_atomics+0x152/0x310 [ 28.614065] kasan_atomics+0x1dc/0x310 [ 28.614099] ? __pfx_kasan_atomics+0x10/0x10 [ 28.614124] ? __pfx_read_tsc+0x10/0x10 [ 28.614145] ? ktime_get_ts64+0x86/0x230 [ 28.614171] kunit_try_run_case+0x1a5/0x480 [ 28.614197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.614222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.614246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.614270] ? __kthread_parkme+0x82/0x180 [ 28.614305] ? preempt_count_sub+0x50/0x80 [ 28.614329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.614353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.614377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.614401] kthread+0x337/0x6f0 [ 28.614421] ? trace_preempt_on+0x20/0xc0 [ 28.614446] ? __pfx_kthread+0x10/0x10 [ 28.614467] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.614490] ? calculate_sigpending+0x7b/0xa0 [ 28.614514] ? __pfx_kthread+0x10/0x10 [ 28.614536] ret_from_fork+0x116/0x1d0 [ 28.614556] ? __pfx_kthread+0x10/0x10 [ 28.614577] ret_from_fork_asm+0x1a/0x30 [ 28.614609] </TASK> [ 28.614621] [ 28.626569] Allocated by task 314: [ 28.626738] kasan_save_stack+0x45/0x70 [ 28.626923] kasan_save_track+0x18/0x40 [ 28.627106] kasan_save_alloc_info+0x3b/0x50 [ 28.627587] __kasan_kmalloc+0xb7/0xc0 [ 28.627756] __kmalloc_cache_noprof+0x189/0x420 [ 28.627950] kasan_atomics+0x95/0x310 [ 28.628128] kunit_try_run_case+0x1a5/0x480 [ 28.628604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.628905] kthread+0x337/0x6f0 [ 28.629060] ret_from_fork+0x116/0x1d0 [ 28.629232] ret_from_fork_asm+0x1a/0x30 [ 28.629777] [ 28.629887] The buggy address belongs to the object at ffff88810458d180 [ 28.629887] which belongs to the cache kmalloc-64 of size 64 [ 28.630617] The buggy address is located 0 bytes to the right of [ 28.630617] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.631641] [ 28.631773] The buggy address belongs to the physical page: [ 28.632216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.632667] flags: 0x200000000000000(node=0|zone=2) [ 28.632888] page_type: f5(slab) [ 28.633040] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.633670] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.633985] page dumped because: kasan: bad access detected [ 28.634219] [ 28.634518] Memory state around the buggy address: [ 28.634851] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.635424] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.635715] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.635996] ^ [ 28.636200] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.636763] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.637259] ================================================================== [ 28.564174] ================================================================== [ 28.564765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.564990] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.565224] [ 28.565434] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.565498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.565511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.565532] Call Trace: [ 28.565558] <TASK> [ 28.565574] dump_stack_lvl+0x73/0xb0 [ 28.565603] print_report+0xd1/0x610 [ 28.565625] ? __virt_addr_valid+0x1db/0x2d0 [ 28.565649] ? kasan_atomics_helper+0xf10/0x5450 [ 28.565682] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.565709] ? kasan_atomics_helper+0xf10/0x5450 [ 28.565732] kasan_report+0x141/0x180 [ 28.565764] ? kasan_atomics_helper+0xf10/0x5450 [ 28.565791] kasan_check_range+0x10c/0x1c0 [ 28.565815] __kasan_check_write+0x18/0x20 [ 28.565839] kasan_atomics_helper+0xf10/0x5450 [ 28.565862] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.565885] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.565909] ? kasan_atomics+0x152/0x310 [ 28.565940] kasan_atomics+0x1dc/0x310 [ 28.565963] ? __pfx_kasan_atomics+0x10/0x10 [ 28.565988] ? __pfx_read_tsc+0x10/0x10 [ 28.566010] ? ktime_get_ts64+0x86/0x230 [ 28.566034] kunit_try_run_case+0x1a5/0x480 [ 28.566058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.566090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.566114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.566138] ? __kthread_parkme+0x82/0x180 [ 28.566163] ? preempt_count_sub+0x50/0x80 [ 28.566187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.566211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.566235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.566259] kthread+0x337/0x6f0 [ 28.566290] ? trace_preempt_on+0x20/0xc0 [ 28.566314] ? __pfx_kthread+0x10/0x10 [ 28.566335] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.566357] ? calculate_sigpending+0x7b/0xa0 [ 28.566391] ? __pfx_kthread+0x10/0x10 [ 28.566412] ret_from_fork+0x116/0x1d0 [ 28.566432] ? __pfx_kthread+0x10/0x10 [ 28.566464] ret_from_fork_asm+0x1a/0x30 [ 28.566496] </TASK> [ 28.566507] [ 28.574351] Allocated by task 314: [ 28.574473] kasan_save_stack+0x45/0x70 [ 28.574666] kasan_save_track+0x18/0x40 [ 28.574847] kasan_save_alloc_info+0x3b/0x50 [ 28.575048] __kasan_kmalloc+0xb7/0xc0 [ 28.575230] __kmalloc_cache_noprof+0x189/0x420 [ 28.575493] kasan_atomics+0x95/0x310 [ 28.575660] kunit_try_run_case+0x1a5/0x480 [ 28.575862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.576072] kthread+0x337/0x6f0 [ 28.576196] ret_from_fork+0x116/0x1d0 [ 28.576321] ret_from_fork_asm+0x1a/0x30 [ 28.576454] [ 28.576517] The buggy address belongs to the object at ffff88810458d180 [ 28.576517] which belongs to the cache kmalloc-64 of size 64 [ 28.576860] The buggy address is located 0 bytes to the right of [ 28.576860] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.577496] [ 28.577608] The buggy address belongs to the physical page: [ 28.577848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.578210] flags: 0x200000000000000(node=0|zone=2) [ 28.579153] page_type: f5(slab) [ 28.579702] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.580045] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.580756] page dumped because: kasan: bad access detected [ 28.581163] [ 28.581257] Memory state around the buggy address: [ 28.581749] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.582016] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.582576] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.583016] ^ [ 28.583466] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.583969] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.584685] ================================================================== [ 28.927326] ================================================================== [ 28.927796] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 28.928137] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.928528] [ 28.928633] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.928703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.928716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.928737] Call Trace: [ 28.928752] <TASK> [ 28.928767] dump_stack_lvl+0x73/0xb0 [ 28.928795] print_report+0xd1/0x610 [ 28.928817] ? __virt_addr_valid+0x1db/0x2d0 [ 28.928840] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.928862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.928888] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.928932] kasan_report+0x141/0x180 [ 28.928955] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.928983] kasan_check_range+0x10c/0x1c0 [ 28.929006] __kasan_check_write+0x18/0x20 [ 28.929029] kasan_atomics_helper+0x15b6/0x5450 [ 28.929053] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.929075] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.929110] ? kasan_atomics+0x152/0x310 [ 28.929136] kasan_atomics+0x1dc/0x310 [ 28.929159] ? __pfx_kasan_atomics+0x10/0x10 [ 28.929184] ? __pfx_read_tsc+0x10/0x10 [ 28.929205] ? ktime_get_ts64+0x86/0x230 [ 28.929230] kunit_try_run_case+0x1a5/0x480 [ 28.929253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.929284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.929327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.929352] ? __kthread_parkme+0x82/0x180 [ 28.929378] ? preempt_count_sub+0x50/0x80 [ 28.929402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.929426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.929450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.929474] kthread+0x337/0x6f0 [ 28.929495] ? trace_preempt_on+0x20/0xc0 [ 28.929517] ? __pfx_kthread+0x10/0x10 [ 28.929539] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.929562] ? calculate_sigpending+0x7b/0xa0 [ 28.929587] ? __pfx_kthread+0x10/0x10 [ 28.929609] ret_from_fork+0x116/0x1d0 [ 28.929628] ? __pfx_kthread+0x10/0x10 [ 28.929650] ret_from_fork_asm+0x1a/0x30 [ 28.929681] </TASK> [ 28.929693] [ 28.936934] Allocated by task 314: [ 28.937186] kasan_save_stack+0x45/0x70 [ 28.937390] kasan_save_track+0x18/0x40 [ 28.937521] kasan_save_alloc_info+0x3b/0x50 [ 28.937664] __kasan_kmalloc+0xb7/0xc0 [ 28.937804] __kmalloc_cache_noprof+0x189/0x420 [ 28.938029] kasan_atomics+0x95/0x310 [ 28.938243] kunit_try_run_case+0x1a5/0x480 [ 28.938463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.938733] kthread+0x337/0x6f0 [ 28.938899] ret_from_fork+0x116/0x1d0 [ 28.939059] ret_from_fork_asm+0x1a/0x30 [ 28.939260] [ 28.939338] The buggy address belongs to the object at ffff88810458d180 [ 28.939338] which belongs to the cache kmalloc-64 of size 64 [ 28.939756] The buggy address is located 0 bytes to the right of [ 28.939756] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.940126] [ 28.940196] The buggy address belongs to the physical page: [ 28.940471] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.940834] flags: 0x200000000000000(node=0|zone=2) [ 28.941058] page_type: f5(slab) [ 28.941228] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.941540] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.941761] page dumped because: kasan: bad access detected [ 28.941934] [ 28.942021] Memory state around the buggy address: [ 28.942250] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.942596] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.942928] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.943248] ^ [ 28.943554] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.943787] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.943992] ================================================================== [ 28.708523] ================================================================== [ 28.709070] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 28.709507] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.710166] [ 28.710274] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.710338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.710350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.710372] Call Trace: [ 28.710386] <TASK> [ 28.710402] dump_stack_lvl+0x73/0xb0 [ 28.710432] print_report+0xd1/0x610 [ 28.710454] ? __virt_addr_valid+0x1db/0x2d0 [ 28.710478] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.710500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.710527] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.710548] kasan_report+0x141/0x180 [ 28.710571] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.710598] __asan_report_load4_noabort+0x18/0x20 [ 28.710915] kasan_atomics_helper+0x4a02/0x5450 [ 28.710940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.710962] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.710988] ? kasan_atomics+0x152/0x310 [ 28.711014] kasan_atomics+0x1dc/0x310 [ 28.711037] ? __pfx_kasan_atomics+0x10/0x10 [ 28.711062] ? __pfx_read_tsc+0x10/0x10 [ 28.711096] ? ktime_get_ts64+0x86/0x230 [ 28.711120] kunit_try_run_case+0x1a5/0x480 [ 28.711144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.711167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.711190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.711216] ? __kthread_parkme+0x82/0x180 [ 28.711240] ? preempt_count_sub+0x50/0x80 [ 28.711263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.711296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.711319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.711343] kthread+0x337/0x6f0 [ 28.711362] ? trace_preempt_on+0x20/0xc0 [ 28.711386] ? __pfx_kthread+0x10/0x10 [ 28.711407] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.711429] ? calculate_sigpending+0x7b/0xa0 [ 28.711452] ? __pfx_kthread+0x10/0x10 [ 28.711474] ret_from_fork+0x116/0x1d0 [ 28.711493] ? __pfx_kthread+0x10/0x10 [ 28.711514] ret_from_fork_asm+0x1a/0x30 [ 28.711545] </TASK> [ 28.711556] [ 28.720779] Allocated by task 314: [ 28.720954] kasan_save_stack+0x45/0x70 [ 28.721128] kasan_save_track+0x18/0x40 [ 28.721614] kasan_save_alloc_info+0x3b/0x50 [ 28.721822] __kasan_kmalloc+0xb7/0xc0 [ 28.722066] __kmalloc_cache_noprof+0x189/0x420 [ 28.722357] kasan_atomics+0x95/0x310 [ 28.722603] kunit_try_run_case+0x1a5/0x480 [ 28.722772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.723021] kthread+0x337/0x6f0 [ 28.723260] ret_from_fork+0x116/0x1d0 [ 28.723394] ret_from_fork_asm+0x1a/0x30 [ 28.723589] [ 28.723676] The buggy address belongs to the object at ffff88810458d180 [ 28.723676] which belongs to the cache kmalloc-64 of size 64 [ 28.724480] The buggy address is located 0 bytes to the right of [ 28.724480] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.725096] [ 28.725253] The buggy address belongs to the physical page: [ 28.725597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.725991] flags: 0x200000000000000(node=0|zone=2) [ 28.726226] page_type: f5(slab) [ 28.726384] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.726865] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.727299] page dumped because: kasan: bad access detected [ 28.727603] [ 28.727692] Memory state around the buggy address: [ 28.727876] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.728194] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.728773] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.729141] ^ [ 28.729313] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.729811] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.730209] ================================================================== [ 28.242131] ================================================================== [ 28.242883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 28.243123] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.243364] [ 28.243670] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.243720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.243733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.243754] Call Trace: [ 28.243770] <TASK> [ 28.243786] dump_stack_lvl+0x73/0xb0 [ 28.243816] print_report+0xd1/0x610 [ 28.243839] ? __virt_addr_valid+0x1db/0x2d0 [ 28.243861] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.243882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.243908] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.243930] kasan_report+0x141/0x180 [ 28.243953] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.243980] kasan_check_range+0x10c/0x1c0 [ 28.244005] __kasan_check_write+0x18/0x20 [ 28.244028] kasan_atomics_helper+0x5fe/0x5450 [ 28.244051] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.244073] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.244109] ? kasan_atomics+0x152/0x310 [ 28.244136] kasan_atomics+0x1dc/0x310 [ 28.244158] ? __pfx_kasan_atomics+0x10/0x10 [ 28.244183] ? __pfx_read_tsc+0x10/0x10 [ 28.244246] ? ktime_get_ts64+0x86/0x230 [ 28.244270] kunit_try_run_case+0x1a5/0x480 [ 28.244466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.244489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.244513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.244538] ? __kthread_parkme+0x82/0x180 [ 28.244562] ? preempt_count_sub+0x50/0x80 [ 28.244585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.244609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.244633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.244657] kthread+0x337/0x6f0 [ 28.244676] ? trace_preempt_on+0x20/0xc0 [ 28.244699] ? __pfx_kthread+0x10/0x10 [ 28.244720] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.244742] ? calculate_sigpending+0x7b/0xa0 [ 28.244766] ? __pfx_kthread+0x10/0x10 [ 28.244788] ret_from_fork+0x116/0x1d0 [ 28.244807] ? __pfx_kthread+0x10/0x10 [ 28.244828] ret_from_fork_asm+0x1a/0x30 [ 28.244861] </TASK> [ 28.244872] [ 28.255148] Allocated by task 314: [ 28.255711] kasan_save_stack+0x45/0x70 [ 28.255927] kasan_save_track+0x18/0x40 [ 28.256117] kasan_save_alloc_info+0x3b/0x50 [ 28.256724] __kasan_kmalloc+0xb7/0xc0 [ 28.256923] __kmalloc_cache_noprof+0x189/0x420 [ 28.257134] kasan_atomics+0x95/0x310 [ 28.257475] kunit_try_run_case+0x1a5/0x480 [ 28.257918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.258599] kthread+0x337/0x6f0 [ 28.258845] ret_from_fork+0x116/0x1d0 [ 28.259158] ret_from_fork_asm+0x1a/0x30 [ 28.259604] [ 28.259698] The buggy address belongs to the object at ffff88810458d180 [ 28.259698] which belongs to the cache kmalloc-64 of size 64 [ 28.260898] The buggy address is located 0 bytes to the right of [ 28.260898] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.261895] [ 28.262151] The buggy address belongs to the physical page: [ 28.262808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.263513] flags: 0x200000000000000(node=0|zone=2) [ 28.263818] page_type: f5(slab) [ 28.264186] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.264840] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.265165] page dumped because: kasan: bad access detected [ 28.265915] [ 28.266184] Memory state around the buggy address: [ 28.266799] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.267306] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.267766] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.268058] ^ [ 28.268224] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.268619] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.269136] ================================================================== [ 28.961929] ================================================================== [ 28.962395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 28.962629] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.962848] [ 28.962924] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.962971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.962983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.963004] Call Trace: [ 28.963018] <TASK> [ 28.963035] dump_stack_lvl+0x73/0xb0 [ 28.963063] print_report+0xd1/0x610 [ 28.963099] ? __virt_addr_valid+0x1db/0x2d0 [ 28.963122] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.963144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.963171] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.963193] kasan_report+0x141/0x180 [ 28.963216] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.963243] kasan_check_range+0x10c/0x1c0 [ 28.963267] __kasan_check_write+0x18/0x20 [ 28.963291] kasan_atomics_helper+0x16e7/0x5450 [ 28.963314] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.963336] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.963361] ? kasan_atomics+0x152/0x310 [ 28.963387] kasan_atomics+0x1dc/0x310 [ 28.963434] ? __pfx_kasan_atomics+0x10/0x10 [ 28.963459] ? __pfx_read_tsc+0x10/0x10 [ 28.963481] ? ktime_get_ts64+0x86/0x230 [ 28.963506] kunit_try_run_case+0x1a5/0x480 [ 28.963530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.963552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.963576] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.963600] ? __kthread_parkme+0x82/0x180 [ 28.963624] ? preempt_count_sub+0x50/0x80 [ 28.963648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.963672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.963696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.963719] kthread+0x337/0x6f0 [ 28.963739] ? trace_preempt_on+0x20/0xc0 [ 28.963763] ? __pfx_kthread+0x10/0x10 [ 28.963783] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.963805] ? calculate_sigpending+0x7b/0xa0 [ 28.963829] ? __pfx_kthread+0x10/0x10 [ 28.963851] ret_from_fork+0x116/0x1d0 [ 28.963870] ? __pfx_kthread+0x10/0x10 [ 28.963891] ret_from_fork_asm+0x1a/0x30 [ 28.963942] </TASK> [ 28.963953] [ 28.971654] Allocated by task 314: [ 28.971849] kasan_save_stack+0x45/0x70 [ 28.971992] kasan_save_track+0x18/0x40 [ 28.972132] kasan_save_alloc_info+0x3b/0x50 [ 28.972275] __kasan_kmalloc+0xb7/0xc0 [ 28.972487] __kmalloc_cache_noprof+0x189/0x420 [ 28.972702] kasan_atomics+0x95/0x310 [ 28.972879] kunit_try_run_case+0x1a5/0x480 [ 28.973088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.973355] kthread+0x337/0x6f0 [ 28.973518] ret_from_fork+0x116/0x1d0 [ 28.973684] ret_from_fork_asm+0x1a/0x30 [ 28.973830] [ 28.973894] The buggy address belongs to the object at ffff88810458d180 [ 28.973894] which belongs to the cache kmalloc-64 of size 64 [ 28.974352] The buggy address is located 0 bytes to the right of [ 28.974352] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.974924] [ 28.975015] The buggy address belongs to the physical page: [ 28.975195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.975658] flags: 0x200000000000000(node=0|zone=2) [ 28.975829] page_type: f5(slab) [ 28.975942] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.976179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.976464] page dumped because: kasan: bad access detected [ 28.976829] [ 28.976939] Memory state around the buggy address: [ 28.977151] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.977362] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.977568] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.977955] ^ [ 28.978182] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.978484] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.978952] ================================================================== [ 29.123124] ================================================================== [ 29.123563] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 29.123911] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.124252] [ 29.124375] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.124424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.124437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.124459] Call Trace: [ 29.124471] <TASK> [ 29.124486] dump_stack_lvl+0x73/0xb0 [ 29.124513] print_report+0xd1/0x610 [ 29.124535] ? __virt_addr_valid+0x1db/0x2d0 [ 29.124557] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.124579] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.124605] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.124627] kasan_report+0x141/0x180 [ 29.124651] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.124678] kasan_check_range+0x10c/0x1c0 [ 29.124702] __kasan_check_write+0x18/0x20 [ 29.124727] kasan_atomics_helper+0x1c18/0x5450 [ 29.124749] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.124772] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.124797] ? kasan_atomics+0x152/0x310 [ 29.124823] kasan_atomics+0x1dc/0x310 [ 29.124846] ? __pfx_kasan_atomics+0x10/0x10 [ 29.124869] ? __pfx_read_tsc+0x10/0x10 [ 29.124891] ? ktime_get_ts64+0x86/0x230 [ 29.124915] kunit_try_run_case+0x1a5/0x480 [ 29.124939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.124961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.124985] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.125009] ? __kthread_parkme+0x82/0x180 [ 29.125033] ? preempt_count_sub+0x50/0x80 [ 29.125056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.125090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.125114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.125138] kthread+0x337/0x6f0 [ 29.125158] ? trace_preempt_on+0x20/0xc0 [ 29.125181] ? __pfx_kthread+0x10/0x10 [ 29.125202] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.125224] ? calculate_sigpending+0x7b/0xa0 [ 29.125247] ? __pfx_kthread+0x10/0x10 [ 29.125288] ret_from_fork+0x116/0x1d0 [ 29.125308] ? __pfx_kthread+0x10/0x10 [ 29.125330] ret_from_fork_asm+0x1a/0x30 [ 29.125362] </TASK> [ 29.125372] [ 29.134641] Allocated by task 314: [ 29.134816] kasan_save_stack+0x45/0x70 [ 29.134966] kasan_save_track+0x18/0x40 [ 29.135110] kasan_save_alloc_info+0x3b/0x50 [ 29.135253] __kasan_kmalloc+0xb7/0xc0 [ 29.136000] __kmalloc_cache_noprof+0x189/0x420 [ 29.136430] kasan_atomics+0x95/0x310 [ 29.136617] kunit_try_run_case+0x1a5/0x480 [ 29.136808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.137037] kthread+0x337/0x6f0 [ 29.137203] ret_from_fork+0x116/0x1d0 [ 29.137370] ret_from_fork_asm+0x1a/0x30 [ 29.137839] [ 29.137926] The buggy address belongs to the object at ffff88810458d180 [ 29.137926] which belongs to the cache kmalloc-64 of size 64 [ 29.138404] The buggy address is located 0 bytes to the right of [ 29.138404] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.139023] [ 29.139103] The buggy address belongs to the physical page: [ 29.139272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.140141] flags: 0x200000000000000(node=0|zone=2) [ 29.140703] page_type: f5(slab) [ 29.141052] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.141783] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.142087] page dumped because: kasan: bad access detected [ 29.142254] [ 29.142330] Memory state around the buggy address: [ 29.142481] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.142690] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.142898] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.143121] ^ [ 29.143346] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.143606] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.143820] ================================================================== [ 28.903419] ================================================================== [ 28.903697] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 28.903940] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.904929] [ 28.905049] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.905880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.905899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.905929] Call Trace: [ 28.905943] <TASK> [ 28.905959] dump_stack_lvl+0x73/0xb0 [ 28.905990] print_report+0xd1/0x610 [ 28.906012] ? __virt_addr_valid+0x1db/0x2d0 [ 28.906035] ? kasan_atomics_helper+0x151d/0x5450 [ 28.906057] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.907115] ? kasan_atomics_helper+0x151d/0x5450 [ 28.907151] kasan_report+0x141/0x180 [ 28.907177] ? kasan_atomics_helper+0x151d/0x5450 [ 28.907206] kasan_check_range+0x10c/0x1c0 [ 28.907231] __kasan_check_write+0x18/0x20 [ 28.907255] kasan_atomics_helper+0x151d/0x5450 [ 28.907278] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.907300] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.907326] ? kasan_atomics+0x152/0x310 [ 28.907354] kasan_atomics+0x1dc/0x310 [ 28.907377] ? __pfx_kasan_atomics+0x10/0x10 [ 28.907402] ? __pfx_read_tsc+0x10/0x10 [ 28.907424] ? ktime_get_ts64+0x86/0x230 [ 28.907448] kunit_try_run_case+0x1a5/0x480 [ 28.907472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.907494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.907517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.907541] ? __kthread_parkme+0x82/0x180 [ 28.907565] ? preempt_count_sub+0x50/0x80 [ 28.907589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.907614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.907636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.907660] kthread+0x337/0x6f0 [ 28.907679] ? trace_preempt_on+0x20/0xc0 [ 28.907702] ? __pfx_kthread+0x10/0x10 [ 28.907723] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.907745] ? calculate_sigpending+0x7b/0xa0 [ 28.907786] ? __pfx_kthread+0x10/0x10 [ 28.907808] ret_from_fork+0x116/0x1d0 [ 28.907829] ? __pfx_kthread+0x10/0x10 [ 28.907851] ret_from_fork_asm+0x1a/0x30 [ 28.907883] </TASK> [ 28.907895] [ 28.917615] Allocated by task 314: [ 28.917766] kasan_save_stack+0x45/0x70 [ 28.917945] kasan_save_track+0x18/0x40 [ 28.918122] kasan_save_alloc_info+0x3b/0x50 [ 28.918675] __kasan_kmalloc+0xb7/0xc0 [ 28.918875] __kmalloc_cache_noprof+0x189/0x420 [ 28.919251] kasan_atomics+0x95/0x310 [ 28.919596] kunit_try_run_case+0x1a5/0x480 [ 28.919791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.920014] kthread+0x337/0x6f0 [ 28.920189] ret_from_fork+0x116/0x1d0 [ 28.920754] ret_from_fork_asm+0x1a/0x30 [ 28.921032] [ 28.921299] The buggy address belongs to the object at ffff88810458d180 [ 28.921299] which belongs to the cache kmalloc-64 of size 64 [ 28.921952] The buggy address is located 0 bytes to the right of [ 28.921952] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.922485] [ 28.922554] The buggy address belongs to the physical page: [ 28.922926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.923223] flags: 0x200000000000000(node=0|zone=2) [ 28.923667] page_type: f5(slab) [ 28.923840] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.924128] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.924468] page dumped because: kasan: bad access detected [ 28.924687] [ 28.924783] Memory state around the buggy address: [ 28.925049] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.925367] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.925679] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.925986] ^ [ 28.926148] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.926434] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.926776] ================================================================== [ 29.364046] ================================================================== [ 29.364555] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 29.364850] Read of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.365155] [ 29.365248] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.365294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.365307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.365328] Call Trace: [ 29.365344] <TASK> [ 29.365359] dump_stack_lvl+0x73/0xb0 [ 29.365388] print_report+0xd1/0x610 [ 29.365410] ? __virt_addr_valid+0x1db/0x2d0 [ 29.365433] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.365454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.365480] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.365502] kasan_report+0x141/0x180 [ 29.365525] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.365551] __asan_report_load8_noabort+0x18/0x20 [ 29.365575] kasan_atomics_helper+0x4fb2/0x5450 [ 29.365599] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.365621] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.365646] ? kasan_atomics+0x152/0x310 [ 29.365672] kasan_atomics+0x1dc/0x310 [ 29.365695] ? __pfx_kasan_atomics+0x10/0x10 [ 29.365719] ? __pfx_read_tsc+0x10/0x10 [ 29.365740] ? ktime_get_ts64+0x86/0x230 [ 29.365764] kunit_try_run_case+0x1a5/0x480 [ 29.365788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.365810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.365834] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.365859] ? __kthread_parkme+0x82/0x180 [ 29.365883] ? preempt_count_sub+0x50/0x80 [ 29.365906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.365936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.365960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.365983] kthread+0x337/0x6f0 [ 29.366003] ? trace_preempt_on+0x20/0xc0 [ 29.366026] ? __pfx_kthread+0x10/0x10 [ 29.366046] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.366068] ? calculate_sigpending+0x7b/0xa0 [ 29.366322] ? __pfx_kthread+0x10/0x10 [ 29.366348] ret_from_fork+0x116/0x1d0 [ 29.366368] ? __pfx_kthread+0x10/0x10 [ 29.366389] ret_from_fork_asm+0x1a/0x30 [ 29.366615] </TASK> [ 29.366634] [ 29.380071] Allocated by task 314: [ 29.380243] kasan_save_stack+0x45/0x70 [ 29.380424] kasan_save_track+0x18/0x40 [ 29.380590] kasan_save_alloc_info+0x3b/0x50 [ 29.380770] __kasan_kmalloc+0xb7/0xc0 [ 29.380936] __kmalloc_cache_noprof+0x189/0x420 [ 29.381633] kasan_atomics+0x95/0x310 [ 29.381926] kunit_try_run_case+0x1a5/0x480 [ 29.382303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.382625] kthread+0x337/0x6f0 [ 29.382937] ret_from_fork+0x116/0x1d0 [ 29.383122] ret_from_fork_asm+0x1a/0x30 [ 29.383577] [ 29.383666] The buggy address belongs to the object at ffff88810458d180 [ 29.383666] which belongs to the cache kmalloc-64 of size 64 [ 29.384416] The buggy address is located 0 bytes to the right of [ 29.384416] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.384914] [ 29.384995] The buggy address belongs to the physical page: [ 29.385218] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.385778] flags: 0x200000000000000(node=0|zone=2) [ 29.385985] page_type: f5(slab) [ 29.386144] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.386956] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.387409] page dumped because: kasan: bad access detected [ 29.387650] [ 29.387731] Memory state around the buggy address: [ 29.387928] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.388217] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.388757] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.389034] ^ [ 29.389673] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.390027] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.390546] ================================================================== [ 29.248270] ================================================================== [ 29.248754] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 29.249386] Write of size 8 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 29.249799] [ 29.250148] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.250203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.250217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.250240] Call Trace: [ 29.250256] <TASK> [ 29.250273] dump_stack_lvl+0x73/0xb0 [ 29.250304] print_report+0xd1/0x610 [ 29.250327] ? __virt_addr_valid+0x1db/0x2d0 [ 29.250350] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.250372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.250399] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.250421] kasan_report+0x141/0x180 [ 29.250445] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.250472] kasan_check_range+0x10c/0x1c0 [ 29.250496] __kasan_check_write+0x18/0x20 [ 29.250520] kasan_atomics_helper+0x1eaa/0x5450 [ 29.250543] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.250565] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.250590] ? kasan_atomics+0x152/0x310 [ 29.250616] kasan_atomics+0x1dc/0x310 [ 29.250639] ? __pfx_kasan_atomics+0x10/0x10 [ 29.250664] ? __pfx_read_tsc+0x10/0x10 [ 29.250685] ? ktime_get_ts64+0x86/0x230 [ 29.250709] kunit_try_run_case+0x1a5/0x480 [ 29.250733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.250755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.250779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.250803] ? __kthread_parkme+0x82/0x180 [ 29.250827] ? preempt_count_sub+0x50/0x80 [ 29.250851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.250875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.250899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.250922] kthread+0x337/0x6f0 [ 29.250941] ? trace_preempt_on+0x20/0xc0 [ 29.250965] ? __pfx_kthread+0x10/0x10 [ 29.250985] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.251007] ? calculate_sigpending+0x7b/0xa0 [ 29.251031] ? __pfx_kthread+0x10/0x10 [ 29.251053] ret_from_fork+0x116/0x1d0 [ 29.251072] ? __pfx_kthread+0x10/0x10 [ 29.251103] ret_from_fork_asm+0x1a/0x30 [ 29.251134] </TASK> [ 29.251145] [ 29.261511] Allocated by task 314: [ 29.261714] kasan_save_stack+0x45/0x70 [ 29.262068] kasan_save_track+0x18/0x40 [ 29.262287] kasan_save_alloc_info+0x3b/0x50 [ 29.262611] __kasan_kmalloc+0xb7/0xc0 [ 29.262799] __kmalloc_cache_noprof+0x189/0x420 [ 29.263008] kasan_atomics+0x95/0x310 [ 29.263195] kunit_try_run_case+0x1a5/0x480 [ 29.263674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.263967] kthread+0x337/0x6f0 [ 29.264171] ret_from_fork+0x116/0x1d0 [ 29.264518] ret_from_fork_asm+0x1a/0x30 [ 29.264739] [ 29.264990] The buggy address belongs to the object at ffff88810458d180 [ 29.264990] which belongs to the cache kmalloc-64 of size 64 [ 29.265588] The buggy address is located 0 bytes to the right of [ 29.265588] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 29.266269] [ 29.266519] The buggy address belongs to the physical page: [ 29.266768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 29.267146] flags: 0x200000000000000(node=0|zone=2) [ 29.267590] page_type: f5(slab) [ 29.267888] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.268380] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.268708] page dumped because: kasan: bad access detected [ 29.269062] [ 29.269169] Memory state around the buggy address: [ 29.269564] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.269894] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.270408] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.270784] ^ [ 29.271105] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.271535] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.271906] ================================================================== [ 28.664619] ================================================================== [ 28.664946] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 28.665593] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.665902] [ 28.666011] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.666342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.666358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.666380] Call Trace: [ 28.666394] <TASK> [ 28.666410] dump_stack_lvl+0x73/0xb0 [ 28.666440] print_report+0xd1/0x610 [ 28.666462] ? __virt_addr_valid+0x1db/0x2d0 [ 28.666485] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.666506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.666533] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.666555] kasan_report+0x141/0x180 [ 28.666578] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.666605] __asan_report_load4_noabort+0x18/0x20 [ 28.666629] kasan_atomics_helper+0x4a1c/0x5450 [ 28.666652] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.666674] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.666699] ? kasan_atomics+0x152/0x310 [ 28.666726] kasan_atomics+0x1dc/0x310 [ 28.666748] ? __pfx_kasan_atomics+0x10/0x10 [ 28.666772] ? __pfx_read_tsc+0x10/0x10 [ 28.666793] ? ktime_get_ts64+0x86/0x230 [ 28.666817] kunit_try_run_case+0x1a5/0x480 [ 28.666841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.666863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.666887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.666911] ? __kthread_parkme+0x82/0x180 [ 28.666935] ? preempt_count_sub+0x50/0x80 [ 28.666959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.666983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.667006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.667030] kthread+0x337/0x6f0 [ 28.667049] ? trace_preempt_on+0x20/0xc0 [ 28.667072] ? __pfx_kthread+0x10/0x10 [ 28.667104] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.667126] ? calculate_sigpending+0x7b/0xa0 [ 28.667150] ? __pfx_kthread+0x10/0x10 [ 28.667171] ret_from_fork+0x116/0x1d0 [ 28.667191] ? __pfx_kthread+0x10/0x10 [ 28.667211] ret_from_fork_asm+0x1a/0x30 [ 28.667243] </TASK> [ 28.667254] [ 28.676573] Allocated by task 314: [ 28.676994] kasan_save_stack+0x45/0x70 [ 28.677202] kasan_save_track+0x18/0x40 [ 28.677414] kasan_save_alloc_info+0x3b/0x50 [ 28.677671] __kasan_kmalloc+0xb7/0xc0 [ 28.677984] __kmalloc_cache_noprof+0x189/0x420 [ 28.678339] kasan_atomics+0x95/0x310 [ 28.678548] kunit_try_run_case+0x1a5/0x480 [ 28.678853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.679192] kthread+0x337/0x6f0 [ 28.679436] ret_from_fork+0x116/0x1d0 [ 28.679734] ret_from_fork_asm+0x1a/0x30 [ 28.679948] [ 28.680041] The buggy address belongs to the object at ffff88810458d180 [ 28.680041] which belongs to the cache kmalloc-64 of size 64 [ 28.680748] The buggy address is located 0 bytes to the right of [ 28.680748] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.681624] [ 28.681786] The buggy address belongs to the physical page: [ 28.682456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.683139] flags: 0x200000000000000(node=0|zone=2) [ 28.683583] page_type: f5(slab) [ 28.683886] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.684338] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.684639] page dumped because: kasan: bad access detected [ 28.684809] [ 28.684878] Memory state around the buggy address: [ 28.685031] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.685401] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.685679] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.685989] ^ [ 28.686228] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.686520] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.686782] ================================================================== [ 28.730878] ================================================================== [ 28.731179] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 28.731637] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.731868] [ 28.731944] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.731989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.732002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.732023] Call Trace: [ 28.732037] <TASK> [ 28.732052] dump_stack_lvl+0x73/0xb0 [ 28.732092] print_report+0xd1/0x610 [ 28.732116] ? __virt_addr_valid+0x1db/0x2d0 [ 28.732139] ? kasan_atomics_helper+0x1217/0x5450 [ 28.732160] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.732187] ? kasan_atomics_helper+0x1217/0x5450 [ 28.732209] kasan_report+0x141/0x180 [ 28.732231] ? kasan_atomics_helper+0x1217/0x5450 [ 28.732258] kasan_check_range+0x10c/0x1c0 [ 28.732518] __kasan_check_write+0x18/0x20 [ 28.732546] kasan_atomics_helper+0x1217/0x5450 [ 28.732569] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.732591] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.732616] ? kasan_atomics+0x152/0x310 [ 28.732642] kasan_atomics+0x1dc/0x310 [ 28.732665] ? __pfx_kasan_atomics+0x10/0x10 [ 28.732689] ? __pfx_read_tsc+0x10/0x10 [ 28.732711] ? ktime_get_ts64+0x86/0x230 [ 28.732735] kunit_try_run_case+0x1a5/0x480 [ 28.732758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.732781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.732804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.732827] ? __kthread_parkme+0x82/0x180 [ 28.732852] ? preempt_count_sub+0x50/0x80 [ 28.732874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.732898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.732921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.732945] kthread+0x337/0x6f0 [ 28.732964] ? trace_preempt_on+0x20/0xc0 [ 28.732990] ? __pfx_kthread+0x10/0x10 [ 28.733014] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.733037] ? calculate_sigpending+0x7b/0xa0 [ 28.733060] ? __pfx_kthread+0x10/0x10 [ 28.733093] ret_from_fork+0x116/0x1d0 [ 28.733114] ? __pfx_kthread+0x10/0x10 [ 28.733135] ret_from_fork_asm+0x1a/0x30 [ 28.733169] </TASK> [ 28.733180] [ 28.742728] Allocated by task 314: [ 28.742909] kasan_save_stack+0x45/0x70 [ 28.743115] kasan_save_track+0x18/0x40 [ 28.743269] kasan_save_alloc_info+0x3b/0x50 [ 28.743745] __kasan_kmalloc+0xb7/0xc0 [ 28.743988] __kmalloc_cache_noprof+0x189/0x420 [ 28.744169] kasan_atomics+0x95/0x310 [ 28.744408] kunit_try_run_case+0x1a5/0x480 [ 28.744791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.745011] kthread+0x337/0x6f0 [ 28.745288] ret_from_fork+0x116/0x1d0 [ 28.745447] ret_from_fork_asm+0x1a/0x30 [ 28.745693] [ 28.745765] The buggy address belongs to the object at ffff88810458d180 [ 28.745765] which belongs to the cache kmalloc-64 of size 64 [ 28.746259] The buggy address is located 0 bytes to the right of [ 28.746259] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.747045] [ 28.747142] The buggy address belongs to the physical page: [ 28.747312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.747783] flags: 0x200000000000000(node=0|zone=2) [ 28.748061] page_type: f5(slab) [ 28.748206] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.748579] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.749035] page dumped because: kasan: bad access detected [ 28.749276] [ 28.749418] Memory state around the buggy address: [ 28.749687] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.749976] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.750273] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.750554] ^ [ 28.750746] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.751033] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.751701] ================================================================== [ 28.142993] ================================================================== [ 28.143632] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 28.144663] Read of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.145232] [ 28.145580] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.145635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.145649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.145670] Call Trace: [ 28.145686] <TASK> [ 28.145703] dump_stack_lvl+0x73/0xb0 [ 28.145735] print_report+0xd1/0x610 [ 28.145759] ? __virt_addr_valid+0x1db/0x2d0 [ 28.145785] ? kasan_atomics_helper+0x3df/0x5450 [ 28.145809] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.145836] ? kasan_atomics_helper+0x3df/0x5450 [ 28.145858] kasan_report+0x141/0x180 [ 28.145881] ? kasan_atomics_helper+0x3df/0x5450 [ 28.145907] kasan_check_range+0x10c/0x1c0 [ 28.145936] __kasan_check_read+0x15/0x20 [ 28.145959] kasan_atomics_helper+0x3df/0x5450 [ 28.145982] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.146004] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.146029] ? kasan_atomics+0x152/0x310 [ 28.146057] kasan_atomics+0x1dc/0x310 [ 28.146092] ? __pfx_kasan_atomics+0x10/0x10 [ 28.146116] ? __pfx_read_tsc+0x10/0x10 [ 28.146137] ? ktime_get_ts64+0x86/0x230 [ 28.146162] kunit_try_run_case+0x1a5/0x480 [ 28.146186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.146209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.146236] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.146261] ? __kthread_parkme+0x82/0x180 [ 28.146286] ? preempt_count_sub+0x50/0x80 [ 28.146310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.146334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.146371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.146394] kthread+0x337/0x6f0 [ 28.146413] ? trace_preempt_on+0x20/0xc0 [ 28.146436] ? __pfx_kthread+0x10/0x10 [ 28.146458] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.146479] ? calculate_sigpending+0x7b/0xa0 [ 28.146503] ? __pfx_kthread+0x10/0x10 [ 28.146683] ret_from_fork+0x116/0x1d0 [ 28.146714] ? __pfx_kthread+0x10/0x10 [ 28.146738] ret_from_fork_asm+0x1a/0x30 [ 28.146770] </TASK> [ 28.146781] [ 28.156452] Allocated by task 314: [ 28.156628] kasan_save_stack+0x45/0x70 [ 28.156823] kasan_save_track+0x18/0x40 [ 28.157024] kasan_save_alloc_info+0x3b/0x50 [ 28.157343] __kasan_kmalloc+0xb7/0xc0 [ 28.157514] __kmalloc_cache_noprof+0x189/0x420 [ 28.157665] kasan_atomics+0x95/0x310 [ 28.157854] kunit_try_run_case+0x1a5/0x480 [ 28.158100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.158561] kthread+0x337/0x6f0 [ 28.158746] ret_from_fork+0x116/0x1d0 [ 28.158919] ret_from_fork_asm+0x1a/0x30 [ 28.159118] [ 28.159207] The buggy address belongs to the object at ffff88810458d180 [ 28.159207] which belongs to the cache kmalloc-64 of size 64 [ 28.159661] The buggy address is located 0 bytes to the right of [ 28.159661] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.160093] [ 28.160171] The buggy address belongs to the physical page: [ 28.160343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.160578] flags: 0x200000000000000(node=0|zone=2) [ 28.160761] page_type: f5(slab) [ 28.160922] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.161406] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.161749] page dumped because: kasan: bad access detected [ 28.162004] [ 28.162096] Memory state around the buggy address: [ 28.162452] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.162738] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.163024] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.163345] ^ [ 28.163503] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.163768] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.164095] ================================================================== [ 28.074536] ================================================================== [ 28.074951] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 28.075226] Write of size 4 at addr ffff88810458d1b0 by task kunit_try_catch/314 [ 28.075821] [ 28.075923] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.075987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.075998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.076030] Call Trace: [ 28.076042] <TASK> [ 28.076056] dump_stack_lvl+0x73/0xb0 [ 28.076093] print_report+0xd1/0x610 [ 28.076114] ? __virt_addr_valid+0x1db/0x2d0 [ 28.076136] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.076157] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.076182] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.076203] kasan_report+0x141/0x180 [ 28.076226] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.076325] __asan_report_store4_noabort+0x1b/0x30 [ 28.076353] kasan_atomics_helper+0x4ba2/0x5450 [ 28.076375] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.076407] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.076431] ? kasan_atomics+0x152/0x310 [ 28.076457] kasan_atomics+0x1dc/0x310 [ 28.076479] ? __pfx_kasan_atomics+0x10/0x10 [ 28.076502] ? __pfx_read_tsc+0x10/0x10 [ 28.076522] ? ktime_get_ts64+0x86/0x230 [ 28.076545] kunit_try_run_case+0x1a5/0x480 [ 28.076568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076590] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.076613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.076635] ? __kthread_parkme+0x82/0x180 [ 28.076658] ? preempt_count_sub+0x50/0x80 [ 28.076680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.076735] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.076758] kthread+0x337/0x6f0 [ 28.076776] ? trace_preempt_on+0x20/0xc0 [ 28.076808] ? __pfx_kthread+0x10/0x10 [ 28.076828] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.076849] ? calculate_sigpending+0x7b/0xa0 [ 28.076872] ? __pfx_kthread+0x10/0x10 [ 28.076892] ret_from_fork+0x116/0x1d0 [ 28.076910] ? __pfx_kthread+0x10/0x10 [ 28.076930] ret_from_fork_asm+0x1a/0x30 [ 28.076960] </TASK> [ 28.076970] [ 28.085186] Allocated by task 314: [ 28.085311] kasan_save_stack+0x45/0x70 [ 28.085446] kasan_save_track+0x18/0x40 [ 28.085578] kasan_save_alloc_info+0x3b/0x50 [ 28.085797] __kasan_kmalloc+0xb7/0xc0 [ 28.085982] __kmalloc_cache_noprof+0x189/0x420 [ 28.086202] kasan_atomics+0x95/0x310 [ 28.086506] kunit_try_run_case+0x1a5/0x480 [ 28.086911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.087106] kthread+0x337/0x6f0 [ 28.087353] ret_from_fork+0x116/0x1d0 [ 28.087564] ret_from_fork_asm+0x1a/0x30 [ 28.087772] [ 28.087859] The buggy address belongs to the object at ffff88810458d180 [ 28.087859] which belongs to the cache kmalloc-64 of size 64 [ 28.088477] The buggy address is located 0 bytes to the right of [ 28.088477] allocated 48-byte region [ffff88810458d180, ffff88810458d1b0) [ 28.088994] [ 28.089110] The buggy address belongs to the physical page: [ 28.089396] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10458d [ 28.089746] flags: 0x200000000000000(node=0|zone=2) [ 28.089951] page_type: f5(slab) [ 28.090128] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.090649] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.090971] page dumped because: kasan: bad access detected [ 28.091219] [ 28.091373] Memory state around the buggy address: [ 28.091570] ffff88810458d080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.091782] ffff88810458d100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.091991] >ffff88810458d180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.092270] ^ [ 28.092502] ffff88810458d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.092862] ffff88810458d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.093218] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 27.925826] ================================================================== [ 27.926326] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.926858] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.927228] [ 27.927305] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.927351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.927362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.927383] Call Trace: [ 27.927395] <TASK> [ 27.927408] dump_stack_lvl+0x73/0xb0 [ 27.927458] print_report+0xd1/0x610 [ 27.927479] ? __virt_addr_valid+0x1db/0x2d0 [ 27.927514] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.927549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.927574] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.927611] kasan_report+0x141/0x180 [ 27.927633] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.927665] kasan_check_range+0x10c/0x1c0 [ 27.927687] __kasan_check_write+0x18/0x20 [ 27.927710] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.927745] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.927772] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.927795] ? trace_hardirqs_on+0x37/0xe0 [ 27.927827] ? kasan_bitops_generic+0x92/0x1c0 [ 27.927853] kasan_bitops_generic+0x121/0x1c0 [ 27.927876] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.927900] ? __pfx_read_tsc+0x10/0x10 [ 27.927921] ? ktime_get_ts64+0x86/0x230 [ 27.927944] kunit_try_run_case+0x1a5/0x480 [ 27.927967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.927988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.928011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.928034] ? __kthread_parkme+0x82/0x180 [ 27.928058] ? preempt_count_sub+0x50/0x80 [ 27.928092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.928115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.928138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.928169] kthread+0x337/0x6f0 [ 27.928187] ? trace_preempt_on+0x20/0xc0 [ 27.928209] ? __pfx_kthread+0x10/0x10 [ 27.928239] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.928259] ? calculate_sigpending+0x7b/0xa0 [ 27.928293] ? __pfx_kthread+0x10/0x10 [ 27.928313] ret_from_fork+0x116/0x1d0 [ 27.928331] ? __pfx_kthread+0x10/0x10 [ 27.928350] ret_from_fork_asm+0x1a/0x30 [ 27.928390] </TASK> [ 27.928400] [ 27.936211] Allocated by task 310: [ 27.936452] kasan_save_stack+0x45/0x70 [ 27.936646] kasan_save_track+0x18/0x40 [ 27.936805] kasan_save_alloc_info+0x3b/0x50 [ 27.937009] __kasan_kmalloc+0xb7/0xc0 [ 27.937203] __kmalloc_cache_noprof+0x189/0x420 [ 27.937436] kasan_bitops_generic+0x92/0x1c0 [ 27.937640] kunit_try_run_case+0x1a5/0x480 [ 27.937841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.938074] kthread+0x337/0x6f0 [ 27.938246] ret_from_fork+0x116/0x1d0 [ 27.938423] ret_from_fork_asm+0x1a/0x30 [ 27.938615] [ 27.938678] The buggy address belongs to the object at ffff8881048d1b00 [ 27.938678] which belongs to the cache kmalloc-16 of size 16 [ 27.939019] The buggy address is located 8 bytes inside of [ 27.939019] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.939529] [ 27.939626] The buggy address belongs to the physical page: [ 27.939841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.940073] flags: 0x200000000000000(node=0|zone=2) [ 27.940234] page_type: f5(slab) [ 27.940347] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.941000] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.941368] page dumped because: kasan: bad access detected [ 27.941635] [ 27.941723] Memory state around the buggy address: [ 27.941963] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.942199] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.942756] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.943046] ^ [ 27.943239] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.943585] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.943874] ================================================================== [ 27.907758] ================================================================== [ 27.908359] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.908728] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.909040] [ 27.909153] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.909198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.909210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.909230] Call Trace: [ 27.909255] <TASK> [ 27.909268] dump_stack_lvl+0x73/0xb0 [ 27.909296] print_report+0xd1/0x610 [ 27.909338] ? __virt_addr_valid+0x1db/0x2d0 [ 27.909360] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.909386] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.909411] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.909448] kasan_report+0x141/0x180 [ 27.909470] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.909502] kasan_check_range+0x10c/0x1c0 [ 27.909535] __kasan_check_write+0x18/0x20 [ 27.909558] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.909585] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.909612] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.909644] ? trace_hardirqs_on+0x37/0xe0 [ 27.909666] ? kasan_bitops_generic+0x92/0x1c0 [ 27.909693] kasan_bitops_generic+0x121/0x1c0 [ 27.909726] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.909749] ? __pfx_read_tsc+0x10/0x10 [ 27.909769] ? ktime_get_ts64+0x86/0x230 [ 27.909801] kunit_try_run_case+0x1a5/0x480 [ 27.909823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.909845] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.909878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.909901] ? __kthread_parkme+0x82/0x180 [ 27.909929] ? preempt_count_sub+0x50/0x80 [ 27.909951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.909983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.910006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.910028] kthread+0x337/0x6f0 [ 27.910057] ? trace_preempt_on+0x20/0xc0 [ 27.910089] ? __pfx_kthread+0x10/0x10 [ 27.910109] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.910129] ? calculate_sigpending+0x7b/0xa0 [ 27.910160] ? __pfx_kthread+0x10/0x10 [ 27.910181] ret_from_fork+0x116/0x1d0 [ 27.910199] ? __pfx_kthread+0x10/0x10 [ 27.910228] ret_from_fork_asm+0x1a/0x30 [ 27.910259] </TASK> [ 27.910269] [ 27.918237] Allocated by task 310: [ 27.918462] kasan_save_stack+0x45/0x70 [ 27.918607] kasan_save_track+0x18/0x40 [ 27.918793] kasan_save_alloc_info+0x3b/0x50 [ 27.919013] __kasan_kmalloc+0xb7/0xc0 [ 27.919178] __kmalloc_cache_noprof+0x189/0x420 [ 27.919402] kasan_bitops_generic+0x92/0x1c0 [ 27.919606] kunit_try_run_case+0x1a5/0x480 [ 27.919797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.919989] kthread+0x337/0x6f0 [ 27.920170] ret_from_fork+0x116/0x1d0 [ 27.920366] ret_from_fork_asm+0x1a/0x30 [ 27.920549] [ 27.920649] The buggy address belongs to the object at ffff8881048d1b00 [ 27.920649] which belongs to the cache kmalloc-16 of size 16 [ 27.921140] The buggy address is located 8 bytes inside of [ 27.921140] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.921632] [ 27.921697] The buggy address belongs to the physical page: [ 27.921860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.922105] flags: 0x200000000000000(node=0|zone=2) [ 27.922258] page_type: f5(slab) [ 27.922412] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.922755] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.923089] page dumped because: kasan: bad access detected [ 27.923372] [ 27.923456] Memory state around the buggy address: [ 27.923648] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.923920] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.924137] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924340] ^ [ 27.924453] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924812] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.925160] ================================================================== [ 27.999587] ================================================================== [ 28.000056] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.000419] Read of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 28.000642] [ 28.000719] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.000765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.000777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.000798] Call Trace: [ 28.000810] <TASK> [ 28.000825] dump_stack_lvl+0x73/0xb0 [ 28.000853] print_report+0xd1/0x610 [ 28.000875] ? __virt_addr_valid+0x1db/0x2d0 [ 28.000897] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.000923] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.000949] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.000975] kasan_report+0x141/0x180 [ 28.000997] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.001028] kasan_check_range+0x10c/0x1c0 [ 28.001051] __kasan_check_read+0x15/0x20 [ 28.001074] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.001111] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.001139] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.001162] ? trace_hardirqs_on+0x37/0xe0 [ 28.001184] ? kasan_bitops_generic+0x92/0x1c0 [ 28.001211] kasan_bitops_generic+0x121/0x1c0 [ 28.001233] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.001257] ? __pfx_read_tsc+0x10/0x10 [ 28.001278] ? ktime_get_ts64+0x86/0x230 [ 28.001301] kunit_try_run_case+0x1a5/0x480 [ 28.001324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.001346] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.001368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.001439] ? __kthread_parkme+0x82/0x180 [ 28.001462] ? preempt_count_sub+0x50/0x80 [ 28.001484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.001519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.001542] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.001564] kthread+0x337/0x6f0 [ 28.001583] ? trace_preempt_on+0x20/0xc0 [ 28.001606] ? __pfx_kthread+0x10/0x10 [ 28.001626] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.001647] ? calculate_sigpending+0x7b/0xa0 [ 28.001669] ? __pfx_kthread+0x10/0x10 [ 28.001690] ret_from_fork+0x116/0x1d0 [ 28.001708] ? __pfx_kthread+0x10/0x10 [ 28.001729] ret_from_fork_asm+0x1a/0x30 [ 28.001759] </TASK> [ 28.001769] [ 28.014161] Allocated by task 310: [ 28.014353] kasan_save_stack+0x45/0x70 [ 28.014750] kasan_save_track+0x18/0x40 [ 28.015132] kasan_save_alloc_info+0x3b/0x50 [ 28.015322] __kasan_kmalloc+0xb7/0xc0 [ 28.015609] __kmalloc_cache_noprof+0x189/0x420 [ 28.015941] kasan_bitops_generic+0x92/0x1c0 [ 28.016094] kunit_try_run_case+0x1a5/0x480 [ 28.016232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.016732] kthread+0x337/0x6f0 [ 28.017044] ret_from_fork+0x116/0x1d0 [ 28.017414] ret_from_fork_asm+0x1a/0x30 [ 28.017787] [ 28.017952] The buggy address belongs to the object at ffff8881048d1b00 [ 28.017952] which belongs to the cache kmalloc-16 of size 16 [ 28.019114] The buggy address is located 8 bytes inside of [ 28.019114] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 28.019744] [ 28.019901] The buggy address belongs to the physical page: [ 28.020409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 28.021071] flags: 0x200000000000000(node=0|zone=2) [ 28.021548] page_type: f5(slab) [ 28.021799] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.022031] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.022260] page dumped because: kasan: bad access detected [ 28.022744] [ 28.022907] Memory state around the buggy address: [ 28.023373] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.023967] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.024585] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.025198] ^ [ 28.025571] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.026058] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.026401] ================================================================== [ 27.882587] ================================================================== [ 27.883076] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.883928] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.884828] [ 27.885051] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.885111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.885124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.885145] Call Trace: [ 27.885159] <TASK> [ 27.885175] dump_stack_lvl+0x73/0xb0 [ 27.885204] print_report+0xd1/0x610 [ 27.885226] ? __virt_addr_valid+0x1db/0x2d0 [ 27.885249] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.885276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.885334] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.885362] kasan_report+0x141/0x180 [ 27.885384] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.885427] kasan_check_range+0x10c/0x1c0 [ 27.885449] __kasan_check_write+0x18/0x20 [ 27.885472] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.885499] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.885527] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.885549] ? trace_hardirqs_on+0x37/0xe0 [ 27.885571] ? kasan_bitops_generic+0x92/0x1c0 [ 27.885598] kasan_bitops_generic+0x121/0x1c0 [ 27.885620] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.885645] ? __pfx_read_tsc+0x10/0x10 [ 27.885667] ? ktime_get_ts64+0x86/0x230 [ 27.885690] kunit_try_run_case+0x1a5/0x480 [ 27.885713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.885734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.885757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.885779] ? __kthread_parkme+0x82/0x180 [ 27.885802] ? preempt_count_sub+0x50/0x80 [ 27.885825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.885847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.885870] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.885893] kthread+0x337/0x6f0 [ 27.885911] ? trace_preempt_on+0x20/0xc0 [ 27.885938] ? __pfx_kthread+0x10/0x10 [ 27.885958] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.885978] ? calculate_sigpending+0x7b/0xa0 [ 27.886001] ? __pfx_kthread+0x10/0x10 [ 27.886022] ret_from_fork+0x116/0x1d0 [ 27.886040] ? __pfx_kthread+0x10/0x10 [ 27.886060] ret_from_fork_asm+0x1a/0x30 [ 27.886099] </TASK> [ 27.886109] [ 27.898751] Allocated by task 310: [ 27.898872] kasan_save_stack+0x45/0x70 [ 27.899008] kasan_save_track+0x18/0x40 [ 27.899145] kasan_save_alloc_info+0x3b/0x50 [ 27.899290] __kasan_kmalloc+0xb7/0xc0 [ 27.899634] __kmalloc_cache_noprof+0x189/0x420 [ 27.900031] kasan_bitops_generic+0x92/0x1c0 [ 27.900416] kunit_try_run_case+0x1a5/0x480 [ 27.900690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.900942] kthread+0x337/0x6f0 [ 27.901266] ret_from_fork+0x116/0x1d0 [ 27.901620] ret_from_fork_asm+0x1a/0x30 [ 27.901804] [ 27.901888] The buggy address belongs to the object at ffff8881048d1b00 [ 27.901888] which belongs to the cache kmalloc-16 of size 16 [ 27.902983] The buggy address is located 8 bytes inside of [ 27.902983] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.903574] [ 27.903640] The buggy address belongs to the physical page: [ 27.903805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.904035] flags: 0x200000000000000(node=0|zone=2) [ 27.904220] page_type: f5(slab) [ 27.904411] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.904691] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.904942] page dumped because: kasan: bad access detected [ 27.905220] [ 27.905319] Memory state around the buggy address: [ 27.905560] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.905839] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.906056] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.906403] ^ [ 27.906575] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.906816] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.907145] ================================================================== [ 27.981695] ================================================================== [ 27.982063] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.982542] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.982881] [ 27.982967] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.983013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.983025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.983046] Call Trace: [ 27.983058] <TASK> [ 27.983070] dump_stack_lvl+0x73/0xb0 [ 27.983110] print_report+0xd1/0x610 [ 27.983133] ? __virt_addr_valid+0x1db/0x2d0 [ 27.983156] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.983182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.983208] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.983234] kasan_report+0x141/0x180 [ 27.983256] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.983298] kasan_check_range+0x10c/0x1c0 [ 27.983321] __kasan_check_write+0x18/0x20 [ 27.983343] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.983371] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.983398] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.983421] ? trace_hardirqs_on+0x37/0xe0 [ 27.983443] ? kasan_bitops_generic+0x92/0x1c0 [ 27.983471] kasan_bitops_generic+0x121/0x1c0 [ 27.983493] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.983518] ? __pfx_read_tsc+0x10/0x10 [ 27.983538] ? ktime_get_ts64+0x86/0x230 [ 27.983561] kunit_try_run_case+0x1a5/0x480 [ 27.983584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.983606] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.983628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.983651] ? __kthread_parkme+0x82/0x180 [ 27.983675] ? preempt_count_sub+0x50/0x80 [ 27.983698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.983721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.983743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.983765] kthread+0x337/0x6f0 [ 27.983783] ? trace_preempt_on+0x20/0xc0 [ 27.983805] ? __pfx_kthread+0x10/0x10 [ 27.983825] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.983846] ? calculate_sigpending+0x7b/0xa0 [ 27.983868] ? __pfx_kthread+0x10/0x10 [ 27.983889] ret_from_fork+0x116/0x1d0 [ 27.983907] ? __pfx_kthread+0x10/0x10 [ 27.983927] ret_from_fork_asm+0x1a/0x30 [ 27.983959] </TASK> [ 27.983968] [ 27.991572] Allocated by task 310: [ 27.991744] kasan_save_stack+0x45/0x70 [ 27.991897] kasan_save_track+0x18/0x40 [ 27.992103] kasan_save_alloc_info+0x3b/0x50 [ 27.992275] __kasan_kmalloc+0xb7/0xc0 [ 27.992462] __kmalloc_cache_noprof+0x189/0x420 [ 27.992674] kasan_bitops_generic+0x92/0x1c0 [ 27.992869] kunit_try_run_case+0x1a5/0x480 [ 27.993004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.993176] kthread+0x337/0x6f0 [ 27.993310] ret_from_fork+0x116/0x1d0 [ 27.993507] ret_from_fork_asm+0x1a/0x30 [ 27.993692] [ 27.993775] The buggy address belongs to the object at ffff8881048d1b00 [ 27.993775] which belongs to the cache kmalloc-16 of size 16 [ 27.994292] The buggy address is located 8 bytes inside of [ 27.994292] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.994756] [ 27.994819] The buggy address belongs to the physical page: [ 27.994989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.995384] flags: 0x200000000000000(node=0|zone=2) [ 27.995634] page_type: f5(slab) [ 27.995817] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.996130] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.996527] page dumped because: kasan: bad access detected [ 27.996740] [ 27.996831] Memory state around the buggy address: [ 27.997033] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.997332] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.997615] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.997893] ^ [ 27.998063] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.998393] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.998705] ================================================================== [ 28.027138] ================================================================== [ 28.028027] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.028975] Read of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 28.029819] [ 28.030018] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 28.030066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.030087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.030108] Call Trace: [ 28.030120] <TASK> [ 28.030134] dump_stack_lvl+0x73/0xb0 [ 28.030164] print_report+0xd1/0x610 [ 28.030195] ? __virt_addr_valid+0x1db/0x2d0 [ 28.030218] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.030243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.030280] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.030309] kasan_report+0x141/0x180 [ 28.030331] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.030362] __asan_report_load8_noabort+0x18/0x20 [ 28.030387] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.030413] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.030441] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.030464] ? trace_hardirqs_on+0x37/0xe0 [ 28.030487] ? kasan_bitops_generic+0x92/0x1c0 [ 28.030514] kasan_bitops_generic+0x121/0x1c0 [ 28.030537] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.030561] ? __pfx_read_tsc+0x10/0x10 [ 28.030580] ? ktime_get_ts64+0x86/0x230 [ 28.030604] kunit_try_run_case+0x1a5/0x480 [ 28.030627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.030648] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.030671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.030694] ? __kthread_parkme+0x82/0x180 [ 28.030716] ? preempt_count_sub+0x50/0x80 [ 28.030740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.030763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.030785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.030807] kthread+0x337/0x6f0 [ 28.030826] ? trace_preempt_on+0x20/0xc0 [ 28.030847] ? __pfx_kthread+0x10/0x10 [ 28.030868] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.030888] ? calculate_sigpending+0x7b/0xa0 [ 28.030910] ? __pfx_kthread+0x10/0x10 [ 28.030931] ret_from_fork+0x116/0x1d0 [ 28.030949] ? __pfx_kthread+0x10/0x10 [ 28.030969] ret_from_fork_asm+0x1a/0x30 [ 28.030999] </TASK> [ 28.031009] [ 28.039661] Allocated by task 310: [ 28.039860] kasan_save_stack+0x45/0x70 [ 28.040091] kasan_save_track+0x18/0x40 [ 28.040258] kasan_save_alloc_info+0x3b/0x50 [ 28.040400] __kasan_kmalloc+0xb7/0xc0 [ 28.040590] __kmalloc_cache_noprof+0x189/0x420 [ 28.040838] kasan_bitops_generic+0x92/0x1c0 [ 28.041026] kunit_try_run_case+0x1a5/0x480 [ 28.041195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.041363] kthread+0x337/0x6f0 [ 28.041499] ret_from_fork+0x116/0x1d0 [ 28.041702] ret_from_fork_asm+0x1a/0x30 [ 28.041891] [ 28.042009] The buggy address belongs to the object at ffff8881048d1b00 [ 28.042009] which belongs to the cache kmalloc-16 of size 16 [ 28.042647] The buggy address is located 8 bytes inside of [ 28.042647] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 28.043153] [ 28.043241] The buggy address belongs to the physical page: [ 28.043488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 28.043819] flags: 0x200000000000000(node=0|zone=2) [ 28.044043] page_type: f5(slab) [ 28.044216] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.044569] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.044894] page dumped because: kasan: bad access detected [ 28.045127] [ 28.045214] Memory state around the buggy address: [ 28.045448] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.045718] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.045985] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.046266] ^ [ 28.046457] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.046769] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.046977] ================================================================== [ 27.962589] ================================================================== [ 27.963383] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.963793] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.964149] [ 27.964228] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.964289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.964300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.964321] Call Trace: [ 27.964336] <TASK> [ 27.964349] dump_stack_lvl+0x73/0xb0 [ 27.964389] print_report+0xd1/0x610 [ 27.964410] ? __virt_addr_valid+0x1db/0x2d0 [ 27.964446] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.964472] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.964498] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.964535] kasan_report+0x141/0x180 [ 27.964557] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.964588] kasan_check_range+0x10c/0x1c0 [ 27.964611] __kasan_check_write+0x18/0x20 [ 27.964633] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.964661] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.964688] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.964711] ? trace_hardirqs_on+0x37/0xe0 [ 27.964733] ? kasan_bitops_generic+0x92/0x1c0 [ 27.964760] kasan_bitops_generic+0x121/0x1c0 [ 27.964783] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.964807] ? __pfx_read_tsc+0x10/0x10 [ 27.964827] ? ktime_get_ts64+0x86/0x230 [ 27.964850] kunit_try_run_case+0x1a5/0x480 [ 27.964883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.964905] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.964929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.964962] ? __kthread_parkme+0x82/0x180 [ 27.964985] ? preempt_count_sub+0x50/0x80 [ 27.965007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.965038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.965060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.965099] kthread+0x337/0x6f0 [ 27.965118] ? trace_preempt_on+0x20/0xc0 [ 27.965140] ? __pfx_kthread+0x10/0x10 [ 27.965160] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.965182] ? calculate_sigpending+0x7b/0xa0 [ 27.965213] ? __pfx_kthread+0x10/0x10 [ 27.965234] ret_from_fork+0x116/0x1d0 [ 27.965252] ? __pfx_kthread+0x10/0x10 [ 27.965271] ret_from_fork_asm+0x1a/0x30 [ 27.965321] </TASK> [ 27.965331] [ 27.973482] Allocated by task 310: [ 27.973630] kasan_save_stack+0x45/0x70 [ 27.973821] kasan_save_track+0x18/0x40 [ 27.973990] kasan_save_alloc_info+0x3b/0x50 [ 27.974188] __kasan_kmalloc+0xb7/0xc0 [ 27.974396] __kmalloc_cache_noprof+0x189/0x420 [ 27.974600] kasan_bitops_generic+0x92/0x1c0 [ 27.974778] kunit_try_run_case+0x1a5/0x480 [ 27.974915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.975201] kthread+0x337/0x6f0 [ 27.975400] ret_from_fork+0x116/0x1d0 [ 27.975577] ret_from_fork_asm+0x1a/0x30 [ 27.975752] [ 27.975837] The buggy address belongs to the object at ffff8881048d1b00 [ 27.975837] which belongs to the cache kmalloc-16 of size 16 [ 27.976343] The buggy address is located 8 bytes inside of [ 27.976343] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.976677] [ 27.976738] The buggy address belongs to the physical page: [ 27.976896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.977149] flags: 0x200000000000000(node=0|zone=2) [ 27.977389] page_type: f5(slab) [ 27.977547] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.978128] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.978341] page dumped because: kasan: bad access detected [ 27.978498] [ 27.978557] Memory state around the buggy address: [ 27.978696] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.979151] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.979487] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.979824] ^ [ 27.980013] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.980543] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.980886] ================================================================== [ 27.857327] ================================================================== [ 27.858008] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.858433] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.858732] [ 27.858814] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.858859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.858871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.858891] Call Trace: [ 27.858904] <TASK> [ 27.858917] dump_stack_lvl+0x73/0xb0 [ 27.858945] print_report+0xd1/0x610 [ 27.858967] ? __virt_addr_valid+0x1db/0x2d0 [ 27.858989] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.859015] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.859040] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.859067] kasan_report+0x141/0x180 [ 27.859103] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.859134] kasan_check_range+0x10c/0x1c0 [ 27.859157] __kasan_check_write+0x18/0x20 [ 27.859180] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.859209] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.859239] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.859262] ? trace_hardirqs_on+0x37/0xe0 [ 27.859284] ? kasan_bitops_generic+0x92/0x1c0 [ 27.859311] kasan_bitops_generic+0x121/0x1c0 [ 27.859334] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.859358] ? __pfx_read_tsc+0x10/0x10 [ 27.859379] ? ktime_get_ts64+0x86/0x230 [ 27.859402] kunit_try_run_case+0x1a5/0x480 [ 27.859426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.859448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.859471] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.859494] ? __kthread_parkme+0x82/0x180 [ 27.859517] ? preempt_count_sub+0x50/0x80 [ 27.859540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.859562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.859585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.859607] kthread+0x337/0x6f0 [ 27.859625] ? trace_preempt_on+0x20/0xc0 [ 27.859647] ? __pfx_kthread+0x10/0x10 [ 27.859667] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.859688] ? calculate_sigpending+0x7b/0xa0 [ 27.859710] ? __pfx_kthread+0x10/0x10 [ 27.859751] ret_from_fork+0x116/0x1d0 [ 27.859769] ? __pfx_kthread+0x10/0x10 [ 27.859789] ret_from_fork_asm+0x1a/0x30 [ 27.859820] </TASK> [ 27.859831] [ 27.871561] Allocated by task 310: [ 27.871748] kasan_save_stack+0x45/0x70 [ 27.871936] kasan_save_track+0x18/0x40 [ 27.872066] kasan_save_alloc_info+0x3b/0x50 [ 27.872283] __kasan_kmalloc+0xb7/0xc0 [ 27.872480] __kmalloc_cache_noprof+0x189/0x420 [ 27.872680] kasan_bitops_generic+0x92/0x1c0 [ 27.872821] kunit_try_run_case+0x1a5/0x480 [ 27.872958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.873143] kthread+0x337/0x6f0 [ 27.873274] ret_from_fork+0x116/0x1d0 [ 27.873452] ret_from_fork_asm+0x1a/0x30 [ 27.873640] [ 27.873725] The buggy address belongs to the object at ffff8881048d1b00 [ 27.873725] which belongs to the cache kmalloc-16 of size 16 [ 27.874253] The buggy address is located 8 bytes inside of [ 27.874253] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.874709] [ 27.874787] The buggy address belongs to the physical page: [ 27.875002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.875786] flags: 0x200000000000000(node=0|zone=2) [ 27.875953] page_type: f5(slab) [ 27.876068] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.877179] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.877771] page dumped because: kasan: bad access detected [ 27.878017] [ 27.878117] Memory state around the buggy address: [ 27.878575] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.879062] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.879533] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.879828] ^ [ 27.879983] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.880535] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.881037] ================================================================== [ 27.944449] ================================================================== [ 27.945069] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.945525] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.945817] [ 27.945898] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.945956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.945967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.945999] Call Trace: [ 27.946012] <TASK> [ 27.946025] dump_stack_lvl+0x73/0xb0 [ 27.946053] print_report+0xd1/0x610 [ 27.946105] ? __virt_addr_valid+0x1db/0x2d0 [ 27.946127] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.946152] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.946177] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.946204] kasan_report+0x141/0x180 [ 27.946226] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.946258] kasan_check_range+0x10c/0x1c0 [ 27.946292] __kasan_check_write+0x18/0x20 [ 27.946314] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.946341] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.946369] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.946391] ? trace_hardirqs_on+0x37/0xe0 [ 27.946414] ? kasan_bitops_generic+0x92/0x1c0 [ 27.946441] kasan_bitops_generic+0x121/0x1c0 [ 27.946463] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.946488] ? __pfx_read_tsc+0x10/0x10 [ 27.946508] ? ktime_get_ts64+0x86/0x230 [ 27.946532] kunit_try_run_case+0x1a5/0x480 [ 27.946555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.946576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.946599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.946622] ? __kthread_parkme+0x82/0x180 [ 27.946646] ? preempt_count_sub+0x50/0x80 [ 27.946668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.946691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.946714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.946737] kthread+0x337/0x6f0 [ 27.946755] ? trace_preempt_on+0x20/0xc0 [ 27.946776] ? __pfx_kthread+0x10/0x10 [ 27.946796] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.946816] ? calculate_sigpending+0x7b/0xa0 [ 27.946838] ? __pfx_kthread+0x10/0x10 [ 27.946859] ret_from_fork+0x116/0x1d0 [ 27.946877] ? __pfx_kthread+0x10/0x10 [ 27.946897] ret_from_fork_asm+0x1a/0x30 [ 27.946927] </TASK> [ 27.946937] [ 27.954976] Allocated by task 310: [ 27.955119] kasan_save_stack+0x45/0x70 [ 27.955335] kasan_save_track+0x18/0x40 [ 27.955517] kasan_save_alloc_info+0x3b/0x50 [ 27.955716] __kasan_kmalloc+0xb7/0xc0 [ 27.955893] __kmalloc_cache_noprof+0x189/0x420 [ 27.956111] kasan_bitops_generic+0x92/0x1c0 [ 27.956344] kunit_try_run_case+0x1a5/0x480 [ 27.956551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.956793] kthread+0x337/0x6f0 [ 27.956951] ret_from_fork+0x116/0x1d0 [ 27.957090] ret_from_fork_asm+0x1a/0x30 [ 27.957222] [ 27.957284] The buggy address belongs to the object at ffff8881048d1b00 [ 27.957284] which belongs to the cache kmalloc-16 of size 16 [ 27.958225] The buggy address is located 8 bytes inside of [ 27.958225] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.958586] [ 27.958648] The buggy address belongs to the physical page: [ 27.958900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.959246] flags: 0x200000000000000(node=0|zone=2) [ 27.959426] page_type: f5(slab) [ 27.959537] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.959752] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.960052] page dumped because: kasan: bad access detected [ 27.960332] [ 27.960425] Memory state around the buggy address: [ 27.960654] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.960968] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.961257] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.961513] ^ [ 27.961625] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.961822] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.962027] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.688276] ================================================================== [ 27.688627] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.689571] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.689904] [ 27.689993] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.690040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.690052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.690072] Call Trace: [ 27.690100] <TASK> [ 27.690114] dump_stack_lvl+0x73/0xb0 [ 27.690143] print_report+0xd1/0x610 [ 27.690165] ? __virt_addr_valid+0x1db/0x2d0 [ 27.690187] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.690211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.690236] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.690267] kasan_report+0x141/0x180 [ 27.690289] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.690318] kasan_check_range+0x10c/0x1c0 [ 27.690341] __kasan_check_write+0x18/0x20 [ 27.690363] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.690387] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.690412] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.690435] ? trace_hardirqs_on+0x37/0xe0 [ 27.690457] ? kasan_bitops_generic+0x92/0x1c0 [ 27.690484] kasan_bitops_generic+0x116/0x1c0 [ 27.690506] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.690530] ? __pfx_read_tsc+0x10/0x10 [ 27.690550] ? ktime_get_ts64+0x86/0x230 [ 27.690573] kunit_try_run_case+0x1a5/0x480 [ 27.690595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.690617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.690641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.690664] ? __kthread_parkme+0x82/0x180 [ 27.690688] ? preempt_count_sub+0x50/0x80 [ 27.690711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.690734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.690756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.690779] kthread+0x337/0x6f0 [ 27.690797] ? trace_preempt_on+0x20/0xc0 [ 27.690819] ? __pfx_kthread+0x10/0x10 [ 27.690839] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.690860] ? calculate_sigpending+0x7b/0xa0 [ 27.690882] ? __pfx_kthread+0x10/0x10 [ 27.690903] ret_from_fork+0x116/0x1d0 [ 27.690921] ? __pfx_kthread+0x10/0x10 [ 27.690941] ret_from_fork_asm+0x1a/0x30 [ 27.690972] </TASK> [ 27.690983] [ 27.705042] Allocated by task 310: [ 27.705194] kasan_save_stack+0x45/0x70 [ 27.705517] kasan_save_track+0x18/0x40 [ 27.705987] kasan_save_alloc_info+0x3b/0x50 [ 27.706422] __kasan_kmalloc+0xb7/0xc0 [ 27.706684] __kmalloc_cache_noprof+0x189/0x420 [ 27.707044] kasan_bitops_generic+0x92/0x1c0 [ 27.707198] kunit_try_run_case+0x1a5/0x480 [ 27.707376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.707915] kthread+0x337/0x6f0 [ 27.708248] ret_from_fork+0x116/0x1d0 [ 27.708640] ret_from_fork_asm+0x1a/0x30 [ 27.709026] [ 27.709228] The buggy address belongs to the object at ffff8881048d1b00 [ 27.709228] which belongs to the cache kmalloc-16 of size 16 [ 27.709833] The buggy address is located 8 bytes inside of [ 27.709833] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.710196] [ 27.710261] The buggy address belongs to the physical page: [ 27.710812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.711536] flags: 0x200000000000000(node=0|zone=2) [ 27.712113] page_type: f5(slab) [ 27.712444] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.713112] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.714022] page dumped because: kasan: bad access detected [ 27.714430] [ 27.714495] Memory state around the buggy address: [ 27.714644] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.714852] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.715060] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.715392] ^ [ 27.715549] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.715918] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.716220] ================================================================== [ 27.768807] ================================================================== [ 27.769304] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.769679] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.770256] [ 27.770387] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.770519] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.770531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.770552] Call Trace: [ 27.770567] <TASK> [ 27.770581] dump_stack_lvl+0x73/0xb0 [ 27.770610] print_report+0xd1/0x610 [ 27.770632] ? __virt_addr_valid+0x1db/0x2d0 [ 27.770654] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.770678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.770703] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.770727] kasan_report+0x141/0x180 [ 27.770749] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.770778] kasan_check_range+0x10c/0x1c0 [ 27.770800] __kasan_check_write+0x18/0x20 [ 27.770822] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.770847] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.770872] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.770895] ? trace_hardirqs_on+0x37/0xe0 [ 27.770917] ? kasan_bitops_generic+0x92/0x1c0 [ 27.770943] kasan_bitops_generic+0x116/0x1c0 [ 27.770966] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.770990] ? __pfx_read_tsc+0x10/0x10 [ 27.771009] ? ktime_get_ts64+0x86/0x230 [ 27.771033] kunit_try_run_case+0x1a5/0x480 [ 27.771056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.771090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.771112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.771135] ? __kthread_parkme+0x82/0x180 [ 27.771158] ? preempt_count_sub+0x50/0x80 [ 27.771181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.771205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.771227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.771250] kthread+0x337/0x6f0 [ 27.771268] ? trace_preempt_on+0x20/0xc0 [ 27.771308] ? __pfx_kthread+0x10/0x10 [ 27.771327] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.771348] ? calculate_sigpending+0x7b/0xa0 [ 27.771370] ? __pfx_kthread+0x10/0x10 [ 27.771391] ret_from_fork+0x116/0x1d0 [ 27.771409] ? __pfx_kthread+0x10/0x10 [ 27.771428] ret_from_fork_asm+0x1a/0x30 [ 27.771461] </TASK> [ 27.771472] [ 27.781893] Allocated by task 310: [ 27.782066] kasan_save_stack+0x45/0x70 [ 27.782269] kasan_save_track+0x18/0x40 [ 27.782733] kasan_save_alloc_info+0x3b/0x50 [ 27.783064] __kasan_kmalloc+0xb7/0xc0 [ 27.783522] __kmalloc_cache_noprof+0x189/0x420 [ 27.783802] kasan_bitops_generic+0x92/0x1c0 [ 27.784123] kunit_try_run_case+0x1a5/0x480 [ 27.784541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.784836] kthread+0x337/0x6f0 [ 27.785125] ret_from_fork+0x116/0x1d0 [ 27.785460] ret_from_fork_asm+0x1a/0x30 [ 27.785650] [ 27.785734] The buggy address belongs to the object at ffff8881048d1b00 [ 27.785734] which belongs to the cache kmalloc-16 of size 16 [ 27.786224] The buggy address is located 8 bytes inside of [ 27.786224] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.787400] [ 27.787486] The buggy address belongs to the physical page: [ 27.788034] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.788603] flags: 0x200000000000000(node=0|zone=2) [ 27.789010] page_type: f5(slab) [ 27.789190] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.790008] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.790500] page dumped because: kasan: bad access detected [ 27.790925] [ 27.791016] Memory state around the buggy address: [ 27.791381] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.791673] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.791960] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.792493] ^ [ 27.792632] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.792923] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.793221] ================================================================== [ 27.663947] ================================================================== [ 27.664572] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.664901] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.665201] [ 27.665293] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.665342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.665355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.665376] Call Trace: [ 27.665389] <TASK> [ 27.665403] dump_stack_lvl+0x73/0xb0 [ 27.665432] print_report+0xd1/0x610 [ 27.665454] ? __virt_addr_valid+0x1db/0x2d0 [ 27.665476] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.665500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.665525] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.665550] kasan_report+0x141/0x180 [ 27.665571] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.665600] kasan_check_range+0x10c/0x1c0 [ 27.665623] __kasan_check_write+0x18/0x20 [ 27.665645] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.665670] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.665696] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.665719] ? trace_hardirqs_on+0x37/0xe0 [ 27.665742] ? kasan_bitops_generic+0x92/0x1c0 [ 27.665770] kasan_bitops_generic+0x116/0x1c0 [ 27.665793] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.665818] ? __pfx_read_tsc+0x10/0x10 [ 27.665838] ? ktime_get_ts64+0x86/0x230 [ 27.665861] kunit_try_run_case+0x1a5/0x480 [ 27.665884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.665906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.665937] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.665960] ? __kthread_parkme+0x82/0x180 [ 27.665983] ? preempt_count_sub+0x50/0x80 [ 27.666006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.666029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.666052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.666074] kthread+0x337/0x6f0 [ 27.666165] ? trace_preempt_on+0x20/0xc0 [ 27.666189] ? __pfx_kthread+0x10/0x10 [ 27.666210] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.666231] ? calculate_sigpending+0x7b/0xa0 [ 27.666294] ? __pfx_kthread+0x10/0x10 [ 27.666315] ret_from_fork+0x116/0x1d0 [ 27.666334] ? __pfx_kthread+0x10/0x10 [ 27.666354] ret_from_fork_asm+0x1a/0x30 [ 27.666386] </TASK> [ 27.666396] [ 27.675045] Allocated by task 310: [ 27.675760] kasan_save_stack+0x45/0x70 [ 27.675944] kasan_save_track+0x18/0x40 [ 27.676122] kasan_save_alloc_info+0x3b/0x50 [ 27.676669] __kasan_kmalloc+0xb7/0xc0 [ 27.676852] __kmalloc_cache_noprof+0x189/0x420 [ 27.677001] kasan_bitops_generic+0x92/0x1c0 [ 27.677539] kunit_try_run_case+0x1a5/0x480 [ 27.677844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.678180] kthread+0x337/0x6f0 [ 27.678551] ret_from_fork+0x116/0x1d0 [ 27.678725] ret_from_fork_asm+0x1a/0x30 [ 27.678903] [ 27.678976] The buggy address belongs to the object at ffff8881048d1b00 [ 27.678976] which belongs to the cache kmalloc-16 of size 16 [ 27.679889] The buggy address is located 8 bytes inside of [ 27.679889] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.680627] [ 27.680733] The buggy address belongs to the physical page: [ 27.681201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.681790] flags: 0x200000000000000(node=0|zone=2) [ 27.682111] page_type: f5(slab) [ 27.682281] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.682907] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.683390] page dumped because: kasan: bad access detected [ 27.683717] [ 27.683813] Memory state around the buggy address: [ 27.684209] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.684648] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.685061] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.685470] ^ [ 27.685650] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.685932] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.686244] ================================================================== [ 27.718646] ================================================================== [ 27.719497] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.719926] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.720263] [ 27.720714] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.720769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.720781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.720801] Call Trace: [ 27.720815] <TASK> [ 27.720831] dump_stack_lvl+0x73/0xb0 [ 27.720862] print_report+0xd1/0x610 [ 27.720884] ? __virt_addr_valid+0x1db/0x2d0 [ 27.720908] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.720932] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.720958] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.720982] kasan_report+0x141/0x180 [ 27.721003] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.721033] kasan_check_range+0x10c/0x1c0 [ 27.721057] __kasan_check_write+0x18/0x20 [ 27.721092] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.721118] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.721143] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.721166] ? trace_hardirqs_on+0x37/0xe0 [ 27.721189] ? kasan_bitops_generic+0x92/0x1c0 [ 27.721216] kasan_bitops_generic+0x116/0x1c0 [ 27.721238] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.721262] ? __pfx_read_tsc+0x10/0x10 [ 27.721360] ? ktime_get_ts64+0x86/0x230 [ 27.721387] kunit_try_run_case+0x1a5/0x480 [ 27.721412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.721433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.721457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.721479] ? __kthread_parkme+0x82/0x180 [ 27.721502] ? preempt_count_sub+0x50/0x80 [ 27.721525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.721548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.721571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.721594] kthread+0x337/0x6f0 [ 27.721612] ? trace_preempt_on+0x20/0xc0 [ 27.721634] ? __pfx_kthread+0x10/0x10 [ 27.721654] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.721675] ? calculate_sigpending+0x7b/0xa0 [ 27.721698] ? __pfx_kthread+0x10/0x10 [ 27.721719] ret_from_fork+0x116/0x1d0 [ 27.721737] ? __pfx_kthread+0x10/0x10 [ 27.721757] ret_from_fork_asm+0x1a/0x30 [ 27.721788] </TASK> [ 27.721798] [ 27.732590] Allocated by task 310: [ 27.732782] kasan_save_stack+0x45/0x70 [ 27.733095] kasan_save_track+0x18/0x40 [ 27.733335] kasan_save_alloc_info+0x3b/0x50 [ 27.733656] __kasan_kmalloc+0xb7/0xc0 [ 27.733855] __kmalloc_cache_noprof+0x189/0x420 [ 27.734175] kasan_bitops_generic+0x92/0x1c0 [ 27.734468] kunit_try_run_case+0x1a5/0x480 [ 27.734784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.735038] kthread+0x337/0x6f0 [ 27.735205] ret_from_fork+0x116/0x1d0 [ 27.735562] ret_from_fork_asm+0x1a/0x30 [ 27.735915] [ 27.736006] The buggy address belongs to the object at ffff8881048d1b00 [ 27.736006] which belongs to the cache kmalloc-16 of size 16 [ 27.736623] The buggy address is located 8 bytes inside of [ 27.736623] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.737271] [ 27.737456] The buggy address belongs to the physical page: [ 27.737781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.738199] flags: 0x200000000000000(node=0|zone=2) [ 27.738564] page_type: f5(slab) [ 27.738712] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.739182] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.739576] page dumped because: kasan: bad access detected [ 27.739792] [ 27.739881] Memory state around the buggy address: [ 27.740101] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.740659] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.740942] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.741357] ^ [ 27.741529] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.741970] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.742309] ================================================================== [ 27.743290] ================================================================== [ 27.743967] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.744436] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.744956] [ 27.745057] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.745137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.745148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.745184] Call Trace: [ 27.745197] <TASK> [ 27.745211] dump_stack_lvl+0x73/0xb0 [ 27.745241] print_report+0xd1/0x610 [ 27.745262] ? __virt_addr_valid+0x1db/0x2d0 [ 27.745416] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.745444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.745470] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.745495] kasan_report+0x141/0x180 [ 27.745517] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.745547] kasan_check_range+0x10c/0x1c0 [ 27.745571] __kasan_check_write+0x18/0x20 [ 27.745597] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.745622] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.745648] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.745672] ? trace_hardirqs_on+0x37/0xe0 [ 27.745693] ? kasan_bitops_generic+0x92/0x1c0 [ 27.745720] kasan_bitops_generic+0x116/0x1c0 [ 27.745742] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.745767] ? __pfx_read_tsc+0x10/0x10 [ 27.745787] ? ktime_get_ts64+0x86/0x230 [ 27.745810] kunit_try_run_case+0x1a5/0x480 [ 27.745834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.745856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.745879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.745902] ? __kthread_parkme+0x82/0x180 [ 27.745933] ? preempt_count_sub+0x50/0x80 [ 27.745956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.745979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.746001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.746024] kthread+0x337/0x6f0 [ 27.746042] ? trace_preempt_on+0x20/0xc0 [ 27.746063] ? __pfx_kthread+0x10/0x10 [ 27.746093] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.746114] ? calculate_sigpending+0x7b/0xa0 [ 27.746137] ? __pfx_kthread+0x10/0x10 [ 27.746157] ret_from_fork+0x116/0x1d0 [ 27.746176] ? __pfx_kthread+0x10/0x10 [ 27.746198] ret_from_fork_asm+0x1a/0x30 [ 27.746229] </TASK> [ 27.746240] [ 27.757040] Allocated by task 310: [ 27.757397] kasan_save_stack+0x45/0x70 [ 27.757608] kasan_save_track+0x18/0x40 [ 27.757928] kasan_save_alloc_info+0x3b/0x50 [ 27.758293] __kasan_kmalloc+0xb7/0xc0 [ 27.758603] __kmalloc_cache_noprof+0x189/0x420 [ 27.758830] kasan_bitops_generic+0x92/0x1c0 [ 27.759166] kunit_try_run_case+0x1a5/0x480 [ 27.759415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.759745] kthread+0x337/0x6f0 [ 27.759917] ret_from_fork+0x116/0x1d0 [ 27.760095] ret_from_fork_asm+0x1a/0x30 [ 27.760282] [ 27.760379] The buggy address belongs to the object at ffff8881048d1b00 [ 27.760379] which belongs to the cache kmalloc-16 of size 16 [ 27.760872] The buggy address is located 8 bytes inside of [ 27.760872] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.761867] [ 27.761960] The buggy address belongs to the physical page: [ 27.762347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.762903] flags: 0x200000000000000(node=0|zone=2) [ 27.763220] page_type: f5(slab) [ 27.763467] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.763908] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.764324] page dumped because: kasan: bad access detected [ 27.764621] [ 27.764706] Memory state around the buggy address: [ 27.765138] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.765617] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.766031] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.766359] ^ [ 27.766710] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.767144] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.767529] ================================================================== [ 27.795277] ================================================================== [ 27.795675] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.796335] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.796759] [ 27.796965] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.797018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.797138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.797161] Call Trace: [ 27.797173] <TASK> [ 27.797189] dump_stack_lvl+0x73/0xb0 [ 27.797219] print_report+0xd1/0x610 [ 27.797242] ? __virt_addr_valid+0x1db/0x2d0 [ 27.797264] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.797321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.797346] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.797371] kasan_report+0x141/0x180 [ 27.797391] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.797421] kasan_check_range+0x10c/0x1c0 [ 27.797444] __kasan_check_write+0x18/0x20 [ 27.797465] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.797491] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.797515] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.797538] ? trace_hardirqs_on+0x37/0xe0 [ 27.797561] ? kasan_bitops_generic+0x92/0x1c0 [ 27.797587] kasan_bitops_generic+0x116/0x1c0 [ 27.797610] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.797634] ? __pfx_read_tsc+0x10/0x10 [ 27.797655] ? ktime_get_ts64+0x86/0x230 [ 27.797679] kunit_try_run_case+0x1a5/0x480 [ 27.797702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.797723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.797746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.797769] ? __kthread_parkme+0x82/0x180 [ 27.797792] ? preempt_count_sub+0x50/0x80 [ 27.797814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.797837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.797859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.797882] kthread+0x337/0x6f0 [ 27.797900] ? trace_preempt_on+0x20/0xc0 [ 27.797929] ? __pfx_kthread+0x10/0x10 [ 27.797949] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.797970] ? calculate_sigpending+0x7b/0xa0 [ 27.797992] ? __pfx_kthread+0x10/0x10 [ 27.798013] ret_from_fork+0x116/0x1d0 [ 27.798031] ? __pfx_kthread+0x10/0x10 [ 27.798051] ret_from_fork_asm+0x1a/0x30 [ 27.798091] </TASK> [ 27.798102] [ 27.809867] Allocated by task 310: [ 27.810159] kasan_save_stack+0x45/0x70 [ 27.810464] kasan_save_track+0x18/0x40 [ 27.810664] kasan_save_alloc_info+0x3b/0x50 [ 27.810852] __kasan_kmalloc+0xb7/0xc0 [ 27.811019] __kmalloc_cache_noprof+0x189/0x420 [ 27.811227] kasan_bitops_generic+0x92/0x1c0 [ 27.811650] kunit_try_run_case+0x1a5/0x480 [ 27.812019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.812415] kthread+0x337/0x6f0 [ 27.812697] ret_from_fork+0x116/0x1d0 [ 27.812996] ret_from_fork_asm+0x1a/0x30 [ 27.813199] [ 27.813464] The buggy address belongs to the object at ffff8881048d1b00 [ 27.813464] which belongs to the cache kmalloc-16 of size 16 [ 27.813936] The buggy address is located 8 bytes inside of [ 27.813936] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.814844] [ 27.814948] The buggy address belongs to the physical page: [ 27.815390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.815893] flags: 0x200000000000000(node=0|zone=2) [ 27.816292] page_type: f5(slab) [ 27.816584] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.817200] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.817710] page dumped because: kasan: bad access detected [ 27.817940] [ 27.818022] Memory state around the buggy address: [ 27.818232] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.818821] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.819434] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.819907] ^ [ 27.820202] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.820650] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.820931] ================================================================== [ 27.821503] ================================================================== [ 27.821749] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.822274] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.822576] [ 27.822654] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.822779] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.822791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.822810] Call Trace: [ 27.822823] <TASK> [ 27.822838] dump_stack_lvl+0x73/0xb0 [ 27.822868] print_report+0xd1/0x610 [ 27.822889] ? __virt_addr_valid+0x1db/0x2d0 [ 27.822910] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.822934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.822959] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.822984] kasan_report+0x141/0x180 [ 27.823006] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.823035] kasan_check_range+0x10c/0x1c0 [ 27.823057] __kasan_check_write+0x18/0x20 [ 27.823092] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.823117] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.823143] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.823166] ? trace_hardirqs_on+0x37/0xe0 [ 27.823188] ? kasan_bitops_generic+0x92/0x1c0 [ 27.823215] kasan_bitops_generic+0x116/0x1c0 [ 27.823237] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.823323] ? __pfx_read_tsc+0x10/0x10 [ 27.823343] ? ktime_get_ts64+0x86/0x230 [ 27.823367] kunit_try_run_case+0x1a5/0x480 [ 27.823390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.823412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.823435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.823458] ? __kthread_parkme+0x82/0x180 [ 27.823481] ? preempt_count_sub+0x50/0x80 [ 27.823504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.823527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.823549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.823571] kthread+0x337/0x6f0 [ 27.823590] ? trace_preempt_on+0x20/0xc0 [ 27.823612] ? __pfx_kthread+0x10/0x10 [ 27.823631] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.823652] ? calculate_sigpending+0x7b/0xa0 [ 27.823675] ? __pfx_kthread+0x10/0x10 [ 27.823696] ret_from_fork+0x116/0x1d0 [ 27.823714] ? __pfx_kthread+0x10/0x10 [ 27.823734] ret_from_fork_asm+0x1a/0x30 [ 27.823765] </TASK> [ 27.823775] [ 27.831686] Allocated by task 310: [ 27.831811] kasan_save_stack+0x45/0x70 [ 27.832002] kasan_save_track+0x18/0x40 [ 27.832198] kasan_save_alloc_info+0x3b/0x50 [ 27.832379] __kasan_kmalloc+0xb7/0xc0 [ 27.832503] __kmalloc_cache_noprof+0x189/0x420 [ 27.832649] kasan_bitops_generic+0x92/0x1c0 [ 27.832899] kunit_try_run_case+0x1a5/0x480 [ 27.833106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.833448] kthread+0x337/0x6f0 [ 27.833611] ret_from_fork+0x116/0x1d0 [ 27.833781] ret_from_fork_asm+0x1a/0x30 [ 27.833912] [ 27.833985] The buggy address belongs to the object at ffff8881048d1b00 [ 27.833985] which belongs to the cache kmalloc-16 of size 16 [ 27.834339] The buggy address is located 8 bytes inside of [ 27.834339] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.834859] [ 27.834966] The buggy address belongs to the physical page: [ 27.835216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.835557] flags: 0x200000000000000(node=0|zone=2) [ 27.835719] page_type: f5(slab) [ 27.835833] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.836054] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.836828] page dumped because: kasan: bad access detected [ 27.837068] [ 27.837138] Memory state around the buggy address: [ 27.837284] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.837490] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.837915] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.838234] ^ [ 27.838527] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.838732] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.838937] ================================================================== [ 27.839386] ================================================================== [ 27.839718] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.840329] Write of size 8 at addr ffff8881048d1b08 by task kunit_try_catch/310 [ 27.840671] [ 27.840777] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.840823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.840834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.840855] Call Trace: [ 27.840867] <TASK> [ 27.840881] dump_stack_lvl+0x73/0xb0 [ 27.840909] print_report+0xd1/0x610 [ 27.840931] ? __virt_addr_valid+0x1db/0x2d0 [ 27.840954] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.840978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.841004] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.841028] kasan_report+0x141/0x180 [ 27.841050] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.841092] kasan_check_range+0x10c/0x1c0 [ 27.841118] __kasan_check_write+0x18/0x20 [ 27.841142] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.841168] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.841194] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.841217] ? trace_hardirqs_on+0x37/0xe0 [ 27.841249] ? kasan_bitops_generic+0x92/0x1c0 [ 27.841275] kasan_bitops_generic+0x116/0x1c0 [ 27.841298] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.841323] ? __pfx_read_tsc+0x10/0x10 [ 27.841343] ? ktime_get_ts64+0x86/0x230 [ 27.841367] kunit_try_run_case+0x1a5/0x480 [ 27.841391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.841412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.841436] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.841459] ? __kthread_parkme+0x82/0x180 [ 27.841482] ? preempt_count_sub+0x50/0x80 [ 27.841504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.841527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.841551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.841574] kthread+0x337/0x6f0 [ 27.841593] ? trace_preempt_on+0x20/0xc0 [ 27.841615] ? __pfx_kthread+0x10/0x10 [ 27.841635] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.841655] ? calculate_sigpending+0x7b/0xa0 [ 27.841678] ? __pfx_kthread+0x10/0x10 [ 27.841699] ret_from_fork+0x116/0x1d0 [ 27.841717] ? __pfx_kthread+0x10/0x10 [ 27.841737] ret_from_fork_asm+0x1a/0x30 [ 27.841768] </TASK> [ 27.841778] [ 27.849458] Allocated by task 310: [ 27.849733] kasan_save_stack+0x45/0x70 [ 27.849868] kasan_save_track+0x18/0x40 [ 27.850002] kasan_save_alloc_info+0x3b/0x50 [ 27.850342] __kasan_kmalloc+0xb7/0xc0 [ 27.850523] __kmalloc_cache_noprof+0x189/0x420 [ 27.850737] kasan_bitops_generic+0x92/0x1c0 [ 27.850922] kunit_try_run_case+0x1a5/0x480 [ 27.851122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.851394] kthread+0x337/0x6f0 [ 27.851533] ret_from_fork+0x116/0x1d0 [ 27.851692] ret_from_fork_asm+0x1a/0x30 [ 27.851823] [ 27.851885] The buggy address belongs to the object at ffff8881048d1b00 [ 27.851885] which belongs to the cache kmalloc-16 of size 16 [ 27.852510] The buggy address is located 8 bytes inside of [ 27.852510] allocated 9-byte region [ffff8881048d1b00, ffff8881048d1b09) [ 27.852975] [ 27.853064] The buggy address belongs to the physical page: [ 27.853324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 27.853592] flags: 0x200000000000000(node=0|zone=2) [ 27.853785] page_type: f5(slab) [ 27.853958] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.854287] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.854580] page dumped because: kasan: bad access detected [ 27.854804] [ 27.854884] Memory state around the buggy address: [ 27.855064] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.855380] ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.855629] >ffff8881048d1b00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.855909] ^ [ 27.856061] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.856379] ffff8881048d1c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.856589] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.633022] ================================================================== [ 27.633774] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.634536] Read of size 1 at addr ffff88810618c690 by task kunit_try_catch/308 [ 27.635222] [ 27.635369] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.635429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.635441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.635463] Call Trace: [ 27.635478] <TASK> [ 27.635494] dump_stack_lvl+0x73/0xb0 [ 27.635523] print_report+0xd1/0x610 [ 27.635545] ? __virt_addr_valid+0x1db/0x2d0 [ 27.635567] ? strnlen+0x73/0x80 [ 27.635585] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.635610] ? strnlen+0x73/0x80 [ 27.635627] kasan_report+0x141/0x180 [ 27.635649] ? strnlen+0x73/0x80 [ 27.635671] __asan_report_load1_noabort+0x18/0x20 [ 27.635694] strnlen+0x73/0x80 [ 27.635713] kasan_strings+0x615/0xe80 [ 27.635731] ? trace_hardirqs_on+0x37/0xe0 [ 27.635755] ? __pfx_kasan_strings+0x10/0x10 [ 27.635775] ? finish_task_switch.isra.0+0x153/0x700 [ 27.635795] ? __switch_to+0x47/0xf80 [ 27.635820] ? __schedule+0x10c6/0x2b60 [ 27.635842] ? __pfx_read_tsc+0x10/0x10 [ 27.635862] ? ktime_get_ts64+0x86/0x230 [ 27.635886] kunit_try_run_case+0x1a5/0x480 [ 27.635909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.635932] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.635954] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.635976] ? __kthread_parkme+0x82/0x180 [ 27.635999] ? preempt_count_sub+0x50/0x80 [ 27.636021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.636044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.636066] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.636100] kthread+0x337/0x6f0 [ 27.636119] ? trace_preempt_on+0x20/0xc0 [ 27.636141] ? __pfx_kthread+0x10/0x10 [ 27.636160] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.636181] ? calculate_sigpending+0x7b/0xa0 [ 27.636204] ? __pfx_kthread+0x10/0x10 [ 27.636225] ret_from_fork+0x116/0x1d0 [ 27.636269] ? __pfx_kthread+0x10/0x10 [ 27.636300] ret_from_fork_asm+0x1a/0x30 [ 27.636355] </TASK> [ 27.636366] [ 27.646621] Allocated by task 308: [ 27.646934] kasan_save_stack+0x45/0x70 [ 27.647383] kasan_save_track+0x18/0x40 [ 27.647757] kasan_save_alloc_info+0x3b/0x50 [ 27.648153] __kasan_kmalloc+0xb7/0xc0 [ 27.648511] __kmalloc_cache_noprof+0x189/0x420 [ 27.648810] kasan_strings+0xc0/0xe80 [ 27.648936] kunit_try_run_case+0x1a5/0x480 [ 27.649069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.649245] kthread+0x337/0x6f0 [ 27.649649] ret_from_fork+0x116/0x1d0 [ 27.650010] ret_from_fork_asm+0x1a/0x30 [ 27.650470] [ 27.650644] Freed by task 308: [ 27.650935] kasan_save_stack+0x45/0x70 [ 27.651351] kasan_save_track+0x18/0x40 [ 27.651845] kasan_save_free_info+0x3f/0x60 [ 27.652261] __kasan_slab_free+0x56/0x70 [ 27.652735] kfree+0x222/0x3f0 [ 27.652851] kasan_strings+0x2aa/0xe80 [ 27.652972] kunit_try_run_case+0x1a5/0x480 [ 27.653117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.653647] kthread+0x337/0x6f0 [ 27.654010] ret_from_fork+0x116/0x1d0 [ 27.654473] ret_from_fork_asm+0x1a/0x30 [ 27.654848] [ 27.654999] The buggy address belongs to the object at ffff88810618c680 [ 27.654999] which belongs to the cache kmalloc-32 of size 32 [ 27.656200] The buggy address is located 16 bytes inside of [ 27.656200] freed 32-byte region [ffff88810618c680, ffff88810618c6a0) [ 27.657185] [ 27.657400] The buggy address belongs to the physical page: [ 27.657565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 27.657801] flags: 0x200000000000000(node=0|zone=2) [ 27.657962] page_type: f5(slab) [ 27.658075] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.658353] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.658857] page dumped because: kasan: bad access detected [ 27.659089] [ 27.659155] Memory state around the buggy address: [ 27.659298] ffff88810618c580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.659503] ffff88810618c600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.659701] >ffff88810618c680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.659901] ^ [ 27.660018] ffff88810618c700: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.660226] ffff88810618c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.660423] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.595444] ================================================================== [ 27.595705] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.595957] Read of size 1 at addr ffff88810618c690 by task kunit_try_catch/308 [ 27.596435] [ 27.596539] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.596587] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.596598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.596618] Call Trace: [ 27.596633] <TASK> [ 27.596647] dump_stack_lvl+0x73/0xb0 [ 27.596675] print_report+0xd1/0x610 [ 27.596697] ? __virt_addr_valid+0x1db/0x2d0 [ 27.596719] ? strlen+0x8f/0xb0 [ 27.596736] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.596761] ? strlen+0x8f/0xb0 [ 27.596778] kasan_report+0x141/0x180 [ 27.596800] ? strlen+0x8f/0xb0 [ 27.596822] __asan_report_load1_noabort+0x18/0x20 [ 27.596845] strlen+0x8f/0xb0 [ 27.596862] kasan_strings+0x57b/0xe80 [ 27.596882] ? trace_hardirqs_on+0x37/0xe0 [ 27.596904] ? __pfx_kasan_strings+0x10/0x10 [ 27.596923] ? finish_task_switch.isra.0+0x153/0x700 [ 27.596963] ? __switch_to+0x47/0xf80 [ 27.596988] ? __schedule+0x10c6/0x2b60 [ 27.597010] ? __pfx_read_tsc+0x10/0x10 [ 27.597041] ? ktime_get_ts64+0x86/0x230 [ 27.597065] kunit_try_run_case+0x1a5/0x480 [ 27.597098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.597120] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.597142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.597167] ? __kthread_parkme+0x82/0x180 [ 27.597190] ? preempt_count_sub+0x50/0x80 [ 27.597212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.597235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.597320] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.597343] kthread+0x337/0x6f0 [ 27.597362] ? trace_preempt_on+0x20/0xc0 [ 27.597384] ? __pfx_kthread+0x10/0x10 [ 27.597404] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.597425] ? calculate_sigpending+0x7b/0xa0 [ 27.597448] ? __pfx_kthread+0x10/0x10 [ 27.597469] ret_from_fork+0x116/0x1d0 [ 27.597487] ? __pfx_kthread+0x10/0x10 [ 27.597507] ret_from_fork_asm+0x1a/0x30 [ 27.597538] </TASK> [ 27.597709] [ 27.610925] Allocated by task 308: [ 27.611056] kasan_save_stack+0x45/0x70 [ 27.611424] kasan_save_track+0x18/0x40 [ 27.612238] kasan_save_alloc_info+0x3b/0x50 [ 27.613134] __kasan_kmalloc+0xb7/0xc0 [ 27.613707] __kmalloc_cache_noprof+0x189/0x420 [ 27.614236] kasan_strings+0xc0/0xe80 [ 27.614748] kunit_try_run_case+0x1a5/0x480 [ 27.615225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.615835] kthread+0x337/0x6f0 [ 27.615971] ret_from_fork+0x116/0x1d0 [ 27.616114] ret_from_fork_asm+0x1a/0x30 [ 27.616297] [ 27.616451] Freed by task 308: [ 27.617046] kasan_save_stack+0x45/0x70 [ 27.617508] kasan_save_track+0x18/0x40 [ 27.617847] kasan_save_free_info+0x3f/0x60 [ 27.618224] __kasan_slab_free+0x56/0x70 [ 27.618620] kfree+0x222/0x3f0 [ 27.619871] kasan_strings+0x2aa/0xe80 [ 27.620021] kunit_try_run_case+0x1a5/0x480 [ 27.620175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.620343] kthread+0x337/0x6f0 [ 27.620456] ret_from_fork+0x116/0x1d0 [ 27.620580] ret_from_fork_asm+0x1a/0x30 [ 27.620712] [ 27.620775] The buggy address belongs to the object at ffff88810618c680 [ 27.620775] which belongs to the cache kmalloc-32 of size 32 [ 27.621323] The buggy address is located 16 bytes inside of [ 27.621323] freed 32-byte region [ffff88810618c680, ffff88810618c6a0) [ 27.622985] [ 27.623267] The buggy address belongs to the physical page: [ 27.623990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 27.624845] flags: 0x200000000000000(node=0|zone=2) [ 27.625648] page_type: f5(slab) [ 27.626056] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.626861] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.627696] page dumped because: kasan: bad access detected [ 27.628331] [ 27.628605] Memory state around the buggy address: [ 27.629149] ffff88810618c580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.629794] ffff88810618c600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.630224] >ffff88810618c680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.631067] ^ [ 27.631216] ffff88810618c700: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.632133] ffff88810618c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.632586] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.573724] ================================================================== [ 27.574008] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.574222] Read of size 1 at addr ffff88810618c690 by task kunit_try_catch/308 [ 27.574867] [ 27.574952] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.574997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.575008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.575028] Call Trace: [ 27.575040] <TASK> [ 27.575054] dump_stack_lvl+0x73/0xb0 [ 27.575092] print_report+0xd1/0x610 [ 27.575113] ? __virt_addr_valid+0x1db/0x2d0 [ 27.575135] ? kasan_strings+0xcbc/0xe80 [ 27.575154] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.575179] ? kasan_strings+0xcbc/0xe80 [ 27.575199] kasan_report+0x141/0x180 [ 27.575221] ? kasan_strings+0xcbc/0xe80 [ 27.575285] __asan_report_load1_noabort+0x18/0x20 [ 27.575311] kasan_strings+0xcbc/0xe80 [ 27.575330] ? trace_hardirqs_on+0x37/0xe0 [ 27.575354] ? __pfx_kasan_strings+0x10/0x10 [ 27.575373] ? finish_task_switch.isra.0+0x153/0x700 [ 27.575393] ? __switch_to+0x47/0xf80 [ 27.575419] ? __schedule+0x10c6/0x2b60 [ 27.575441] ? __pfx_read_tsc+0x10/0x10 [ 27.575461] ? ktime_get_ts64+0x86/0x230 [ 27.575485] kunit_try_run_case+0x1a5/0x480 [ 27.575508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.575529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.575551] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.575574] ? __kthread_parkme+0x82/0x180 [ 27.575598] ? preempt_count_sub+0x50/0x80 [ 27.575620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.575643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.575665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.575688] kthread+0x337/0x6f0 [ 27.575706] ? trace_preempt_on+0x20/0xc0 [ 27.575728] ? __pfx_kthread+0x10/0x10 [ 27.575748] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.575769] ? calculate_sigpending+0x7b/0xa0 [ 27.575792] ? __pfx_kthread+0x10/0x10 [ 27.575813] ret_from_fork+0x116/0x1d0 [ 27.575831] ? __pfx_kthread+0x10/0x10 [ 27.575851] ret_from_fork_asm+0x1a/0x30 [ 27.575882] </TASK> [ 27.575891] [ 27.583069] Allocated by task 308: [ 27.583201] kasan_save_stack+0x45/0x70 [ 27.583331] kasan_save_track+0x18/0x40 [ 27.583454] kasan_save_alloc_info+0x3b/0x50 [ 27.583588] __kasan_kmalloc+0xb7/0xc0 [ 27.583764] __kmalloc_cache_noprof+0x189/0x420 [ 27.584202] kasan_strings+0xc0/0xe80 [ 27.584579] kunit_try_run_case+0x1a5/0x480 [ 27.584776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.585021] kthread+0x337/0x6f0 [ 27.585187] ret_from_fork+0x116/0x1d0 [ 27.585468] ret_from_fork_asm+0x1a/0x30 [ 27.585899] [ 27.585990] Freed by task 308: [ 27.586148] kasan_save_stack+0x45/0x70 [ 27.586355] kasan_save_track+0x18/0x40 [ 27.586483] kasan_save_free_info+0x3f/0x60 [ 27.586618] __kasan_slab_free+0x56/0x70 [ 27.586742] kfree+0x222/0x3f0 [ 27.586847] kasan_strings+0x2aa/0xe80 [ 27.586967] kunit_try_run_case+0x1a5/0x480 [ 27.587165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.587729] kthread+0x337/0x6f0 [ 27.587997] ret_from_fork+0x116/0x1d0 [ 27.588200] ret_from_fork_asm+0x1a/0x30 [ 27.588606] [ 27.588778] The buggy address belongs to the object at ffff88810618c680 [ 27.588778] which belongs to the cache kmalloc-32 of size 32 [ 27.589134] The buggy address is located 16 bytes inside of [ 27.589134] freed 32-byte region [ffff88810618c680, ffff88810618c6a0) [ 27.589818] [ 27.589915] The buggy address belongs to the physical page: [ 27.590167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 27.590394] flags: 0x200000000000000(node=0|zone=2) [ 27.590544] page_type: f5(slab) [ 27.590895] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.591284] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.591631] page dumped because: kasan: bad access detected [ 27.591876] [ 27.591957] Memory state around the buggy address: [ 27.592164] ffff88810618c580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.592691] ffff88810618c600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.592995] >ffff88810618c680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.593234] ^ [ 27.593353] ffff88810618c700: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.593553] ffff88810618c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.593749] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.552543] ================================================================== [ 27.554745] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.555036] Read of size 1 at addr ffff88810618c690 by task kunit_try_catch/308 [ 27.555332] [ 27.555485] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.555535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.555547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.555567] Call Trace: [ 27.555580] <TASK> [ 27.555596] dump_stack_lvl+0x73/0xb0 [ 27.555624] print_report+0xd1/0x610 [ 27.555645] ? __virt_addr_valid+0x1db/0x2d0 [ 27.555669] ? strcmp+0xb0/0xc0 [ 27.555685] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.555711] ? strcmp+0xb0/0xc0 [ 27.555728] kasan_report+0x141/0x180 [ 27.555749] ? strcmp+0xb0/0xc0 [ 27.555771] __asan_report_load1_noabort+0x18/0x20 [ 27.555794] strcmp+0xb0/0xc0 [ 27.555813] kasan_strings+0x431/0xe80 [ 27.555831] ? trace_hardirqs_on+0x37/0xe0 [ 27.555854] ? __pfx_kasan_strings+0x10/0x10 [ 27.555874] ? finish_task_switch.isra.0+0x153/0x700 [ 27.555894] ? __switch_to+0x47/0xf80 [ 27.555920] ? __schedule+0x10c6/0x2b60 [ 27.555942] ? __pfx_read_tsc+0x10/0x10 [ 27.555962] ? ktime_get_ts64+0x86/0x230 [ 27.555986] kunit_try_run_case+0x1a5/0x480 [ 27.556009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.556030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.556052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.556074] ? __kthread_parkme+0x82/0x180 [ 27.556110] ? preempt_count_sub+0x50/0x80 [ 27.556132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.556155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.556177] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.556200] kthread+0x337/0x6f0 [ 27.556219] ? trace_preempt_on+0x20/0xc0 [ 27.556241] ? __pfx_kthread+0x10/0x10 [ 27.556261] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.556282] ? calculate_sigpending+0x7b/0xa0 [ 27.556304] ? __pfx_kthread+0x10/0x10 [ 27.556325] ret_from_fork+0x116/0x1d0 [ 27.556343] ? __pfx_kthread+0x10/0x10 [ 27.556379] ret_from_fork_asm+0x1a/0x30 [ 27.556410] </TASK> [ 27.556419] [ 27.562959] Allocated by task 308: [ 27.563118] kasan_save_stack+0x45/0x70 [ 27.563395] kasan_save_track+0x18/0x40 [ 27.563588] kasan_save_alloc_info+0x3b/0x50 [ 27.563795] __kasan_kmalloc+0xb7/0xc0 [ 27.563976] __kmalloc_cache_noprof+0x189/0x420 [ 27.564203] kasan_strings+0xc0/0xe80 [ 27.564615] kunit_try_run_case+0x1a5/0x480 [ 27.564820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.565013] kthread+0x337/0x6f0 [ 27.565149] ret_from_fork+0x116/0x1d0 [ 27.565386] ret_from_fork_asm+0x1a/0x30 [ 27.565588] [ 27.565674] Freed by task 308: [ 27.565812] kasan_save_stack+0x45/0x70 [ 27.565946] kasan_save_track+0x18/0x40 [ 27.566140] kasan_save_free_info+0x3f/0x60 [ 27.566509] __kasan_slab_free+0x56/0x70 [ 27.566687] kfree+0x222/0x3f0 [ 27.566806] kasan_strings+0x2aa/0xe80 [ 27.566969] kunit_try_run_case+0x1a5/0x480 [ 27.567189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.567496] kthread+0x337/0x6f0 [ 27.567649] ret_from_fork+0x116/0x1d0 [ 27.567823] ret_from_fork_asm+0x1a/0x30 [ 27.567978] [ 27.568041] The buggy address belongs to the object at ffff88810618c680 [ 27.568041] which belongs to the cache kmalloc-32 of size 32 [ 27.568384] The buggy address is located 16 bytes inside of [ 27.568384] freed 32-byte region [ffff88810618c680, ffff88810618c6a0) [ 27.568707] [ 27.568769] The buggy address belongs to the physical page: [ 27.568972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 27.569428] flags: 0x200000000000000(node=0|zone=2) [ 27.569926] page_type: f5(slab) [ 27.570095] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.570504] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.570719] page dumped because: kasan: bad access detected [ 27.570877] [ 27.570937] Memory state around the buggy address: [ 27.571086] ffff88810618c580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.571286] ffff88810618c600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.571816] >ffff88810618c680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.572138] ^ [ 27.572472] ffff88810618c700: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.572807] ffff88810618c780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.573133] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.527846] ================================================================== [ 27.528222] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.529109] Read of size 1 at addr ffff888105ffbf18 by task kunit_try_catch/306 [ 27.529819] [ 27.530004] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.530054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.530066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.530100] Call Trace: [ 27.530112] <TASK> [ 27.530127] dump_stack_lvl+0x73/0xb0 [ 27.530157] print_report+0xd1/0x610 [ 27.530180] ? __virt_addr_valid+0x1db/0x2d0 [ 27.530203] ? memcmp+0x1b4/0x1d0 [ 27.530221] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.530246] ? memcmp+0x1b4/0x1d0 [ 27.530264] kasan_report+0x141/0x180 [ 27.530286] ? memcmp+0x1b4/0x1d0 [ 27.530385] __asan_report_load1_noabort+0x18/0x20 [ 27.530410] memcmp+0x1b4/0x1d0 [ 27.530430] kasan_memcmp+0x18f/0x390 [ 27.530449] ? trace_hardirqs_on+0x37/0xe0 [ 27.530471] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.530491] ? finish_task_switch.isra.0+0x153/0x700 [ 27.530512] ? __switch_to+0x47/0xf80 [ 27.530541] ? __pfx_read_tsc+0x10/0x10 [ 27.530564] ? ktime_get_ts64+0x86/0x230 [ 27.530589] kunit_try_run_case+0x1a5/0x480 [ 27.530613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.530634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.530656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.530679] ? __kthread_parkme+0x82/0x180 [ 27.530702] ? preempt_count_sub+0x50/0x80 [ 27.530725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.530747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.530770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.530793] kthread+0x337/0x6f0 [ 27.530811] ? trace_preempt_on+0x20/0xc0 [ 27.530833] ? __pfx_kthread+0x10/0x10 [ 27.530854] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.530874] ? calculate_sigpending+0x7b/0xa0 [ 27.530897] ? __pfx_kthread+0x10/0x10 [ 27.530918] ret_from_fork+0x116/0x1d0 [ 27.530937] ? __pfx_kthread+0x10/0x10 [ 27.530956] ret_from_fork_asm+0x1a/0x30 [ 27.530988] </TASK> [ 27.530998] [ 27.538502] Allocated by task 306: [ 27.538679] kasan_save_stack+0x45/0x70 [ 27.538872] kasan_save_track+0x18/0x40 [ 27.539053] kasan_save_alloc_info+0x3b/0x50 [ 27.539218] __kasan_kmalloc+0xb7/0xc0 [ 27.539646] __kmalloc_cache_noprof+0x189/0x420 [ 27.539843] kasan_memcmp+0xb7/0x390 [ 27.539967] kunit_try_run_case+0x1a5/0x480 [ 27.540118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.540450] kthread+0x337/0x6f0 [ 27.540612] ret_from_fork+0x116/0x1d0 [ 27.540794] ret_from_fork_asm+0x1a/0x30 [ 27.540990] [ 27.541098] The buggy address belongs to the object at ffff888105ffbf00 [ 27.541098] which belongs to the cache kmalloc-32 of size 32 [ 27.541658] The buggy address is located 0 bytes to the right of [ 27.541658] allocated 24-byte region [ffff888105ffbf00, ffff888105ffbf18) [ 27.542119] [ 27.542215] The buggy address belongs to the physical page: [ 27.542502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ffb [ 27.542770] flags: 0x200000000000000(node=0|zone=2) [ 27.542927] page_type: f5(slab) [ 27.543041] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.543275] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.543563] page dumped because: kasan: bad access detected [ 27.543802] [ 27.543908] Memory state around the buggy address: [ 27.544132] ffff888105ffbe00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.544584] ffff888105ffbe80: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.544885] >ffff888105ffbf00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.545257] ^ [ 27.545384] ffff888105ffbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.545589] ffff888105ffc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.545792] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 27.501384] ================================================================== [ 27.501874] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 27.502198] Read of size 1 at addr ffff8881061e7c4a by task kunit_try_catch/302 [ 27.502548] [ 27.502643] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.502692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.502703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.502724] Call Trace: [ 27.502737] <TASK> [ 27.502752] dump_stack_lvl+0x73/0xb0 [ 27.502781] print_report+0xd1/0x610 [ 27.502803] ? __virt_addr_valid+0x1db/0x2d0 [ 27.502826] ? kasan_alloca_oob_right+0x329/0x390 [ 27.502847] ? kasan_addr_to_slab+0x11/0xa0 [ 27.502867] ? kasan_alloca_oob_right+0x329/0x390 [ 27.502889] kasan_report+0x141/0x180 [ 27.502910] ? kasan_alloca_oob_right+0x329/0x390 [ 27.502938] __asan_report_load1_noabort+0x18/0x20 [ 27.502961] kasan_alloca_oob_right+0x329/0x390 [ 27.502981] ? __kasan_check_write+0x18/0x20 [ 27.503004] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.503026] ? finish_task_switch.isra.0+0x153/0x700 [ 27.503046] ? down_read+0x1ce/0x270 [ 27.503069] ? trace_hardirqs_on+0x37/0xe0 [ 27.503104] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.503129] ? __schedule+0x10c6/0x2b60 [ 27.503151] ? __pfx_read_tsc+0x10/0x10 [ 27.503171] ? ktime_get_ts64+0x86/0x230 [ 27.503194] kunit_try_run_case+0x1a5/0x480 [ 27.503218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.503239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.503261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.503284] ? __kthread_parkme+0x82/0x180 [ 27.503364] ? preempt_count_sub+0x50/0x80 [ 27.503387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.503411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.503434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.503456] kthread+0x337/0x6f0 [ 27.503475] ? trace_preempt_on+0x20/0xc0 [ 27.503496] ? __pfx_kthread+0x10/0x10 [ 27.503516] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.503538] ? calculate_sigpending+0x7b/0xa0 [ 27.503560] ? __pfx_kthread+0x10/0x10 [ 27.503581] ret_from_fork+0x116/0x1d0 [ 27.503599] ? __pfx_kthread+0x10/0x10 [ 27.503619] ret_from_fork_asm+0x1a/0x30 [ 27.503649] </TASK> [ 27.503660] [ 27.514180] The buggy address belongs to stack of task kunit_try_catch/302 [ 27.514512] [ 27.515135] The buggy address belongs to the physical page: [ 27.515391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e7 [ 27.515720] flags: 0x200000000000000(node=0|zone=2) [ 27.515942] raw: 0200000000000000 ffffea00041879c8 ffffea00041879c8 0000000000000000 [ 27.516272] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.516580] page dumped because: kasan: bad access detected [ 27.516802] [ 27.516875] Memory state around the buggy address: [ 27.517656] ffff8881061e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.517966] ffff8881061e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.518293] >ffff8881061e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.518779] ^ [ 27.519128] ffff8881061e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.519538] ffff8881061e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.519801] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.738207] ================================================================== [ 25.738657] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.739004] Write of size 128 at addr ffff888105f2fa00 by task kunit_try_catch/219 [ 25.739333] [ 25.739454] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.739502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.739513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.739534] Call Trace: [ 25.739547] <TASK> [ 25.739563] dump_stack_lvl+0x73/0xb0 [ 25.739594] print_report+0xd1/0x610 [ 25.739616] ? __virt_addr_valid+0x1db/0x2d0 [ 25.739639] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.739660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.739684] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.739705] kasan_report+0x141/0x180 [ 25.739726] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.739753] kasan_check_range+0x10c/0x1c0 [ 25.739777] __asan_memset+0x27/0x50 [ 25.739800] kmalloc_oob_in_memset+0x15f/0x320 [ 25.739821] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.739843] ? __schedule+0x10c6/0x2b60 [ 25.739866] ? __pfx_read_tsc+0x10/0x10 [ 25.739887] ? ktime_get_ts64+0x86/0x230 [ 25.739911] kunit_try_run_case+0x1a5/0x480 [ 25.739934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.739955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.739977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.740000] ? __kthread_parkme+0x82/0x180 [ 25.740023] ? preempt_count_sub+0x50/0x80 [ 25.740045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.740069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.740101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.740123] kthread+0x337/0x6f0 [ 25.740141] ? trace_preempt_on+0x20/0xc0 [ 25.740164] ? __pfx_kthread+0x10/0x10 [ 25.740184] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.740204] ? calculate_sigpending+0x7b/0xa0 [ 25.740257] ? __pfx_kthread+0x10/0x10 [ 25.740277] ret_from_fork+0x116/0x1d0 [ 25.740309] ? __pfx_kthread+0x10/0x10 [ 25.740329] ret_from_fork_asm+0x1a/0x30 [ 25.740360] </TASK> [ 25.740369] [ 25.747481] Allocated by task 219: [ 25.747808] kasan_save_stack+0x45/0x70 [ 25.747948] kasan_save_track+0x18/0x40 [ 25.748076] kasan_save_alloc_info+0x3b/0x50 [ 25.748226] __kasan_kmalloc+0xb7/0xc0 [ 25.748358] __kmalloc_cache_noprof+0x189/0x420 [ 25.748572] kmalloc_oob_in_memset+0xac/0x320 [ 25.748782] kunit_try_run_case+0x1a5/0x480 [ 25.748987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.749350] kthread+0x337/0x6f0 [ 25.749516] ret_from_fork+0x116/0x1d0 [ 25.749672] ret_from_fork_asm+0x1a/0x30 [ 25.749816] [ 25.749880] The buggy address belongs to the object at ffff888105f2fa00 [ 25.749880] which belongs to the cache kmalloc-128 of size 128 [ 25.750431] The buggy address is located 0 bytes inside of [ 25.750431] allocated 120-byte region [ffff888105f2fa00, ffff888105f2fa78) [ 25.750784] [ 25.750852] The buggy address belongs to the physical page: [ 25.751037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f2f [ 25.751381] flags: 0x200000000000000(node=0|zone=2) [ 25.751602] page_type: f5(slab) [ 25.751762] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.752334] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.752652] page dumped because: kasan: bad access detected [ 25.752859] [ 25.752921] Memory state around the buggy address: [ 25.753070] ffff888105f2f900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.753474] ffff888105f2f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.753790] >ffff888105f2fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.754109] ^ [ 25.754499] ffff888105f2fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.754773] ffff888105f2fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.755025] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.712760] ================================================================== [ 25.713197] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.713654] Read of size 16 at addr ffff8881048d1ac0 by task kunit_try_catch/217 [ 25.713963] [ 25.714068] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.714125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.714136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.714156] Call Trace: [ 25.714169] <TASK> [ 25.714183] dump_stack_lvl+0x73/0xb0 [ 25.714213] print_report+0xd1/0x610 [ 25.714234] ? __virt_addr_valid+0x1db/0x2d0 [ 25.714451] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.714481] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.714507] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.714527] kasan_report+0x141/0x180 [ 25.714550] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.714575] __asan_report_load16_noabort+0x18/0x20 [ 25.714598] kmalloc_uaf_16+0x47b/0x4c0 [ 25.714618] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.714639] ? __schedule+0x10c6/0x2b60 [ 25.714662] ? __pfx_read_tsc+0x10/0x10 [ 25.714682] ? ktime_get_ts64+0x86/0x230 [ 25.714706] kunit_try_run_case+0x1a5/0x480 [ 25.714730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.714751] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.714773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.714795] ? __kthread_parkme+0x82/0x180 [ 25.714819] ? preempt_count_sub+0x50/0x80 [ 25.714842] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.714864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.714887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.714909] kthread+0x337/0x6f0 [ 25.714927] ? trace_preempt_on+0x20/0xc0 [ 25.714950] ? __pfx_kthread+0x10/0x10 [ 25.714969] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.714989] ? calculate_sigpending+0x7b/0xa0 [ 25.715012] ? __pfx_kthread+0x10/0x10 [ 25.715033] ret_from_fork+0x116/0x1d0 [ 25.715051] ? __pfx_kthread+0x10/0x10 [ 25.715070] ret_from_fork_asm+0x1a/0x30 [ 25.715115] </TASK> [ 25.715124] [ 25.722608] Allocated by task 217: [ 25.722842] kasan_save_stack+0x45/0x70 [ 25.722978] kasan_save_track+0x18/0x40 [ 25.723116] kasan_save_alloc_info+0x3b/0x50 [ 25.723255] __kasan_kmalloc+0xb7/0xc0 [ 25.723778] __kmalloc_cache_noprof+0x189/0x420 [ 25.724013] kmalloc_uaf_16+0x15b/0x4c0 [ 25.724217] kunit_try_run_case+0x1a5/0x480 [ 25.724477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.724712] kthread+0x337/0x6f0 [ 25.724861] ret_from_fork+0x116/0x1d0 [ 25.725047] ret_from_fork_asm+0x1a/0x30 [ 25.725189] [ 25.725252] Freed by task 217: [ 25.725356] kasan_save_stack+0x45/0x70 [ 25.725598] kasan_save_track+0x18/0x40 [ 25.725787] kasan_save_free_info+0x3f/0x60 [ 25.726022] __kasan_slab_free+0x56/0x70 [ 25.726164] kfree+0x222/0x3f0 [ 25.726279] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.726408] kunit_try_run_case+0x1a5/0x480 [ 25.726545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.727003] kthread+0x337/0x6f0 [ 25.727204] ret_from_fork+0x116/0x1d0 [ 25.727393] ret_from_fork_asm+0x1a/0x30 [ 25.727730] [ 25.728055] The buggy address belongs to the object at ffff8881048d1ac0 [ 25.728055] which belongs to the cache kmalloc-16 of size 16 [ 25.728747] The buggy address is located 0 bytes inside of [ 25.728747] freed 16-byte region [ffff8881048d1ac0, ffff8881048d1ad0) [ 25.729198] [ 25.729305] The buggy address belongs to the physical page: [ 25.729565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 25.729864] flags: 0x200000000000000(node=0|zone=2) [ 25.730024] page_type: f5(slab) [ 25.730177] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.730574] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.730913] page dumped because: kasan: bad access detected [ 25.731164] [ 25.731254] Memory state around the buggy address: [ 25.731596] ffff8881048d1980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.731866] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.732142] >ffff8881048d1a80: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 25.732596] ^ [ 25.732761] ffff8881048d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.732965] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.733259] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.691827] ================================================================== [ 25.692271] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.692695] Write of size 16 at addr ffff888104561c80 by task kunit_try_catch/215 [ 25.692982] [ 25.693096] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.693143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.693154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.693173] Call Trace: [ 25.693185] <TASK> [ 25.693199] dump_stack_lvl+0x73/0xb0 [ 25.693228] print_report+0xd1/0x610 [ 25.693249] ? __virt_addr_valid+0x1db/0x2d0 [ 25.693272] ? kmalloc_oob_16+0x452/0x4a0 [ 25.693291] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.693316] ? kmalloc_oob_16+0x452/0x4a0 [ 25.693402] kasan_report+0x141/0x180 [ 25.693423] ? kmalloc_oob_16+0x452/0x4a0 [ 25.693448] __asan_report_store16_noabort+0x1b/0x30 [ 25.693472] kmalloc_oob_16+0x452/0x4a0 [ 25.693492] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.693521] ? __schedule+0x10c6/0x2b60 [ 25.693544] ? __pfx_read_tsc+0x10/0x10 [ 25.693564] ? ktime_get_ts64+0x86/0x230 [ 25.693587] kunit_try_run_case+0x1a5/0x480 [ 25.693610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.693631] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.693652] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.693674] ? __kthread_parkme+0x82/0x180 [ 25.693697] ? preempt_count_sub+0x50/0x80 [ 25.693720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.693742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.693764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.693787] kthread+0x337/0x6f0 [ 25.693805] ? trace_preempt_on+0x20/0xc0 [ 25.693828] ? __pfx_kthread+0x10/0x10 [ 25.693848] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.693869] ? calculate_sigpending+0x7b/0xa0 [ 25.693891] ? __pfx_kthread+0x10/0x10 [ 25.693911] ret_from_fork+0x116/0x1d0 [ 25.693936] ? __pfx_kthread+0x10/0x10 [ 25.693955] ret_from_fork_asm+0x1a/0x30 [ 25.693986] </TASK> [ 25.693995] [ 25.700896] Allocated by task 215: [ 25.701044] kasan_save_stack+0x45/0x70 [ 25.701251] kasan_save_track+0x18/0x40 [ 25.701417] kasan_save_alloc_info+0x3b/0x50 [ 25.701557] __kasan_kmalloc+0xb7/0xc0 [ 25.701680] __kmalloc_cache_noprof+0x189/0x420 [ 25.701825] kmalloc_oob_16+0xa8/0x4a0 [ 25.701981] kunit_try_run_case+0x1a5/0x480 [ 25.702189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.702426] kthread+0x337/0x6f0 [ 25.702585] ret_from_fork+0x116/0x1d0 [ 25.702762] ret_from_fork_asm+0x1a/0x30 [ 25.702904] [ 25.702967] The buggy address belongs to the object at ffff888104561c80 [ 25.702967] which belongs to the cache kmalloc-16 of size 16 [ 25.703417] The buggy address is located 0 bytes inside of [ 25.703417] allocated 13-byte region [ffff888104561c80, ffff888104561c8d) [ 25.703945] [ 25.704037] The buggy address belongs to the physical page: [ 25.704293] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104561 [ 25.704624] flags: 0x200000000000000(node=0|zone=2) [ 25.704866] page_type: f5(slab) [ 25.705003] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.705266] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.705663] page dumped because: kasan: bad access detected [ 25.705907] [ 25.705978] Memory state around the buggy address: [ 25.706281] ffff888104561b80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 25.706577] ffff888104561c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.706864] >ffff888104561c80: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.707186] ^ [ 25.707452] ffff888104561d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.707729] ffff888104561d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.707937] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.635828] ================================================================== [ 25.636343] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 25.636661] Read of size 1 at addr ffff8881060c4a00 by task kunit_try_catch/213 [ 25.636952] [ 25.637058] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.637114] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.637125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.637145] Call Trace: [ 25.637157] <TASK> [ 25.637172] dump_stack_lvl+0x73/0xb0 [ 25.637202] print_report+0xd1/0x610 [ 25.637224] ? __virt_addr_valid+0x1db/0x2d0 [ 25.637248] ? krealloc_uaf+0x1b8/0x5e0 [ 25.637267] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.637417] ? krealloc_uaf+0x1b8/0x5e0 [ 25.637439] kasan_report+0x141/0x180 [ 25.637460] ? krealloc_uaf+0x1b8/0x5e0 [ 25.637485] ? krealloc_uaf+0x1b8/0x5e0 [ 25.637506] __kasan_check_byte+0x3d/0x50 [ 25.637527] krealloc_noprof+0x3f/0x340 [ 25.637554] krealloc_uaf+0x1b8/0x5e0 [ 25.637576] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.637597] ? finish_task_switch.isra.0+0x153/0x700 [ 25.637619] ? __switch_to+0x47/0xf80 [ 25.637645] ? __schedule+0x10c6/0x2b60 [ 25.637669] ? __pfx_read_tsc+0x10/0x10 [ 25.637689] ? ktime_get_ts64+0x86/0x230 [ 25.637714] kunit_try_run_case+0x1a5/0x480 [ 25.637738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.637759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.637781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.637804] ? __kthread_parkme+0x82/0x180 [ 25.637827] ? preempt_count_sub+0x50/0x80 [ 25.637849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.637872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.637894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.637916] kthread+0x337/0x6f0 [ 25.637942] ? trace_preempt_on+0x20/0xc0 [ 25.637964] ? __pfx_kthread+0x10/0x10 [ 25.637984] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.638005] ? calculate_sigpending+0x7b/0xa0 [ 25.638027] ? __pfx_kthread+0x10/0x10 [ 25.638047] ret_from_fork+0x116/0x1d0 [ 25.638065] ? __pfx_kthread+0x10/0x10 [ 25.638095] ret_from_fork_asm+0x1a/0x30 [ 25.638126] </TASK> [ 25.638136] [ 25.648545] Allocated by task 213: [ 25.648673] kasan_save_stack+0x45/0x70 [ 25.648813] kasan_save_track+0x18/0x40 [ 25.648940] kasan_save_alloc_info+0x3b/0x50 [ 25.649275] __kasan_kmalloc+0xb7/0xc0 [ 25.649454] __kmalloc_cache_noprof+0x189/0x420 [ 25.649716] krealloc_uaf+0xbb/0x5e0 [ 25.649893] kunit_try_run_case+0x1a5/0x480 [ 25.650040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.650218] kthread+0x337/0x6f0 [ 25.650593] ret_from_fork+0x116/0x1d0 [ 25.650775] ret_from_fork_asm+0x1a/0x30 [ 25.650969] [ 25.651044] Freed by task 213: [ 25.651183] kasan_save_stack+0x45/0x70 [ 25.652058] kasan_save_track+0x18/0x40 [ 25.652293] kasan_save_free_info+0x3f/0x60 [ 25.652482] __kasan_slab_free+0x56/0x70 [ 25.652643] kfree+0x222/0x3f0 [ 25.652802] krealloc_uaf+0x13d/0x5e0 [ 25.652979] kunit_try_run_case+0x1a5/0x480 [ 25.653168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.654013] kthread+0x337/0x6f0 [ 25.654203] ret_from_fork+0x116/0x1d0 [ 25.654394] ret_from_fork_asm+0x1a/0x30 [ 25.654570] [ 25.654662] The buggy address belongs to the object at ffff8881060c4a00 [ 25.654662] which belongs to the cache kmalloc-256 of size 256 [ 25.655221] The buggy address is located 0 bytes inside of [ 25.655221] freed 256-byte region [ffff8881060c4a00, ffff8881060c4b00) [ 25.656231] [ 25.656389] The buggy address belongs to the physical page: [ 25.656611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.657150] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.657620] flags: 0x200000000000040(head|node=0|zone=2) [ 25.657840] page_type: f5(slab) [ 25.658163] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.658650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.659287] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.659887] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.660214] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.660651] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.661140] page dumped because: kasan: bad access detected [ 25.661364] [ 25.661713] Memory state around the buggy address: [ 25.662045] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.662515] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.662817] >ffff8881060c4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.663224] ^ [ 25.663449] ffff8881060c4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.663902] ffff8881060c4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.664262] ================================================================== [ 25.664901] ================================================================== [ 25.665204] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 25.666191] Read of size 1 at addr ffff8881060c4a00 by task kunit_try_catch/213 [ 25.666566] [ 25.666676] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.666727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.666740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.666760] Call Trace: [ 25.666774] <TASK> [ 25.666789] dump_stack_lvl+0x73/0xb0 [ 25.666819] print_report+0xd1/0x610 [ 25.666841] ? __virt_addr_valid+0x1db/0x2d0 [ 25.666864] ? krealloc_uaf+0x53c/0x5e0 [ 25.666884] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.666909] ? krealloc_uaf+0x53c/0x5e0 [ 25.666930] kasan_report+0x141/0x180 [ 25.666951] ? krealloc_uaf+0x53c/0x5e0 [ 25.666977] __asan_report_load1_noabort+0x18/0x20 [ 25.667001] krealloc_uaf+0x53c/0x5e0 [ 25.667021] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.667041] ? finish_task_switch.isra.0+0x153/0x700 [ 25.667061] ? __switch_to+0x47/0xf80 [ 25.667098] ? __schedule+0x10c6/0x2b60 [ 25.667120] ? __pfx_read_tsc+0x10/0x10 [ 25.667139] ? ktime_get_ts64+0x86/0x230 [ 25.667163] kunit_try_run_case+0x1a5/0x480 [ 25.667186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.667206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.667228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.667250] ? __kthread_parkme+0x82/0x180 [ 25.667283] ? preempt_count_sub+0x50/0x80 [ 25.667305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.667327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.667349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.667371] kthread+0x337/0x6f0 [ 25.667390] ? trace_preempt_on+0x20/0xc0 [ 25.667412] ? __pfx_kthread+0x10/0x10 [ 25.667432] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.667452] ? calculate_sigpending+0x7b/0xa0 [ 25.667474] ? __pfx_kthread+0x10/0x10 [ 25.667495] ret_from_fork+0x116/0x1d0 [ 25.667512] ? __pfx_kthread+0x10/0x10 [ 25.667531] ret_from_fork_asm+0x1a/0x30 [ 25.667563] </TASK> [ 25.667573] [ 25.674348] Allocated by task 213: [ 25.674524] kasan_save_stack+0x45/0x70 [ 25.674717] kasan_save_track+0x18/0x40 [ 25.674902] kasan_save_alloc_info+0x3b/0x50 [ 25.675119] __kasan_kmalloc+0xb7/0xc0 [ 25.675334] __kmalloc_cache_noprof+0x189/0x420 [ 25.675525] krealloc_uaf+0xbb/0x5e0 [ 25.675688] kunit_try_run_case+0x1a5/0x480 [ 25.675862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.676090] kthread+0x337/0x6f0 [ 25.676204] ret_from_fork+0x116/0x1d0 [ 25.676617] ret_from_fork_asm+0x1a/0x30 [ 25.676778] [ 25.676841] Freed by task 213: [ 25.676945] kasan_save_stack+0x45/0x70 [ 25.677072] kasan_save_track+0x18/0x40 [ 25.677267] kasan_save_free_info+0x3f/0x60 [ 25.677468] __kasan_slab_free+0x56/0x70 [ 25.677658] kfree+0x222/0x3f0 [ 25.678010] krealloc_uaf+0x13d/0x5e0 [ 25.678157] kunit_try_run_case+0x1a5/0x480 [ 25.678301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.678465] kthread+0x337/0x6f0 [ 25.678578] ret_from_fork+0x116/0x1d0 [ 25.678759] ret_from_fork_asm+0x1a/0x30 [ 25.678957] [ 25.679042] The buggy address belongs to the object at ffff8881060c4a00 [ 25.679042] which belongs to the cache kmalloc-256 of size 256 [ 25.680117] The buggy address is located 0 bytes inside of [ 25.680117] freed 256-byte region [ffff8881060c4a00, ffff8881060c4b00) [ 25.680677] [ 25.680770] The buggy address belongs to the physical page: [ 25.680975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.681383] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.681612] flags: 0x200000000000040(head|node=0|zone=2) [ 25.681780] page_type: f5(slab) [ 25.681893] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.682738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.683642] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.684000] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.684825] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.685538] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.686008] page dumped because: kasan: bad access detected [ 25.686460] [ 25.686552] Memory state around the buggy address: [ 25.686766] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687053] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.687276] >ffff8881060c4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.687686] ^ [ 25.687848] ffff8881060c4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.688159] ffff8881060c4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.688414] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 25.585625] ================================================================== [ 25.585982] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.586323] Write of size 1 at addr ffff88810602e0da by task kunit_try_catch/211 [ 25.586646] [ 25.586722] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.586766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.586777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.586797] Call Trace: [ 25.586811] <TASK> [ 25.586825] dump_stack_lvl+0x73/0xb0 [ 25.586851] print_report+0xd1/0x610 [ 25.586871] ? __virt_addr_valid+0x1db/0x2d0 [ 25.586959] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.586986] ? kasan_addr_to_slab+0x11/0xa0 [ 25.587006] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587029] kasan_report+0x141/0x180 [ 25.587050] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587088] __asan_report_store1_noabort+0x1b/0x30 [ 25.587111] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.587136] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.587159] ? finish_task_switch.isra.0+0x153/0x700 [ 25.587179] ? __switch_to+0x47/0xf80 [ 25.587203] ? __schedule+0x10c6/0x2b60 [ 25.587225] ? __pfx_read_tsc+0x10/0x10 [ 25.587248] krealloc_large_less_oob+0x1c/0x30 [ 25.587270] kunit_try_run_case+0x1a5/0x480 [ 25.587293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.587314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.587335] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.587358] ? __kthread_parkme+0x82/0x180 [ 25.587381] ? preempt_count_sub+0x50/0x80 [ 25.587403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.587425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.587447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.587469] kthread+0x337/0x6f0 [ 25.587487] ? trace_preempt_on+0x20/0xc0 [ 25.587510] ? __pfx_kthread+0x10/0x10 [ 25.587529] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.587550] ? calculate_sigpending+0x7b/0xa0 [ 25.587572] ? __pfx_kthread+0x10/0x10 [ 25.587592] ret_from_fork+0x116/0x1d0 [ 25.587610] ? __pfx_kthread+0x10/0x10 [ 25.587630] ret_from_fork_asm+0x1a/0x30 [ 25.587661] </TASK> [ 25.587670] [ 25.594977] The buggy address belongs to the physical page: [ 25.595235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.595522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.595789] flags: 0x200000000000040(head|node=0|zone=2) [ 25.596024] page_type: f8(unknown) [ 25.596197] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.596504] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.596789] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.597004] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.597250] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.597754] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.598113] page dumped because: kasan: bad access detected [ 25.598547] [ 25.598641] Memory state around the buggy address: [ 25.598857] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.599106] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.599304] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.599498] ^ [ 25.599692] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.599988] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.600484] ================================================================== [ 25.542160] ================================================================== [ 25.543219] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.543966] Write of size 1 at addr ffff88810602e0c9 by task kunit_try_catch/211 [ 25.544837] [ 25.545005] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.545052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.545063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.545094] Call Trace: [ 25.545106] <TASK> [ 25.545122] dump_stack_lvl+0x73/0xb0 [ 25.545151] print_report+0xd1/0x610 [ 25.545172] ? __virt_addr_valid+0x1db/0x2d0 [ 25.545196] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545218] ? kasan_addr_to_slab+0x11/0xa0 [ 25.545237] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545260] kasan_report+0x141/0x180 [ 25.545291] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545320] __asan_report_store1_noabort+0x1b/0x30 [ 25.545344] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.545368] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.545390] ? finish_task_switch.isra.0+0x153/0x700 [ 25.545412] ? __switch_to+0x47/0xf80 [ 25.545437] ? __schedule+0x10c6/0x2b60 [ 25.545459] ? __pfx_read_tsc+0x10/0x10 [ 25.545483] krealloc_large_less_oob+0x1c/0x30 [ 25.545532] kunit_try_run_case+0x1a5/0x480 [ 25.545557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.545589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.545619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.545642] ? __kthread_parkme+0x82/0x180 [ 25.545665] ? preempt_count_sub+0x50/0x80 [ 25.545688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.545711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.545733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.545755] kthread+0x337/0x6f0 [ 25.545773] ? trace_preempt_on+0x20/0xc0 [ 25.545796] ? __pfx_kthread+0x10/0x10 [ 25.545816] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.545836] ? calculate_sigpending+0x7b/0xa0 [ 25.545859] ? __pfx_kthread+0x10/0x10 [ 25.545879] ret_from_fork+0x116/0x1d0 [ 25.545897] ? __pfx_kthread+0x10/0x10 [ 25.545916] ret_from_fork_asm+0x1a/0x30 [ 25.545952] </TASK> [ 25.545962] [ 25.558271] The buggy address belongs to the physical page: [ 25.558787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.559709] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.560373] flags: 0x200000000000040(head|node=0|zone=2) [ 25.560970] page_type: f8(unknown) [ 25.561339] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.561984] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.562371] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.563090] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.563803] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.564033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.564456] page dumped because: kasan: bad access detected [ 25.564954] [ 25.565143] Memory state around the buggy address: [ 25.565639] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.566329] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.567215] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.567693] ^ [ 25.567862] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.568063] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.568273] ================================================================== [ 25.364446] ================================================================== [ 25.364909] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.365257] Write of size 1 at addr ffff8881060c48c9 by task kunit_try_catch/207 [ 25.365638] [ 25.365741] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.365894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.366022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.366044] Call Trace: [ 25.366056] <TASK> [ 25.366074] dump_stack_lvl+0x73/0xb0 [ 25.366192] print_report+0xd1/0x610 [ 25.366216] ? __virt_addr_valid+0x1db/0x2d0 [ 25.366262] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366295] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.366321] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366344] kasan_report+0x141/0x180 [ 25.366365] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366392] __asan_report_store1_noabort+0x1b/0x30 [ 25.366416] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.366440] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.366463] ? finish_task_switch.isra.0+0x153/0x700 [ 25.366484] ? __switch_to+0x47/0xf80 [ 25.366509] ? __schedule+0x10c6/0x2b60 [ 25.366532] ? __pfx_read_tsc+0x10/0x10 [ 25.366556] krealloc_less_oob+0x1c/0x30 [ 25.366576] kunit_try_run_case+0x1a5/0x480 [ 25.366600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.366620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.366642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.366664] ? __kthread_parkme+0x82/0x180 [ 25.366688] ? preempt_count_sub+0x50/0x80 [ 25.366709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.366732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.366753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.366775] kthread+0x337/0x6f0 [ 25.366793] ? trace_preempt_on+0x20/0xc0 [ 25.366818] ? __pfx_kthread+0x10/0x10 [ 25.366837] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.366858] ? calculate_sigpending+0x7b/0xa0 [ 25.366881] ? __pfx_kthread+0x10/0x10 [ 25.366901] ret_from_fork+0x116/0x1d0 [ 25.366919] ? __pfx_kthread+0x10/0x10 [ 25.366938] ret_from_fork_asm+0x1a/0x30 [ 25.366970] </TASK> [ 25.366980] [ 25.375667] Allocated by task 207: [ 25.375922] kasan_save_stack+0x45/0x70 [ 25.376062] kasan_save_track+0x18/0x40 [ 25.376346] kasan_save_alloc_info+0x3b/0x50 [ 25.377058] __kasan_krealloc+0x190/0x1f0 [ 25.377229] krealloc_noprof+0xf3/0x340 [ 25.377516] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.377795] krealloc_less_oob+0x1c/0x30 [ 25.377989] kunit_try_run_case+0x1a5/0x480 [ 25.378159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.378489] kthread+0x337/0x6f0 [ 25.378690] ret_from_fork+0x116/0x1d0 [ 25.378816] ret_from_fork_asm+0x1a/0x30 [ 25.379004] [ 25.379103] The buggy address belongs to the object at ffff8881060c4800 [ 25.379103] which belongs to the cache kmalloc-256 of size 256 [ 25.379893] The buggy address is located 0 bytes to the right of [ 25.379893] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.380854] [ 25.380928] The buggy address belongs to the physical page: [ 25.381463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.381929] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.382378] flags: 0x200000000000040(head|node=0|zone=2) [ 25.382682] page_type: f5(slab) [ 25.382842] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.383323] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.383618] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.383933] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.384368] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.384668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.384960] page dumped because: kasan: bad access detected [ 25.385347] [ 25.385432] Memory state around the buggy address: [ 25.385672] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.385950] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.386450] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.386750] ^ [ 25.386948] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.387454] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.387726] ================================================================== [ 25.413408] ================================================================== [ 25.413916] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414334] Write of size 1 at addr ffff8881060c48da by task kunit_try_catch/207 [ 25.414638] [ 25.414730] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.414777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.414788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.414808] Call Trace: [ 25.414824] <TASK> [ 25.414840] dump_stack_lvl+0x73/0xb0 [ 25.414868] print_report+0xd1/0x610 [ 25.414891] ? __virt_addr_valid+0x1db/0x2d0 [ 25.414913] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.414960] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.414983] kasan_report+0x141/0x180 [ 25.415004] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.415032] __asan_report_store1_noabort+0x1b/0x30 [ 25.415059] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.415093] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.415116] ? finish_task_switch.isra.0+0x153/0x700 [ 25.415137] ? __switch_to+0x47/0xf80 [ 25.415162] ? __schedule+0x10c6/0x2b60 [ 25.415184] ? __pfx_read_tsc+0x10/0x10 [ 25.415207] krealloc_less_oob+0x1c/0x30 [ 25.415228] kunit_try_run_case+0x1a5/0x480 [ 25.415250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.415272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.415342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.415364] ? __kthread_parkme+0x82/0x180 [ 25.415398] ? preempt_count_sub+0x50/0x80 [ 25.415420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.415443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.415464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.415486] kthread+0x337/0x6f0 [ 25.415847] ? trace_preempt_on+0x20/0xc0 [ 25.415874] ? __pfx_kthread+0x10/0x10 [ 25.415894] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.415915] ? calculate_sigpending+0x7b/0xa0 [ 25.415938] ? __pfx_kthread+0x10/0x10 [ 25.415958] ret_from_fork+0x116/0x1d0 [ 25.415976] ? __pfx_kthread+0x10/0x10 [ 25.415996] ret_from_fork_asm+0x1a/0x30 [ 25.416026] </TASK> [ 25.416037] [ 25.425915] Allocated by task 207: [ 25.426253] kasan_save_stack+0x45/0x70 [ 25.426599] kasan_save_track+0x18/0x40 [ 25.426892] kasan_save_alloc_info+0x3b/0x50 [ 25.427222] __kasan_krealloc+0x190/0x1f0 [ 25.427564] krealloc_noprof+0xf3/0x340 [ 25.427801] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.428130] krealloc_less_oob+0x1c/0x30 [ 25.428588] kunit_try_run_case+0x1a5/0x480 [ 25.428787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.429113] kthread+0x337/0x6f0 [ 25.429497] ret_from_fork+0x116/0x1d0 [ 25.429699] ret_from_fork_asm+0x1a/0x30 [ 25.430113] [ 25.430210] The buggy address belongs to the object at ffff8881060c4800 [ 25.430210] which belongs to the cache kmalloc-256 of size 256 [ 25.430978] The buggy address is located 17 bytes to the right of [ 25.430978] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.431713] [ 25.431814] The buggy address belongs to the physical page: [ 25.432170] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.432733] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.433201] flags: 0x200000000000040(head|node=0|zone=2) [ 25.433579] page_type: f5(slab) [ 25.433849] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.434317] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.434926] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.435435] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.435900] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.436369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.436775] page dumped because: kasan: bad access detected [ 25.437109] [ 25.437205] Memory state around the buggy address: [ 25.437673] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.437970] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.438278] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.438568] ^ [ 25.438823] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.439479] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.439941] ================================================================== [ 25.388597] ================================================================== [ 25.389021] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.389518] Write of size 1 at addr ffff8881060c48d0 by task kunit_try_catch/207 [ 25.389961] [ 25.390050] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.390108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.390157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.390199] Call Trace: [ 25.390212] <TASK> [ 25.390238] dump_stack_lvl+0x73/0xb0 [ 25.390380] print_report+0xd1/0x610 [ 25.390415] ? __virt_addr_valid+0x1db/0x2d0 [ 25.390438] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.390485] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390507] kasan_report+0x141/0x180 [ 25.390528] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390556] __asan_report_store1_noabort+0x1b/0x30 [ 25.390579] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.390604] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.390628] ? finish_task_switch.isra.0+0x153/0x700 [ 25.390648] ? __switch_to+0x47/0xf80 [ 25.390674] ? __schedule+0x10c6/0x2b60 [ 25.390696] ? __pfx_read_tsc+0x10/0x10 [ 25.390721] krealloc_less_oob+0x1c/0x30 [ 25.390741] kunit_try_run_case+0x1a5/0x480 [ 25.390764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.390784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.390806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.390828] ? __kthread_parkme+0x82/0x180 [ 25.390851] ? preempt_count_sub+0x50/0x80 [ 25.390873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.390895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.390916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.390938] kthread+0x337/0x6f0 [ 25.390957] ? trace_preempt_on+0x20/0xc0 [ 25.390981] ? __pfx_kthread+0x10/0x10 [ 25.391000] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.391021] ? calculate_sigpending+0x7b/0xa0 [ 25.391043] ? __pfx_kthread+0x10/0x10 [ 25.391063] ret_from_fork+0x116/0x1d0 [ 25.391089] ? __pfx_kthread+0x10/0x10 [ 25.391108] ret_from_fork_asm+0x1a/0x30 [ 25.391139] </TASK> [ 25.391149] [ 25.399802] Allocated by task 207: [ 25.400010] kasan_save_stack+0x45/0x70 [ 25.400229] kasan_save_track+0x18/0x40 [ 25.400472] kasan_save_alloc_info+0x3b/0x50 [ 25.400709] __kasan_krealloc+0x190/0x1f0 [ 25.400908] krealloc_noprof+0xf3/0x340 [ 25.401170] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.401433] krealloc_less_oob+0x1c/0x30 [ 25.401788] kunit_try_run_case+0x1a5/0x480 [ 25.401938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.402116] kthread+0x337/0x6f0 [ 25.402228] ret_from_fork+0x116/0x1d0 [ 25.402378] ret_from_fork_asm+0x1a/0x30 [ 25.402565] [ 25.402761] The buggy address belongs to the object at ffff8881060c4800 [ 25.402761] which belongs to the cache kmalloc-256 of size 256 [ 25.404105] The buggy address is located 7 bytes to the right of [ 25.404105] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.404874] [ 25.404986] The buggy address belongs to the physical page: [ 25.405188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.405532] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.406111] flags: 0x200000000000040(head|node=0|zone=2) [ 25.406472] page_type: f5(slab) [ 25.406603] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.407148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.407369] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.407864] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.408602] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.408937] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.409449] page dumped because: kasan: bad access detected [ 25.409714] [ 25.409815] Memory state around the buggy address: [ 25.410054] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.410642] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.410988] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.411394] ^ [ 25.411723] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412021] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.412271] ================================================================== [ 25.568987] ================================================================== [ 25.569399] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.569857] Write of size 1 at addr ffff88810602e0d0 by task kunit_try_catch/211 [ 25.570088] [ 25.570294] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.570342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.570353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.570372] Call Trace: [ 25.570384] <TASK> [ 25.570397] dump_stack_lvl+0x73/0xb0 [ 25.570425] print_report+0xd1/0x610 [ 25.570446] ? __virt_addr_valid+0x1db/0x2d0 [ 25.570469] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570491] ? kasan_addr_to_slab+0x11/0xa0 [ 25.570510] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570533] kasan_report+0x141/0x180 [ 25.570554] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570581] __asan_report_store1_noabort+0x1b/0x30 [ 25.570604] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.570628] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.570651] ? finish_task_switch.isra.0+0x153/0x700 [ 25.570672] ? __switch_to+0x47/0xf80 [ 25.570698] ? __schedule+0x10c6/0x2b60 [ 25.570720] ? __pfx_read_tsc+0x10/0x10 [ 25.570743] krealloc_large_less_oob+0x1c/0x30 [ 25.570765] kunit_try_run_case+0x1a5/0x480 [ 25.570787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570808] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.570829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.570851] ? __kthread_parkme+0x82/0x180 [ 25.570874] ? preempt_count_sub+0x50/0x80 [ 25.570896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.570940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.570962] kthread+0x337/0x6f0 [ 25.570980] ? trace_preempt_on+0x20/0xc0 [ 25.571004] ? __pfx_kthread+0x10/0x10 [ 25.571024] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.571044] ? calculate_sigpending+0x7b/0xa0 [ 25.571067] ? __pfx_kthread+0x10/0x10 [ 25.571100] ret_from_fork+0x116/0x1d0 [ 25.571117] ? __pfx_kthread+0x10/0x10 [ 25.571137] ret_from_fork_asm+0x1a/0x30 [ 25.571167] </TASK> [ 25.571176] [ 25.578817] The buggy address belongs to the physical page: [ 25.579209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.579622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.579945] flags: 0x200000000000040(head|node=0|zone=2) [ 25.580182] page_type: f8(unknown) [ 25.580485] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.580773] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.581002] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.581327] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.581666] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.582001] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.582404] page dumped because: kasan: bad access detected [ 25.582791] [ 25.582884] Memory state around the buggy address: [ 25.583091] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.583508] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.583719] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.583921] ^ [ 25.584196] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.584819] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.585295] ================================================================== [ 25.600816] ================================================================== [ 25.601022] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.601257] Write of size 1 at addr ffff88810602e0ea by task kunit_try_catch/211 [ 25.601817] [ 25.601936] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.601982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.601993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.602012] Call Trace: [ 25.602024] <TASK> [ 25.602036] dump_stack_lvl+0x73/0xb0 [ 25.602064] print_report+0xd1/0x610 [ 25.602096] ? __virt_addr_valid+0x1db/0x2d0 [ 25.602118] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602140] ? kasan_addr_to_slab+0x11/0xa0 [ 25.602159] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602182] kasan_report+0x141/0x180 [ 25.602203] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602230] __asan_report_store1_noabort+0x1b/0x30 [ 25.602307] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.602334] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.602357] ? finish_task_switch.isra.0+0x153/0x700 [ 25.602377] ? __switch_to+0x47/0xf80 [ 25.602401] ? __schedule+0x10c6/0x2b60 [ 25.602425] ? __pfx_read_tsc+0x10/0x10 [ 25.602449] krealloc_large_less_oob+0x1c/0x30 [ 25.602471] kunit_try_run_case+0x1a5/0x480 [ 25.602494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.602536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.602558] ? __kthread_parkme+0x82/0x180 [ 25.602581] ? preempt_count_sub+0x50/0x80 [ 25.602603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.602647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.602671] kthread+0x337/0x6f0 [ 25.602689] ? trace_preempt_on+0x20/0xc0 [ 25.602713] ? __pfx_kthread+0x10/0x10 [ 25.602733] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.602753] ? calculate_sigpending+0x7b/0xa0 [ 25.602775] ? __pfx_kthread+0x10/0x10 [ 25.602795] ret_from_fork+0x116/0x1d0 [ 25.602814] ? __pfx_kthread+0x10/0x10 [ 25.602833] ret_from_fork_asm+0x1a/0x30 [ 25.602864] </TASK> [ 25.602873] [ 25.610464] The buggy address belongs to the physical page: [ 25.610721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.611074] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.611501] flags: 0x200000000000040(head|node=0|zone=2) [ 25.611721] page_type: f8(unknown) [ 25.611885] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.612134] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.612470] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.612872] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.613093] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.613308] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.613515] page dumped because: kasan: bad access detected [ 25.613747] [ 25.613829] Memory state around the buggy address: [ 25.614132] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.614721] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.615038] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.615262] ^ [ 25.615447] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.615645] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.616209] ================================================================== [ 25.470178] ================================================================== [ 25.470696] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471211] Write of size 1 at addr ffff8881060c48eb by task kunit_try_catch/207 [ 25.471591] [ 25.471683] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.471729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.471740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.471759] Call Trace: [ 25.471772] <TASK> [ 25.471787] dump_stack_lvl+0x73/0xb0 [ 25.471816] print_report+0xd1/0x610 [ 25.471837] ? __virt_addr_valid+0x1db/0x2d0 [ 25.471859] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471881] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.471905] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471928] kasan_report+0x141/0x180 [ 25.471948] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.471976] __asan_report_store1_noabort+0x1b/0x30 [ 25.471999] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.472024] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.472046] ? finish_task_switch.isra.0+0x153/0x700 [ 25.472066] ? __switch_to+0x47/0xf80 [ 25.472100] ? __schedule+0x10c6/0x2b60 [ 25.472122] ? __pfx_read_tsc+0x10/0x10 [ 25.472144] krealloc_less_oob+0x1c/0x30 [ 25.472165] kunit_try_run_case+0x1a5/0x480 [ 25.472187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.472208] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.472229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.472251] ? __kthread_parkme+0x82/0x180 [ 25.472274] ? preempt_count_sub+0x50/0x80 [ 25.472312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.472334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.472356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.472378] kthread+0x337/0x6f0 [ 25.472395] ? trace_preempt_on+0x20/0xc0 [ 25.472419] ? __pfx_kthread+0x10/0x10 [ 25.472438] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.472458] ? calculate_sigpending+0x7b/0xa0 [ 25.472481] ? __pfx_kthread+0x10/0x10 [ 25.472501] ret_from_fork+0x116/0x1d0 [ 25.472518] ? __pfx_kthread+0x10/0x10 [ 25.472537] ret_from_fork_asm+0x1a/0x30 [ 25.472568] </TASK> [ 25.472577] [ 25.479098] Allocated by task 207: [ 25.479262] kasan_save_stack+0x45/0x70 [ 25.479467] kasan_save_track+0x18/0x40 [ 25.479650] kasan_save_alloc_info+0x3b/0x50 [ 25.479852] __kasan_krealloc+0x190/0x1f0 [ 25.480044] krealloc_noprof+0xf3/0x340 [ 25.480241] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.480565] krealloc_less_oob+0x1c/0x30 [ 25.480754] kunit_try_run_case+0x1a5/0x480 [ 25.480929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.481157] kthread+0x337/0x6f0 [ 25.481299] ret_from_fork+0x116/0x1d0 [ 25.481445] ret_from_fork_asm+0x1a/0x30 [ 25.481605] [ 25.481665] The buggy address belongs to the object at ffff8881060c4800 [ 25.481665] which belongs to the cache kmalloc-256 of size 256 [ 25.482137] The buggy address is located 34 bytes to the right of [ 25.482137] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.482603] [ 25.482690] The buggy address belongs to the physical page: [ 25.482934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.483221] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.483607] flags: 0x200000000000040(head|node=0|zone=2) [ 25.483814] page_type: f5(slab) [ 25.483968] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.484250] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.484540] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.484755] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.484968] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.485250] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.485617] page dumped because: kasan: bad access detected [ 25.485849] [ 25.485941] Memory state around the buggy address: [ 25.486138] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.486336] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.486531] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.486722] ^ [ 25.487148] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.487709] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.488022] ================================================================== [ 25.616630] ================================================================== [ 25.616963] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.617419] Write of size 1 at addr ffff88810602e0eb by task kunit_try_catch/211 [ 25.617703] [ 25.617802] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.617846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.617857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.617876] Call Trace: [ 25.617889] <TASK> [ 25.617903] dump_stack_lvl+0x73/0xb0 [ 25.617934] print_report+0xd1/0x610 [ 25.617955] ? __virt_addr_valid+0x1db/0x2d0 [ 25.617977] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.617999] ? kasan_addr_to_slab+0x11/0xa0 [ 25.618018] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618041] kasan_report+0x141/0x180 [ 25.618061] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618098] __asan_report_store1_noabort+0x1b/0x30 [ 25.618121] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.618146] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.618169] ? finish_task_switch.isra.0+0x153/0x700 [ 25.618188] ? __switch_to+0x47/0xf80 [ 25.618213] ? __schedule+0x10c6/0x2b60 [ 25.618235] ? __pfx_read_tsc+0x10/0x10 [ 25.618258] krealloc_large_less_oob+0x1c/0x30 [ 25.618414] kunit_try_run_case+0x1a5/0x480 [ 25.618446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.618467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.618490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.618512] ? __kthread_parkme+0x82/0x180 [ 25.618535] ? preempt_count_sub+0x50/0x80 [ 25.618556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.618578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.618600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.618622] kthread+0x337/0x6f0 [ 25.618640] ? trace_preempt_on+0x20/0xc0 [ 25.618663] ? __pfx_kthread+0x10/0x10 [ 25.618682] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.618703] ? calculate_sigpending+0x7b/0xa0 [ 25.618724] ? __pfx_kthread+0x10/0x10 [ 25.618744] ret_from_fork+0x116/0x1d0 [ 25.618762] ? __pfx_kthread+0x10/0x10 [ 25.618781] ret_from_fork_asm+0x1a/0x30 [ 25.618812] </TASK> [ 25.618821] [ 25.625700] The buggy address belongs to the physical page: [ 25.625959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.626371] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.626664] flags: 0x200000000000040(head|node=0|zone=2) [ 25.626876] page_type: f8(unknown) [ 25.627032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.627394] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.627643] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.627980] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.628308] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.628672] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.629000] page dumped because: kasan: bad access detected [ 25.629222] [ 25.629314] Memory state around the buggy address: [ 25.629461] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.629672] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.629881] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.630108] ^ [ 25.630735] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.631045] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.631327] ================================================================== [ 25.441389] ================================================================== [ 25.441678] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.442187] Write of size 1 at addr ffff8881060c48ea by task kunit_try_catch/207 [ 25.442904] [ 25.443146] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.443198] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.443336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.443360] Call Trace: [ 25.443372] <TASK> [ 25.443388] dump_stack_lvl+0x73/0xb0 [ 25.443418] print_report+0xd1/0x610 [ 25.443439] ? __virt_addr_valid+0x1db/0x2d0 [ 25.443463] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443485] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.443510] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443533] kasan_report+0x141/0x180 [ 25.443555] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443582] __asan_report_store1_noabort+0x1b/0x30 [ 25.443605] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.443629] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.443652] ? finish_task_switch.isra.0+0x153/0x700 [ 25.443673] ? __switch_to+0x47/0xf80 [ 25.443697] ? __schedule+0x10c6/0x2b60 [ 25.443719] ? __pfx_read_tsc+0x10/0x10 [ 25.443745] krealloc_less_oob+0x1c/0x30 [ 25.443766] kunit_try_run_case+0x1a5/0x480 [ 25.443789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.443810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.443831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.443853] ? __kthread_parkme+0x82/0x180 [ 25.443876] ? preempt_count_sub+0x50/0x80 [ 25.443898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.443920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.443942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.443964] kthread+0x337/0x6f0 [ 25.443982] ? trace_preempt_on+0x20/0xc0 [ 25.444006] ? __pfx_kthread+0x10/0x10 [ 25.444026] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.444047] ? calculate_sigpending+0x7b/0xa0 [ 25.444069] ? __pfx_kthread+0x10/0x10 [ 25.444101] ret_from_fork+0x116/0x1d0 [ 25.444119] ? __pfx_kthread+0x10/0x10 [ 25.444138] ret_from_fork_asm+0x1a/0x30 [ 25.444169] </TASK> [ 25.444179] [ 25.455049] Allocated by task 207: [ 25.455231] kasan_save_stack+0x45/0x70 [ 25.455887] kasan_save_track+0x18/0x40 [ 25.456065] kasan_save_alloc_info+0x3b/0x50 [ 25.456495] __kasan_krealloc+0x190/0x1f0 [ 25.456809] krealloc_noprof+0xf3/0x340 [ 25.457126] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.457454] krealloc_less_oob+0x1c/0x30 [ 25.457647] kunit_try_run_case+0x1a5/0x480 [ 25.457836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.458071] kthread+0x337/0x6f0 [ 25.458230] ret_from_fork+0x116/0x1d0 [ 25.458697] ret_from_fork_asm+0x1a/0x30 [ 25.458865] [ 25.459137] The buggy address belongs to the object at ffff8881060c4800 [ 25.459137] which belongs to the cache kmalloc-256 of size 256 [ 25.460014] The buggy address is located 33 bytes to the right of [ 25.460014] allocated 201-byte region [ffff8881060c4800, ffff8881060c48c9) [ 25.460805] [ 25.460922] The buggy address belongs to the physical page: [ 25.461132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.461823] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.462145] flags: 0x200000000000040(head|node=0|zone=2) [ 25.462580] page_type: f5(slab) [ 25.462884] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.463326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.463787] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.464287] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.464707] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.465015] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.465558] page dumped because: kasan: bad access detected [ 25.465873] [ 25.465975] Memory state around the buggy address: [ 25.466430] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.466845] ffff8881060c4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.467243] >ffff8881060c4880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.467685] ^ [ 25.468063] ffff8881060c4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.468592] ffff8881060c4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.469015] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 25.301138] ================================================================== [ 25.302294] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 25.302663] Write of size 1 at addr ffff8881060c46eb by task kunit_try_catch/205 [ 25.302875] [ 25.302957] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.303009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.303021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.303042] Call Trace: [ 25.303056] <TASK> [ 25.303074] dump_stack_lvl+0x73/0xb0 [ 25.303117] print_report+0xd1/0x610 [ 25.303139] ? __virt_addr_valid+0x1db/0x2d0 [ 25.303164] ? krealloc_more_oob_helper+0x821/0x930 [ 25.303187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.303211] ? krealloc_more_oob_helper+0x821/0x930 [ 25.303234] kasan_report+0x141/0x180 [ 25.303266] ? krealloc_more_oob_helper+0x821/0x930 [ 25.303293] __asan_report_store1_noabort+0x1b/0x30 [ 25.303329] krealloc_more_oob_helper+0x821/0x930 [ 25.303350] ? __schedule+0x10c6/0x2b60 [ 25.303373] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.303396] ? finish_task_switch.isra.0+0x153/0x700 [ 25.303417] ? __switch_to+0x47/0xf80 [ 25.303444] ? __schedule+0x10c6/0x2b60 [ 25.303465] ? __pfx_read_tsc+0x10/0x10 [ 25.303489] krealloc_more_oob+0x1c/0x30 [ 25.303510] kunit_try_run_case+0x1a5/0x480 [ 25.303534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303555] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.303577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.303599] ? __kthread_parkme+0x82/0x180 [ 25.303623] ? preempt_count_sub+0x50/0x80 [ 25.303644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.303688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.303710] kthread+0x337/0x6f0 [ 25.303734] ? trace_preempt_on+0x20/0xc0 [ 25.303759] ? __pfx_kthread+0x10/0x10 [ 25.303778] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.303800] ? calculate_sigpending+0x7b/0xa0 [ 25.303824] ? __pfx_kthread+0x10/0x10 [ 25.303844] ret_from_fork+0x116/0x1d0 [ 25.303862] ? __pfx_kthread+0x10/0x10 [ 25.303881] ret_from_fork_asm+0x1a/0x30 [ 25.303913] </TASK> [ 25.303923] [ 25.316679] Allocated by task 205: [ 25.316805] kasan_save_stack+0x45/0x70 [ 25.317125] kasan_save_track+0x18/0x40 [ 25.317401] kasan_save_alloc_info+0x3b/0x50 [ 25.317991] __kasan_krealloc+0x190/0x1f0 [ 25.318185] krealloc_noprof+0xf3/0x340 [ 25.318317] krealloc_more_oob_helper+0x1a9/0x930 [ 25.318724] krealloc_more_oob+0x1c/0x30 [ 25.319338] kunit_try_run_case+0x1a5/0x480 [ 25.319554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.320067] kthread+0x337/0x6f0 [ 25.320526] ret_from_fork+0x116/0x1d0 [ 25.320893] ret_from_fork_asm+0x1a/0x30 [ 25.321313] [ 25.321382] The buggy address belongs to the object at ffff8881060c4600 [ 25.321382] which belongs to the cache kmalloc-256 of size 256 [ 25.321723] The buggy address is located 0 bytes to the right of [ 25.321723] allocated 235-byte region [ffff8881060c4600, ffff8881060c46eb) [ 25.322073] [ 25.322177] The buggy address belongs to the physical page: [ 25.322342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.323127] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.323349] flags: 0x200000000000040(head|node=0|zone=2) [ 25.323714] page_type: f5(slab) [ 25.323886] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.324294] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.324837] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.325427] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.325854] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.326190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.326729] page dumped because: kasan: bad access detected [ 25.327091] [ 25.327237] Memory state around the buggy address: [ 25.327692] ffff8881060c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.327982] ffff8881060c4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.328577] >ffff8881060c4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.328987] ^ [ 25.329625] ffff8881060c4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.329967] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.330271] ================================================================== [ 25.492265] ================================================================== [ 25.493032] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 25.493586] Write of size 1 at addr ffff88810602e0eb by task kunit_try_catch/209 [ 25.493884] [ 25.493976] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.494025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.494036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.494057] Call Trace: [ 25.494069] <TASK> [ 25.494097] dump_stack_lvl+0x73/0xb0 [ 25.494129] print_report+0xd1/0x610 [ 25.494150] ? __virt_addr_valid+0x1db/0x2d0 [ 25.494174] ? krealloc_more_oob_helper+0x821/0x930 [ 25.494196] ? kasan_addr_to_slab+0x11/0xa0 [ 25.494215] ? krealloc_more_oob_helper+0x821/0x930 [ 25.494237] kasan_report+0x141/0x180 [ 25.494271] ? krealloc_more_oob_helper+0x821/0x930 [ 25.494308] __asan_report_store1_noabort+0x1b/0x30 [ 25.494331] krealloc_more_oob_helper+0x821/0x930 [ 25.494352] ? __schedule+0x10c6/0x2b60 [ 25.494374] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.494397] ? finish_task_switch.isra.0+0x153/0x700 [ 25.494418] ? __switch_to+0x47/0xf80 [ 25.494442] ? __schedule+0x10c6/0x2b60 [ 25.494463] ? __pfx_read_tsc+0x10/0x10 [ 25.494487] krealloc_large_more_oob+0x1c/0x30 [ 25.494508] kunit_try_run_case+0x1a5/0x480 [ 25.494532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.494552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.494574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.494596] ? __kthread_parkme+0x82/0x180 [ 25.494619] ? preempt_count_sub+0x50/0x80 [ 25.494640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.494663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.494684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.494707] kthread+0x337/0x6f0 [ 25.494725] ? trace_preempt_on+0x20/0xc0 [ 25.494748] ? __pfx_kthread+0x10/0x10 [ 25.494767] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.494788] ? calculate_sigpending+0x7b/0xa0 [ 25.494811] ? __pfx_kthread+0x10/0x10 [ 25.494831] ret_from_fork+0x116/0x1d0 [ 25.494849] ? __pfx_kthread+0x10/0x10 [ 25.494868] ret_from_fork_asm+0x1a/0x30 [ 25.494899] </TASK> [ 25.494909] [ 25.502970] The buggy address belongs to the physical page: [ 25.503268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.503663] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.504003] flags: 0x200000000000040(head|node=0|zone=2) [ 25.504189] page_type: f8(unknown) [ 25.504514] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.504913] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.505245] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.505624] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.506005] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.506387] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.506702] page dumped because: kasan: bad access detected [ 25.506890] [ 25.506950] Memory state around the buggy address: [ 25.507105] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.509951] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.510517] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.511253] ^ [ 25.511494] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.511706] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.512313] ================================================================== [ 25.513576] ================================================================== [ 25.513800] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.514034] Write of size 1 at addr ffff88810602e0f0 by task kunit_try_catch/209 [ 25.514256] [ 25.514331] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.514377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.514389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.514409] Call Trace: [ 25.514422] <TASK> [ 25.514435] dump_stack_lvl+0x73/0xb0 [ 25.514462] print_report+0xd1/0x610 [ 25.514483] ? __virt_addr_valid+0x1db/0x2d0 [ 25.514505] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.514526] ? kasan_addr_to_slab+0x11/0xa0 [ 25.514545] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.514567] kasan_report+0x141/0x180 [ 25.514587] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.514614] __asan_report_store1_noabort+0x1b/0x30 [ 25.514637] krealloc_more_oob_helper+0x7eb/0x930 [ 25.514657] ? __schedule+0x10c6/0x2b60 [ 25.514678] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.514701] ? finish_task_switch.isra.0+0x153/0x700 [ 25.514721] ? __switch_to+0x47/0xf80 [ 25.514745] ? __schedule+0x10c6/0x2b60 [ 25.514766] ? __pfx_read_tsc+0x10/0x10 [ 25.514790] krealloc_large_more_oob+0x1c/0x30 [ 25.514812] kunit_try_run_case+0x1a5/0x480 [ 25.514833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.514854] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.514875] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.514897] ? __kthread_parkme+0x82/0x180 [ 25.514920] ? preempt_count_sub+0x50/0x80 [ 25.514941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.514962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.514984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.515005] kthread+0x337/0x6f0 [ 25.515023] ? trace_preempt_on+0x20/0xc0 [ 25.515046] ? __pfx_kthread+0x10/0x10 [ 25.515065] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.516267] ? calculate_sigpending+0x7b/0xa0 [ 25.516336] ? __pfx_kthread+0x10/0x10 [ 25.516384] ret_from_fork+0x116/0x1d0 [ 25.516416] ? __pfx_kthread+0x10/0x10 [ 25.516436] ret_from_fork_asm+0x1a/0x30 [ 25.516467] </TASK> [ 25.516478] [ 25.529690] The buggy address belongs to the physical page: [ 25.530392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10602c [ 25.530953] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.531187] flags: 0x200000000000040(head|node=0|zone=2) [ 25.531817] page_type: f8(unknown) [ 25.532235] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.532941] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.533770] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.534047] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.534293] head: 0200000000000002 ffffea0004180b01 00000000ffffffff 00000000ffffffff [ 25.534518] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.534735] page dumped because: kasan: bad access detected [ 25.534897] [ 25.534958] Memory state around the buggy address: [ 25.535178] ffff88810602df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.535785] ffff88810602e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.536586] >ffff88810602e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.537213] ^ [ 25.537821] ffff88810602e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.538534] ffff88810602e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.539133] ================================================================== [ 25.331272] ================================================================== [ 25.331823] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.332143] Write of size 1 at addr ffff8881060c46f0 by task kunit_try_catch/205 [ 25.332627] [ 25.332751] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.332818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.332829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.332849] Call Trace: [ 25.332879] <TASK> [ 25.332895] dump_stack_lvl+0x73/0xb0 [ 25.332925] print_report+0xd1/0x610 [ 25.332946] ? __virt_addr_valid+0x1db/0x2d0 [ 25.332968] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.332990] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.333015] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.333038] kasan_report+0x141/0x180 [ 25.333059] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.333097] __asan_report_store1_noabort+0x1b/0x30 [ 25.333120] krealloc_more_oob_helper+0x7eb/0x930 [ 25.333141] ? __schedule+0x10c6/0x2b60 [ 25.333163] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.333186] ? finish_task_switch.isra.0+0x153/0x700 [ 25.333206] ? __switch_to+0x47/0xf80 [ 25.333231] ? __schedule+0x10c6/0x2b60 [ 25.333252] ? __pfx_read_tsc+0x10/0x10 [ 25.333275] krealloc_more_oob+0x1c/0x30 [ 25.333295] kunit_try_run_case+0x1a5/0x480 [ 25.333319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333340] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.333362] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.333385] ? __kthread_parkme+0x82/0x180 [ 25.333408] ? preempt_count_sub+0x50/0x80 [ 25.333430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.333711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.333740] kthread+0x337/0x6f0 [ 25.333759] ? trace_preempt_on+0x20/0xc0 [ 25.333783] ? __pfx_kthread+0x10/0x10 [ 25.333802] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.333823] ? calculate_sigpending+0x7b/0xa0 [ 25.333846] ? __pfx_kthread+0x10/0x10 [ 25.333866] ret_from_fork+0x116/0x1d0 [ 25.333884] ? __pfx_kthread+0x10/0x10 [ 25.333903] ret_from_fork_asm+0x1a/0x30 [ 25.333939] </TASK> [ 25.333949] [ 25.344883] Allocated by task 205: [ 25.345229] kasan_save_stack+0x45/0x70 [ 25.345494] kasan_save_track+0x18/0x40 [ 25.345877] kasan_save_alloc_info+0x3b/0x50 [ 25.346112] __kasan_krealloc+0x190/0x1f0 [ 25.346462] krealloc_noprof+0xf3/0x340 [ 25.346811] krealloc_more_oob_helper+0x1a9/0x930 [ 25.347050] krealloc_more_oob+0x1c/0x30 [ 25.347529] kunit_try_run_case+0x1a5/0x480 [ 25.347821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.348005] kthread+0x337/0x6f0 [ 25.348184] ret_from_fork+0x116/0x1d0 [ 25.348640] ret_from_fork_asm+0x1a/0x30 [ 25.349073] [ 25.349158] The buggy address belongs to the object at ffff8881060c4600 [ 25.349158] which belongs to the cache kmalloc-256 of size 256 [ 25.350053] The buggy address is located 5 bytes to the right of [ 25.350053] allocated 235-byte region [ffff8881060c4600, ffff8881060c46eb) [ 25.350790] [ 25.351036] The buggy address belongs to the physical page: [ 25.351324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060c4 [ 25.351957] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.352547] flags: 0x200000000000040(head|node=0|zone=2) [ 25.352833] page_type: f5(slab) [ 25.353055] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.353635] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.354164] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.354649] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.355109] head: 0200000000000001 ffffea0004183101 00000000ffffffff 00000000ffffffff [ 25.355664] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.356051] page dumped because: kasan: bad access detected [ 25.356364] [ 25.356796] Memory state around the buggy address: [ 25.357007] ffff8881060c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.357598] ffff8881060c4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.357916] >ffff8881060c4680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.358234] ^ [ 25.358782] ffff8881060c4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.359207] ffff8881060c4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.359711] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 25.078531] ================================================================== [ 25.079232] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 25.079709] Read of size 1 at addr ffff888106053000 by task kunit_try_catch/189 [ 25.080026] [ 25.080155] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.080203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.080215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.080235] Call Trace: [ 25.080298] <TASK> [ 25.080315] dump_stack_lvl+0x73/0xb0 [ 25.080345] print_report+0xd1/0x610 [ 25.080402] ? __virt_addr_valid+0x1db/0x2d0 [ 25.080425] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.080459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.080484] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.080506] kasan_report+0x141/0x180 [ 25.080527] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.080563] __asan_report_load1_noabort+0x18/0x20 [ 25.080586] kmalloc_node_oob_right+0x369/0x3c0 [ 25.080609] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 25.080643] ? __schedule+0x10c6/0x2b60 [ 25.080665] ? __pfx_read_tsc+0x10/0x10 [ 25.080685] ? ktime_get_ts64+0x86/0x230 [ 25.080717] kunit_try_run_case+0x1a5/0x480 [ 25.080740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.080761] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.080793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.080815] ? __kthread_parkme+0x82/0x180 [ 25.080838] ? preempt_count_sub+0x50/0x80 [ 25.080861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.080883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.080904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.080926] kthread+0x337/0x6f0 [ 25.080944] ? trace_preempt_on+0x20/0xc0 [ 25.080966] ? __pfx_kthread+0x10/0x10 [ 25.080985] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.081005] ? calculate_sigpending+0x7b/0xa0 [ 25.081028] ? __pfx_kthread+0x10/0x10 [ 25.081048] ret_from_fork+0x116/0x1d0 [ 25.081065] ? __pfx_kthread+0x10/0x10 [ 25.081095] ret_from_fork_asm+0x1a/0x30 [ 25.081125] </TASK> [ 25.081136] [ 25.090103] Allocated by task 189: [ 25.090410] kasan_save_stack+0x45/0x70 [ 25.090593] kasan_save_track+0x18/0x40 [ 25.090766] kasan_save_alloc_info+0x3b/0x50 [ 25.090908] __kasan_kmalloc+0xb7/0xc0 [ 25.091091] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.091467] kmalloc_node_oob_right+0xab/0x3c0 [ 25.091660] kunit_try_run_case+0x1a5/0x480 [ 25.091845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.092095] kthread+0x337/0x6f0 [ 25.092320] ret_from_fork+0x116/0x1d0 [ 25.092452] ret_from_fork_asm+0x1a/0x30 [ 25.092643] [ 25.092729] The buggy address belongs to the object at ffff888106052000 [ 25.092729] which belongs to the cache kmalloc-4k of size 4096 [ 25.093171] The buggy address is located 0 bytes to the right of [ 25.093171] allocated 4096-byte region [ffff888106052000, ffff888106053000) [ 25.093761] [ 25.093839] The buggy address belongs to the physical page: [ 25.094136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106050 [ 25.094635] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.094901] flags: 0x200000000000040(head|node=0|zone=2) [ 25.095493] page_type: f5(slab) [ 25.095669] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 25.095939] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.096385] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 25.096694] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.096972] head: 0200000000000003 ffffea0004181401 00000000ffffffff 00000000ffffffff [ 25.097386] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 25.097677] page dumped because: kasan: bad access detected [ 25.097935] [ 25.098025] Memory state around the buggy address: [ 25.098215] ffff888106052f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.098696] ffff888106052f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.098987] >ffff888106053000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.099384] ^ [ 25.099556] ffff888106053080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.099826] ffff888106053100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.100110] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 25.041194] ================================================================== [ 25.042376] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 25.043300] Read of size 1 at addr ffff888104561c5f by task kunit_try_catch/187 [ 25.043890] [ 25.044108] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.044159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.044170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.044191] Call Trace: [ 25.044203] <TASK> [ 25.044220] dump_stack_lvl+0x73/0xb0 [ 25.044292] print_report+0xd1/0x610 [ 25.044313] ? __virt_addr_valid+0x1db/0x2d0 [ 25.044362] ? kmalloc_oob_left+0x361/0x3c0 [ 25.044402] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.044426] ? kmalloc_oob_left+0x361/0x3c0 [ 25.044447] kasan_report+0x141/0x180 [ 25.044467] ? kmalloc_oob_left+0x361/0x3c0 [ 25.044492] __asan_report_load1_noabort+0x18/0x20 [ 25.044515] kmalloc_oob_left+0x361/0x3c0 [ 25.044535] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 25.044557] ? __schedule+0x10c6/0x2b60 [ 25.044579] ? __pfx_read_tsc+0x10/0x10 [ 25.044599] ? ktime_get_ts64+0x86/0x230 [ 25.044623] kunit_try_run_case+0x1a5/0x480 [ 25.044647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.044667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.044689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.044711] ? __kthread_parkme+0x82/0x180 [ 25.044734] ? preempt_count_sub+0x50/0x80 [ 25.044756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.044779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.044800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.044823] kthread+0x337/0x6f0 [ 25.044841] ? trace_preempt_on+0x20/0xc0 [ 25.044864] ? __pfx_kthread+0x10/0x10 [ 25.044883] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.044903] ? calculate_sigpending+0x7b/0xa0 [ 25.044926] ? __pfx_kthread+0x10/0x10 [ 25.044946] ret_from_fork+0x116/0x1d0 [ 25.044963] ? __pfx_kthread+0x10/0x10 [ 25.044982] ret_from_fork_asm+0x1a/0x30 [ 25.045013] </TASK> [ 25.045024] [ 25.056717] Allocated by task 21: [ 25.056842] kasan_save_stack+0x45/0x70 [ 25.056981] kasan_save_track+0x18/0x40 [ 25.057122] kasan_save_alloc_info+0x3b/0x50 [ 25.057332] __kasan_kmalloc+0xb7/0xc0 [ 25.057465] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.057662] build_sched_domains+0x38c/0x5d80 [ 25.057866] partition_sched_domains+0x471/0x9c0 [ 25.058033] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.058267] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.058581] sched_cpu_activate+0x2bf/0x330 [ 25.059012] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.059249] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.059768] smpboot_thread_fn+0x2bc/0x730 [ 25.059961] kthread+0x337/0x6f0 [ 25.060123] ret_from_fork+0x116/0x1d0 [ 25.060632] ret_from_fork_asm+0x1a/0x30 [ 25.060884] [ 25.061163] Freed by task 21: [ 25.061387] kasan_save_stack+0x45/0x70 [ 25.061579] kasan_save_track+0x18/0x40 [ 25.061750] kasan_save_free_info+0x3f/0x60 [ 25.061939] __kasan_slab_free+0x56/0x70 [ 25.062125] kfree+0x222/0x3f0 [ 25.062608] build_sched_domains+0x2072/0x5d80 [ 25.062956] partition_sched_domains+0x471/0x9c0 [ 25.063199] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.063940] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.064189] sched_cpu_activate+0x2bf/0x330 [ 25.064678] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.064890] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.065065] smpboot_thread_fn+0x2bc/0x730 [ 25.065219] kthread+0x337/0x6f0 [ 25.065330] ret_from_fork+0x116/0x1d0 [ 25.065620] ret_from_fork_asm+0x1a/0x30 [ 25.065810] [ 25.065880] The buggy address belongs to the object at ffff888104561c40 [ 25.065880] which belongs to the cache kmalloc-16 of size 16 [ 25.066664] The buggy address is located 15 bytes to the right of [ 25.066664] allocated 16-byte region [ffff888104561c40, ffff888104561c50) [ 25.067231] [ 25.067301] The buggy address belongs to the physical page: [ 25.067599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104561 [ 25.067942] flags: 0x200000000000000(node=0|zone=2) [ 25.068146] page_type: f5(slab) [ 25.068268] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.068565] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.069097] page dumped because: kasan: bad access detected [ 25.069475] [ 25.069703] Memory state around the buggy address: [ 25.069919] ffff888104561b00: fa fb fc fc 00 06 fc fc 00 06 fc fc 00 06 fc fc [ 25.070302] ffff888104561b80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 25.070555] >ffff888104561c00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 25.070855] ^ [ 25.071106] ffff888104561c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.071600] ffff888104561d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.071830] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 25.014947] ================================================================== [ 25.015633] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 25.016254] Read of size 1 at addr ffff88810553d380 by task kunit_try_catch/185 [ 25.016888] [ 25.017056] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.017116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.017128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.017148] Call Trace: [ 25.017163] <TASK> [ 25.017176] dump_stack_lvl+0x73/0xb0 [ 25.017205] print_report+0xd1/0x610 [ 25.017238] ? __virt_addr_valid+0x1db/0x2d0 [ 25.017261] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.017290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.017315] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.017336] kasan_report+0x141/0x180 [ 25.017357] ? kmalloc_oob_right+0x68a/0x7f0 [ 25.017382] __asan_report_load1_noabort+0x18/0x20 [ 25.017405] kmalloc_oob_right+0x68a/0x7f0 [ 25.017426] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 25.017447] ? __schedule+0x10c6/0x2b60 [ 25.017469] ? __pfx_read_tsc+0x10/0x10 [ 25.017489] ? ktime_get_ts64+0x86/0x230 [ 25.017513] kunit_try_run_case+0x1a5/0x480 [ 25.017535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.017556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.017578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.017600] ? __kthread_parkme+0x82/0x180 [ 25.017622] ? preempt_count_sub+0x50/0x80 [ 25.017644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.017666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.017696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.017720] kthread+0x337/0x6f0 [ 25.017745] ? trace_preempt_on+0x20/0xc0 [ 25.017774] ? __pfx_kthread+0x10/0x10 [ 25.017793] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.017814] ? calculate_sigpending+0x7b/0xa0 [ 25.017836] ? __pfx_kthread+0x10/0x10 [ 25.017856] ret_from_fork+0x116/0x1d0 [ 25.017874] ? __pfx_kthread+0x10/0x10 [ 25.017893] ret_from_fork_asm+0x1a/0x30 [ 25.017927] </TASK> [ 25.017937] [ 25.028269] Allocated by task 185: [ 25.028474] kasan_save_stack+0x45/0x70 [ 25.028611] kasan_save_track+0x18/0x40 [ 25.029045] kasan_save_alloc_info+0x3b/0x50 [ 25.029535] __kasan_kmalloc+0xb7/0xc0 [ 25.029935] __kmalloc_cache_noprof+0x189/0x420 [ 25.030457] kmalloc_oob_right+0xa9/0x7f0 [ 25.030664] kunit_try_run_case+0x1a5/0x480 [ 25.030798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.030958] kthread+0x337/0x6f0 [ 25.031065] ret_from_fork+0x116/0x1d0 [ 25.031197] ret_from_fork_asm+0x1a/0x30 [ 25.031463] [ 25.031590] The buggy address belongs to the object at ffff88810553d300 [ 25.031590] which belongs to the cache kmalloc-128 of size 128 [ 25.032034] The buggy address is located 13 bytes to the right of [ 25.032034] allocated 115-byte region [ffff88810553d300, ffff88810553d373) [ 25.032692] [ 25.032798] The buggy address belongs to the physical page: [ 25.033140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.033563] flags: 0x200000000000000(node=0|zone=2) [ 25.033753] page_type: f5(slab) [ 25.033862] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.034238] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.034708] page dumped because: kasan: bad access detected [ 25.035014] [ 25.035132] Memory state around the buggy address: [ 25.035332] ffff88810553d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.035569] ffff88810553d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.035998] >ffff88810553d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.036305] ^ [ 25.036585] ffff88810553d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.037196] ffff88810553d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.037461] ================================================================== [ 24.957213] ================================================================== [ 24.958195] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.959199] Write of size 1 at addr ffff88810553d373 by task kunit_try_catch/185 [ 24.959941] [ 24.961345] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 24.961690] Tainted: [N]=TEST [ 24.961721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.961948] Call Trace: [ 24.962015] <TASK> [ 24.962173] dump_stack_lvl+0x73/0xb0 [ 24.962288] print_report+0xd1/0x610 [ 24.962349] ? __virt_addr_valid+0x1db/0x2d0 [ 24.962376] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.962431] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.962457] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.962488] kasan_report+0x141/0x180 [ 24.962509] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.962535] __asan_report_store1_noabort+0x1b/0x30 [ 24.962558] kmalloc_oob_right+0x6f0/0x7f0 [ 24.962580] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.962601] ? __schedule+0x10c6/0x2b60 [ 24.962625] ? __pfx_read_tsc+0x10/0x10 [ 24.962646] ? ktime_get_ts64+0x86/0x230 [ 24.962672] kunit_try_run_case+0x1a5/0x480 [ 24.962698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.962719] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.962741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.962763] ? __kthread_parkme+0x82/0x180 [ 24.962788] ? preempt_count_sub+0x50/0x80 [ 24.962811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.962833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.962855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.962878] kthread+0x337/0x6f0 [ 24.962896] ? trace_preempt_on+0x20/0xc0 [ 24.962920] ? __pfx_kthread+0x10/0x10 [ 24.962940] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.962960] ? calculate_sigpending+0x7b/0xa0 [ 24.962984] ? __pfx_kthread+0x10/0x10 [ 24.963004] ret_from_fork+0x116/0x1d0 [ 24.963022] ? __pfx_kthread+0x10/0x10 [ 24.963042] ret_from_fork_asm+0x1a/0x30 [ 24.963110] </TASK> [ 24.963175] [ 24.972604] Allocated by task 185: [ 24.973067] kasan_save_stack+0x45/0x70 [ 24.973403] kasan_save_track+0x18/0x40 [ 24.973756] kasan_save_alloc_info+0x3b/0x50 [ 24.974103] __kasan_kmalloc+0xb7/0xc0 [ 24.974277] __kmalloc_cache_noprof+0x189/0x420 [ 24.974671] kmalloc_oob_right+0xa9/0x7f0 [ 24.974872] kunit_try_run_case+0x1a5/0x480 [ 24.975054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.975674] kthread+0x337/0x6f0 [ 24.975840] ret_from_fork+0x116/0x1d0 [ 24.976200] ret_from_fork_asm+0x1a/0x30 [ 24.976683] [ 24.976859] The buggy address belongs to the object at ffff88810553d300 [ 24.976859] which belongs to the cache kmalloc-128 of size 128 [ 24.977751] The buggy address is located 0 bytes to the right of [ 24.977751] allocated 115-byte region [ffff88810553d300, ffff88810553d373) [ 24.978560] [ 24.978861] The buggy address belongs to the physical page: [ 24.979673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 24.980291] flags: 0x200000000000000(node=0|zone=2) [ 24.980949] page_type: f5(slab) [ 24.981533] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.981841] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.983136] page dumped because: kasan: bad access detected [ 24.983348] [ 24.983422] Memory state around the buggy address: [ 24.983816] ffff88810553d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.984050] ffff88810553d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.984404] >ffff88810553d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.984638] ^ [ 24.985432] ffff88810553d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.985761] ffff88810553d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.986125] ================================================================== [ 24.988766] ================================================================== [ 24.989150] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.989378] Write of size 1 at addr ffff88810553d378 by task kunit_try_catch/185 [ 24.989597] [ 24.989673] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 24.989719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.989730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.989750] Call Trace: [ 24.989762] <TASK> [ 24.989776] dump_stack_lvl+0x73/0xb0 [ 24.989802] print_report+0xd1/0x610 [ 24.989822] ? __virt_addr_valid+0x1db/0x2d0 [ 24.989843] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.989862] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.989886] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.989905] kasan_report+0x141/0x180 [ 24.989930] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.989955] __asan_report_store1_noabort+0x1b/0x30 [ 24.989977] kmalloc_oob_right+0x6bd/0x7f0 [ 24.989997] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.990018] ? __schedule+0x10c6/0x2b60 [ 24.990039] ? __pfx_read_tsc+0x10/0x10 [ 24.990059] ? ktime_get_ts64+0x86/0x230 [ 24.990101] kunit_try_run_case+0x1a5/0x480 [ 24.990124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.990144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.990165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.990187] ? __kthread_parkme+0x82/0x180 [ 24.990210] ? preempt_count_sub+0x50/0x80 [ 24.990253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.990276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.990299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.990321] kthread+0x337/0x6f0 [ 24.990339] ? trace_preempt_on+0x20/0xc0 [ 24.990361] ? __pfx_kthread+0x10/0x10 [ 24.990381] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.990401] ? calculate_sigpending+0x7b/0xa0 [ 24.990424] ? __pfx_kthread+0x10/0x10 [ 24.990444] ret_from_fork+0x116/0x1d0 [ 24.990461] ? __pfx_kthread+0x10/0x10 [ 24.990481] ret_from_fork_asm+0x1a/0x30 [ 24.990651] </TASK> [ 24.990664] [ 25.000527] Allocated by task 185: [ 25.001130] kasan_save_stack+0x45/0x70 [ 25.001734] kasan_save_track+0x18/0x40 [ 25.002425] kasan_save_alloc_info+0x3b/0x50 [ 25.003146] __kasan_kmalloc+0xb7/0xc0 [ 25.003728] __kmalloc_cache_noprof+0x189/0x420 [ 25.004283] kmalloc_oob_right+0xa9/0x7f0 [ 25.004649] kunit_try_run_case+0x1a5/0x480 [ 25.004800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.004967] kthread+0x337/0x6f0 [ 25.005089] ret_from_fork+0x116/0x1d0 [ 25.005215] ret_from_fork_asm+0x1a/0x30 [ 25.005347] [ 25.005468] The buggy address belongs to the object at ffff88810553d300 [ 25.005468] which belongs to the cache kmalloc-128 of size 128 [ 25.006663] The buggy address is located 5 bytes to the right of [ 25.006663] allocated 115-byte region [ffff88810553d300, ffff88810553d373) [ 25.008072] [ 25.008239] The buggy address belongs to the physical page: [ 25.008779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.009163] flags: 0x200000000000000(node=0|zone=2) [ 25.009641] page_type: f5(slab) [ 25.009944] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.010247] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.010552] page dumped because: kasan: bad access detected [ 25.010769] [ 25.010845] Memory state around the buggy address: [ 25.011024] ffff88810553d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.011244] ffff88810553d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.011922] >ffff88810553d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.012646] ^ [ 25.013321] ffff88810553d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.013538] ffff88810553d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.014022] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 193.904137] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2943 [ 193.904463] Modules linked in: [ 193.904600] CPU: 0 UID: 0 PID: 2943 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 193.904938] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.905394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.906356] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 193.906933] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 2b 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 193.908845] RSP: 0000:ffff88810aa97c78 EFLAGS: 00010286 [ 193.909427] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 193.910056] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff96062bdc [ 193.910716] RBP: ffff88810aa97ca0 R08: 0000000000000000 R09: ffffed10218cf3c0 [ 193.911209] R10: ffff88810c679e07 R11: 0000000000000000 R12: ffffffff96062bc8 [ 193.911937] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810aa97d38 [ 193.912242] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 193.912480] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.912649] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 193.912851] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 193.913051] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.913455] Call Trace: [ 193.913699] <TASK> [ 193.913912] drm_test_rect_calc_vscale+0x108/0x270 [ 193.914504] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 193.914741] ? __schedule+0x10c6/0x2b60 [ 193.914886] ? __pfx_read_tsc+0x10/0x10 [ 193.915019] ? ktime_get_ts64+0x86/0x230 [ 193.915169] kunit_try_run_case+0x1a5/0x480 [ 193.915574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.915989] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.916519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.916965] ? __kthread_parkme+0x82/0x180 [ 193.917442] ? preempt_count_sub+0x50/0x80 [ 193.918001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.918185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.918782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.919435] kthread+0x337/0x6f0 [ 193.919660] ? trace_preempt_on+0x20/0xc0 [ 193.919799] ? __pfx_kthread+0x10/0x10 [ 193.919931] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.920074] ? calculate_sigpending+0x7b/0xa0 [ 193.920580] ? __pfx_kthread+0x10/0x10 [ 193.920926] ret_from_fork+0x116/0x1d0 [ 193.921479] ? __pfx_kthread+0x10/0x10 [ 193.921845] ret_from_fork_asm+0x1a/0x30 [ 193.922192] </TASK> [ 193.922486] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 193.927070] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2945 [ 193.927889] Modules linked in: [ 193.928149] CPU: 0 UID: 0 PID: 2945 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 193.928925] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.929802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.930120] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 193.930459] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 2b 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 193.931031] RSP: 0000:ffff88810a847c78 EFLAGS: 00010286 [ 193.931390] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 193.931637] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff96062c14 [ 193.931904] RBP: ffff88810a847ca0 R08: 0000000000000000 R09: ffffed10218cf3e0 [ 193.932224] R10: ffff88810c679f07 R11: 0000000000000000 R12: ffffffff96062c00 [ 193.932866] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a847d38 [ 193.933625] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 193.934102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.934486] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 193.934802] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 193.935146] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.935836] Call Trace: [ 193.936067] <TASK> [ 193.936218] drm_test_rect_calc_vscale+0x108/0x270 [ 193.936674] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 193.936844] ? __schedule+0x10c6/0x2b60 [ 193.936974] ? __pfx_read_tsc+0x10/0x10 [ 193.937117] ? ktime_get_ts64+0x86/0x230 [ 193.937481] kunit_try_run_case+0x1a5/0x480 [ 193.937865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.938472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.938879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.939430] ? __kthread_parkme+0x82/0x180 [ 193.939828] ? preempt_count_sub+0x50/0x80 [ 193.940197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.940477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.940938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.941146] kthread+0x337/0x6f0 [ 193.941483] ? trace_preempt_on+0x20/0xc0 [ 193.941858] ? __pfx_kthread+0x10/0x10 [ 193.942207] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.942659] ? calculate_sigpending+0x7b/0xa0 [ 193.942816] ? __pfx_kthread+0x10/0x10 [ 193.942946] ret_from_fork+0x116/0x1d0 [ 193.943071] ? __pfx_kthread+0x10/0x10 [ 193.943210] ret_from_fork_asm+0x1a/0x30 [ 193.943702] </TASK> [ 193.943917] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 193.842189] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2931 [ 193.842824] Modules linked in: [ 193.843032] CPU: 0 UID: 0 PID: 2931 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 193.844668] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.844931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.845709] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 193.846235] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 193.847134] RSP: 0000:ffff8881048afc78 EFLAGS: 00010286 [ 193.847692] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 193.848432] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff96062be0 [ 193.849122] RBP: ffff8881048afca0 R08: 0000000000000000 R09: ffffed10218cf2e0 [ 193.849630] R10: ffff88810c679707 R11: 0000000000000000 R12: ffffffff96062bc8 [ 193.849846] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881048afd38 [ 193.850056] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 193.850299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.850545] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 193.851160] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 193.851727] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.852613] Call Trace: [ 193.853256] <TASK> [ 193.854993] drm_test_rect_calc_hscale+0x108/0x270 [ 193.855331] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 193.855509] ? __schedule+0x10c6/0x2b60 [ 193.855648] ? __pfx_read_tsc+0x10/0x10 [ 193.855782] ? ktime_get_ts64+0x86/0x230 [ 193.855920] kunit_try_run_case+0x1a5/0x480 [ 193.856063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.857740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.858590] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.859997] ? __kthread_parkme+0x82/0x180 [ 193.860651] ? preempt_count_sub+0x50/0x80 [ 193.861061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.861690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.862219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.862536] kthread+0x337/0x6f0 [ 193.862663] ? trace_preempt_on+0x20/0xc0 [ 193.862804] ? __pfx_kthread+0x10/0x10 [ 193.862933] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.863078] ? calculate_sigpending+0x7b/0xa0 [ 193.863456] ? __pfx_kthread+0x10/0x10 [ 193.863629] ret_from_fork+0x116/0x1d0 [ 193.863818] ? __pfx_kthread+0x10/0x10 [ 193.863952] ret_from_fork_asm+0x1a/0x30 [ 193.864149] </TASK> [ 193.864314] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 193.869877] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2933 [ 193.871387] Modules linked in: [ 193.871671] CPU: 1 UID: 0 PID: 2933 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 193.872839] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.873396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.873660] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 193.873832] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 193.874731] RSP: 0000:ffff88810a97fc78 EFLAGS: 00010286 [ 193.874939] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 193.875152] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff96062c18 [ 193.875716] RBP: ffff88810a97fca0 R08: 0000000000000000 R09: ffffed10207bc2e0 [ 193.876418] R10: ffff888103de1707 R11: 0000000000000000 R12: ffffffff96062c00 [ 193.877330] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a97fd38 [ 193.877822] FS: 0000000000000000(0000) GS:ffff8881c3113000(0000) knlGS:0000000000000000 [ 193.878056] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.878238] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 193.878996] DR0: ffffffff980b3544 DR1: ffffffff980b3549 DR2: ffffffff980b354a [ 193.879757] DR3: ffffffff980b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.880580] Call Trace: [ 193.880746] <TASK> [ 193.880972] drm_test_rect_calc_hscale+0x108/0x270 [ 193.881159] ? __kasan_check_write+0x18/0x20 [ 193.881418] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 193.881993] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 193.882609] ? trace_hardirqs_on+0x37/0xe0 [ 193.883128] ? __pfx_read_tsc+0x10/0x10 [ 193.883521] ? ktime_get_ts64+0x86/0x230 [ 193.883847] kunit_try_run_case+0x1a5/0x480 [ 193.884003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.884661] ? queued_spin_lock_slowpath+0x116/0xb40 [ 193.885025] ? __kthread_parkme+0x82/0x180 [ 193.885183] ? preempt_count_sub+0x50/0x80 [ 193.885421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.885872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.886485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.886988] kthread+0x337/0x6f0 [ 193.887120] ? trace_preempt_on+0x20/0xc0 [ 193.887304] ? __pfx_kthread+0x10/0x10 [ 193.887762] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.888256] ? calculate_sigpending+0x7b/0xa0 [ 193.888812] ? __pfx_kthread+0x10/0x10 [ 193.889073] ret_from_fork+0x116/0x1d0 [ 193.889431] ? __pfx_kthread+0x10/0x10 [ 193.889572] ret_from_fork_asm+0x1a/0x30 [ 193.889720] </TASK> [ 193.889806] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 193.098505] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 193.098745] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2736 [ 193.101318] Modules linked in: [ 193.101516] CPU: 1 UID: 0 PID: 2736 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 193.101960] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.102233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.102907] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 193.103164] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 9d c0 81 00 48 c7 c1 40 6b 01 96 4c 89 f2 48 c7 c7 60 67 01 96 48 89 c6 e8 74 b0 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 193.103949] RSP: 0000:ffff888105c5fd18 EFLAGS: 00010286 [ 193.104315] RAX: 0000000000000000 RBX: ffff888103c8c000 RCX: 1ffffffff2da4aac [ 193.104612] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 193.104874] RBP: ffff888105c5fd48 R08: 0000000000000000 R09: fffffbfff2da4aac [ 193.105188] R10: 0000000000000003 R11: 000000000003b358 R12: ffff8881052c5800 [ 193.105518] R13: ffff888103c8c0f8 R14: ffff888103afc200 R15: ffff8881003c7b48 [ 193.106800] FS: 0000000000000000(0000) GS:ffff8881c3113000(0000) knlGS:0000000000000000 [ 193.107041] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.107225] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 193.108360] DR0: ffffffff980b3544 DR1: ffffffff980b3549 DR2: ffffffff980b354a [ 193.109105] DR3: ffffffff980b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.109915] Call Trace: [ 193.110177] <TASK> [ 193.110530] ? trace_preempt_on+0x20/0xc0 [ 193.110925] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 193.111264] drm_gem_shmem_free_wrapper+0x12/0x20 [ 193.111711] __kunit_action_free+0x57/0x70 [ 193.112054] kunit_remove_resource+0x133/0x200 [ 193.112216] ? preempt_count_sub+0x50/0x80 [ 193.112693] kunit_cleanup+0x7a/0x120 [ 193.113045] kunit_try_run_case_cleanup+0xbd/0xf0 [ 193.113523] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 193.113856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.114028] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.114219] kthread+0x337/0x6f0 [ 193.114341] ? trace_preempt_on+0x20/0xc0 [ 193.114472] ? __pfx_kthread+0x10/0x10 [ 193.114596] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.114738] ? calculate_sigpending+0x7b/0xa0 [ 193.114878] ? __pfx_kthread+0x10/0x10 [ 193.115002] ret_from_fork+0x116/0x1d0 [ 193.115369] ? __pfx_kthread+0x10/0x10 [ 193.115800] ret_from_fork_asm+0x1a/0x30 [ 193.116208] </TASK> [ 193.116547] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 192.961915] WARNING: drivers/gpu/drm/drm_framebuffer.c:870 at drm_framebuffer_init+0x49/0x8d0, CPU#1: kunit_try_catch/2717 [ 192.962410] Modules linked in: [ 192.962710] CPU: 1 UID: 0 PID: 2717 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 192.963239] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.963456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.964029] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 192.964549] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 192.965645] RSP: 0000:ffff888105b8fb20 EFLAGS: 00010246 [ 192.966211] RAX: ffff888105b8fba8 RBX: ffff888105b8fc28 RCX: 1ffff11020b71f8e [ 192.966698] RDX: dffffc0000000000 RSI: ffff888105873000 RDI: ffff888105873000 [ 192.966980] RBP: ffff888105b8fb70 R08: ffff888105873000 R09: ffffffff96006960 [ 192.967594] R10: 0000000000000003 R11: 0000000034d80ef1 R12: 1ffff11020b71f71 [ 192.967914] R13: ffff888105b8fc70 R14: ffff888105b8fdb8 R15: 0000000000000000 [ 192.968451] FS: 0000000000000000(0000) GS:ffff8881c3113000(0000) knlGS:0000000000000000 [ 192.968776] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.968994] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 192.969558] DR0: ffffffff980b3544 DR1: ffffffff980b3549 DR2: ffffffff980b354a [ 192.969830] DR3: ffffffff980b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.970119] Call Trace: [ 192.970239] <TASK> [ 192.970765] ? trace_preempt_on+0x20/0xc0 [ 192.971199] ? add_dr+0xc1/0x1d0 [ 192.971742] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 192.972100] ? add_dr+0x148/0x1d0 [ 192.972393] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 192.973046] ? __drmm_add_action+0x1a4/0x280 [ 192.973214] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 192.973694] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 192.973955] ? __drmm_add_action_or_reset+0x22/0x50 [ 192.974190] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 192.974773] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 192.975134] kunit_try_run_case+0x1a5/0x480 [ 192.975602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.975966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.976167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.976445] ? __kthread_parkme+0x82/0x180 [ 192.976924] ? preempt_count_sub+0x50/0x80 [ 192.977073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.977484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.977745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.977998] kthread+0x337/0x6f0 [ 192.978152] ? trace_preempt_on+0x20/0xc0 [ 192.978646] ? __pfx_kthread+0x10/0x10 [ 192.978807] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.979010] ? calculate_sigpending+0x7b/0xa0 [ 192.979445] ? __pfx_kthread+0x10/0x10 [ 192.979665] ret_from_fork+0x116/0x1d0 [ 192.979957] ? __pfx_kthread+0x10/0x10 [ 192.980365] ret_from_fork_asm+0x1a/0x30 [ 192.980539] </TASK> [ 192.980664] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 192.928325] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 192.928559] WARNING: drivers/gpu/drm/drm_framebuffer.c:833 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2713 [ 192.929668] Modules linked in: [ 192.929821] CPU: 0 UID: 0 PID: 2713 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 192.930235] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.930853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.931158] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 192.931618] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 0b fe 88 00 48 c7 c1 00 14 00 96 4c 89 fa 48 c7 c7 60 14 00 96 48 89 c6 e8 e2 ed 77 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 192.932433] RSP: 0000:ffff888105b8fb68 EFLAGS: 00010282 [ 192.932694] RAX: 0000000000000000 RBX: ffff888105b8fc40 RCX: 1ffffffff2da4aac [ 192.932944] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 192.933412] RBP: ffff888105b8fb90 R08: 0000000000000000 R09: fffffbfff2da4aac [ 192.933799] R10: 0000000000000003 R11: 0000000000039b08 R12: ffff888105b8fc18 [ 192.934062] R13: ffff88810538c800 R14: ffff888105952000 R15: ffff888103d01d80 [ 192.934618] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 192.934966] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.935269] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 192.935606] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 192.936186] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.936748] Call Trace: [ 192.936884] <TASK> [ 192.937004] drm_test_framebuffer_free+0x1ab/0x610 [ 192.937260] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 192.937653] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 192.937907] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 192.938177] ? __drmm_add_action_or_reset+0x22/0x50 [ 192.938460] ? __schedule+0x10c6/0x2b60 [ 192.938869] ? __pfx_read_tsc+0x10/0x10 [ 192.939048] ? ktime_get_ts64+0x86/0x230 [ 192.939437] kunit_try_run_case+0x1a5/0x480 [ 192.939671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.940023] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.940254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.940647] ? __kthread_parkme+0x82/0x180 [ 192.940875] ? preempt_count_sub+0x50/0x80 [ 192.941056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.941412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.941658] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.941892] kthread+0x337/0x6f0 [ 192.942062] ? trace_preempt_on+0x20/0xc0 [ 192.942292] ? __pfx_kthread+0x10/0x10 [ 192.942472] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.942767] ? calculate_sigpending+0x7b/0xa0 [ 192.943216] ? __pfx_kthread+0x10/0x10 [ 192.943509] ret_from_fork+0x116/0x1d0 [ 192.943696] ? __pfx_kthread+0x10/0x10 [ 192.943905] ret_from_fork_asm+0x1a/0x30 [ 192.944138] </TASK> [ 192.944224] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 191.562492] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2153 [ 191.563754] Modules linked in: [ 191.563913] CPU: 0 UID: 0 PID: 2153 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 191.564286] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 191.564606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.565522] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 191.565939] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 88 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 191.566902] RSP: 0000:ffff88810d97fc90 EFLAGS: 00010246 [ 191.567126] RAX: dffffc0000000000 RBX: ffff88810ddea000 RCX: 0000000000000000 [ 191.567427] RDX: 1ffff11021bbd434 RSI: ffffffff9320ad58 RDI: ffff88810ddea1a0 [ 191.568008] RBP: ffff88810d97fca0 R08: 1ffff11020078f6a R09: ffffed1021b2ff65 [ 191.568294] R10: 0000000000000003 R11: ffffffff92783388 R12: 0000000000000000 [ 191.568740] R13: ffff88810d97fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 191.569004] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 191.569367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.569751] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 191.570069] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 191.570458] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 191.570752] Call Trace: [ 191.570859] <TASK> [ 191.570985] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 191.571507] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 191.571841] ? __schedule+0x10c6/0x2b60 [ 191.572024] ? __pfx_read_tsc+0x10/0x10 [ 191.572236] ? ktime_get_ts64+0x86/0x230 [ 191.572470] kunit_try_run_case+0x1a5/0x480 [ 191.572651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.572868] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 191.573051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 191.573248] ? __kthread_parkme+0x82/0x180 [ 191.573545] ? preempt_count_sub+0x50/0x80 [ 191.573746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.573938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 191.574191] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 191.574539] kthread+0x337/0x6f0 [ 191.574775] ? trace_preempt_on+0x20/0xc0 [ 191.574978] ? __pfx_kthread+0x10/0x10 [ 191.575160] ? _raw_spin_unlock_irq+0x47/0x80 [ 191.575303] ? calculate_sigpending+0x7b/0xa0 [ 191.575470] ? __pfx_kthread+0x10/0x10 [ 191.575863] ret_from_fork+0x116/0x1d0 [ 191.576052] ? __pfx_kthread+0x10/0x10 [ 191.576224] ret_from_fork_asm+0x1a/0x30 [ 191.576608] </TASK> [ 191.576743] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 191.638994] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2161 [ 191.639911] Modules linked in: [ 191.640080] CPU: 1 UID: 0 PID: 2161 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 191.640776] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 191.640955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.641228] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 191.641967] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 88 2a 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 191.643019] RSP: 0000:ffff88810492fc90 EFLAGS: 00010246 [ 191.643603] RAX: dffffc0000000000 RBX: ffff88810dd94000 RCX: 0000000000000000 [ 191.644071] RDX: 1ffff11021bb2834 RSI: ffffffff9320ad58 RDI: ffff88810dd941a0 [ 191.644464] RBP: ffff88810492fca0 R08: 1ffff11020078f6a R09: ffffed1020925f65 [ 191.644766] R10: 0000000000000003 R11: ffffffff92783388 R12: 0000000000000000 [ 191.645047] R13: ffff88810492fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 191.645335] FS: 0000000000000000(0000) GS:ffff8881c3113000(0000) knlGS:0000000000000000 [ 191.645650] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.645962] CR2: 00007ffff7ffe000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 191.646284] DR0: ffffffff980b3544 DR1: ffffffff980b3549 DR2: ffffffff980b354a [ 191.646735] DR3: ffffffff980b354b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 191.647042] Call Trace: [ 191.647179] <TASK> [ 191.647323] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 191.647718] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 191.648068] ? __schedule+0x10c6/0x2b60 [ 191.648249] ? __pfx_read_tsc+0x10/0x10 [ 191.648644] ? ktime_get_ts64+0x86/0x230 [ 191.649017] kunit_try_run_case+0x1a5/0x480 [ 191.649440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.649859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 191.650054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 191.650542] ? __kthread_parkme+0x82/0x180 [ 191.651060] ? preempt_count_sub+0x50/0x80 [ 191.651241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 191.651541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 191.651768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 191.652017] kthread+0x337/0x6f0 [ 191.652178] ? trace_preempt_on+0x20/0xc0 [ 191.652683] ? __pfx_kthread+0x10/0x10 [ 191.652940] ? _raw_spin_unlock_irq+0x47/0x80 [ 191.653104] ? calculate_sigpending+0x7b/0xa0 [ 191.653326] ? __pfx_kthread+0x10/0x10 [ 191.653660] ret_from_fork+0x116/0x1d0 [ 191.654063] ? __pfx_kthread+0x10/0x10 [ 191.654499] ret_from_fork_asm+0x1a/0x30 [ 191.654716] </TASK> [ 191.654824] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 119.812727] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 119.813759] Modules linked in: [ 119.814150] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 119.815610] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 119.816195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 119.816973] RIP: 0010:intlog10+0x2a/0x40 [ 119.817564] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 119.819064] RSP: 0000:ffff88810bc7fcb0 EFLAGS: 00010246 [ 119.819697] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102178ffb4 [ 119.820558] RDX: 1ffffffff2bd3490 RSI: 1ffff1102178ffb3 RDI: 0000000000000000 [ 119.820813] RBP: ffff88810bc7fd60 R08: 0000000000000000 R09: ffffed10201ca7e0 [ 119.821019] R10: ffff888100e53f07 R11: 0000000000000000 R12: 1ffff1102178ff97 [ 119.821433] R13: ffffffff95e9a480 R14: 0000000000000000 R15: ffff88810bc7fd38 [ 119.821774] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 119.822012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.822197] CR2: ffff88815a924000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 119.822884] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 119.823599] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 119.824222] Call Trace: [ 119.824575] <TASK> [ 119.824788] ? intlog10_test+0xf2/0x220 [ 119.825155] ? __pfx_intlog10_test+0x10/0x10 [ 119.825351] ? __schedule+0x10c6/0x2b60 [ 119.825489] ? __pfx_read_tsc+0x10/0x10 [ 119.825624] ? ktime_get_ts64+0x86/0x230 [ 119.825760] kunit_try_run_case+0x1a5/0x480 [ 119.825901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 119.826055] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 119.826234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 119.826393] ? __kthread_parkme+0x82/0x180 [ 119.826786] ? preempt_count_sub+0x50/0x80 [ 119.827151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 119.827471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 119.827726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 119.827944] kthread+0x337/0x6f0 [ 119.828121] ? trace_preempt_on+0x20/0xc0 [ 119.828548] ? __pfx_kthread+0x10/0x10 [ 119.828999] ? _raw_spin_unlock_irq+0x47/0x80 [ 119.829228] ? calculate_sigpending+0x7b/0xa0 [ 119.829761] ? __pfx_kthread+0x10/0x10 [ 119.829958] ret_from_fork+0x116/0x1d0 [ 119.830141] ? __pfx_kthread+0x10/0x10 [ 119.830702] ret_from_fork_asm+0x1a/0x30 [ 119.831181] </TASK> [ 119.831477] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 119.772861] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/689 [ 119.773521] Modules linked in: [ 119.773918] CPU: 0 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 119.774696] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 119.775073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 119.775805] RIP: 0010:intlog2+0xdf/0x110 [ 119.776223] Code: e9 95 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 92 d1 90 02 90 <0f> 0b 90 31 c0 e9 87 d1 90 02 89 45 e4 e8 df 5f 55 ff 8b 45 e4 eb [ 119.776996] RSP: 0000:ffff88810bdffcb0 EFLAGS: 00010246 [ 119.777240] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110217bffb4 [ 119.777796] RDX: 1ffffffff2bd34e4 RSI: 1ffff110217bffb3 RDI: 0000000000000000 [ 119.778393] RBP: ffff88810bdffd60 R08: 0000000000000000 R09: ffffed10201ca6c0 [ 119.778808] R10: ffff888100e53607 R11: 0000000000000000 R12: 1ffff110217bff97 [ 119.779236] R13: ffffffff95e9a720 R14: 0000000000000000 R15: ffff88810bdffd38 [ 119.779922] FS: 0000000000000000(0000) GS:ffff8881c3013000(0000) knlGS:0000000000000000 [ 119.780489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.780844] CR2: ffff88815a924000 CR3: 0000000156ebc000 CR4: 00000000000006f0 [ 119.781143] DR0: ffffffff980b3540 DR1: ffffffff980b3541 DR2: ffffffff980b3543 [ 119.781991] DR3: ffffffff980b3545 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 119.782518] Call Trace: [ 119.782657] <TASK> [ 119.782765] ? intlog2_test+0xf2/0x220 [ 119.782959] ? __pfx_intlog2_test+0x10/0x10 [ 119.783160] ? __schedule+0x10c6/0x2b60 [ 119.783981] ? __pfx_read_tsc+0x10/0x10 [ 119.784422] ? ktime_get_ts64+0x86/0x230 [ 119.784685] kunit_try_run_case+0x1a5/0x480 [ 119.785007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 119.785236] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 119.785753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 119.785995] ? __kthread_parkme+0x82/0x180 [ 119.786206] ? preempt_count_sub+0x50/0x80 [ 119.786515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 119.786734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 119.786965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 119.787227] kthread+0x337/0x6f0 [ 119.787951] ? trace_preempt_on+0x20/0xc0 [ 119.788382] ? __pfx_kthread+0x10/0x10 [ 119.788808] ? _raw_spin_unlock_irq+0x47/0x80 [ 119.789258] ? calculate_sigpending+0x7b/0xa0 [ 119.789630] ? __pfx_kthread+0x10/0x10 [ 119.789814] ret_from_fork+0x116/0x1d0 [ 119.789994] ? __pfx_kthread+0x10/0x10 [ 119.790185] ret_from_fork_asm+0x1a/0x30 [ 119.790936] </TASK> [ 119.791107] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 119.151745] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 31.126665] ================================================================== [ 31.127097] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 31.127097] [ 31.127585] Invalid free of 0x(____ptrval____) (in kfence-#96): [ 31.127863] test_invalid_addr_free+0x1e1/0x260 [ 31.128019] kunit_try_run_case+0x1a5/0x480 [ 31.128243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.128536] kthread+0x337/0x6f0 [ 31.128708] ret_from_fork+0x116/0x1d0 [ 31.128850] ret_from_fork_asm+0x1a/0x30 [ 31.129031] [ 31.129108] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.129108] [ 31.129573] allocated by task 356 on cpu 0 at 31.126536s (0.003035s ago): [ 31.129800] test_alloc+0x364/0x10f0 [ 31.130021] test_invalid_addr_free+0xdb/0x260 [ 31.130247] kunit_try_run_case+0x1a5/0x480 [ 31.130515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.130914] kthread+0x337/0x6f0 [ 31.131100] ret_from_fork+0x116/0x1d0 [ 31.131236] ret_from_fork_asm+0x1a/0x30 [ 31.131412] [ 31.131559] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.132102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.132299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.132854] ================================================================== [ 31.230707] ================================================================== [ 31.231075] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 31.231075] [ 31.231487] Invalid free of 0x(____ptrval____) (in kfence-#97): [ 31.231777] test_invalid_addr_free+0xfb/0x260 [ 31.231968] kunit_try_run_case+0x1a5/0x480 [ 31.232214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.232459] kthread+0x337/0x6f0 [ 31.232652] ret_from_fork+0x116/0x1d0 [ 31.232831] ret_from_fork_asm+0x1a/0x30 [ 31.232968] [ 31.233053] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.233053] [ 31.233969] allocated by task 358 on cpu 0 at 31.230600s (0.003366s ago): [ 31.234312] test_alloc+0x2a6/0x10f0 [ 31.234442] test_invalid_addr_free+0xdb/0x260 [ 31.234583] kunit_try_run_case+0x1a5/0x480 [ 31.234719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.234882] kthread+0x337/0x6f0 [ 31.234992] ret_from_fork+0x116/0x1d0 [ 31.235126] ret_from_fork_asm+0x1a/0x30 [ 31.235257] [ 31.235345] CPU: 0 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.235711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.236282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.237042] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 60.767200] ================================================================== [ 60.767677] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 60.767677] [ 60.768067] Use-after-free read at 0x(____ptrval____) (in kfence-#145): [ 60.768334] test_krealloc+0x6fc/0xbe0 [ 60.768863] kunit_try_run_case+0x1a5/0x480 [ 60.769096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.769368] kthread+0x337/0x6f0 [ 60.769796] ret_from_fork+0x116/0x1d0 [ 60.769949] ret_from_fork_asm+0x1a/0x30 [ 60.770165] [ 60.770246] kfence-#145: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 60.770246] [ 60.770887] allocated by task 386 on cpu 0 at 60.766529s (0.004355s ago): [ 60.771203] test_alloc+0x364/0x10f0 [ 60.771371] test_krealloc+0xad/0xbe0 [ 60.771511] kunit_try_run_case+0x1a5/0x480 [ 60.771712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.771929] kthread+0x337/0x6f0 [ 60.772075] ret_from_fork+0x116/0x1d0 [ 60.772257] ret_from_fork_asm+0x1a/0x30 [ 60.772388] [ 60.772524] freed by task 386 on cpu 0 at 60.766800s (0.005722s ago): [ 60.772788] krealloc_noprof+0x108/0x340 [ 60.772923] test_krealloc+0x226/0xbe0 [ 60.773121] kunit_try_run_case+0x1a5/0x480 [ 60.773316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.773530] kthread+0x337/0x6f0 [ 60.773643] ret_from_fork+0x116/0x1d0 [ 60.773826] ret_from_fork_asm+0x1a/0x30 [ 60.774106] [ 60.774271] CPU: 0 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 60.774729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.774891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.775220] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 60.671411] ================================================================== [ 60.671779] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.671779] [ 60.672117] Use-after-free read at 0x(____ptrval____) (in kfence-#144): [ 60.672334] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.672505] kunit_try_run_case+0x1a5/0x480 [ 60.673544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.674133] kthread+0x337/0x6f0 [ 60.674445] ret_from_fork+0x116/0x1d0 [ 60.674588] ret_from_fork_asm+0x1a/0x30 [ 60.674726] [ 60.674795] kfence-#144: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 60.674795] [ 60.675064] allocated by task 384 on cpu 1 at 60.663483s (0.011578s ago): [ 60.675311] test_alloc+0x2a6/0x10f0 [ 60.675951] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 60.676524] kunit_try_run_case+0x1a5/0x480 [ 60.676941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.677484] kthread+0x337/0x6f0 [ 60.677812] ret_from_fork+0x116/0x1d0 [ 60.678167] ret_from_fork_asm+0x1a/0x30 [ 60.678732] [ 60.678917] freed by task 384 on cpu 1 at 60.663581s (0.015333s ago): [ 60.679559] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 60.679727] kunit_try_run_case+0x1a5/0x480 [ 60.680142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.680600] kthread+0x337/0x6f0 [ 60.680715] ret_from_fork+0x116/0x1d0 [ 60.680840] ret_from_fork_asm+0x1a/0x30 [ 60.680970] [ 60.681061] CPU: 1 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 60.682040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.682469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.683240] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 35.926660] ================================================================== [ 35.927199] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 35.927199] [ 35.928234] Invalid read at 0x(____ptrval____): [ 35.928679] test_invalid_access+0xf0/0x210 [ 35.929005] kunit_try_run_case+0x1a5/0x480 [ 35.929191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.929585] kthread+0x337/0x6f0 [ 35.930011] ret_from_fork+0x116/0x1d0 [ 35.930178] ret_from_fork_asm+0x1a/0x30 [ 35.930567] [ 35.930680] CPU: 0 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 35.931215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.931494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.931875] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.702806] ================================================================== [ 35.703184] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.703184] [ 35.703766] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#140): [ 35.704338] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.705093] kunit_try_run_case+0x1a5/0x480 [ 35.705268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.705577] kthread+0x337/0x6f0 [ 35.705871] ret_from_fork+0x116/0x1d0 [ 35.706047] ret_from_fork_asm+0x1a/0x30 [ 35.706445] [ 35.706554] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.706554] [ 35.707042] allocated by task 374 on cpu 1 at 35.702550s (0.004490s ago): [ 35.707323] test_alloc+0x364/0x10f0 [ 35.707662] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.707953] kunit_try_run_case+0x1a5/0x480 [ 35.708127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.708398] kthread+0x337/0x6f0 [ 35.708675] ret_from_fork+0x116/0x1d0 [ 35.708824] ret_from_fork_asm+0x1a/0x30 [ 35.709020] [ 35.709123] freed by task 374 on cpu 1 at 35.702684s (0.006437s ago): [ 35.709369] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.709896] kunit_try_run_case+0x1a5/0x480 [ 35.710069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.710342] kthread+0x337/0x6f0 [ 35.710456] ret_from_fork+0x116/0x1d0 [ 35.710817] ret_from_fork_asm+0x1a/0x30 [ 35.711055] [ 35.711161] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 35.711875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.712142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.712554] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 35.286747] ================================================================== [ 35.287156] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.287156] [ 35.287551] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#136): [ 35.287892] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.288124] kunit_try_run_case+0x1a5/0x480 [ 35.288354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.288527] kthread+0x337/0x6f0 [ 35.288695] ret_from_fork+0x116/0x1d0 [ 35.288868] ret_from_fork_asm+0x1a/0x30 [ 35.289034] [ 35.289142] kfence-#136: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.289142] [ 35.289552] allocated by task 372 on cpu 1 at 35.286525s (0.003025s ago): [ 35.289871] test_alloc+0x364/0x10f0 [ 35.290050] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.290304] kunit_try_run_case+0x1a5/0x480 [ 35.290487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.290693] kthread+0x337/0x6f0 [ 35.290859] ret_from_fork+0x116/0x1d0 [ 35.291026] ret_from_fork_asm+0x1a/0x30 [ 35.291199] [ 35.291337] CPU: 1 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 35.291745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.291876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.292233] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 31.542685] ================================================================== [ 31.543041] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 31.543041] [ 31.543331] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#100): [ 31.544493] test_corruption+0x131/0x3e0 [ 31.544818] kunit_try_run_case+0x1a5/0x480 [ 31.545023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.545266] kthread+0x337/0x6f0 [ 31.545595] ret_from_fork+0x116/0x1d0 [ 31.545772] ret_from_fork_asm+0x1a/0x30 [ 31.546074] [ 31.546174] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.546174] [ 31.546729] allocated by task 362 on cpu 0 at 31.542558s (0.004168s ago): [ 31.547016] test_alloc+0x2a6/0x10f0 [ 31.547207] test_corruption+0xe6/0x3e0 [ 31.547362] kunit_try_run_case+0x1a5/0x480 [ 31.547794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.548103] kthread+0x337/0x6f0 [ 31.548334] ret_from_fork+0x116/0x1d0 [ 31.548511] ret_from_fork_asm+0x1a/0x30 [ 31.548814] [ 31.548901] freed by task 362 on cpu 0 at 31.542614s (0.006284s ago): [ 31.549192] test_corruption+0x131/0x3e0 [ 31.549558] kunit_try_run_case+0x1a5/0x480 [ 31.549748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.549971] kthread+0x337/0x6f0 [ 31.550304] ret_from_fork+0x116/0x1d0 [ 31.550541] ret_from_fork_asm+0x1a/0x30 [ 31.550781] [ 31.550879] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.551548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.551813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.552233] ================================================================== [ 31.334783] ================================================================== [ 31.335160] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 31.335160] [ 31.335799] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#98): [ 31.337060] test_corruption+0x2d2/0x3e0 [ 31.337219] kunit_try_run_case+0x1a5/0x480 [ 31.337397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.337904] kthread+0x337/0x6f0 [ 31.338236] ret_from_fork+0x116/0x1d0 [ 31.338641] ret_from_fork_asm+0x1a/0x30 [ 31.338908] [ 31.338992] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.338992] [ 31.339410] allocated by task 360 on cpu 1 at 31.334519s (0.004888s ago): [ 31.339689] test_alloc+0x364/0x10f0 [ 31.339877] test_corruption+0xe6/0x3e0 [ 31.340042] kunit_try_run_case+0x1a5/0x480 [ 31.340236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.340490] kthread+0x337/0x6f0 [ 31.340655] ret_from_fork+0x116/0x1d0 [ 31.340776] ret_from_fork_asm+0x1a/0x30 [ 31.340975] [ 31.341065] freed by task 360 on cpu 1 at 31.334624s (0.006439s ago): [ 31.341379] test_corruption+0x2d2/0x3e0 [ 31.341572] kunit_try_run_case+0x1a5/0x480 [ 31.341751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.341915] kthread+0x337/0x6f0 [ 31.342097] ret_from_fork+0x116/0x1d0 [ 31.342294] ret_from_fork_asm+0x1a/0x30 [ 31.342526] [ 31.342702] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.343178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.343308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.343785] ================================================================== [ 31.750603] ================================================================== [ 31.750976] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 31.750976] [ 31.751256] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#102): [ 31.751519] test_corruption+0x216/0x3e0 [ 31.751677] kunit_try_run_case+0x1a5/0x480 [ 31.751904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.752170] kthread+0x337/0x6f0 [ 31.752338] ret_from_fork+0x116/0x1d0 [ 31.752468] ret_from_fork_asm+0x1a/0x30 [ 31.752604] [ 31.752671] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.752671] [ 31.752943] allocated by task 362 on cpu 0 at 31.750471s (0.002470s ago): [ 31.753177] test_alloc+0x2a6/0x10f0 [ 31.753302] test_corruption+0x1cb/0x3e0 [ 31.753432] kunit_try_run_case+0x1a5/0x480 [ 31.753570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.753735] kthread+0x337/0x6f0 [ 31.753847] ret_from_fork+0x116/0x1d0 [ 31.753978] ret_from_fork_asm+0x1a/0x30 [ 31.754332] [ 31.754402] freed by task 362 on cpu 0 at 31.750525s (0.003875s ago): [ 31.754612] test_corruption+0x216/0x3e0 [ 31.754749] kunit_try_run_case+0x1a5/0x480 [ 31.754890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.755056] kthread+0x337/0x6f0 [ 31.755192] ret_from_fork+0x116/0x1d0 [ 31.755320] ret_from_fork_asm+0x1a/0x30 [ 31.755451] [ 31.755538] CPU: 0 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.757402] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.757633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.758175] ================================================================== [ 31.438783] ================================================================== [ 31.439158] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 31.439158] [ 31.439626] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#99): [ 31.439966] test_corruption+0x2df/0x3e0 [ 31.440139] kunit_try_run_case+0x1a5/0x480 [ 31.440368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.440727] kthread+0x337/0x6f0 [ 31.440918] ret_from_fork+0x116/0x1d0 [ 31.441044] ret_from_fork_asm+0x1a/0x30 [ 31.441226] [ 31.441368] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.441368] [ 31.441789] allocated by task 360 on cpu 1 at 31.438563s (0.003224s ago): [ 31.442129] test_alloc+0x364/0x10f0 [ 31.442317] test_corruption+0x1cb/0x3e0 [ 31.442450] kunit_try_run_case+0x1a5/0x480 [ 31.442584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.442853] kthread+0x337/0x6f0 [ 31.443019] ret_from_fork+0x116/0x1d0 [ 31.443216] ret_from_fork_asm+0x1a/0x30 [ 31.443361] [ 31.443450] freed by task 360 on cpu 1 at 31.438630s (0.004818s ago): [ 31.443798] test_corruption+0x2df/0x3e0 [ 31.443999] kunit_try_run_case+0x1a5/0x480 [ 31.444214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.444458] kthread+0x337/0x6f0 [ 31.444608] ret_from_fork+0x116/0x1d0 [ 31.444769] ret_from_fork_asm+0x1a/0x30 [ 31.444977] [ 31.445103] CPU: 1 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.445622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.445834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.446105] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 29.562054] ================================================================== [ 29.563544] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 29.563798] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.564024] [ 29.564119] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.564173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.564185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.564210] Call Trace: [ 29.564223] <TASK> [ 29.564246] dump_stack_lvl+0x73/0xb0 [ 29.564277] print_report+0xd1/0x610 [ 29.564302] ? __virt_addr_valid+0x1db/0x2d0 [ 29.564327] ? _copy_from_user+0x32/0x90 [ 29.564351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.564377] ? _copy_from_user+0x32/0x90 [ 29.564401] kasan_report+0x141/0x180 [ 29.564423] ? _copy_from_user+0x32/0x90 [ 29.564452] kasan_check_range+0x10c/0x1c0 [ 29.564476] __kasan_check_write+0x18/0x20 [ 29.564500] _copy_from_user+0x32/0x90 [ 29.564524] copy_user_test_oob+0x2be/0x10f0 [ 29.564550] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.564586] ? finish_task_switch.isra.0+0x153/0x700 [ 29.564608] ? __switch_to+0x47/0xf80 [ 29.564648] ? __schedule+0x10c6/0x2b60 [ 29.564672] ? __pfx_read_tsc+0x10/0x10 [ 29.564694] ? ktime_get_ts64+0x86/0x230 [ 29.564722] kunit_try_run_case+0x1a5/0x480 [ 29.564746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.564767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.564791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.564814] ? __kthread_parkme+0x82/0x180 [ 29.564839] ? preempt_count_sub+0x50/0x80 [ 29.564862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.564886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.564909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.564942] kthread+0x337/0x6f0 [ 29.564962] ? trace_preempt_on+0x20/0xc0 [ 29.564986] ? __pfx_kthread+0x10/0x10 [ 29.565024] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.565046] ? calculate_sigpending+0x7b/0xa0 [ 29.565070] ? __pfx_kthread+0x10/0x10 [ 29.565106] ret_from_fork+0x116/0x1d0 [ 29.565125] ? __pfx_kthread+0x10/0x10 [ 29.565146] ret_from_fork_asm+0x1a/0x30 [ 29.565178] </TASK> [ 29.565190] [ 29.576849] Allocated by task 334: [ 29.577036] kasan_save_stack+0x45/0x70 [ 29.577222] kasan_save_track+0x18/0x40 [ 29.577781] kasan_save_alloc_info+0x3b/0x50 [ 29.577975] __kasan_kmalloc+0xb7/0xc0 [ 29.578366] __kmalloc_noprof+0x1ca/0x510 [ 29.578564] kunit_kmalloc_array+0x25/0x60 [ 29.578950] copy_user_test_oob+0xab/0x10f0 [ 29.579269] kunit_try_run_case+0x1a5/0x480 [ 29.579613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.579862] kthread+0x337/0x6f0 [ 29.580015] ret_from_fork+0x116/0x1d0 [ 29.580200] ret_from_fork_asm+0x1a/0x30 [ 29.580617] [ 29.580714] The buggy address belongs to the object at ffff888104588600 [ 29.580714] which belongs to the cache kmalloc-128 of size 128 [ 29.581494] The buggy address is located 0 bytes inside of [ 29.581494] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.582181] [ 29.582264] The buggy address belongs to the physical page: [ 29.582761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.583251] flags: 0x200000000000000(node=0|zone=2) [ 29.583604] page_type: f5(slab) [ 29.583777] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.584109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.584661] page dumped because: kasan: bad access detected [ 29.585036] [ 29.585147] Memory state around the buggy address: [ 29.585560] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.585970] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.586380] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.586814] ^ [ 29.587237] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.587666] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.588058] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 31.022710] ================================================================== [ 31.023089] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 31.023089] [ 31.023358] Invalid free of 0x(____ptrval____) (in kfence-#95): [ 31.023659] test_double_free+0x112/0x260 [ 31.023847] kunit_try_run_case+0x1a5/0x480 [ 31.024024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.024289] kthread+0x337/0x6f0 [ 31.024484] ret_from_fork+0x116/0x1d0 [ 31.024763] ret_from_fork_asm+0x1a/0x30 [ 31.024937] [ 31.025017] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.025017] [ 31.025444] allocated by task 354 on cpu 1 at 31.022543s (0.002899s ago): [ 31.025723] test_alloc+0x2a6/0x10f0 [ 31.025855] test_double_free+0xdb/0x260 [ 31.025993] kunit_try_run_case+0x1a5/0x480 [ 31.026142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.026383] kthread+0x337/0x6f0 [ 31.026557] ret_from_fork+0x116/0x1d0 [ 31.026738] ret_from_fork_asm+0x1a/0x30 [ 31.026892] [ 31.026958] freed by task 354 on cpu 1 at 31.022598s (0.004358s ago): [ 31.027175] test_double_free+0xfa/0x260 [ 31.027494] kunit_try_run_case+0x1a5/0x480 [ 31.027702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.027949] kthread+0x337/0x6f0 [ 31.028124] ret_from_fork+0x116/0x1d0 [ 31.028307] ret_from_fork_asm+0x1a/0x30 [ 31.028478] [ 31.028568] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 31.028947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.029152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.029550] ================================================================== [ 30.918800] ================================================================== [ 30.919240] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 30.919240] [ 30.919584] Invalid free of 0x(____ptrval____) (in kfence-#94): [ 30.919884] test_double_free+0x1d3/0x260 [ 30.920057] kunit_try_run_case+0x1a5/0x480 [ 30.920242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.920411] kthread+0x337/0x6f0 [ 30.920528] ret_from_fork+0x116/0x1d0 [ 30.920788] ret_from_fork_asm+0x1a/0x30 [ 30.920987] [ 30.921091] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.921091] [ 30.921475] allocated by task 352 on cpu 0 at 30.918541s (0.002932s ago): [ 30.922137] test_alloc+0x364/0x10f0 [ 30.922323] test_double_free+0xdb/0x260 [ 30.922736] kunit_try_run_case+0x1a5/0x480 [ 30.922954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.923188] kthread+0x337/0x6f0 [ 30.923627] ret_from_fork+0x116/0x1d0 [ 30.923794] ret_from_fork_asm+0x1a/0x30 [ 30.924105] [ 30.924202] freed by task 352 on cpu 0 at 30.918600s (0.005600s ago): [ 30.924607] test_double_free+0x1e0/0x260 [ 30.924788] kunit_try_run_case+0x1a5/0x480 [ 30.924973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.925218] kthread+0x337/0x6f0 [ 30.925383] ret_from_fork+0x116/0x1d0 [ 30.925785] ret_from_fork_asm+0x1a/0x30 [ 30.925949] [ 30.926203] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.926762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.926947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.927502] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 30.502778] ================================================================== [ 30.503239] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.503239] [ 30.503759] Use-after-free read at 0x(____ptrval____) (in kfence-#90): [ 30.504067] test_use_after_free_read+0x129/0x270 [ 30.504273] kunit_try_run_case+0x1a5/0x480 [ 30.504420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.504716] kthread+0x337/0x6f0 [ 30.504898] ret_from_fork+0x116/0x1d0 [ 30.505065] ret_from_fork_asm+0x1a/0x30 [ 30.505210] [ 30.505300] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.505300] [ 30.505763] allocated by task 344 on cpu 0 at 30.502605s (0.003155s ago): [ 30.506051] test_alloc+0x364/0x10f0 [ 30.506220] test_use_after_free_read+0xdc/0x270 [ 30.507184] kunit_try_run_case+0x1a5/0x480 [ 30.507400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.507811] kthread+0x337/0x6f0 [ 30.507980] ret_from_fork+0x116/0x1d0 [ 30.508299] ret_from_fork_asm+0x1a/0x30 [ 30.508502] [ 30.508583] freed by task 344 on cpu 0 at 30.502666s (0.005915s ago): [ 30.508876] test_use_after_free_read+0x1e7/0x270 [ 30.509088] kunit_try_run_case+0x1a5/0x480 [ 30.509274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.509486] kthread+0x337/0x6f0 [ 30.509630] ret_from_fork+0x116/0x1d0 [ 30.509792] ret_from_fork_asm+0x1a/0x30 [ 30.509963] [ 30.510064] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.511048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.511234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.511756] ================================================================== [ 30.606727] ================================================================== [ 30.607120] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.607120] [ 30.607885] Use-after-free read at 0x(____ptrval____) (in kfence-#91): [ 30.608306] test_use_after_free_read+0x129/0x270 [ 30.608470] kunit_try_run_case+0x1a5/0x480 [ 30.608615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.608783] kthread+0x337/0x6f0 [ 30.608900] ret_from_fork+0x116/0x1d0 [ 30.609028] ret_from_fork_asm+0x1a/0x30 [ 30.609181] [ 30.609273] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.609273] [ 30.609649] allocated by task 346 on cpu 1 at 30.606574s (0.003072s ago): [ 30.609903] test_alloc+0x2a6/0x10f0 [ 30.610036] test_use_after_free_read+0xdc/0x270 [ 30.610259] kunit_try_run_case+0x1a5/0x480 [ 30.610458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.610712] kthread+0x337/0x6f0 [ 30.610826] ret_from_fork+0x116/0x1d0 [ 30.610950] ret_from_fork_asm+0x1a/0x30 [ 30.611146] [ 30.611238] freed by task 346 on cpu 1 at 30.606611s (0.004625s ago): [ 30.611769] test_use_after_free_read+0xfb/0x270 [ 30.611966] kunit_try_run_case+0x1a5/0x480 [ 30.612151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.612475] kthread+0x337/0x6f0 [ 30.612591] ret_from_fork+0x116/0x1d0 [ 30.612716] ret_from_fork_asm+0x1a/0x30 [ 30.612873] [ 30.612987] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.613656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.613790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.614223] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 30.294566] ================================================================== [ 30.294934] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.294934] [ 30.295336] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#88): [ 30.295918] test_out_of_bounds_write+0x10d/0x260 [ 30.296151] kunit_try_run_case+0x1a5/0x480 [ 30.296522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.296758] kthread+0x337/0x6f0 [ 30.296908] ret_from_fork+0x116/0x1d0 [ 30.297090] ret_from_fork_asm+0x1a/0x30 [ 30.297269] [ 30.297649] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.297649] [ 30.298124] allocated by task 340 on cpu 1 at 30.294455s (0.003667s ago): [ 30.298606] test_alloc+0x364/0x10f0 [ 30.298802] test_out_of_bounds_write+0xd4/0x260 [ 30.298983] kunit_try_run_case+0x1a5/0x480 [ 30.299287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.299652] kthread+0x337/0x6f0 [ 30.299872] ret_from_fork+0x116/0x1d0 [ 30.300026] ret_from_fork_asm+0x1a/0x30 [ 30.300245] [ 30.300377] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.300853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.301031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.301744] ================================================================== [ 30.398624] ================================================================== [ 30.398995] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.398995] [ 30.399554] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 30.399802] test_out_of_bounds_write+0x10d/0x260 [ 30.400024] kunit_try_run_case+0x1a5/0x480 [ 30.400257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.400476] kthread+0x337/0x6f0 [ 30.400693] ret_from_fork+0x116/0x1d0 [ 30.400876] ret_from_fork_asm+0x1a/0x30 [ 30.401066] [ 30.401165] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.401165] [ 30.401581] allocated by task 342 on cpu 0 at 30.398569s (0.003010s ago): [ 30.401836] test_alloc+0x2a6/0x10f0 [ 30.402000] test_out_of_bounds_write+0xd4/0x260 [ 30.402250] kunit_try_run_case+0x1a5/0x480 [ 30.402467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.402708] kthread+0x337/0x6f0 [ 30.402879] ret_from_fork+0x116/0x1d0 [ 30.403040] ret_from_fork_asm+0x1a/0x30 [ 30.403205] [ 30.403294] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.403787] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.404009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.404370] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 29.982739] ================================================================== [ 29.983133] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.983133] [ 29.983582] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#85): [ 29.983916] test_out_of_bounds_read+0x216/0x4e0 [ 29.984128] kunit_try_run_case+0x1a5/0x480 [ 29.984319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.984535] kthread+0x337/0x6f0 [ 29.984686] ret_from_fork+0x116/0x1d0 [ 29.984873] ret_from_fork_asm+0x1a/0x30 [ 29.985025] [ 29.985102] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.985102] [ 29.985485] allocated by task 336 on cpu 0 at 29.982576s (0.002907s ago): [ 29.985738] test_alloc+0x364/0x10f0 [ 29.985859] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.986329] kunit_try_run_case+0x1a5/0x480 [ 29.986531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.986739] kthread+0x337/0x6f0 [ 29.986890] ret_from_fork+0x116/0x1d0 [ 29.987016] ret_from_fork_asm+0x1a/0x30 [ 29.987176] [ 29.987286] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.987845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.987976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.988566] ================================================================== [ 29.775963] ================================================================== [ 29.776519] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.776519] [ 29.776957] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#83): [ 29.777221] test_out_of_bounds_read+0x126/0x4e0 [ 29.777484] kunit_try_run_case+0x1a5/0x480 [ 29.777646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.777874] kthread+0x337/0x6f0 [ 29.778010] ret_from_fork+0x116/0x1d0 [ 29.778201] ret_from_fork_asm+0x1a/0x30 [ 29.778451] [ 29.778566] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.778566] [ 29.778921] allocated by task 336 on cpu 0 at 29.775541s (0.003378s ago): [ 29.779245] test_alloc+0x364/0x10f0 [ 29.779372] test_out_of_bounds_read+0xed/0x4e0 [ 29.779584] kunit_try_run_case+0x1a5/0x480 [ 29.779804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.780025] kthread+0x337/0x6f0 [ 29.780146] ret_from_fork+0x116/0x1d0 [ 29.780397] ret_from_fork_asm+0x1a/0x30 [ 29.780629] [ 29.780727] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.781131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.781461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.781771] ================================================================== [ 30.190602] ================================================================== [ 30.190967] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.190967] [ 30.191404] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#87): [ 30.191713] test_out_of_bounds_read+0x216/0x4e0 [ 30.191926] kunit_try_run_case+0x1a5/0x480 [ 30.192112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.192376] kthread+0x337/0x6f0 [ 30.192497] ret_from_fork+0x116/0x1d0 [ 30.192626] ret_from_fork_asm+0x1a/0x30 [ 30.192827] [ 30.192918] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.192918] [ 30.193313] allocated by task 338 on cpu 1 at 30.190554s (0.002757s ago): [ 30.193577] test_alloc+0x2a6/0x10f0 [ 30.193737] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.193957] kunit_try_run_case+0x1a5/0x480 [ 30.194172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.194408] kthread+0x337/0x6f0 [ 30.194522] ret_from_fork+0x116/0x1d0 [ 30.194647] ret_from_fork_asm+0x1a/0x30 [ 30.194837] [ 30.194956] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.195512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.195764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.196050] ================================================================== [ 30.086630] ================================================================== [ 30.087004] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 30.087004] [ 30.087419] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 30.087739] test_out_of_bounds_read+0x126/0x4e0 [ 30.087930] kunit_try_run_case+0x1a5/0x480 [ 30.088130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.088411] kthread+0x337/0x6f0 [ 30.088534] ret_from_fork+0x116/0x1d0 [ 30.088663] ret_from_fork_asm+0x1a/0x30 [ 30.088799] [ 30.088881] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.088881] [ 30.089292] allocated by task 338 on cpu 1 at 30.086571s (0.002719s ago): [ 30.089643] test_alloc+0x2a6/0x10f0 [ 30.089813] test_out_of_bounds_read+0xed/0x4e0 [ 30.089966] kunit_try_run_case+0x1a5/0x480 [ 30.090184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.090643] kthread+0x337/0x6f0 [ 30.090770] ret_from_fork+0x116/0x1d0 [ 30.090972] ret_from_fork_asm+0x1a/0x30 [ 30.091159] [ 30.091274] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 30.091659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.091792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.092215] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-kmem_cache_destroy
[ 26.513501] ================================================================== [ 26.514031] BUG: KFENCE: use-after-free read in kmem_cache_destroy+0x37/0x1d0 [ 26.514031] [ 26.514521] Use-after-free read at 0x(____ptrval____) (in kfence-#68): [ 26.515107] kmem_cache_destroy+0x37/0x1d0 [ 26.515377] kmem_cache_double_destroy+0x1bf/0x380 [ 26.515627] kunit_try_run_case+0x1a5/0x480 [ 26.515796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.515975] kthread+0x337/0x6f0 [ 26.516151] ret_from_fork+0x116/0x1d0 [ 26.516507] ret_from_fork_asm+0x1a/0x30 [ 26.516717] [ 26.516966] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=208, cache=kmem_cache [ 26.516966] [ 26.517788] allocated by task 264 on cpu 1 at 26.510835s (0.006895s ago): [ 26.518536] __kmem_cache_create_args+0x169/0x240 [ 26.518773] kmem_cache_double_destroy+0xd5/0x380 [ 26.519001] kunit_try_run_case+0x1a5/0x480 [ 26.519200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.519445] kthread+0x337/0x6f0 [ 26.519643] ret_from_fork+0x116/0x1d0 [ 26.519855] ret_from_fork_asm+0x1a/0x30 [ 26.520092] [ 26.520386] freed by task 264 on cpu 1 at 26.512401s (0.007811s ago): [ 26.520744] slab_kmem_cache_release+0x2e/0x40 [ 26.520908] kmem_cache_release+0x16/0x20 [ 26.521115] kobject_put+0x181/0x450 [ 26.521316] sysfs_slab_release+0x16/0x20 [ 26.521712] kmem_cache_destroy+0xf0/0x1d0 [ 26.522186] kmem_cache_double_destroy+0x14e/0x380 [ 26.522538] kunit_try_run_case+0x1a5/0x480 [ 26.522888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.523153] kthread+0x337/0x6f0 [ 26.523542] ret_from_fork+0x116/0x1d0 [ 26.523755] ret_from_fork_asm+0x1a/0x30 [ 26.524097] [ 26.524479] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.525004] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.525205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.525880] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 29.728406] ================================================================== [ 29.728918] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.729565] Write of size 1 at addr ffff888104588678 by task kunit_try_catch/334 [ 29.730219] [ 29.730425] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.730476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.730488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.730520] Call Trace: [ 29.730534] <TASK> [ 29.730551] dump_stack_lvl+0x73/0xb0 [ 29.730592] print_report+0xd1/0x610 [ 29.730615] ? __virt_addr_valid+0x1db/0x2d0 [ 29.730638] ? strncpy_from_user+0x1a5/0x1d0 [ 29.730660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.730688] ? strncpy_from_user+0x1a5/0x1d0 [ 29.730711] kasan_report+0x141/0x180 [ 29.730733] ? strncpy_from_user+0x1a5/0x1d0 [ 29.730760] __asan_report_store1_noabort+0x1b/0x30 [ 29.730785] strncpy_from_user+0x1a5/0x1d0 [ 29.730810] copy_user_test_oob+0x760/0x10f0 [ 29.730836] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.730859] ? finish_task_switch.isra.0+0x153/0x700 [ 29.730880] ? __switch_to+0x47/0xf80 [ 29.730906] ? __schedule+0x10c6/0x2b60 [ 29.730928] ? __pfx_read_tsc+0x10/0x10 [ 29.730949] ? ktime_get_ts64+0x86/0x230 [ 29.730974] kunit_try_run_case+0x1a5/0x480 [ 29.730999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.731021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.731044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.731068] ? __kthread_parkme+0x82/0x180 [ 29.731103] ? preempt_count_sub+0x50/0x80 [ 29.731125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.731149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.731172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.731196] kthread+0x337/0x6f0 [ 29.731216] ? trace_preempt_on+0x20/0xc0 [ 29.731239] ? __pfx_kthread+0x10/0x10 [ 29.731278] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.731300] ? calculate_sigpending+0x7b/0xa0 [ 29.731323] ? __pfx_kthread+0x10/0x10 [ 29.731344] ret_from_fork+0x116/0x1d0 [ 29.731364] ? __pfx_kthread+0x10/0x10 [ 29.731384] ret_from_fork_asm+0x1a/0x30 [ 29.731415] </TASK> [ 29.731426] [ 29.743044] Allocated by task 334: [ 29.743411] kasan_save_stack+0x45/0x70 [ 29.743774] kasan_save_track+0x18/0x40 [ 29.744135] kasan_save_alloc_info+0x3b/0x50 [ 29.744553] __kasan_kmalloc+0xb7/0xc0 [ 29.744816] __kmalloc_noprof+0x1ca/0x510 [ 29.744963] kunit_kmalloc_array+0x25/0x60 [ 29.745211] copy_user_test_oob+0xab/0x10f0 [ 29.745623] kunit_try_run_case+0x1a5/0x480 [ 29.746007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.746428] kthread+0x337/0x6f0 [ 29.746590] ret_from_fork+0x116/0x1d0 [ 29.746957] ret_from_fork_asm+0x1a/0x30 [ 29.747123] [ 29.747189] The buggy address belongs to the object at ffff888104588600 [ 29.747189] which belongs to the cache kmalloc-128 of size 128 [ 29.748234] The buggy address is located 0 bytes to the right of [ 29.748234] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.748828] [ 29.748897] The buggy address belongs to the physical page: [ 29.749063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.749410] flags: 0x200000000000000(node=0|zone=2) [ 29.749844] page_type: f5(slab) [ 29.750171] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.750836] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.751492] page dumped because: kasan: bad access detected [ 29.751960] [ 29.752117] Memory state around the buggy address: [ 29.752564] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.753054] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.753304] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.753920] ^ [ 29.754552] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.755020] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.755490] ================================================================== [ 29.699518] ================================================================== [ 29.700200] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.700850] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.701520] [ 29.701693] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.701754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.701767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.701789] Call Trace: [ 29.701805] <TASK> [ 29.701821] dump_stack_lvl+0x73/0xb0 [ 29.701860] print_report+0xd1/0x610 [ 29.701884] ? __virt_addr_valid+0x1db/0x2d0 [ 29.701907] ? strncpy_from_user+0x2e/0x1d0 [ 29.701943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.701969] ? strncpy_from_user+0x2e/0x1d0 [ 29.701993] kasan_report+0x141/0x180 [ 29.702015] ? strncpy_from_user+0x2e/0x1d0 [ 29.702043] kasan_check_range+0x10c/0x1c0 [ 29.702066] __kasan_check_write+0x18/0x20 [ 29.702098] strncpy_from_user+0x2e/0x1d0 [ 29.702119] ? __kasan_check_read+0x15/0x20 [ 29.702145] copy_user_test_oob+0x760/0x10f0 [ 29.702170] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.702193] ? finish_task_switch.isra.0+0x153/0x700 [ 29.702214] ? __switch_to+0x47/0xf80 [ 29.702240] ? __schedule+0x10c6/0x2b60 [ 29.702283] ? __pfx_read_tsc+0x10/0x10 [ 29.702304] ? ktime_get_ts64+0x86/0x230 [ 29.702328] kunit_try_run_case+0x1a5/0x480 [ 29.702352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.702375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.702398] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.702422] ? __kthread_parkme+0x82/0x180 [ 29.702447] ? preempt_count_sub+0x50/0x80 [ 29.702470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.702494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.702517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.702540] kthread+0x337/0x6f0 [ 29.702560] ? trace_preempt_on+0x20/0xc0 [ 29.702583] ? __pfx_kthread+0x10/0x10 [ 29.702603] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.702625] ? calculate_sigpending+0x7b/0xa0 [ 29.702648] ? __pfx_kthread+0x10/0x10 [ 29.702669] ret_from_fork+0x116/0x1d0 [ 29.702688] ? __pfx_kthread+0x10/0x10 [ 29.702709] ret_from_fork_asm+0x1a/0x30 [ 29.702741] </TASK> [ 29.702752] [ 29.715441] Allocated by task 334: [ 29.715777] kasan_save_stack+0x45/0x70 [ 29.716144] kasan_save_track+0x18/0x40 [ 29.716515] kasan_save_alloc_info+0x3b/0x50 [ 29.716916] __kasan_kmalloc+0xb7/0xc0 [ 29.717293] __kmalloc_noprof+0x1ca/0x510 [ 29.717669] kunit_kmalloc_array+0x25/0x60 [ 29.717972] copy_user_test_oob+0xab/0x10f0 [ 29.718200] kunit_try_run_case+0x1a5/0x480 [ 29.718605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.718938] kthread+0x337/0x6f0 [ 29.719052] ret_from_fork+0x116/0x1d0 [ 29.719186] ret_from_fork_asm+0x1a/0x30 [ 29.719472] [ 29.719623] The buggy address belongs to the object at ffff888104588600 [ 29.719623] which belongs to the cache kmalloc-128 of size 128 [ 29.720696] The buggy address is located 0 bytes inside of [ 29.720696] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.721678] [ 29.721747] The buggy address belongs to the physical page: [ 29.721913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.722164] flags: 0x200000000000000(node=0|zone=2) [ 29.722504] page_type: f5(slab) [ 29.722806] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.723476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.724122] page dumped because: kasan: bad access detected [ 29.724616] [ 29.724781] Memory state around the buggy address: [ 29.725217] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.725841] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.726162] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.726775] ^ [ 29.727248] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.727604] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.727811] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 29.671490] ================================================================== [ 29.671823] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.672106] Read of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.672563] [ 29.672664] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.672711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.672724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.672745] Call Trace: [ 29.672759] <TASK> [ 29.672773] dump_stack_lvl+0x73/0xb0 [ 29.672814] print_report+0xd1/0x610 [ 29.672836] ? __virt_addr_valid+0x1db/0x2d0 [ 29.672868] ? copy_user_test_oob+0x604/0x10f0 [ 29.672891] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.672918] ? copy_user_test_oob+0x604/0x10f0 [ 29.672957] kasan_report+0x141/0x180 [ 29.672980] ? copy_user_test_oob+0x604/0x10f0 [ 29.673009] kasan_check_range+0x10c/0x1c0 [ 29.673033] __kasan_check_read+0x15/0x20 [ 29.673056] copy_user_test_oob+0x604/0x10f0 [ 29.673092] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.673115] ? finish_task_switch.isra.0+0x153/0x700 [ 29.673136] ? __switch_to+0x47/0xf80 [ 29.673162] ? __schedule+0x10c6/0x2b60 [ 29.673185] ? __pfx_read_tsc+0x10/0x10 [ 29.673206] ? ktime_get_ts64+0x86/0x230 [ 29.673231] kunit_try_run_case+0x1a5/0x480 [ 29.673254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.673284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.673308] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.673332] ? __kthread_parkme+0x82/0x180 [ 29.673356] ? preempt_count_sub+0x50/0x80 [ 29.673379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.673403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.673426] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.673450] kthread+0x337/0x6f0 [ 29.673469] ? trace_preempt_on+0x20/0xc0 [ 29.673492] ? __pfx_kthread+0x10/0x10 [ 29.673513] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.673535] ? calculate_sigpending+0x7b/0xa0 [ 29.673558] ? __pfx_kthread+0x10/0x10 [ 29.673579] ret_from_fork+0x116/0x1d0 [ 29.673599] ? __pfx_kthread+0x10/0x10 [ 29.673619] ret_from_fork_asm+0x1a/0x30 [ 29.673651] </TASK> [ 29.673663] [ 29.681672] Allocated by task 334: [ 29.681795] kasan_save_stack+0x45/0x70 [ 29.681945] kasan_save_track+0x18/0x40 [ 29.682075] kasan_save_alloc_info+0x3b/0x50 [ 29.683400] __kasan_kmalloc+0xb7/0xc0 [ 29.683841] __kmalloc_noprof+0x1ca/0x510 [ 29.684446] kunit_kmalloc_array+0x25/0x60 [ 29.685895] copy_user_test_oob+0xab/0x10f0 [ 29.686612] kunit_try_run_case+0x1a5/0x480 [ 29.686910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.687110] kthread+0x337/0x6f0 [ 29.687229] ret_from_fork+0x116/0x1d0 [ 29.687924] ret_from_fork_asm+0x1a/0x30 [ 29.688637] [ 29.688929] The buggy address belongs to the object at ffff888104588600 [ 29.688929] which belongs to the cache kmalloc-128 of size 128 [ 29.690326] The buggy address is located 0 bytes inside of [ 29.690326] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.690955] [ 29.691028] The buggy address belongs to the physical page: [ 29.691869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.692798] flags: 0x200000000000000(node=0|zone=2) [ 29.693466] page_type: f5(slab) [ 29.693916] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.694676] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.695488] page dumped because: kasan: bad access detected [ 29.696150] [ 29.696456] Memory state around the buggy address: [ 29.696875] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.697117] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697338] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.697546] ^ [ 29.697753] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697976] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.698464] ================================================================== [ 29.654402] ================================================================== [ 29.654975] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.655392] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.655835] [ 29.655939] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.655985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.655998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.656022] Call Trace: [ 29.656035] <TASK> [ 29.656051] dump_stack_lvl+0x73/0xb0 [ 29.656090] print_report+0xd1/0x610 [ 29.656112] ? __virt_addr_valid+0x1db/0x2d0 [ 29.656136] ? copy_user_test_oob+0x557/0x10f0 [ 29.656159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.656186] ? copy_user_test_oob+0x557/0x10f0 [ 29.656212] kasan_report+0x141/0x180 [ 29.656234] ? copy_user_test_oob+0x557/0x10f0 [ 29.656264] kasan_check_range+0x10c/0x1c0 [ 29.656299] __kasan_check_write+0x18/0x20 [ 29.656322] copy_user_test_oob+0x557/0x10f0 [ 29.656349] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.656372] ? finish_task_switch.isra.0+0x153/0x700 [ 29.656394] ? __switch_to+0x47/0xf80 [ 29.656420] ? __schedule+0x10c6/0x2b60 [ 29.656443] ? __pfx_read_tsc+0x10/0x10 [ 29.656464] ? ktime_get_ts64+0x86/0x230 [ 29.656488] kunit_try_run_case+0x1a5/0x480 [ 29.656512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656534] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.656558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.656581] ? __kthread_parkme+0x82/0x180 [ 29.656605] ? preempt_count_sub+0x50/0x80 [ 29.656629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.656653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.656676] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.656699] kthread+0x337/0x6f0 [ 29.656719] ? trace_preempt_on+0x20/0xc0 [ 29.656741] ? __pfx_kthread+0x10/0x10 [ 29.656762] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.656784] ? calculate_sigpending+0x7b/0xa0 [ 29.656808] ? __pfx_kthread+0x10/0x10 [ 29.656829] ret_from_fork+0x116/0x1d0 [ 29.656849] ? __pfx_kthread+0x10/0x10 [ 29.656869] ret_from_fork_asm+0x1a/0x30 [ 29.656901] </TASK> [ 29.656912] [ 29.663867] Allocated by task 334: [ 29.664013] kasan_save_stack+0x45/0x70 [ 29.664160] kasan_save_track+0x18/0x40 [ 29.664344] kasan_save_alloc_info+0x3b/0x50 [ 29.664554] __kasan_kmalloc+0xb7/0xc0 [ 29.664733] __kmalloc_noprof+0x1ca/0x510 [ 29.664925] kunit_kmalloc_array+0x25/0x60 [ 29.665069] copy_user_test_oob+0xab/0x10f0 [ 29.665253] kunit_try_run_case+0x1a5/0x480 [ 29.665462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.665688] kthread+0x337/0x6f0 [ 29.665837] ret_from_fork+0x116/0x1d0 [ 29.666008] ret_from_fork_asm+0x1a/0x30 [ 29.666184] [ 29.666273] The buggy address belongs to the object at ffff888104588600 [ 29.666273] which belongs to the cache kmalloc-128 of size 128 [ 29.666735] The buggy address is located 0 bytes inside of [ 29.666735] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.667213] [ 29.667311] The buggy address belongs to the physical page: [ 29.667524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.667818] flags: 0x200000000000000(node=0|zone=2) [ 29.668010] page_type: f5(slab) [ 29.668174] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.668512] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.668804] page dumped because: kasan: bad access detected [ 29.669008] [ 29.669106] Memory state around the buggy address: [ 29.669303] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.669570] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.669804] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.670049] ^ [ 29.670463] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.670700] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.670906] ================================================================== [ 29.637401] ================================================================== [ 29.637640] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.637973] Read of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.638337] [ 29.638423] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.638471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.638484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.638507] Call Trace: [ 29.638523] <TASK> [ 29.638541] dump_stack_lvl+0x73/0xb0 [ 29.638570] print_report+0xd1/0x610 [ 29.638593] ? __virt_addr_valid+0x1db/0x2d0 [ 29.638618] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.638668] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638692] kasan_report+0x141/0x180 [ 29.638714] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.638743] kasan_check_range+0x10c/0x1c0 [ 29.638766] __kasan_check_read+0x15/0x20 [ 29.638790] copy_user_test_oob+0x4aa/0x10f0 [ 29.638815] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.638837] ? finish_task_switch.isra.0+0x153/0x700 [ 29.638859] ? __switch_to+0x47/0xf80 [ 29.638885] ? __schedule+0x10c6/0x2b60 [ 29.638909] ? __pfx_read_tsc+0x10/0x10 [ 29.638930] ? ktime_get_ts64+0x86/0x230 [ 29.638955] kunit_try_run_case+0x1a5/0x480 [ 29.638994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.639016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.639038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.639062] ? __kthread_parkme+0x82/0x180 [ 29.639099] ? preempt_count_sub+0x50/0x80 [ 29.639121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.639145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.639169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.639192] kthread+0x337/0x6f0 [ 29.639211] ? trace_preempt_on+0x20/0xc0 [ 29.639235] ? __pfx_kthread+0x10/0x10 [ 29.639256] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.639278] ? calculate_sigpending+0x7b/0xa0 [ 29.639302] ? __pfx_kthread+0x10/0x10 [ 29.639336] ret_from_fork+0x116/0x1d0 [ 29.639355] ? __pfx_kthread+0x10/0x10 [ 29.639375] ret_from_fork_asm+0x1a/0x30 [ 29.639407] </TASK> [ 29.639418] [ 29.646568] Allocated by task 334: [ 29.646718] kasan_save_stack+0x45/0x70 [ 29.646852] kasan_save_track+0x18/0x40 [ 29.646980] kasan_save_alloc_info+0x3b/0x50 [ 29.647131] __kasan_kmalloc+0xb7/0xc0 [ 29.647257] __kmalloc_noprof+0x1ca/0x510 [ 29.647392] kunit_kmalloc_array+0x25/0x60 [ 29.647733] copy_user_test_oob+0xab/0x10f0 [ 29.647934] kunit_try_run_case+0x1a5/0x480 [ 29.648149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.648554] kthread+0x337/0x6f0 [ 29.648720] ret_from_fork+0x116/0x1d0 [ 29.648901] ret_from_fork_asm+0x1a/0x30 [ 29.649106] [ 29.649194] The buggy address belongs to the object at ffff888104588600 [ 29.649194] which belongs to the cache kmalloc-128 of size 128 [ 29.649778] The buggy address is located 0 bytes inside of [ 29.649778] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.650200] [ 29.650264] The buggy address belongs to the physical page: [ 29.650519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.650862] flags: 0x200000000000000(node=0|zone=2) [ 29.651064] page_type: f5(slab) [ 29.651188] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.651413] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.651632] page dumped because: kasan: bad access detected [ 29.651798] [ 29.651860] Memory state around the buggy address: [ 29.652192] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.652496] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.652798] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.653344] ^ [ 29.653586] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.653791] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.654006] ================================================================== [ 29.619311] ================================================================== [ 29.619614] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.619926] Write of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.620343] [ 29.620513] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.620566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.620579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.620602] Call Trace: [ 29.620615] <TASK> [ 29.620633] dump_stack_lvl+0x73/0xb0 [ 29.620664] print_report+0xd1/0x610 [ 29.620686] ? __virt_addr_valid+0x1db/0x2d0 [ 29.620711] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.620762] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620786] kasan_report+0x141/0x180 [ 29.620810] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.620840] kasan_check_range+0x10c/0x1c0 [ 29.620867] __kasan_check_write+0x18/0x20 [ 29.620891] copy_user_test_oob+0x3fd/0x10f0 [ 29.620917] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.620939] ? finish_task_switch.isra.0+0x153/0x700 [ 29.620962] ? __switch_to+0x47/0xf80 [ 29.620989] ? __schedule+0x10c6/0x2b60 [ 29.621012] ? __pfx_read_tsc+0x10/0x10 [ 29.621034] ? ktime_get_ts64+0x86/0x230 [ 29.621060] kunit_try_run_case+0x1a5/0x480 [ 29.621098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.621144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.621169] ? __kthread_parkme+0x82/0x180 [ 29.621193] ? preempt_count_sub+0x50/0x80 [ 29.621217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.621241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.621264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.621301] kthread+0x337/0x6f0 [ 29.621321] ? trace_preempt_on+0x20/0xc0 [ 29.621344] ? __pfx_kthread+0x10/0x10 [ 29.621366] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.621387] ? calculate_sigpending+0x7b/0xa0 [ 29.621412] ? __pfx_kthread+0x10/0x10 [ 29.621434] ret_from_fork+0x116/0x1d0 [ 29.621453] ? __pfx_kthread+0x10/0x10 [ 29.621474] ret_from_fork_asm+0x1a/0x30 [ 29.621506] </TASK> [ 29.621517] [ 29.628747] Allocated by task 334: [ 29.628891] kasan_save_stack+0x45/0x70 [ 29.629075] kasan_save_track+0x18/0x40 [ 29.629258] kasan_save_alloc_info+0x3b/0x50 [ 29.629447] __kasan_kmalloc+0xb7/0xc0 [ 29.629603] __kmalloc_noprof+0x1ca/0x510 [ 29.629741] kunit_kmalloc_array+0x25/0x60 [ 29.629943] copy_user_test_oob+0xab/0x10f0 [ 29.630152] kunit_try_run_case+0x1a5/0x480 [ 29.630337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.630558] kthread+0x337/0x6f0 [ 29.630690] ret_from_fork+0x116/0x1d0 [ 29.630817] ret_from_fork_asm+0x1a/0x30 [ 29.630952] [ 29.631019] The buggy address belongs to the object at ffff888104588600 [ 29.631019] which belongs to the cache kmalloc-128 of size 128 [ 29.631936] The buggy address is located 0 bytes inside of [ 29.631936] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.632330] [ 29.632395] The buggy address belongs to the physical page: [ 29.632562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.632817] flags: 0x200000000000000(node=0|zone=2) [ 29.633050] page_type: f5(slab) [ 29.633219] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.633597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.634178] page dumped because: kasan: bad access detected [ 29.634342] [ 29.634403] Memory state around the buggy address: [ 29.634551] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.634758] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635221] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.635821] ^ [ 29.636116] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.636344] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.636558] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 29.591634] ================================================================== [ 29.591962] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 29.592368] Read of size 121 at addr ffff888104588600 by task kunit_try_catch/334 [ 29.592932] [ 29.593017] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 29.593065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.593091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.593113] Call Trace: [ 29.593127] <TASK> [ 29.593143] dump_stack_lvl+0x73/0xb0 [ 29.593173] print_report+0xd1/0x610 [ 29.593196] ? __virt_addr_valid+0x1db/0x2d0 [ 29.593220] ? _copy_to_user+0x3c/0x70 [ 29.593243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.593270] ? _copy_to_user+0x3c/0x70 [ 29.593671] kasan_report+0x141/0x180 [ 29.593697] ? _copy_to_user+0x3c/0x70 [ 29.593726] kasan_check_range+0x10c/0x1c0 [ 29.593750] __kasan_check_read+0x15/0x20 [ 29.593775] _copy_to_user+0x3c/0x70 [ 29.593799] copy_user_test_oob+0x364/0x10f0 [ 29.593825] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.593848] ? finish_task_switch.isra.0+0x153/0x700 [ 29.593870] ? __switch_to+0x47/0xf80 [ 29.593896] ? __schedule+0x10c6/0x2b60 [ 29.593920] ? __pfx_read_tsc+0x10/0x10 [ 29.593949] ? ktime_get_ts64+0x86/0x230 [ 29.593973] kunit_try_run_case+0x1a5/0x480 [ 29.593997] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.594019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.594042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.594066] ? __kthread_parkme+0x82/0x180 [ 29.594101] ? preempt_count_sub+0x50/0x80 [ 29.594124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.594148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.594171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.594195] kthread+0x337/0x6f0 [ 29.594214] ? trace_preempt_on+0x20/0xc0 [ 29.594237] ? __pfx_kthread+0x10/0x10 [ 29.594257] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.594290] ? calculate_sigpending+0x7b/0xa0 [ 29.594314] ? __pfx_kthread+0x10/0x10 [ 29.594336] ret_from_fork+0x116/0x1d0 [ 29.594355] ? __pfx_kthread+0x10/0x10 [ 29.594375] ret_from_fork_asm+0x1a/0x30 [ 29.594407] </TASK> [ 29.594418] [ 29.604249] Allocated by task 334: [ 29.604580] kasan_save_stack+0x45/0x70 [ 29.604735] kasan_save_track+0x18/0x40 [ 29.605033] kasan_save_alloc_info+0x3b/0x50 [ 29.605408] __kasan_kmalloc+0xb7/0xc0 [ 29.605722] __kmalloc_noprof+0x1ca/0x510 [ 29.605929] kunit_kmalloc_array+0x25/0x60 [ 29.606207] copy_user_test_oob+0xab/0x10f0 [ 29.606415] kunit_try_run_case+0x1a5/0x480 [ 29.606742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.607009] kthread+0x337/0x6f0 [ 29.607179] ret_from_fork+0x116/0x1d0 [ 29.607583] ret_from_fork_asm+0x1a/0x30 [ 29.607855] [ 29.607960] The buggy address belongs to the object at ffff888104588600 [ 29.607960] which belongs to the cache kmalloc-128 of size 128 [ 29.608714] The buggy address is located 0 bytes inside of [ 29.608714] allocated 120-byte region [ffff888104588600, ffff888104588678) [ 29.609182] [ 29.609276] The buggy address belongs to the physical page: [ 29.609576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 29.610203] flags: 0x200000000000000(node=0|zone=2) [ 29.610571] page_type: f5(slab) [ 29.610700] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.611172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.611633] page dumped because: kasan: bad access detected [ 29.611954] [ 29.612035] Memory state around the buggy address: [ 29.612238] ffff888104588500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.612880] ffff888104588580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.613201] >ffff888104588600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.613617] ^ [ 29.613928] ffff888104588680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614433] ffff888104588700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.614822] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 27.473415] ================================================================== [ 27.473824] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 27.474068] Read of size 1 at addr ffff888106287c3f by task kunit_try_catch/300 [ 27.474584] [ 27.474819] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.474928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.474942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.474963] Call Trace: [ 27.474976] <TASK> [ 27.474993] dump_stack_lvl+0x73/0xb0 [ 27.475024] print_report+0xd1/0x610 [ 27.475046] ? __virt_addr_valid+0x1db/0x2d0 [ 27.475118] ? kasan_alloca_oob_left+0x320/0x380 [ 27.475144] ? kasan_addr_to_slab+0x11/0xa0 [ 27.475164] ? kasan_alloca_oob_left+0x320/0x380 [ 27.475186] kasan_report+0x141/0x180 [ 27.475208] ? kasan_alloca_oob_left+0x320/0x380 [ 27.475295] __asan_report_load1_noabort+0x18/0x20 [ 27.475322] kasan_alloca_oob_left+0x320/0x380 [ 27.475342] ? __kasan_check_write+0x18/0x20 [ 27.475366] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.475387] ? finish_task_switch.isra.0+0x153/0x700 [ 27.475409] ? down_read+0x1ce/0x270 [ 27.475432] ? trace_hardirqs_on+0x37/0xe0 [ 27.475484] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 27.475509] ? __schedule+0x10c6/0x2b60 [ 27.475530] ? __pfx_read_tsc+0x10/0x10 [ 27.475551] ? ktime_get_ts64+0x86/0x230 [ 27.475576] kunit_try_run_case+0x1a5/0x480 [ 27.475600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.475621] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.475644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.475708] ? __kthread_parkme+0x82/0x180 [ 27.475732] ? preempt_count_sub+0x50/0x80 [ 27.475754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.475777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.475800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.475822] kthread+0x337/0x6f0 [ 27.475841] ? trace_preempt_on+0x20/0xc0 [ 27.475863] ? __pfx_kthread+0x10/0x10 [ 27.475883] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.475904] ? calculate_sigpending+0x7b/0xa0 [ 27.475927] ? __pfx_kthread+0x10/0x10 [ 27.475947] ret_from_fork+0x116/0x1d0 [ 27.475965] ? __pfx_kthread+0x10/0x10 [ 27.475986] ret_from_fork_asm+0x1a/0x30 [ 27.476017] </TASK> [ 27.476028] [ 27.491432] The buggy address belongs to stack of task kunit_try_catch/300 [ 27.492033] [ 27.492193] The buggy address belongs to the physical page: [ 27.492706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106287 [ 27.492949] flags: 0x200000000000000(node=0|zone=2) [ 27.493131] raw: 0200000000000000 ffffea000418a1c8 ffffea000418a1c8 0000000000000000 [ 27.493893] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.494752] page dumped because: kasan: bad access detected [ 27.495601] [ 27.495846] Memory state around the buggy address: [ 27.496432] ffff888106287b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.496927] ffff888106287b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.497156] >ffff888106287c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.497402] ^ [ 27.497721] ffff888106287c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.498015] ffff888106287d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.498380] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 27.445413] ================================================================== [ 27.446009] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 27.446257] Read of size 1 at addr ffff8881061e7d02 by task kunit_try_catch/298 [ 27.447518] [ 27.447929] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.447990] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.448138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.448165] Call Trace: [ 27.448178] <TASK> [ 27.448195] dump_stack_lvl+0x73/0xb0 [ 27.448228] print_report+0xd1/0x610 [ 27.448402] ? __virt_addr_valid+0x1db/0x2d0 [ 27.448427] ? kasan_stack_oob+0x2b5/0x300 [ 27.448448] ? kasan_addr_to_slab+0x11/0xa0 [ 27.448467] ? kasan_stack_oob+0x2b5/0x300 [ 27.448487] kasan_report+0x141/0x180 [ 27.448509] ? kasan_stack_oob+0x2b5/0x300 [ 27.448534] __asan_report_load1_noabort+0x18/0x20 [ 27.448557] kasan_stack_oob+0x2b5/0x300 [ 27.448577] ? __pfx_kasan_stack_oob+0x10/0x10 [ 27.448595] ? finish_task_switch.isra.0+0x153/0x700 [ 27.448616] ? __switch_to+0x47/0xf80 [ 27.448643] ? __schedule+0x10c6/0x2b60 [ 27.448666] ? __pfx_read_tsc+0x10/0x10 [ 27.448686] ? ktime_get_ts64+0x86/0x230 [ 27.448710] kunit_try_run_case+0x1a5/0x480 [ 27.448732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.448754] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.448775] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.448798] ? __kthread_parkme+0x82/0x180 [ 27.448822] ? preempt_count_sub+0x50/0x80 [ 27.448844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.448867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.448889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.448912] kthread+0x337/0x6f0 [ 27.448931] ? trace_preempt_on+0x20/0xc0 [ 27.448953] ? __pfx_kthread+0x10/0x10 [ 27.448973] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.448994] ? calculate_sigpending+0x7b/0xa0 [ 27.449016] ? __pfx_kthread+0x10/0x10 [ 27.449037] ret_from_fork+0x116/0x1d0 [ 27.449055] ? __pfx_kthread+0x10/0x10 [ 27.449091] ret_from_fork_asm+0x1a/0x30 [ 27.449123] </TASK> [ 27.449133] [ 27.461636] The buggy address belongs to stack of task kunit_try_catch/298 [ 27.462016] and is located at offset 138 in frame: [ 27.462500] kasan_stack_oob+0x0/0x300 [ 27.463028] [ 27.463314] This frame has 4 objects: [ 27.463891] [48, 49) '__assertion' [ 27.463924] [64, 72) 'array' [ 27.464111] [96, 112) '__assertion' [ 27.464395] [128, 138) 'stack_array' [ 27.464754] [ 27.465178] The buggy address belongs to the physical page: [ 27.465563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061e7 [ 27.465864] flags: 0x200000000000000(node=0|zone=2) [ 27.466255] raw: 0200000000000000 ffffea00041879c8 ffffea00041879c8 0000000000000000 [ 27.466752] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.467145] page dumped because: kasan: bad access detected [ 27.467513] [ 27.467600] Memory state around the buggy address: [ 27.467776] ffff8881061e7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.468092] ffff8881061e7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 27.468813] >ffff8881061e7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.469194] ^ [ 27.469318] ffff8881061e7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 27.469918] ffff8881061e7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.470515] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 27.415219] ================================================================== [ 27.416241] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 27.416487] Read of size 1 at addr ffffffff980c4f8d by task kunit_try_catch/294 [ 27.416697] [ 27.416803] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.416853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.416864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.416886] Call Trace: [ 27.416900] <TASK> [ 27.416915] dump_stack_lvl+0x73/0xb0 [ 27.416946] print_report+0xd1/0x610 [ 27.416970] ? __virt_addr_valid+0x1db/0x2d0 [ 27.416994] ? kasan_global_oob_right+0x286/0x2d0 [ 27.417014] ? kasan_addr_to_slab+0x11/0xa0 [ 27.417035] ? kasan_global_oob_right+0x286/0x2d0 [ 27.417056] kasan_report+0x141/0x180 [ 27.418044] ? kasan_global_oob_right+0x286/0x2d0 [ 27.418104] __asan_report_load1_noabort+0x18/0x20 [ 27.418132] kasan_global_oob_right+0x286/0x2d0 [ 27.418155] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 27.418176] ? __kasan_check_write+0x18/0x20 [ 27.418199] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.418249] ? irqentry_exit+0x2a/0x60 [ 27.418290] ? trace_hardirqs_on+0x37/0xe0 [ 27.418314] ? __pfx_read_tsc+0x10/0x10 [ 27.418335] ? ktime_get_ts64+0x86/0x230 [ 27.418358] kunit_try_run_case+0x1a5/0x480 [ 27.418382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418406] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.418429] ? __kthread_parkme+0x82/0x180 [ 27.418452] ? preempt_count_sub+0x50/0x80 [ 27.418475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.418520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.418542] kthread+0x337/0x6f0 [ 27.418561] ? trace_preempt_on+0x20/0xc0 [ 27.418583] ? __pfx_kthread+0x10/0x10 [ 27.418602] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.418623] ? calculate_sigpending+0x7b/0xa0 [ 27.418647] ? __pfx_kthread+0x10/0x10 [ 27.418668] ret_from_fork+0x116/0x1d0 [ 27.418687] ? __pfx_kthread+0x10/0x10 [ 27.418706] ret_from_fork_asm+0x1a/0x30 [ 27.418737] </TASK> [ 27.418748] [ 27.433797] The buggy address belongs to the variable: [ 27.434043] global_array+0xd/0x40 [ 27.434211] [ 27.434386] The buggy address belongs to the physical page: [ 27.434596] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1582c4 [ 27.434886] flags: 0x200000000002000(reserved|node=0|zone=2) [ 27.435105] raw: 0200000000002000 ffffea000560b108 ffffea000560b108 0000000000000000 [ 27.435345] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.435738] page dumped because: kasan: bad access detected [ 27.436229] [ 27.436315] Memory state around the buggy address: [ 27.436597] ffffffff980c4e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.436813] ffffffff980c4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.437025] >ffffffff980c4f80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 27.437320] ^ [ 27.437539] ffffffff980c5000: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 27.437849] ffffffff980c5080: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 27.438175] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 27.391726] ================================================================== [ 27.392199] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.392585] Free of addr ffff8881060b0001 by task kunit_try_catch/292 [ 27.392939] [ 27.393049] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.393111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.393123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.393144] Call Trace: [ 27.393156] <TASK> [ 27.393172] dump_stack_lvl+0x73/0xb0 [ 27.393225] print_report+0xd1/0x610 [ 27.393246] ? __virt_addr_valid+0x1db/0x2d0 [ 27.393271] ? kasan_addr_to_slab+0x11/0xa0 [ 27.393290] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.393315] kasan_report_invalid_free+0x10a/0x130 [ 27.393339] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.393367] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.393391] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.393424] mempool_free+0x2ec/0x380 [ 27.393449] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.393473] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.393498] ? dequeue_entities+0x23f/0x1630 [ 27.393520] ? __kasan_check_write+0x18/0x20 [ 27.393561] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.393581] ? finish_task_switch.isra.0+0x153/0x700 [ 27.393605] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 27.393629] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.393656] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.393677] ? __pfx_mempool_kfree+0x10/0x10 [ 27.393702] ? __pfx_read_tsc+0x10/0x10 [ 27.393722] ? ktime_get_ts64+0x86/0x230 [ 27.393746] kunit_try_run_case+0x1a5/0x480 [ 27.393769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.393790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.393812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.393835] ? __kthread_parkme+0x82/0x180 [ 27.393877] ? preempt_count_sub+0x50/0x80 [ 27.393899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.393927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.393951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.393974] kthread+0x337/0x6f0 [ 27.393993] ? trace_preempt_on+0x20/0xc0 [ 27.394015] ? __pfx_kthread+0x10/0x10 [ 27.394054] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.394076] ? calculate_sigpending+0x7b/0xa0 [ 27.394108] ? __pfx_kthread+0x10/0x10 [ 27.394129] ret_from_fork+0x116/0x1d0 [ 27.394147] ? __pfx_kthread+0x10/0x10 [ 27.394167] ret_from_fork_asm+0x1a/0x30 [ 27.394198] </TASK> [ 27.394208] [ 27.403410] The buggy address belongs to the physical page: [ 27.403717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 27.404026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.404257] flags: 0x200000000000040(head|node=0|zone=2) [ 27.404566] page_type: f8(unknown) [ 27.404766] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.405153] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.405750] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.406129] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.406585] head: 0200000000000002 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 27.406803] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.407015] page dumped because: kasan: bad access detected [ 27.407342] [ 27.407430] Memory state around the buggy address: [ 27.407757] ffff8881060aff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.408141] ffff8881060aff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.408556] >ffff8881060b0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.408864] ^ [ 27.408972] ffff8881060b0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.409241] ffff8881060b0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.409743] ================================================================== [ 27.365892] ================================================================== [ 27.366441] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.366887] Free of addr ffff88810618b001 by task kunit_try_catch/290 [ 27.367143] [ 27.367280] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.367334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.367346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.367367] Call Trace: [ 27.367381] <TASK> [ 27.367400] dump_stack_lvl+0x73/0xb0 [ 27.367432] print_report+0xd1/0x610 [ 27.367454] ? __virt_addr_valid+0x1db/0x2d0 [ 27.367479] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.367504] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.367529] kasan_report_invalid_free+0x10a/0x130 [ 27.367553] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.367579] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.367603] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.367626] check_slab_allocation+0x11f/0x130 [ 27.367647] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.367671] mempool_free+0x2ec/0x380 [ 27.367698] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.367722] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.367748] ? dequeue_entities+0x23f/0x1630 [ 27.367773] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.367795] ? finish_task_switch.isra.0+0x153/0x700 [ 27.367821] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.367844] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.367867] ? __kasan_check_write+0x18/0x20 [ 27.367891] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.367912] ? __pfx_mempool_kfree+0x10/0x10 [ 27.367936] ? __pfx_read_tsc+0x10/0x10 [ 27.367958] ? ktime_get_ts64+0x86/0x230 [ 27.367980] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.368006] kunit_try_run_case+0x1a5/0x480 [ 27.368031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.368054] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.368090] ? __kthread_parkme+0x82/0x180 [ 27.368115] ? preempt_count_sub+0x50/0x80 [ 27.368137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.368160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.368182] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.368205] kthread+0x337/0x6f0 [ 27.368226] ? trace_preempt_on+0x20/0xc0 [ 27.368292] ? __pfx_kthread+0x10/0x10 [ 27.368313] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.368335] ? calculate_sigpending+0x7b/0xa0 [ 27.368359] ? __pfx_kthread+0x10/0x10 [ 27.368379] ret_from_fork+0x116/0x1d0 [ 27.368398] ? __pfx_kthread+0x10/0x10 [ 27.368418] ret_from_fork_asm+0x1a/0x30 [ 27.368451] </TASK> [ 27.368461] [ 27.378045] Allocated by task 290: [ 27.378217] kasan_save_stack+0x45/0x70 [ 27.378522] kasan_save_track+0x18/0x40 [ 27.378656] kasan_save_alloc_info+0x3b/0x50 [ 27.378798] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.378964] remove_element+0x11e/0x190 [ 27.379162] mempool_alloc_preallocated+0x4d/0x90 [ 27.379379] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 27.379767] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.380001] kunit_try_run_case+0x1a5/0x480 [ 27.380151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.380317] kthread+0x337/0x6f0 [ 27.380427] ret_from_fork+0x116/0x1d0 [ 27.380600] ret_from_fork_asm+0x1a/0x30 [ 27.380798] [ 27.380887] The buggy address belongs to the object at ffff88810618b000 [ 27.380887] which belongs to the cache kmalloc-128 of size 128 [ 27.381614] The buggy address is located 1 bytes inside of [ 27.381614] 128-byte region [ffff88810618b000, ffff88810618b080) [ 27.382143] [ 27.382212] The buggy address belongs to the physical page: [ 27.382381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618b [ 27.382932] flags: 0x200000000000000(node=0|zone=2) [ 27.383180] page_type: f5(slab) [ 27.383590] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.384130] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.384723] page dumped because: kasan: bad access detected [ 27.384946] [ 27.385031] Memory state around the buggy address: [ 27.385197] ffff88810618af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.385409] ffff88810618af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.385743] >ffff88810618b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.386058] ^ [ 27.386231] ffff88810618b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386488] ffff88810618b100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.386790] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 27.321467] ================================================================== [ 27.321947] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.322242] Free of addr ffff8881061b4000 by task kunit_try_catch/286 [ 27.322585] [ 27.322674] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.322722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.322734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.322755] Call Trace: [ 27.322767] <TASK> [ 27.322784] dump_stack_lvl+0x73/0xb0 [ 27.322814] print_report+0xd1/0x610 [ 27.322836] ? __virt_addr_valid+0x1db/0x2d0 [ 27.322860] ? kasan_addr_to_slab+0x11/0xa0 [ 27.322880] ? mempool_double_free_helper+0x184/0x370 [ 27.322903] kasan_report_invalid_free+0x10a/0x130 [ 27.322928] ? mempool_double_free_helper+0x184/0x370 [ 27.322953] ? mempool_double_free_helper+0x184/0x370 [ 27.322975] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 27.322999] mempool_free+0x2ec/0x380 [ 27.323025] mempool_double_free_helper+0x184/0x370 [ 27.323048] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.323074] ? irqentry_exit+0x2a/0x60 [ 27.323109] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.323135] mempool_kmalloc_large_double_free+0xed/0x140 [ 27.323159] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.323186] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.323207] ? __pfx_mempool_kfree+0x10/0x10 [ 27.323231] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.323257] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.323291] kunit_try_run_case+0x1a5/0x480 [ 27.323316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.323337] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.323370] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.323393] ? __kthread_parkme+0x82/0x180 [ 27.323417] ? preempt_count_sub+0x50/0x80 [ 27.323440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.323464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.323486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.323509] kthread+0x337/0x6f0 [ 27.323527] ? trace_preempt_on+0x20/0xc0 [ 27.323551] ? __pfx_kthread+0x10/0x10 [ 27.323571] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.323592] ? calculate_sigpending+0x7b/0xa0 [ 27.323625] ? __pfx_kthread+0x10/0x10 [ 27.323646] ret_from_fork+0x116/0x1d0 [ 27.323665] ? __pfx_kthread+0x10/0x10 [ 27.323685] ret_from_fork_asm+0x1a/0x30 [ 27.323716] </TASK> [ 27.323726] [ 27.332098] The buggy address belongs to the physical page: [ 27.332304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b4 [ 27.332546] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.332767] flags: 0x200000000000040(head|node=0|zone=2) [ 27.334868] page_type: f8(unknown) [ 27.335020] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.335261] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.335487] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.336031] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.336665] head: 0200000000000002 ffffea0004186d01 00000000ffffffff 00000000ffffffff [ 27.336899] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.337136] page dumped because: kasan: bad access detected [ 27.337349] [ 27.337441] Memory state around the buggy address: [ 27.337891] ffff8881061b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.338281] ffff8881061b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.338596] >ffff8881061b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.339044] ^ [ 27.339197] ffff8881061b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.339575] ffff8881061b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.339771] ================================================================== [ 27.287591] ================================================================== [ 27.288005] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.288312] Free of addr ffff888104588400 by task kunit_try_catch/284 [ 27.288884] [ 27.288997] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.289048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.289060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.289095] Call Trace: [ 27.289106] <TASK> [ 27.289121] dump_stack_lvl+0x73/0xb0 [ 27.289151] print_report+0xd1/0x610 [ 27.289174] ? __virt_addr_valid+0x1db/0x2d0 [ 27.289198] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.289224] ? mempool_double_free_helper+0x184/0x370 [ 27.289250] kasan_report_invalid_free+0x10a/0x130 [ 27.289289] ? mempool_double_free_helper+0x184/0x370 [ 27.289315] ? mempool_double_free_helper+0x184/0x370 [ 27.289338] ? mempool_double_free_helper+0x184/0x370 [ 27.289360] check_slab_allocation+0x101/0x130 [ 27.289382] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.289406] mempool_free+0x2ec/0x380 [ 27.289432] mempool_double_free_helper+0x184/0x370 [ 27.289466] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.289494] ? irqentry_exit+0x2a/0x60 [ 27.289518] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.289546] mempool_kmalloc_double_free+0xed/0x140 [ 27.289568] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.289595] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.289617] ? __pfx_mempool_kfree+0x10/0x10 [ 27.289641] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.289667] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.289692] kunit_try_run_case+0x1a5/0x480 [ 27.289716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.289738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.289760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.289783] ? __kthread_parkme+0x82/0x180 [ 27.289807] ? preempt_count_sub+0x50/0x80 [ 27.289831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.289854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.289877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.289900] kthread+0x337/0x6f0 [ 27.289918] ? trace_preempt_on+0x20/0xc0 [ 27.289946] ? __pfx_kthread+0x10/0x10 [ 27.289965] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.289987] ? calculate_sigpending+0x7b/0xa0 [ 27.290010] ? __pfx_kthread+0x10/0x10 [ 27.290031] ret_from_fork+0x116/0x1d0 [ 27.290051] ? __pfx_kthread+0x10/0x10 [ 27.290071] ret_from_fork_asm+0x1a/0x30 [ 27.290116] </TASK> [ 27.290127] [ 27.301421] Allocated by task 284: [ 27.301595] kasan_save_stack+0x45/0x70 [ 27.301770] kasan_save_track+0x18/0x40 [ 27.301946] kasan_save_alloc_info+0x3b/0x50 [ 27.302148] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.302435] remove_element+0x11e/0x190 [ 27.302615] mempool_alloc_preallocated+0x4d/0x90 [ 27.302816] mempool_double_free_helper+0x8a/0x370 [ 27.303010] mempool_kmalloc_double_free+0xed/0x140 [ 27.303225] kunit_try_run_case+0x1a5/0x480 [ 27.304059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.304492] kthread+0x337/0x6f0 [ 27.304738] ret_from_fork+0x116/0x1d0 [ 27.304974] ret_from_fork_asm+0x1a/0x30 [ 27.305172] [ 27.305397] Freed by task 284: [ 27.305549] kasan_save_stack+0x45/0x70 [ 27.305728] kasan_save_track+0x18/0x40 [ 27.305899] kasan_save_free_info+0x3f/0x60 [ 27.306538] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.306731] mempool_free+0x2ec/0x380 [ 27.306902] mempool_double_free_helper+0x109/0x370 [ 27.307128] mempool_kmalloc_double_free+0xed/0x140 [ 27.307829] kunit_try_run_case+0x1a5/0x480 [ 27.308204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.308747] kthread+0x337/0x6f0 [ 27.308998] ret_from_fork+0x116/0x1d0 [ 27.309297] ret_from_fork_asm+0x1a/0x30 [ 27.309518] [ 27.309606] The buggy address belongs to the object at ffff888104588400 [ 27.309606] which belongs to the cache kmalloc-128 of size 128 [ 27.310111] The buggy address is located 0 bytes inside of [ 27.310111] 128-byte region [ffff888104588400, ffff888104588480) [ 27.311473] [ 27.311566] The buggy address belongs to the physical page: [ 27.311996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 27.312752] flags: 0x200000000000000(node=0|zone=2) [ 27.312988] page_type: f5(slab) [ 27.313150] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.313750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.314066] page dumped because: kasan: bad access detected [ 27.314246] [ 27.314336] Memory state around the buggy address: [ 27.314855] ffff888104588300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.315219] ffff888104588380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.315548] >ffff888104588400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.315871] ^ [ 27.316018] ffff888104588480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.316333] ffff888104588500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.316729] ================================================================== [ 27.344647] ================================================================== [ 27.345375] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.345638] Free of addr ffff8881061b4000 by task kunit_try_catch/288 [ 27.346183] [ 27.346278] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.346329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.346341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.346364] Call Trace: [ 27.346378] <TASK> [ 27.346394] dump_stack_lvl+0x73/0xb0 [ 27.346424] print_report+0xd1/0x610 [ 27.346446] ? __virt_addr_valid+0x1db/0x2d0 [ 27.346596] ? kasan_addr_to_slab+0x11/0xa0 [ 27.346618] ? mempool_double_free_helper+0x184/0x370 [ 27.346642] kasan_report_invalid_free+0x10a/0x130 [ 27.346667] ? mempool_double_free_helper+0x184/0x370 [ 27.346692] ? mempool_double_free_helper+0x184/0x370 [ 27.346715] __kasan_mempool_poison_pages+0x115/0x130 [ 27.346739] mempool_free+0x290/0x380 [ 27.346764] mempool_double_free_helper+0x184/0x370 [ 27.346787] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.346814] ? finish_task_switch.isra.0+0x153/0x700 [ 27.346840] mempool_page_alloc_double_free+0xe8/0x140 [ 27.346865] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 27.346892] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.346915] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.346940] ? __pfx_read_tsc+0x10/0x10 [ 27.346961] ? ktime_get_ts64+0x86/0x230 [ 27.346987] kunit_try_run_case+0x1a5/0x480 [ 27.347011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.347032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.347056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.347103] ? __kthread_parkme+0x82/0x180 [ 27.347128] ? preempt_count_sub+0x50/0x80 [ 27.347151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.347174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.347197] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.347219] kthread+0x337/0x6f0 [ 27.347278] ? trace_preempt_on+0x20/0xc0 [ 27.347304] ? __pfx_kthread+0x10/0x10 [ 27.347323] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.347345] ? calculate_sigpending+0x7b/0xa0 [ 27.347369] ? __pfx_kthread+0x10/0x10 [ 27.347390] ret_from_fork+0x116/0x1d0 [ 27.347410] ? __pfx_kthread+0x10/0x10 [ 27.347430] ret_from_fork_asm+0x1a/0x30 [ 27.347462] </TASK> [ 27.347472] [ 27.357618] The buggy address belongs to the physical page: [ 27.357797] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061b4 [ 27.358066] flags: 0x200000000000000(node=0|zone=2) [ 27.358307] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.358633] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.358958] page dumped because: kasan: bad access detected [ 27.359203] [ 27.359269] Memory state around the buggy address: [ 27.359417] ffff8881061b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.359902] ffff8881061b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.360239] >ffff8881061b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.360597] ^ [ 27.360742] ffff8881061b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.360975] ffff8881061b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.361250] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 27.188525] ================================================================== [ 27.190286] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.191610] Read of size 1 at addr ffff8881060ac000 by task kunit_try_catch/278 [ 27.191997] [ 27.192100] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.192150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.192163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.192183] Call Trace: [ 27.192196] <TASK> [ 27.192210] dump_stack_lvl+0x73/0xb0 [ 27.192240] print_report+0xd1/0x610 [ 27.192261] ? __virt_addr_valid+0x1db/0x2d0 [ 27.192285] ? mempool_uaf_helper+0x392/0x400 [ 27.192306] ? kasan_addr_to_slab+0x11/0xa0 [ 27.192325] ? mempool_uaf_helper+0x392/0x400 [ 27.192706] kasan_report+0x141/0x180 [ 27.192730] ? mempool_uaf_helper+0x392/0x400 [ 27.192758] __asan_report_load1_noabort+0x18/0x20 [ 27.192781] mempool_uaf_helper+0x392/0x400 [ 27.192803] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.192826] ? update_load_avg+0x1be/0x21b0 [ 27.192847] ? update_curr+0x7d/0x7f0 [ 27.192869] ? finish_task_switch.isra.0+0x153/0x700 [ 27.192895] mempool_kmalloc_large_uaf+0xef/0x140 [ 27.192919] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 27.192945] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.192967] ? __pfx_mempool_kfree+0x10/0x10 [ 27.192992] ? __pfx_read_tsc+0x10/0x10 [ 27.193012] ? ktime_get_ts64+0x86/0x230 [ 27.193038] kunit_try_run_case+0x1a5/0x480 [ 27.193061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.193094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.193117] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.193140] ? __kthread_parkme+0x82/0x180 [ 27.193164] ? preempt_count_sub+0x50/0x80 [ 27.193186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.193209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.193231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.193308] kthread+0x337/0x6f0 [ 27.193327] ? trace_preempt_on+0x20/0xc0 [ 27.193350] ? __pfx_kthread+0x10/0x10 [ 27.193370] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.193392] ? calculate_sigpending+0x7b/0xa0 [ 27.193415] ? __pfx_kthread+0x10/0x10 [ 27.193435] ret_from_fork+0x116/0x1d0 [ 27.193453] ? __pfx_kthread+0x10/0x10 [ 27.193473] ret_from_fork_asm+0x1a/0x30 [ 27.193504] </TASK> [ 27.193514] [ 27.204531] The buggy address belongs to the physical page: [ 27.204770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 27.205121] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.205757] flags: 0x200000000000040(head|node=0|zone=2) [ 27.205981] page_type: f8(unknown) [ 27.206172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.207002] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.207458] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.207761] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.208435] head: 0200000000000002 ffffea0004182b01 00000000ffffffff 00000000ffffffff [ 27.209190] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.209910] page dumped because: kasan: bad access detected [ 27.210401] [ 27.210475] Memory state around the buggy address: [ 27.210630] ffff8881060abf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.210843] ffff8881060abf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.211052] >ffff8881060ac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.211286] ^ [ 27.211397] ffff8881060ac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.212195] ffff8881060ac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.212671] ================================================================== [ 27.258184] ================================================================== [ 27.259184] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.259782] Read of size 1 at addr ffff8881060ac000 by task kunit_try_catch/282 [ 27.260122] [ 27.260204] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.260255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.260267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.260288] Call Trace: [ 27.260301] <TASK> [ 27.260318] dump_stack_lvl+0x73/0xb0 [ 27.260348] print_report+0xd1/0x610 [ 27.260370] ? __virt_addr_valid+0x1db/0x2d0 [ 27.260394] ? mempool_uaf_helper+0x392/0x400 [ 27.260415] ? kasan_addr_to_slab+0x11/0xa0 [ 27.260435] ? mempool_uaf_helper+0x392/0x400 [ 27.260456] kasan_report+0x141/0x180 [ 27.260478] ? mempool_uaf_helper+0x392/0x400 [ 27.260504] __asan_report_load1_noabort+0x18/0x20 [ 27.260527] mempool_uaf_helper+0x392/0x400 [ 27.260550] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.260575] ? dequeue_entities+0x23f/0x1630 [ 27.260598] ? __kasan_check_write+0x18/0x20 [ 27.260621] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.260641] ? finish_task_switch.isra.0+0x153/0x700 [ 27.260666] mempool_page_alloc_uaf+0xed/0x140 [ 27.260689] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 27.260715] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.260737] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.260812] ? __pfx_read_tsc+0x10/0x10 [ 27.260834] ? ktime_get_ts64+0x86/0x230 [ 27.260883] kunit_try_run_case+0x1a5/0x480 [ 27.260908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.260930] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.260953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.260975] ? __kthread_parkme+0x82/0x180 [ 27.260999] ? preempt_count_sub+0x50/0x80 [ 27.261021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.261044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.261067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.261099] kthread+0x337/0x6f0 [ 27.261118] ? trace_preempt_on+0x20/0xc0 [ 27.261140] ? __pfx_kthread+0x10/0x10 [ 27.261160] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.261181] ? calculate_sigpending+0x7b/0xa0 [ 27.261204] ? __pfx_kthread+0x10/0x10 [ 27.261225] ret_from_fork+0x116/0x1d0 [ 27.261244] ? __pfx_kthread+0x10/0x10 [ 27.261263] ret_from_fork_asm+0x1a/0x30 [ 27.261295] </TASK> [ 27.261306] [ 27.277972] The buggy address belongs to the physical page: [ 27.278162] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 27.278818] flags: 0x200000000000000(node=0|zone=2) [ 27.279350] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.280149] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.280828] page dumped because: kasan: bad access detected [ 27.281335] [ 27.281519] Memory state around the buggy address: [ 27.281794] ffff8881060abf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.282012] ffff8881060abf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.282236] >ffff8881060ac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.282728] ^ [ 27.282902] ffff8881060ac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.283324] ffff8881060ac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.283566] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 27.160761] ================================================================== [ 27.161189] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.161632] Read of size 1 at addr ffff888104588000 by task kunit_try_catch/276 [ 27.161911] [ 27.162023] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.162071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.162093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.162113] Call Trace: [ 27.162125] <TASK> [ 27.162140] dump_stack_lvl+0x73/0xb0 [ 27.162168] print_report+0xd1/0x610 [ 27.162189] ? __virt_addr_valid+0x1db/0x2d0 [ 27.162212] ? mempool_uaf_helper+0x392/0x400 [ 27.162232] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.162316] ? mempool_uaf_helper+0x392/0x400 [ 27.162338] kasan_report+0x141/0x180 [ 27.162360] ? mempool_uaf_helper+0x392/0x400 [ 27.162386] __asan_report_load1_noabort+0x18/0x20 [ 27.162410] mempool_uaf_helper+0x392/0x400 [ 27.162432] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.162453] ? update_load_avg+0x1be/0x21b0 [ 27.162486] ? update_curr+0x7d/0x7f0 [ 27.162507] ? finish_task_switch.isra.0+0x153/0x700 [ 27.162532] mempool_kmalloc_uaf+0xef/0x140 [ 27.162553] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 27.162578] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.162599] ? __pfx_mempool_kfree+0x10/0x10 [ 27.162623] ? __pfx_read_tsc+0x10/0x10 [ 27.162645] ? ktime_get_ts64+0x86/0x230 [ 27.162667] kunit_try_run_case+0x1a5/0x480 [ 27.162691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162712] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.162735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.162758] ? __kthread_parkme+0x82/0x180 [ 27.162782] ? preempt_count_sub+0x50/0x80 [ 27.162804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.162827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.162849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.162872] kthread+0x337/0x6f0 [ 27.162890] ? trace_preempt_on+0x20/0xc0 [ 27.162912] ? __pfx_kthread+0x10/0x10 [ 27.162931] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.162952] ? calculate_sigpending+0x7b/0xa0 [ 27.162975] ? __pfx_kthread+0x10/0x10 [ 27.162996] ret_from_fork+0x116/0x1d0 [ 27.163014] ? __pfx_kthread+0x10/0x10 [ 27.163034] ret_from_fork_asm+0x1a/0x30 [ 27.163065] </TASK> [ 27.163075] [ 27.171877] Allocated by task 276: [ 27.172148] kasan_save_stack+0x45/0x70 [ 27.172470] kasan_save_track+0x18/0x40 [ 27.173158] kasan_save_alloc_info+0x3b/0x50 [ 27.174098] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.174450] remove_element+0x11e/0x190 [ 27.174815] mempool_alloc_preallocated+0x4d/0x90 [ 27.175032] mempool_uaf_helper+0x96/0x400 [ 27.175225] mempool_kmalloc_uaf+0xef/0x140 [ 27.175485] kunit_try_run_case+0x1a5/0x480 [ 27.175667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.175898] kthread+0x337/0x6f0 [ 27.176046] ret_from_fork+0x116/0x1d0 [ 27.176224] ret_from_fork_asm+0x1a/0x30 [ 27.176544] [ 27.176630] Freed by task 276: [ 27.176770] kasan_save_stack+0x45/0x70 [ 27.176944] kasan_save_track+0x18/0x40 [ 27.177168] kasan_save_free_info+0x3f/0x60 [ 27.177315] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.177477] mempool_free+0x2ec/0x380 [ 27.177777] mempool_uaf_helper+0x11a/0x400 [ 27.177980] mempool_kmalloc_uaf+0xef/0x140 [ 27.178197] kunit_try_run_case+0x1a5/0x480 [ 27.178484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.178748] kthread+0x337/0x6f0 [ 27.178907] ret_from_fork+0x116/0x1d0 [ 27.179096] ret_from_fork_asm+0x1a/0x30 [ 27.179349] [ 27.179434] The buggy address belongs to the object at ffff888104588000 [ 27.179434] which belongs to the cache kmalloc-128 of size 128 [ 27.179889] The buggy address is located 0 bytes inside of [ 27.179889] freed 128-byte region [ffff888104588000, ffff888104588080) [ 27.180431] [ 27.180531] The buggy address belongs to the physical page: [ 27.180764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104588 [ 27.181109] flags: 0x200000000000000(node=0|zone=2) [ 27.181363] page_type: f5(slab) [ 27.181651] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.181987] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.182388] page dumped because: kasan: bad access detected [ 27.182572] [ 27.182661] Memory state around the buggy address: [ 27.182870] ffff888104587f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.183195] ffff888104587f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.183534] >ffff888104588000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.183743] ^ [ 27.183851] ffff888104588080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.184057] ffff888104588100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.184271] ================================================================== [ 27.216624] ================================================================== [ 27.217054] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.217596] Read of size 1 at addr ffff888106189240 by task kunit_try_catch/280 [ 27.218018] [ 27.218421] CPU: 0 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.218574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.218588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.218611] Call Trace: [ 27.218624] <TASK> [ 27.218642] dump_stack_lvl+0x73/0xb0 [ 27.218675] print_report+0xd1/0x610 [ 27.218697] ? __virt_addr_valid+0x1db/0x2d0 [ 27.218722] ? mempool_uaf_helper+0x392/0x400 [ 27.218744] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.218770] ? mempool_uaf_helper+0x392/0x400 [ 27.218792] kasan_report+0x141/0x180 [ 27.218813] ? mempool_uaf_helper+0x392/0x400 [ 27.218840] __asan_report_load1_noabort+0x18/0x20 [ 27.218863] mempool_uaf_helper+0x392/0x400 [ 27.218885] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.218909] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.218930] ? finish_task_switch.isra.0+0x153/0x700 [ 27.218955] mempool_slab_uaf+0xea/0x140 [ 27.218976] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 27.219001] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.219024] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.219049] ? __pfx_read_tsc+0x10/0x10 [ 27.219070] ? ktime_get_ts64+0x86/0x230 [ 27.219107] kunit_try_run_case+0x1a5/0x480 [ 27.219131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.219153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.219176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.219198] ? __kthread_parkme+0x82/0x180 [ 27.219222] ? preempt_count_sub+0x50/0x80 [ 27.219291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.219318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.219341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.219363] kthread+0x337/0x6f0 [ 27.219382] ? trace_preempt_on+0x20/0xc0 [ 27.219406] ? __pfx_kthread+0x10/0x10 [ 27.219426] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.219447] ? calculate_sigpending+0x7b/0xa0 [ 27.219469] ? __pfx_kthread+0x10/0x10 [ 27.219490] ret_from_fork+0x116/0x1d0 [ 27.219510] ? __pfx_kthread+0x10/0x10 [ 27.219529] ret_from_fork_asm+0x1a/0x30 [ 27.219561] </TASK> [ 27.219572] [ 27.230315] Allocated by task 280: [ 27.230666] kasan_save_stack+0x45/0x70 [ 27.230855] kasan_save_track+0x18/0x40 [ 27.231021] kasan_save_alloc_info+0x3b/0x50 [ 27.231220] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.231808] remove_element+0x11e/0x190 [ 27.231966] mempool_alloc_preallocated+0x4d/0x90 [ 27.232500] mempool_uaf_helper+0x96/0x400 [ 27.232802] mempool_slab_uaf+0xea/0x140 [ 27.232954] kunit_try_run_case+0x1a5/0x480 [ 27.233173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.233428] kthread+0x337/0x6f0 [ 27.233863] ret_from_fork+0x116/0x1d0 [ 27.234126] ret_from_fork_asm+0x1a/0x30 [ 27.234387] [ 27.234472] Freed by task 280: [ 27.234627] kasan_save_stack+0x45/0x70 [ 27.234813] kasan_save_track+0x18/0x40 [ 27.234992] kasan_save_free_info+0x3f/0x60 [ 27.235180] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.235839] mempool_free+0x2ec/0x380 [ 27.236011] mempool_uaf_helper+0x11a/0x400 [ 27.236209] mempool_slab_uaf+0xea/0x140 [ 27.236682] kunit_try_run_case+0x1a5/0x480 [ 27.236846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.237201] kthread+0x337/0x6f0 [ 27.237570] ret_from_fork+0x116/0x1d0 [ 27.237746] ret_from_fork_asm+0x1a/0x30 [ 27.237920] [ 27.237995] The buggy address belongs to the object at ffff888106189240 [ 27.237995] which belongs to the cache test_cache of size 123 [ 27.238924] The buggy address is located 0 bytes inside of [ 27.238924] freed 123-byte region [ffff888106189240, ffff8881061892bb) [ 27.239705] [ 27.239810] The buggy address belongs to the physical page: [ 27.240030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106189 [ 27.240602] flags: 0x200000000000000(node=0|zone=2) [ 27.240818] page_type: f5(slab) [ 27.241114] raw: 0200000000000000 ffff888101e9ea00 dead000000000122 0000000000000000 [ 27.241628] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.241927] page dumped because: kasan: bad access detected [ 27.242174] [ 27.242239] Memory state around the buggy address: [ 27.242804] ffff888106189100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.243070] ffff888106189180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.243586] >ffff888106189200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 27.243947] ^ [ 27.244203] ffff888106189280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.244762] ffff888106189300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.245003] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 27.130109] ================================================================== [ 27.130649] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.130956] Read of size 1 at addr ffff8881061872bb by task kunit_try_catch/274 [ 27.131260] [ 27.131362] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.131411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.131422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.131442] Call Trace: [ 27.131454] <TASK> [ 27.131469] dump_stack_lvl+0x73/0xb0 [ 27.131499] print_report+0xd1/0x610 [ 27.131521] ? __virt_addr_valid+0x1db/0x2d0 [ 27.131546] ? mempool_oob_right_helper+0x318/0x380 [ 27.131569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.131595] ? mempool_oob_right_helper+0x318/0x380 [ 27.131618] kasan_report+0x141/0x180 [ 27.131640] ? mempool_oob_right_helper+0x318/0x380 [ 27.131667] __asan_report_load1_noabort+0x18/0x20 [ 27.131691] mempool_oob_right_helper+0x318/0x380 [ 27.131715] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.131741] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.131761] ? finish_task_switch.isra.0+0x153/0x700 [ 27.131786] mempool_slab_oob_right+0xed/0x140 [ 27.131810] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 27.131837] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.131861] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.131887] ? __pfx_read_tsc+0x10/0x10 [ 27.131908] ? ktime_get_ts64+0x86/0x230 [ 27.131933] kunit_try_run_case+0x1a5/0x480 [ 27.131965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.131988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.132040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.132064] ? __kthread_parkme+0x82/0x180 [ 27.132098] ? preempt_count_sub+0x50/0x80 [ 27.132121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.132145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.132168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.132190] kthread+0x337/0x6f0 [ 27.132209] ? trace_preempt_on+0x20/0xc0 [ 27.132233] ? __pfx_kthread+0x10/0x10 [ 27.132253] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.132275] ? calculate_sigpending+0x7b/0xa0 [ 27.132298] ? __pfx_kthread+0x10/0x10 [ 27.132319] ret_from_fork+0x116/0x1d0 [ 27.132338] ? __pfx_kthread+0x10/0x10 [ 27.132358] ret_from_fork_asm+0x1a/0x30 [ 27.132398] </TASK> [ 27.132408] [ 27.140226] Allocated by task 274: [ 27.140456] kasan_save_stack+0x45/0x70 [ 27.140654] kasan_save_track+0x18/0x40 [ 27.140830] kasan_save_alloc_info+0x3b/0x50 [ 27.140985] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.141163] remove_element+0x11e/0x190 [ 27.141543] mempool_alloc_preallocated+0x4d/0x90 [ 27.141776] mempool_oob_right_helper+0x8a/0x380 [ 27.142007] mempool_slab_oob_right+0xed/0x140 [ 27.142201] kunit_try_run_case+0x1a5/0x480 [ 27.142440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.142650] kthread+0x337/0x6f0 [ 27.142809] ret_from_fork+0x116/0x1d0 [ 27.142964] ret_from_fork_asm+0x1a/0x30 [ 27.143159] [ 27.143224] The buggy address belongs to the object at ffff888106187240 [ 27.143224] which belongs to the cache test_cache of size 123 [ 27.143786] The buggy address is located 0 bytes to the right of [ 27.143786] allocated 123-byte region [ffff888106187240, ffff8881061872bb) [ 27.144451] [ 27.144555] The buggy address belongs to the physical page: [ 27.144766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106187 [ 27.145003] flags: 0x200000000000000(node=0|zone=2) [ 27.145173] page_type: f5(slab) [ 27.145289] raw: 0200000000000000 ffff888101e9e8c0 dead000000000122 0000000000000000 [ 27.145543] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.145864] page dumped because: kasan: bad access detected [ 27.146120] [ 27.146226] Memory state around the buggy address: [ 27.146521] ffff888106187180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.146732] ffff888106187200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.146937] >ffff888106187280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 27.147364] ^ [ 27.147608] ffff888106187300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.147931] ffff888106187380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.148283] ================================================================== [ 27.109053] ================================================================== [ 27.109883] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.110315] Read of size 1 at addr ffff8881060ae001 by task kunit_try_catch/272 [ 27.110648] [ 27.110739] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.110788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.110799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.110821] Call Trace: [ 27.110834] <TASK> [ 27.110850] dump_stack_lvl+0x73/0xb0 [ 27.110881] print_report+0xd1/0x610 [ 27.110903] ? __virt_addr_valid+0x1db/0x2d0 [ 27.110928] ? mempool_oob_right_helper+0x318/0x380 [ 27.110950] ? kasan_addr_to_slab+0x11/0xa0 [ 27.110970] ? mempool_oob_right_helper+0x318/0x380 [ 27.110992] kasan_report+0x141/0x180 [ 27.111014] ? mempool_oob_right_helper+0x318/0x380 [ 27.111042] __asan_report_load1_noabort+0x18/0x20 [ 27.111066] mempool_oob_right_helper+0x318/0x380 [ 27.111105] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.111132] ? dequeue_entities+0x23f/0x1630 [ 27.111155] ? __kasan_check_write+0x18/0x20 [ 27.111178] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.111199] ? finish_task_switch.isra.0+0x153/0x700 [ 27.111223] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 27.111247] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 27.111274] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.111298] ? __pfx_mempool_kfree+0x10/0x10 [ 27.111323] ? __pfx_read_tsc+0x10/0x10 [ 27.111344] ? ktime_get_ts64+0x86/0x230 [ 27.111372] kunit_try_run_case+0x1a5/0x480 [ 27.111397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.111439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.111463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.111485] ? __kthread_parkme+0x82/0x180 [ 27.111510] ? preempt_count_sub+0x50/0x80 [ 27.111532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.111555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.111577] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.111600] kthread+0x337/0x6f0 [ 27.111619] ? trace_preempt_on+0x20/0xc0 [ 27.111643] ? __pfx_kthread+0x10/0x10 [ 27.111662] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.111683] ? calculate_sigpending+0x7b/0xa0 [ 27.111707] ? __pfx_kthread+0x10/0x10 [ 27.111727] ret_from_fork+0x116/0x1d0 [ 27.111746] ? __pfx_kthread+0x10/0x10 [ 27.111765] ret_from_fork_asm+0x1a/0x30 [ 27.111797] </TASK> [ 27.111808] [ 27.120014] The buggy address belongs to the physical page: [ 27.120203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ac [ 27.120689] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.121032] flags: 0x200000000000040(head|node=0|zone=2) [ 27.121415] page_type: f8(unknown) [ 27.121600] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.121957] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.122196] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.122950] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.123292] head: 0200000000000002 ffffea0004182b01 00000000ffffffff 00000000ffffffff [ 27.123783] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.124038] page dumped because: kasan: bad access detected [ 27.124213] [ 27.124276] Memory state around the buggy address: [ 27.124424] ffff8881060adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.124738] ffff8881060adf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.125054] >ffff8881060ae000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.125479] ^ [ 27.125640] ffff8881060ae080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.125886] ffff8881060ae100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.126125] ================================================================== [ 27.080673] ================================================================== [ 27.081875] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.082512] Read of size 1 at addr ffff88810553dc73 by task kunit_try_catch/270 [ 27.082786] [ 27.082880] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 27.082941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.082953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.082977] Call Trace: [ 27.082992] <TASK> [ 27.083013] dump_stack_lvl+0x73/0xb0 [ 27.083050] print_report+0xd1/0x610 [ 27.083074] ? __virt_addr_valid+0x1db/0x2d0 [ 27.083117] ? mempool_oob_right_helper+0x318/0x380 [ 27.083152] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.083179] ? mempool_oob_right_helper+0x318/0x380 [ 27.083203] kasan_report+0x141/0x180 [ 27.083225] ? mempool_oob_right_helper+0x318/0x380 [ 27.083254] __asan_report_load1_noabort+0x18/0x20 [ 27.083292] mempool_oob_right_helper+0x318/0x380 [ 27.083317] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.083341] ? dequeue_entities+0x23f/0x1630 [ 27.083405] ? __kasan_check_write+0x18/0x20 [ 27.083431] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.083452] ? irqentry_exit+0x2a/0x60 [ 27.083479] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.083508] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.083532] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.083559] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.083586] ? __pfx_mempool_kfree+0x10/0x10 [ 27.083611] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.083637] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.083663] kunit_try_run_case+0x1a5/0x480 [ 27.083691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.083714] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 27.083741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.083765] ? __kthread_parkme+0x82/0x180 [ 27.083793] ? preempt_count_sub+0x50/0x80 [ 27.083818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.083843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.083866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.083890] kthread+0x337/0x6f0 [ 27.083911] ? trace_preempt_on+0x20/0xc0 [ 27.083940] ? __pfx_kthread+0x10/0x10 [ 27.083962] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.083986] ? calculate_sigpending+0x7b/0xa0 [ 27.084013] ? __pfx_kthread+0x10/0x10 [ 27.084035] ret_from_fork+0x116/0x1d0 [ 27.084057] ? __pfx_kthread+0x10/0x10 [ 27.084095] ret_from_fork_asm+0x1a/0x30 [ 27.084131] </TASK> [ 27.084143] [ 27.096726] Allocated by task 270: [ 27.096863] kasan_save_stack+0x45/0x70 [ 27.097193] kasan_save_track+0x18/0x40 [ 27.097576] kasan_save_alloc_info+0x3b/0x50 [ 27.097747] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.097999] remove_element+0x11e/0x190 [ 27.098162] mempool_alloc_preallocated+0x4d/0x90 [ 27.098384] mempool_oob_right_helper+0x8a/0x380 [ 27.098621] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.098857] kunit_try_run_case+0x1a5/0x480 [ 27.098998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.099234] kthread+0x337/0x6f0 [ 27.099422] ret_from_fork+0x116/0x1d0 [ 27.099578] ret_from_fork_asm+0x1a/0x30 [ 27.099711] [ 27.099797] The buggy address belongs to the object at ffff88810553dc00 [ 27.099797] which belongs to the cache kmalloc-128 of size 128 [ 27.100218] The buggy address is located 0 bytes to the right of [ 27.100218] allocated 115-byte region [ffff88810553dc00, ffff88810553dc73) [ 27.100910] [ 27.101013] The buggy address belongs to the physical page: [ 27.101192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 27.101506] flags: 0x200000000000000(node=0|zone=2) [ 27.101868] page_type: f5(slab) [ 27.102012] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.102522] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.102823] page dumped because: kasan: bad access detected [ 27.103029] [ 27.103131] Memory state around the buggy address: [ 27.103384] ffff88810553db00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.103662] ffff88810553db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.103949] >ffff88810553dc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.104212] ^ [ 27.104571] ffff88810553dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.104828] ffff88810553dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.105153] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 26.456414] ================================================================== [ 26.456849] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.457110] Read of size 1 at addr ffff888106182000 by task kunit_try_catch/262 [ 26.457349] [ 26.457436] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.457491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.457503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.457526] Call Trace: [ 26.457540] <TASK> [ 26.457624] dump_stack_lvl+0x73/0xb0 [ 26.457660] print_report+0xd1/0x610 [ 26.457685] ? __virt_addr_valid+0x1db/0x2d0 [ 26.457712] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.457735] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.457762] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.457786] kasan_report+0x141/0x180 [ 26.457808] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.457836] __asan_report_load1_noabort+0x18/0x20 [ 26.457861] kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.457885] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 26.457908] ? finish_task_switch.isra.0+0x153/0x700 [ 26.457935] ? __switch_to+0x47/0xf80 [ 26.457967] ? __pfx_read_tsc+0x10/0x10 [ 26.457989] ? ktime_get_ts64+0x86/0x230 [ 26.458017] kunit_try_run_case+0x1a5/0x480 [ 26.458043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.458065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.458102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.458126] ? __kthread_parkme+0x82/0x180 [ 26.458153] ? preempt_count_sub+0x50/0x80 [ 26.458176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.458221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.458263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.458287] kthread+0x337/0x6f0 [ 26.458307] ? trace_preempt_on+0x20/0xc0 [ 26.458339] ? __pfx_kthread+0x10/0x10 [ 26.458360] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.458382] ? calculate_sigpending+0x7b/0xa0 [ 26.458408] ? __pfx_kthread+0x10/0x10 [ 26.458429] ret_from_fork+0x116/0x1d0 [ 26.458449] ? __pfx_kthread+0x10/0x10 [ 26.458469] ret_from_fork_asm+0x1a/0x30 [ 26.458522] </TASK> [ 26.458533] [ 26.468731] Allocated by task 262: [ 26.468892] kasan_save_stack+0x45/0x70 [ 26.469074] kasan_save_track+0x18/0x40 [ 26.469241] kasan_save_alloc_info+0x3b/0x50 [ 26.469506] __kasan_slab_alloc+0x91/0xa0 [ 26.469728] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.469934] kmem_cache_rcu_uaf+0x155/0x510 [ 26.470165] kunit_try_run_case+0x1a5/0x480 [ 26.470405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.470845] kthread+0x337/0x6f0 [ 26.471015] ret_from_fork+0x116/0x1d0 [ 26.471201] ret_from_fork_asm+0x1a/0x30 [ 26.471531] [ 26.471625] Freed by task 0: [ 26.471756] kasan_save_stack+0x45/0x70 [ 26.471918] kasan_save_track+0x18/0x40 [ 26.472124] kasan_save_free_info+0x3f/0x60 [ 26.472363] __kasan_slab_free+0x56/0x70 [ 26.472635] slab_free_after_rcu_debug+0xe4/0x310 [ 26.472860] rcu_core+0x66f/0x1c40 [ 26.473054] rcu_core_si+0x12/0x20 [ 26.473255] handle_softirqs+0x209/0x730 [ 26.473460] __irq_exit_rcu+0xc9/0x110 [ 26.473639] irq_exit_rcu+0x12/0x20 [ 26.473815] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.474018] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.474454] [ 26.474559] Last potentially related work creation: [ 26.474709] kasan_save_stack+0x45/0x70 [ 26.474885] kasan_record_aux_stack+0xb2/0xc0 [ 26.475109] kmem_cache_free+0x131/0x420 [ 26.475568] kmem_cache_rcu_uaf+0x194/0x510 [ 26.475965] kunit_try_run_case+0x1a5/0x480 [ 26.476518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.477275] kthread+0x337/0x6f0 [ 26.477508] ret_from_fork+0x116/0x1d0 [ 26.477650] ret_from_fork_asm+0x1a/0x30 [ 26.478069] [ 26.478175] The buggy address belongs to the object at ffff888106182000 [ 26.478175] which belongs to the cache test_cache of size 200 [ 26.479066] The buggy address is located 0 bytes inside of [ 26.479066] freed 200-byte region [ffff888106182000, ffff8881061820c8) [ 26.479854] [ 26.480134] The buggy address belongs to the physical page: [ 26.480513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106182 [ 26.480858] flags: 0x200000000000000(node=0|zone=2) [ 26.481068] page_type: f5(slab) [ 26.481244] raw: 0200000000000000 ffff888101e9e640 dead000000000122 0000000000000000 [ 26.481856] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.482292] page dumped because: kasan: bad access detected [ 26.482721] [ 26.483052] Memory state around the buggy address: [ 26.483285] ffff888106181f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.483659] ffff888106181f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.484096] >ffff888106182000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.484671] ^ [ 26.484815] ffff888106182080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.485280] ffff888106182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.485738] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 26.384999] ================================================================== [ 26.385815] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 26.386053] Free of addr ffff888105ff8001 by task kunit_try_catch/260 [ 26.386374] [ 26.386813] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.386869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.386880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.386901] Call Trace: [ 26.386914] <TASK> [ 26.386932] dump_stack_lvl+0x73/0xb0 [ 26.387276] print_report+0xd1/0x610 [ 26.387313] ? __virt_addr_valid+0x1db/0x2d0 [ 26.387339] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.387363] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.387387] kasan_report_invalid_free+0x10a/0x130 [ 26.387410] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.387435] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.387458] check_slab_allocation+0x11f/0x130 [ 26.387479] __kasan_slab_pre_free+0x28/0x40 [ 26.387498] kmem_cache_free+0xed/0x420 [ 26.387517] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.387539] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.387565] kmem_cache_invalid_free+0x1d8/0x460 [ 26.387588] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 26.387610] ? finish_task_switch.isra.0+0x153/0x700 [ 26.387630] ? __switch_to+0x47/0xf80 [ 26.387659] ? __pfx_read_tsc+0x10/0x10 [ 26.387680] ? ktime_get_ts64+0x86/0x230 [ 26.387704] kunit_try_run_case+0x1a5/0x480 [ 26.387729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.387749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.387772] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.387794] ? __kthread_parkme+0x82/0x180 [ 26.387817] ? preempt_count_sub+0x50/0x80 [ 26.387839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.387862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.387889] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.387911] kthread+0x337/0x6f0 [ 26.387929] ? trace_preempt_on+0x20/0xc0 [ 26.387953] ? __pfx_kthread+0x10/0x10 [ 26.387972] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.387993] ? calculate_sigpending+0x7b/0xa0 [ 26.388016] ? __pfx_kthread+0x10/0x10 [ 26.388036] ret_from_fork+0x116/0x1d0 [ 26.388055] ? __pfx_kthread+0x10/0x10 [ 26.388074] ret_from_fork_asm+0x1a/0x30 [ 26.388114] </TASK> [ 26.388125] [ 26.404329] Allocated by task 260: [ 26.404792] kasan_save_stack+0x45/0x70 [ 26.405037] kasan_save_track+0x18/0x40 [ 26.405177] kasan_save_alloc_info+0x3b/0x50 [ 26.405336] __kasan_slab_alloc+0x91/0xa0 [ 26.405714] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.406239] kmem_cache_invalid_free+0x157/0x460 [ 26.406690] kunit_try_run_case+0x1a5/0x480 [ 26.407101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.407456] kthread+0x337/0x6f0 [ 26.407802] ret_from_fork+0x116/0x1d0 [ 26.408091] ret_from_fork_asm+0x1a/0x30 [ 26.408225] [ 26.408306] The buggy address belongs to the object at ffff888105ff8000 [ 26.408306] which belongs to the cache test_cache of size 200 [ 26.409567] The buggy address is located 1 bytes inside of [ 26.409567] 200-byte region [ffff888105ff8000, ffff888105ff80c8) [ 26.410382] [ 26.410468] The buggy address belongs to the physical page: [ 26.410895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ff8 [ 26.411688] flags: 0x200000000000000(node=0|zone=2) [ 26.412179] page_type: f5(slab) [ 26.412683] raw: 0200000000000000 ffff8881015d8780 dead000000000122 0000000000000000 [ 26.413217] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.413693] page dumped because: kasan: bad access detected [ 26.414180] [ 26.414330] Memory state around the buggy address: [ 26.414521] ffff888105ff7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.414864] ffff888105ff7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.415170] >ffff888105ff8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.415920] ^ [ 26.416091] ffff888105ff8080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.416624] ffff888105ff8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.417346] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 26.342343] ================================================================== [ 26.342757] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 26.343095] Free of addr ffff888106180000 by task kunit_try_catch/258 [ 26.343542] [ 26.343683] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.343738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.343749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.343770] Call Trace: [ 26.343806] <TASK> [ 26.343824] dump_stack_lvl+0x73/0xb0 [ 26.343857] print_report+0xd1/0x610 [ 26.343879] ? __virt_addr_valid+0x1db/0x2d0 [ 26.343904] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.343928] ? kmem_cache_double_free+0x1e5/0x480 [ 26.343953] kasan_report_invalid_free+0x10a/0x130 [ 26.343976] ? kmem_cache_double_free+0x1e5/0x480 [ 26.344001] ? kmem_cache_double_free+0x1e5/0x480 [ 26.344024] check_slab_allocation+0x101/0x130 [ 26.344045] __kasan_slab_pre_free+0x28/0x40 [ 26.344065] kmem_cache_free+0xed/0x420 [ 26.344095] ? kasan_save_track+0x18/0x40 [ 26.344135] ? kasan_save_stack+0x45/0x70 [ 26.344153] ? kmem_cache_double_free+0x1e5/0x480 [ 26.344176] ? __kasan_slab_free+0x61/0x70 [ 26.344197] kmem_cache_double_free+0x1e5/0x480 [ 26.344220] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 26.344242] ? finish_task_switch.isra.0+0x153/0x700 [ 26.344264] ? __switch_to+0x47/0xf80 [ 26.344293] ? __pfx_read_tsc+0x10/0x10 [ 26.344314] ? ktime_get_ts64+0x86/0x230 [ 26.344426] kunit_try_run_case+0x1a5/0x480 [ 26.344454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.344475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.344499] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.344523] ? __kthread_parkme+0x82/0x180 [ 26.344547] ? preempt_count_sub+0x50/0x80 [ 26.344592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.344614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.344637] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.344659] kthread+0x337/0x6f0 [ 26.344677] ? trace_preempt_on+0x20/0xc0 [ 26.344700] ? __pfx_kthread+0x10/0x10 [ 26.344720] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.344740] ? calculate_sigpending+0x7b/0xa0 [ 26.344763] ? __pfx_kthread+0x10/0x10 [ 26.344784] ret_from_fork+0x116/0x1d0 [ 26.344801] ? __pfx_kthread+0x10/0x10 [ 26.344820] ret_from_fork_asm+0x1a/0x30 [ 26.344852] </TASK> [ 26.344862] [ 26.357624] Allocated by task 258: [ 26.358039] kasan_save_stack+0x45/0x70 [ 26.358204] kasan_save_track+0x18/0x40 [ 26.358490] kasan_save_alloc_info+0x3b/0x50 [ 26.358682] __kasan_slab_alloc+0x91/0xa0 [ 26.358851] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.359062] kmem_cache_double_free+0x14f/0x480 [ 26.359266] kunit_try_run_case+0x1a5/0x480 [ 26.359872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.360188] kthread+0x337/0x6f0 [ 26.360471] ret_from_fork+0x116/0x1d0 [ 26.360817] ret_from_fork_asm+0x1a/0x30 [ 26.361120] [ 26.361218] Freed by task 258: [ 26.361514] kasan_save_stack+0x45/0x70 [ 26.361707] kasan_save_track+0x18/0x40 [ 26.361878] kasan_save_free_info+0x3f/0x60 [ 26.362071] __kasan_slab_free+0x56/0x70 [ 26.362259] kmem_cache_free+0x249/0x420 [ 26.362892] kmem_cache_double_free+0x16a/0x480 [ 26.363055] kunit_try_run_case+0x1a5/0x480 [ 26.363502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.363828] kthread+0x337/0x6f0 [ 26.364003] ret_from_fork+0x116/0x1d0 [ 26.364429] ret_from_fork_asm+0x1a/0x30 [ 26.364713] [ 26.364810] The buggy address belongs to the object at ffff888106180000 [ 26.364810] which belongs to the cache test_cache of size 200 [ 26.365680] The buggy address is located 0 bytes inside of [ 26.365680] 200-byte region [ffff888106180000, ffff8881061800c8) [ 26.366365] [ 26.366607] The buggy address belongs to the physical page: [ 26.366850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106180 [ 26.367336] flags: 0x200000000000000(node=0|zone=2) [ 26.367568] page_type: f5(slab) [ 26.367725] raw: 0200000000000000 ffff888101e9e500 dead000000000122 0000000000000000 [ 26.368046] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.368687] page dumped because: kasan: bad access detected [ 26.368901] [ 26.368981] Memory state around the buggy address: [ 26.369688] ffff88810617ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.370136] ffff88810617ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.370677] >ffff888106180000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.371049] ^ [ 26.371230] ffff888106180080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.371812] ffff888106180100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.372186] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 26.294769] ================================================================== [ 26.295892] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 26.296659] Read of size 1 at addr ffff8881060060c8 by task kunit_try_catch/256 [ 26.297468] [ 26.297739] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.297796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.297808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.297829] Call Trace: [ 26.297841] <TASK> [ 26.297859] dump_stack_lvl+0x73/0xb0 [ 26.297890] print_report+0xd1/0x610 [ 26.297912] ? __virt_addr_valid+0x1db/0x2d0 [ 26.297943] ? kmem_cache_oob+0x402/0x530 [ 26.297964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.297988] ? kmem_cache_oob+0x402/0x530 [ 26.298010] kasan_report+0x141/0x180 [ 26.298031] ? kmem_cache_oob+0x402/0x530 [ 26.298058] __asan_report_load1_noabort+0x18/0x20 [ 26.298092] kmem_cache_oob+0x402/0x530 [ 26.298137] ? __pfx_kmem_cache_oob+0x10/0x10 [ 26.298160] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.298190] ? __pfx_kmem_cache_oob+0x10/0x10 [ 26.298217] kunit_try_run_case+0x1a5/0x480 [ 26.298285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.298309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.298332] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.298354] ? __kthread_parkme+0x82/0x180 [ 26.298378] ? preempt_count_sub+0x50/0x80 [ 26.298401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.298424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.298447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.298469] kthread+0x337/0x6f0 [ 26.298487] ? trace_preempt_on+0x20/0xc0 [ 26.298512] ? __pfx_kthread+0x10/0x10 [ 26.298532] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.298553] ? calculate_sigpending+0x7b/0xa0 [ 26.298577] ? __pfx_kthread+0x10/0x10 [ 26.298597] ret_from_fork+0x116/0x1d0 [ 26.299011] ? __pfx_kthread+0x10/0x10 [ 26.299038] ret_from_fork_asm+0x1a/0x30 [ 26.299070] </TASK> [ 26.299096] [ 26.311167] Allocated by task 256: [ 26.311637] kasan_save_stack+0x45/0x70 [ 26.311976] kasan_save_track+0x18/0x40 [ 26.312166] kasan_save_alloc_info+0x3b/0x50 [ 26.312660] __kasan_slab_alloc+0x91/0xa0 [ 26.312974] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.313208] kmem_cache_oob+0x157/0x530 [ 26.313434] kunit_try_run_case+0x1a5/0x480 [ 26.313626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.313855] kthread+0x337/0x6f0 [ 26.314012] ret_from_fork+0x116/0x1d0 [ 26.314196] ret_from_fork_asm+0x1a/0x30 [ 26.314507] [ 26.314591] The buggy address belongs to the object at ffff888106006000 [ 26.314591] which belongs to the cache test_cache of size 200 [ 26.315061] The buggy address is located 0 bytes to the right of [ 26.315061] allocated 200-byte region [ffff888106006000, ffff8881060060c8) [ 26.315843] [ 26.315942] The buggy address belongs to the physical page: [ 26.316130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 26.316587] flags: 0x200000000000000(node=0|zone=2) [ 26.316828] page_type: f5(slab) [ 26.316975] raw: 0200000000000000 ffff8881015d8640 dead000000000122 0000000000000000 [ 26.317374] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.317641] page dumped because: kasan: bad access detected [ 26.317886] [ 26.317965] Memory state around the buggy address: [ 26.318181] ffff888106005f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.318619] ffff888106006000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.318925] >ffff888106006080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.319223] ^ [ 26.319573] ffff888106006100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.319887] ffff888106006180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.320195] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 26.248066] ================================================================== [ 26.248600] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 26.248827] Read of size 8 at addr ffff88810613bf00 by task kunit_try_catch/249 [ 26.249041] [ 26.249174] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.249457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.249475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.249498] Call Trace: [ 26.249511] <TASK> [ 26.249529] dump_stack_lvl+0x73/0xb0 [ 26.249562] print_report+0xd1/0x610 [ 26.249583] ? __virt_addr_valid+0x1db/0x2d0 [ 26.249607] ? workqueue_uaf+0x4d6/0x560 [ 26.249627] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.249651] ? workqueue_uaf+0x4d6/0x560 [ 26.249672] kasan_report+0x141/0x180 [ 26.249693] ? workqueue_uaf+0x4d6/0x560 [ 26.249718] __asan_report_load8_noabort+0x18/0x20 [ 26.249740] workqueue_uaf+0x4d6/0x560 [ 26.249761] ? __pfx_workqueue_uaf+0x10/0x10 [ 26.249782] ? __schedule+0x10c6/0x2b60 [ 26.249804] ? __pfx_read_tsc+0x10/0x10 [ 26.249825] ? ktime_get_ts64+0x86/0x230 [ 26.249850] kunit_try_run_case+0x1a5/0x480 [ 26.249874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.249895] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.249917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.249945] ? __kthread_parkme+0x82/0x180 [ 26.249970] ? preempt_count_sub+0x50/0x80 [ 26.249993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.250015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.250037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.250059] kthread+0x337/0x6f0 [ 26.250462] ? trace_preempt_on+0x20/0xc0 [ 26.250522] ? __pfx_kthread+0x10/0x10 [ 26.250557] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.250578] ? calculate_sigpending+0x7b/0xa0 [ 26.250602] ? __pfx_kthread+0x10/0x10 [ 26.250622] ret_from_fork+0x116/0x1d0 [ 26.250640] ? __pfx_kthread+0x10/0x10 [ 26.250660] ret_from_fork_asm+0x1a/0x30 [ 26.250691] </TASK> [ 26.250702] [ 26.265124] Allocated by task 249: [ 26.265668] kasan_save_stack+0x45/0x70 [ 26.266225] kasan_save_track+0x18/0x40 [ 26.266721] kasan_save_alloc_info+0x3b/0x50 [ 26.267053] __kasan_kmalloc+0xb7/0xc0 [ 26.267197] __kmalloc_cache_noprof+0x189/0x420 [ 26.267355] workqueue_uaf+0x152/0x560 [ 26.267630] kunit_try_run_case+0x1a5/0x480 [ 26.268322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.268869] kthread+0x337/0x6f0 [ 26.269299] ret_from_fork+0x116/0x1d0 [ 26.269739] ret_from_fork_asm+0x1a/0x30 [ 26.270197] [ 26.270507] Freed by task 9: [ 26.270856] kasan_save_stack+0x45/0x70 [ 26.270995] kasan_save_track+0x18/0x40 [ 26.271137] kasan_save_free_info+0x3f/0x60 [ 26.271327] __kasan_slab_free+0x56/0x70 [ 26.271976] kfree+0x222/0x3f0 [ 26.272451] workqueue_uaf_work+0x12/0x20 [ 26.272948] process_one_work+0x5ee/0xf60 [ 26.273521] worker_thread+0x758/0x1220 [ 26.273976] kthread+0x337/0x6f0 [ 26.274390] ret_from_fork+0x116/0x1d0 [ 26.274765] ret_from_fork_asm+0x1a/0x30 [ 26.274912] [ 26.274978] Last potentially related work creation: [ 26.275136] kasan_save_stack+0x45/0x70 [ 26.275287] kasan_record_aux_stack+0xb2/0xc0 [ 26.275987] __queue_work+0x61a/0xe70 [ 26.276596] queue_work_on+0xb6/0xc0 [ 26.277060] workqueue_uaf+0x26d/0x560 [ 26.277578] kunit_try_run_case+0x1a5/0x480 [ 26.278065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.278697] kthread+0x337/0x6f0 [ 26.279094] ret_from_fork+0x116/0x1d0 [ 26.279526] ret_from_fork_asm+0x1a/0x30 [ 26.279886] [ 26.280042] The buggy address belongs to the object at ffff88810613bf00 [ 26.280042] which belongs to the cache kmalloc-32 of size 32 [ 26.281056] The buggy address is located 0 bytes inside of [ 26.281056] freed 32-byte region [ffff88810613bf00, ffff88810613bf20) [ 26.281890] [ 26.281973] The buggy address belongs to the physical page: [ 26.282159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613b [ 26.282406] flags: 0x200000000000000(node=0|zone=2) [ 26.282566] page_type: f5(slab) [ 26.282688] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.282918] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.283146] page dumped because: kasan: bad access detected [ 26.283309] [ 26.283370] Memory state around the buggy address: [ 26.283519] ffff88810613be00: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 26.283725] ffff88810613be80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.283930] >ffff88810613bf00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284262] ^ [ 26.284540] ffff88810613bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.285659] ffff88810613c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.285940] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 26.203370] ================================================================== [ 26.204003] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 26.204463] Read of size 4 at addr ffff888106000840 by task swapper/1/0 [ 26.204783] [ 26.204888] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.204939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.204951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.204971] Call Trace: [ 26.204999] <IRQ> [ 26.205015] dump_stack_lvl+0x73/0xb0 [ 26.205045] print_report+0xd1/0x610 [ 26.205067] ? __virt_addr_valid+0x1db/0x2d0 [ 26.205105] ? rcu_uaf_reclaim+0x50/0x60 [ 26.205124] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.205149] ? rcu_uaf_reclaim+0x50/0x60 [ 26.205169] kasan_report+0x141/0x180 [ 26.205191] ? rcu_uaf_reclaim+0x50/0x60 [ 26.205215] __asan_report_load4_noabort+0x18/0x20 [ 26.205238] rcu_uaf_reclaim+0x50/0x60 [ 26.205294] rcu_core+0x66f/0x1c40 [ 26.205324] ? __pfx_rcu_core+0x10/0x10 [ 26.205345] ? ktime_get+0x6b/0x150 [ 26.205370] rcu_core_si+0x12/0x20 [ 26.205389] handle_softirqs+0x209/0x730 [ 26.205409] ? hrtimer_interrupt+0x2fe/0x780 [ 26.205436] ? __pfx_handle_softirqs+0x10/0x10 [ 26.205460] __irq_exit_rcu+0xc9/0x110 [ 26.205479] irq_exit_rcu+0x12/0x20 [ 26.205498] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.205522] </IRQ> [ 26.205549] <TASK> [ 26.205560] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.205682] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 26.205890] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 83 f3 16 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 26.205977] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010206 [ 26.206090] RAX: ffff8881c3113000 RBX: ffff88810085b000 RCX: ffffffff95b1c985 [ 26.206139] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 00000000000199f4 [ 26.206182] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 26.206224] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 26.206317] R13: ffffed102010b600 R14: ffffffff977fadd0 R15: 0000000000000000 [ 26.206380] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 26.206435] ? default_idle+0xd/0x20 [ 26.206453] arch_cpu_idle+0xd/0x20 [ 26.206471] default_idle_call+0x48/0x80 [ 26.206489] do_idle+0x379/0x4f0 [ 26.206515] ? __pfx_do_idle+0x10/0x10 [ 26.206535] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 26.206557] ? complete+0x15b/0x1d0 [ 26.206583] cpu_startup_entry+0x5c/0x70 [ 26.206605] start_secondary+0x211/0x290 [ 26.206627] ? __pfx_start_secondary+0x10/0x10 [ 26.206653] common_startup_64+0x13e/0x148 [ 26.206686] </TASK> [ 26.206696] [ 26.221747] Allocated by task 247: [ 26.222018] kasan_save_stack+0x45/0x70 [ 26.222375] kasan_save_track+0x18/0x40 [ 26.222576] kasan_save_alloc_info+0x3b/0x50 [ 26.222772] __kasan_kmalloc+0xb7/0xc0 [ 26.222945] __kmalloc_cache_noprof+0x189/0x420 [ 26.223159] rcu_uaf+0xb0/0x330 [ 26.223301] kunit_try_run_case+0x1a5/0x480 [ 26.223922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.224314] kthread+0x337/0x6f0 [ 26.224584] ret_from_fork+0x116/0x1d0 [ 26.224880] ret_from_fork_asm+0x1a/0x30 [ 26.225193] [ 26.225387] Freed by task 0: [ 26.225696] kasan_save_stack+0x45/0x70 [ 26.225864] kasan_save_track+0x18/0x40 [ 26.226041] kasan_save_free_info+0x3f/0x60 [ 26.226241] __kasan_slab_free+0x56/0x70 [ 26.226720] kfree+0x222/0x3f0 [ 26.226838] rcu_uaf_reclaim+0x1f/0x60 [ 26.227217] rcu_core+0x66f/0x1c40 [ 26.227489] rcu_core_si+0x12/0x20 [ 26.227990] handle_softirqs+0x209/0x730 [ 26.228147] __irq_exit_rcu+0xc9/0x110 [ 26.228621] irq_exit_rcu+0x12/0x20 [ 26.228870] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.229175] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.229813] [ 26.230142] Last potentially related work creation: [ 26.230749] kasan_save_stack+0x45/0x70 [ 26.231327] kasan_record_aux_stack+0xb2/0xc0 [ 26.231969] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 26.232157] call_rcu+0x12/0x20 [ 26.232289] rcu_uaf+0x168/0x330 [ 26.232828] kunit_try_run_case+0x1a5/0x480 [ 26.233340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.234011] kthread+0x337/0x6f0 [ 26.234187] ret_from_fork+0x116/0x1d0 [ 26.234636] ret_from_fork_asm+0x1a/0x30 [ 26.235017] [ 26.235230] The buggy address belongs to the object at ffff888106000840 [ 26.235230] which belongs to the cache kmalloc-32 of size 32 [ 26.236171] The buggy address is located 0 bytes inside of [ 26.236171] freed 32-byte region [ffff888106000840, ffff888106000860) [ 26.236825] [ 26.236898] The buggy address belongs to the physical page: [ 26.237060] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106000 [ 26.237620] flags: 0x200000000000000(node=0|zone=2) [ 26.238248] page_type: f5(slab) [ 26.238667] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.239390] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.240151] page dumped because: kasan: bad access detected [ 26.240800] [ 26.240955] Memory state around the buggy address: [ 26.241368] ffff888106000700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.241892] ffff888106000780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.242129] >ffff888106000800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 26.242374] ^ [ 26.242698] ffff888106000880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.243050] ffff888106000900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.243652] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 26.173155] ================================================================== [ 26.173799] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 26.174120] Read of size 1 at addr ffff88810553d978 by task kunit_try_catch/245 [ 26.174442] [ 26.174544] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.174588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.174599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.174618] Call Trace: [ 26.174630] <TASK> [ 26.174644] dump_stack_lvl+0x73/0xb0 [ 26.174671] print_report+0xd1/0x610 [ 26.174692] ? __virt_addr_valid+0x1db/0x2d0 [ 26.174714] ? ksize_uaf+0x5e4/0x6c0 [ 26.174733] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.174758] ? ksize_uaf+0x5e4/0x6c0 [ 26.174779] kasan_report+0x141/0x180 [ 26.174799] ? ksize_uaf+0x5e4/0x6c0 [ 26.174824] __asan_report_load1_noabort+0x18/0x20 [ 26.174847] ksize_uaf+0x5e4/0x6c0 [ 26.174866] ? __pfx_ksize_uaf+0x10/0x10 [ 26.174886] ? __schedule+0x10c6/0x2b60 [ 26.174908] ? __pfx_read_tsc+0x10/0x10 [ 26.174928] ? ktime_get_ts64+0x86/0x230 [ 26.174951] kunit_try_run_case+0x1a5/0x480 [ 26.174973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.174994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.175015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.175037] ? __kthread_parkme+0x82/0x180 [ 26.175060] ? preempt_count_sub+0x50/0x80 [ 26.175092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.175115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.175136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.175158] kthread+0x337/0x6f0 [ 26.175176] ? trace_preempt_on+0x20/0xc0 [ 26.175198] ? __pfx_kthread+0x10/0x10 [ 26.175217] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.175238] ? calculate_sigpending+0x7b/0xa0 [ 26.175259] ? __pfx_kthread+0x10/0x10 [ 26.175291] ret_from_fork+0x116/0x1d0 [ 26.175309] ? __pfx_kthread+0x10/0x10 [ 26.175328] ret_from_fork_asm+0x1a/0x30 [ 26.175359] </TASK> [ 26.175369] [ 26.181772] Allocated by task 245: [ 26.181937] kasan_save_stack+0x45/0x70 [ 26.182110] kasan_save_track+0x18/0x40 [ 26.182289] kasan_save_alloc_info+0x3b/0x50 [ 26.182438] __kasan_kmalloc+0xb7/0xc0 [ 26.182622] __kmalloc_cache_noprof+0x189/0x420 [ 26.182803] ksize_uaf+0xaa/0x6c0 [ 26.182917] kunit_try_run_case+0x1a5/0x480 [ 26.183053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.183228] kthread+0x337/0x6f0 [ 26.183338] ret_from_fork+0x116/0x1d0 [ 26.183461] ret_from_fork_asm+0x1a/0x30 [ 26.183590] [ 26.183651] Freed by task 245: [ 26.183752] kasan_save_stack+0x45/0x70 [ 26.183923] kasan_save_track+0x18/0x40 [ 26.184176] kasan_save_free_info+0x3f/0x60 [ 26.184512] __kasan_slab_free+0x56/0x70 [ 26.184695] kfree+0x222/0x3f0 [ 26.184846] ksize_uaf+0x12c/0x6c0 [ 26.185009] kunit_try_run_case+0x1a5/0x480 [ 26.185210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.185504] kthread+0x337/0x6f0 [ 26.185615] ret_from_fork+0x116/0x1d0 [ 26.185738] ret_from_fork_asm+0x1a/0x30 [ 26.185867] [ 26.185933] The buggy address belongs to the object at ffff88810553d900 [ 26.185933] which belongs to the cache kmalloc-128 of size 128 [ 26.186290] The buggy address is located 120 bytes inside of [ 26.186290] freed 128-byte region [ffff88810553d900, ffff88810553d980) [ 26.187250] [ 26.187427] The buggy address belongs to the physical page: [ 26.187672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.188021] flags: 0x200000000000000(node=0|zone=2) [ 26.188257] page_type: f5(slab) [ 26.188422] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.188700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.188917] page dumped because: kasan: bad access detected [ 26.189177] [ 26.189262] Memory state around the buggy address: [ 26.189631] ffff88810553d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.189874] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.190106] >ffff88810553d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.190598] ^ [ 26.190877] ffff88810553d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.191097] ffff88810553da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.191575] ================================================================== [ 26.128722] ================================================================== [ 26.129106] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 26.129459] Read of size 1 at addr ffff88810553d900 by task kunit_try_catch/245 [ 26.130055] [ 26.130233] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.130282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.130293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.130313] Call Trace: [ 26.130325] <TASK> [ 26.130340] dump_stack_lvl+0x73/0xb0 [ 26.130369] print_report+0xd1/0x610 [ 26.130390] ? __virt_addr_valid+0x1db/0x2d0 [ 26.130414] ? ksize_uaf+0x19d/0x6c0 [ 26.130433] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.130457] ? ksize_uaf+0x19d/0x6c0 [ 26.130477] kasan_report+0x141/0x180 [ 26.130498] ? ksize_uaf+0x19d/0x6c0 [ 26.130520] ? ksize_uaf+0x19d/0x6c0 [ 26.130797] __kasan_check_byte+0x3d/0x50 [ 26.130820] ksize+0x20/0x60 [ 26.130841] ksize_uaf+0x19d/0x6c0 [ 26.130860] ? __pfx_ksize_uaf+0x10/0x10 [ 26.130881] ? __schedule+0x10c6/0x2b60 [ 26.130903] ? __pfx_read_tsc+0x10/0x10 [ 26.130924] ? ktime_get_ts64+0x86/0x230 [ 26.130948] kunit_try_run_case+0x1a5/0x480 [ 26.130971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.130992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.131013] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.131035] ? __kthread_parkme+0x82/0x180 [ 26.131059] ? preempt_count_sub+0x50/0x80 [ 26.131094] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.131116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.131138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.131160] kthread+0x337/0x6f0 [ 26.131178] ? trace_preempt_on+0x20/0xc0 [ 26.131200] ? __pfx_kthread+0x10/0x10 [ 26.131220] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.131240] ? calculate_sigpending+0x7b/0xa0 [ 26.131263] ? __pfx_kthread+0x10/0x10 [ 26.131292] ret_from_fork+0x116/0x1d0 [ 26.131310] ? __pfx_kthread+0x10/0x10 [ 26.131330] ret_from_fork_asm+0x1a/0x30 [ 26.131361] </TASK> [ 26.131371] [ 26.139585] Allocated by task 245: [ 26.139848] kasan_save_stack+0x45/0x70 [ 26.140110] kasan_save_track+0x18/0x40 [ 26.140275] kasan_save_alloc_info+0x3b/0x50 [ 26.140659] __kasan_kmalloc+0xb7/0xc0 [ 26.140832] __kmalloc_cache_noprof+0x189/0x420 [ 26.141145] ksize_uaf+0xaa/0x6c0 [ 26.141343] kunit_try_run_case+0x1a5/0x480 [ 26.141524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.141742] kthread+0x337/0x6f0 [ 26.141885] ret_from_fork+0x116/0x1d0 [ 26.142060] ret_from_fork_asm+0x1a/0x30 [ 26.142227] [ 26.142325] Freed by task 245: [ 26.142841] kasan_save_stack+0x45/0x70 [ 26.143000] kasan_save_track+0x18/0x40 [ 26.143201] kasan_save_free_info+0x3f/0x60 [ 26.143460] __kasan_slab_free+0x56/0x70 [ 26.143790] kfree+0x222/0x3f0 [ 26.143942] ksize_uaf+0x12c/0x6c0 [ 26.144219] kunit_try_run_case+0x1a5/0x480 [ 26.144442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.144798] kthread+0x337/0x6f0 [ 26.144957] ret_from_fork+0x116/0x1d0 [ 26.145255] ret_from_fork_asm+0x1a/0x30 [ 26.145429] [ 26.145589] The buggy address belongs to the object at ffff88810553d900 [ 26.145589] which belongs to the cache kmalloc-128 of size 128 [ 26.146048] The buggy address is located 0 bytes inside of [ 26.146048] freed 128-byte region [ffff88810553d900, ffff88810553d980) [ 26.146825] [ 26.146924] The buggy address belongs to the physical page: [ 26.147134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.147692] flags: 0x200000000000000(node=0|zone=2) [ 26.147900] page_type: f5(slab) [ 26.148193] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.148657] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.148927] page dumped because: kasan: bad access detected [ 26.149287] [ 26.149412] Memory state around the buggy address: [ 26.149714] ffff88810553d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.150054] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.150468] >ffff88810553d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.150747] ^ [ 26.150888] ffff88810553d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151192] ffff88810553da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.151656] ================================================================== [ 26.152606] ================================================================== [ 26.153194] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 26.153526] Read of size 1 at addr ffff88810553d900 by task kunit_try_catch/245 [ 26.153823] [ 26.153910] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.153960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.153971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.153990] Call Trace: [ 26.154003] <TASK> [ 26.154016] dump_stack_lvl+0x73/0xb0 [ 26.154043] print_report+0xd1/0x610 [ 26.154064] ? __virt_addr_valid+0x1db/0x2d0 [ 26.154096] ? ksize_uaf+0x5fe/0x6c0 [ 26.154115] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.154139] ? ksize_uaf+0x5fe/0x6c0 [ 26.154159] kasan_report+0x141/0x180 [ 26.154179] ? ksize_uaf+0x5fe/0x6c0 [ 26.154203] __asan_report_load1_noabort+0x18/0x20 [ 26.154226] ksize_uaf+0x5fe/0x6c0 [ 26.154245] ? __pfx_ksize_uaf+0x10/0x10 [ 26.154265] ? __schedule+0x10c6/0x2b60 [ 26.154576] ? __pfx_read_tsc+0x10/0x10 [ 26.154599] ? ktime_get_ts64+0x86/0x230 [ 26.154623] kunit_try_run_case+0x1a5/0x480 [ 26.154646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.154667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.154689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.154711] ? __kthread_parkme+0x82/0x180 [ 26.154734] ? preempt_count_sub+0x50/0x80 [ 26.154756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.154778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.154800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.154822] kthread+0x337/0x6f0 [ 26.154840] ? trace_preempt_on+0x20/0xc0 [ 26.154862] ? __pfx_kthread+0x10/0x10 [ 26.154881] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.154902] ? calculate_sigpending+0x7b/0xa0 [ 26.154924] ? __pfx_kthread+0x10/0x10 [ 26.154944] ret_from_fork+0x116/0x1d0 [ 26.154962] ? __pfx_kthread+0x10/0x10 [ 26.154981] ret_from_fork_asm+0x1a/0x30 [ 26.155012] </TASK> [ 26.155022] [ 26.163287] Allocated by task 245: [ 26.163580] kasan_save_stack+0x45/0x70 [ 26.163732] kasan_save_track+0x18/0x40 [ 26.163907] kasan_save_alloc_info+0x3b/0x50 [ 26.164120] __kasan_kmalloc+0xb7/0xc0 [ 26.164250] __kmalloc_cache_noprof+0x189/0x420 [ 26.164455] ksize_uaf+0xaa/0x6c0 [ 26.164632] kunit_try_run_case+0x1a5/0x480 [ 26.164779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.165000] kthread+0x337/0x6f0 [ 26.165147] ret_from_fork+0x116/0x1d0 [ 26.165299] ret_from_fork_asm+0x1a/0x30 [ 26.165496] [ 26.165576] Freed by task 245: [ 26.165711] kasan_save_stack+0x45/0x70 [ 26.165870] kasan_save_track+0x18/0x40 [ 26.166052] kasan_save_free_info+0x3f/0x60 [ 26.166242] __kasan_slab_free+0x56/0x70 [ 26.166439] kfree+0x222/0x3f0 [ 26.166547] ksize_uaf+0x12c/0x6c0 [ 26.166661] kunit_try_run_case+0x1a5/0x480 [ 26.166843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.167189] kthread+0x337/0x6f0 [ 26.167377] ret_from_fork+0x116/0x1d0 [ 26.167527] ret_from_fork_asm+0x1a/0x30 [ 26.167704] [ 26.167765] The buggy address belongs to the object at ffff88810553d900 [ 26.167765] which belongs to the cache kmalloc-128 of size 128 [ 26.168226] The buggy address is located 0 bytes inside of [ 26.168226] freed 128-byte region [ffff88810553d900, ffff88810553d980) [ 26.168716] [ 26.168805] The buggy address belongs to the physical page: [ 26.169004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.169297] flags: 0x200000000000000(node=0|zone=2) [ 26.169530] page_type: f5(slab) [ 26.169658] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.169966] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.170293] page dumped because: kasan: bad access detected [ 26.170469] [ 26.170529] Memory state around the buggy address: [ 26.170675] ffff88810553d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.170923] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.171238] >ffff88810553d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.171664] ^ [ 26.171817] ffff88810553d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.172139] ffff88810553da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.172434] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 26.097366] ================================================================== [ 26.097604] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.097836] Read of size 1 at addr ffff88810553d87f by task kunit_try_catch/243 [ 26.098058] [ 26.098940] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.098997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.099010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.099031] Call Trace: [ 26.099054] <TASK> [ 26.099068] dump_stack_lvl+0x73/0xb0 [ 26.099108] print_report+0xd1/0x610 [ 26.099130] ? __virt_addr_valid+0x1db/0x2d0 [ 26.099153] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.099176] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.099202] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.099225] kasan_report+0x141/0x180 [ 26.099247] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.099306] __asan_report_load1_noabort+0x18/0x20 [ 26.099358] ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.099382] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.099404] ? finish_task_switch.isra.0+0x153/0x700 [ 26.099425] ? __switch_to+0x47/0xf80 [ 26.099450] ? __schedule+0x10c6/0x2b60 [ 26.099473] ? __pfx_read_tsc+0x10/0x10 [ 26.099493] ? ktime_get_ts64+0x86/0x230 [ 26.099517] kunit_try_run_case+0x1a5/0x480 [ 26.099540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.099562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.099584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.099607] ? __kthread_parkme+0x82/0x180 [ 26.099630] ? preempt_count_sub+0x50/0x80 [ 26.099652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.099676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.099698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.099721] kthread+0x337/0x6f0 [ 26.099740] ? trace_preempt_on+0x20/0xc0 [ 26.099763] ? __pfx_kthread+0x10/0x10 [ 26.099783] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.099804] ? calculate_sigpending+0x7b/0xa0 [ 26.099827] ? __pfx_kthread+0x10/0x10 [ 26.099847] ret_from_fork+0x116/0x1d0 [ 26.099866] ? __pfx_kthread+0x10/0x10 [ 26.099885] ret_from_fork_asm+0x1a/0x30 [ 26.099917] </TASK> [ 26.099927] [ 26.112138] Allocated by task 243: [ 26.112285] kasan_save_stack+0x45/0x70 [ 26.113011] kasan_save_track+0x18/0x40 [ 26.113404] kasan_save_alloc_info+0x3b/0x50 [ 26.113787] __kasan_kmalloc+0xb7/0xc0 [ 26.113916] __kmalloc_cache_noprof+0x189/0x420 [ 26.114068] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.114221] kunit_try_run_case+0x1a5/0x480 [ 26.114717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.115201] kthread+0x337/0x6f0 [ 26.115582] ret_from_fork+0x116/0x1d0 [ 26.115923] ret_from_fork_asm+0x1a/0x30 [ 26.116335] [ 26.116488] The buggy address belongs to the object at ffff88810553d800 [ 26.116488] which belongs to the cache kmalloc-128 of size 128 [ 26.117622] The buggy address is located 12 bytes to the right of [ 26.117622] allocated 115-byte region [ffff88810553d800, ffff88810553d873) [ 26.118158] [ 26.118224] The buggy address belongs to the physical page: [ 26.118930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.119720] flags: 0x200000000000000(node=0|zone=2) [ 26.120229] page_type: f5(slab) [ 26.120534] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.121248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.121643] page dumped because: kasan: bad access detected [ 26.121977] [ 26.122039] Memory state around the buggy address: [ 26.122198] ffff88810553d700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.122651] ffff88810553d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.122874] >ffff88810553d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.123499] ^ [ 26.124198] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.124828] ffff88810553d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.125508] ================================================================== [ 26.076361] ================================================================== [ 26.076695] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.076989] Read of size 1 at addr ffff88810553d878 by task kunit_try_catch/243 [ 26.077229] [ 26.077542] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.077591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.077602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.077622] Call Trace: [ 26.077636] <TASK> [ 26.077650] dump_stack_lvl+0x73/0xb0 [ 26.077679] print_report+0xd1/0x610 [ 26.077700] ? __virt_addr_valid+0x1db/0x2d0 [ 26.077723] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.077745] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.077771] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.077794] kasan_report+0x141/0x180 [ 26.077815] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.077843] __asan_report_load1_noabort+0x18/0x20 [ 26.077867] ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.077891] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.077913] ? finish_task_switch.isra.0+0x153/0x700 [ 26.077938] ? __switch_to+0x47/0xf80 [ 26.077963] ? __schedule+0x10c6/0x2b60 [ 26.077986] ? __pfx_read_tsc+0x10/0x10 [ 26.078006] ? ktime_get_ts64+0x86/0x230 [ 26.078030] kunit_try_run_case+0x1a5/0x480 [ 26.078053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.078074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.078107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.078131] ? __kthread_parkme+0x82/0x180 [ 26.078154] ? preempt_count_sub+0x50/0x80 [ 26.078176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.078199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.078222] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.078480] kthread+0x337/0x6f0 [ 26.078507] ? trace_preempt_on+0x20/0xc0 [ 26.078531] ? __pfx_kthread+0x10/0x10 [ 26.078551] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.078573] ? calculate_sigpending+0x7b/0xa0 [ 26.078596] ? __pfx_kthread+0x10/0x10 [ 26.078617] ret_from_fork+0x116/0x1d0 [ 26.078636] ? __pfx_kthread+0x10/0x10 [ 26.078656] ret_from_fork_asm+0x1a/0x30 [ 26.078687] </TASK> [ 26.078696] [ 26.086335] Allocated by task 243: [ 26.086488] kasan_save_stack+0x45/0x70 [ 26.086677] kasan_save_track+0x18/0x40 [ 26.086853] kasan_save_alloc_info+0x3b/0x50 [ 26.087056] __kasan_kmalloc+0xb7/0xc0 [ 26.087245] __kmalloc_cache_noprof+0x189/0x420 [ 26.088156] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.088602] kunit_try_run_case+0x1a5/0x480 [ 26.088795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.089027] kthread+0x337/0x6f0 [ 26.089206] ret_from_fork+0x116/0x1d0 [ 26.089452] ret_from_fork_asm+0x1a/0x30 [ 26.090139] [ 26.090226] The buggy address belongs to the object at ffff88810553d800 [ 26.090226] which belongs to the cache kmalloc-128 of size 128 [ 26.090731] The buggy address is located 5 bytes to the right of [ 26.090731] allocated 115-byte region [ffff88810553d800, ffff88810553d873) [ 26.091236] [ 26.091792] The buggy address belongs to the physical page: [ 26.092009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.092368] flags: 0x200000000000000(node=0|zone=2) [ 26.092693] page_type: f5(slab) [ 26.092853] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.093160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.093589] page dumped because: kasan: bad access detected [ 26.093838] [ 26.093911] Memory state around the buggy address: [ 26.094128] ffff88810553d700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.094559] ffff88810553d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.094863] >ffff88810553d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.095156] ^ [ 26.095537] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.095834] ffff88810553d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.096128] ================================================================== [ 26.052681] ================================================================== [ 26.053218] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 26.054460] Read of size 1 at addr ffff88810553d873 by task kunit_try_catch/243 [ 26.055584] [ 26.055740] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.055796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.055809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.055830] Call Trace: [ 26.055842] <TASK> [ 26.055857] dump_stack_lvl+0x73/0xb0 [ 26.055888] print_report+0xd1/0x610 [ 26.055910] ? __virt_addr_valid+0x1db/0x2d0 [ 26.055934] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.056097] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.056128] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.056151] kasan_report+0x141/0x180 [ 26.056173] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.056201] __asan_report_load1_noabort+0x18/0x20 [ 26.056224] ksize_unpoisons_memory+0x81c/0x9b0 [ 26.056282] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.056306] ? finish_task_switch.isra.0+0x153/0x700 [ 26.056328] ? __switch_to+0x47/0xf80 [ 26.056354] ? __schedule+0x10c6/0x2b60 [ 26.056377] ? __pfx_read_tsc+0x10/0x10 [ 26.056398] ? ktime_get_ts64+0x86/0x230 [ 26.056422] kunit_try_run_case+0x1a5/0x480 [ 26.056446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.056467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.056490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.056513] ? __kthread_parkme+0x82/0x180 [ 26.056536] ? preempt_count_sub+0x50/0x80 [ 26.056558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.056581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.056604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.056627] kthread+0x337/0x6f0 [ 26.056645] ? trace_preempt_on+0x20/0xc0 [ 26.056670] ? __pfx_kthread+0x10/0x10 [ 26.056691] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.056712] ? calculate_sigpending+0x7b/0xa0 [ 26.056736] ? __pfx_kthread+0x10/0x10 [ 26.056756] ret_from_fork+0x116/0x1d0 [ 26.056775] ? __pfx_kthread+0x10/0x10 [ 26.056794] ret_from_fork_asm+0x1a/0x30 [ 26.056825] </TASK> [ 26.056836] [ 26.067043] Allocated by task 243: [ 26.067182] kasan_save_stack+0x45/0x70 [ 26.067402] kasan_save_track+0x18/0x40 [ 26.067959] kasan_save_alloc_info+0x3b/0x50 [ 26.068132] __kasan_kmalloc+0xb7/0xc0 [ 26.068743] __kmalloc_cache_noprof+0x189/0x420 [ 26.068942] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.069147] kunit_try_run_case+0x1a5/0x480 [ 26.069316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.069641] kthread+0x337/0x6f0 [ 26.069799] ret_from_fork+0x116/0x1d0 [ 26.069932] ret_from_fork_asm+0x1a/0x30 [ 26.070126] [ 26.070214] The buggy address belongs to the object at ffff88810553d800 [ 26.070214] which belongs to the cache kmalloc-128 of size 128 [ 26.070737] The buggy address is located 0 bytes to the right of [ 26.070737] allocated 115-byte region [ffff88810553d800, ffff88810553d873) [ 26.071196] [ 26.071346] The buggy address belongs to the physical page: [ 26.071630] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 26.071937] flags: 0x200000000000000(node=0|zone=2) [ 26.072128] page_type: f5(slab) [ 26.072244] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.072671] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.072903] page dumped because: kasan: bad access detected [ 26.073215] [ 26.073349] Memory state around the buggy address: [ 26.073700] ffff88810553d700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.073911] ffff88810553d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.074238] >ffff88810553d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.074830] ^ [ 26.075133] ffff88810553d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.075437] ffff88810553d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.075782] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 26.023522] ================================================================== [ 26.023877] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 26.024171] Free of addr ffff888104561cc0 by task kunit_try_catch/241 [ 26.024555] [ 26.024662] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.024707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.024719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.024738] Call Trace: [ 26.024751] <TASK> [ 26.024766] dump_stack_lvl+0x73/0xb0 [ 26.024794] print_report+0xd1/0x610 [ 26.024816] ? __virt_addr_valid+0x1db/0x2d0 [ 26.024839] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.024863] ? kfree_sensitive+0x2e/0x90 [ 26.024883] kasan_report_invalid_free+0x10a/0x130 [ 26.024906] ? kfree_sensitive+0x2e/0x90 [ 26.024927] ? kfree_sensitive+0x2e/0x90 [ 26.024945] check_slab_allocation+0x101/0x130 [ 26.024966] __kasan_slab_pre_free+0x28/0x40 [ 26.024985] kfree+0xf0/0x3f0 [ 26.025005] ? kfree_sensitive+0x2e/0x90 [ 26.025028] kfree_sensitive+0x2e/0x90 [ 26.025047] kmalloc_double_kzfree+0x19c/0x350 [ 26.025068] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 26.025101] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.025124] ? trace_hardirqs_on+0x37/0xe0 [ 26.025147] ? __pfx_read_tsc+0x10/0x10 [ 26.025168] ? ktime_get_ts64+0x86/0x230 [ 26.025191] kunit_try_run_case+0x1a5/0x480 [ 26.025213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.025310] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.025335] ? __kthread_parkme+0x82/0x180 [ 26.025358] ? preempt_count_sub+0x50/0x80 [ 26.025380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.025403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.025425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.025447] kthread+0x337/0x6f0 [ 26.025466] ? trace_preempt_on+0x20/0xc0 [ 26.025488] ? __pfx_kthread+0x10/0x10 [ 26.025508] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.025528] ? calculate_sigpending+0x7b/0xa0 [ 26.025551] ? __pfx_kthread+0x10/0x10 [ 26.025571] ret_from_fork+0x116/0x1d0 [ 26.025589] ? __pfx_kthread+0x10/0x10 [ 26.025608] ret_from_fork_asm+0x1a/0x30 [ 26.025639] </TASK> [ 26.025648] [ 26.034522] Allocated by task 241: [ 26.034707] kasan_save_stack+0x45/0x70 [ 26.034912] kasan_save_track+0x18/0x40 [ 26.036352] kasan_save_alloc_info+0x3b/0x50 [ 26.036534] __kasan_kmalloc+0xb7/0xc0 [ 26.036671] __kmalloc_cache_noprof+0x189/0x420 [ 26.036851] kmalloc_double_kzfree+0xa9/0x350 [ 26.037063] kunit_try_run_case+0x1a5/0x480 [ 26.037280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.037541] kthread+0x337/0x6f0 [ 26.037700] ret_from_fork+0x116/0x1d0 [ 26.037882] ret_from_fork_asm+0x1a/0x30 [ 26.038076] [ 26.038667] Freed by task 241: [ 26.038780] kasan_save_stack+0x45/0x70 [ 26.038921] kasan_save_track+0x18/0x40 [ 26.039133] kasan_save_free_info+0x3f/0x60 [ 26.039821] __kasan_slab_free+0x56/0x70 [ 26.039990] kfree+0x222/0x3f0 [ 26.040159] kfree_sensitive+0x67/0x90 [ 26.040465] kmalloc_double_kzfree+0x12b/0x350 [ 26.040683] kunit_try_run_case+0x1a5/0x480 [ 26.040887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.041438] kthread+0x337/0x6f0 [ 26.041567] ret_from_fork+0x116/0x1d0 [ 26.041939] ret_from_fork_asm+0x1a/0x30 [ 26.042140] [ 26.042393] The buggy address belongs to the object at ffff888104561cc0 [ 26.042393] which belongs to the cache kmalloc-16 of size 16 [ 26.042946] The buggy address is located 0 bytes inside of [ 26.042946] 16-byte region [ffff888104561cc0, ffff888104561cd0) [ 26.043718] [ 26.043799] The buggy address belongs to the physical page: [ 26.043966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104561 [ 26.044409] flags: 0x200000000000000(node=0|zone=2) [ 26.044829] page_type: f5(slab) [ 26.044999] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.045497] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.045726] page dumped because: kasan: bad access detected [ 26.045891] [ 26.045960] Memory state around the buggy address: [ 26.046130] ffff888104561b80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 26.046647] ffff888104561c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.046898] >ffff888104561c80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 26.047194] ^ [ 26.047853] ffff888104561d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.048179] ffff888104561d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.048502] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.998397] ================================================================== [ 25.999805] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 26.000480] Read of size 1 at addr ffff888104561cc0 by task kunit_try_catch/241 [ 26.001216] [ 26.001442] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 26.001505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.001516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.001538] Call Trace: [ 26.001552] <TASK> [ 26.001570] dump_stack_lvl+0x73/0xb0 [ 26.001602] print_report+0xd1/0x610 [ 26.001624] ? __virt_addr_valid+0x1db/0x2d0 [ 26.001648] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.001669] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.001694] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.001716] kasan_report+0x141/0x180 [ 26.001737] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.001762] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.001783] __kasan_check_byte+0x3d/0x50 [ 26.001804] kfree_sensitive+0x22/0x90 [ 26.001825] kmalloc_double_kzfree+0x19c/0x350 [ 26.001847] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 26.001868] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.001893] ? trace_hardirqs_on+0x37/0xe0 [ 26.001915] ? __pfx_read_tsc+0x10/0x10 [ 26.001940] ? ktime_get_ts64+0x86/0x230 [ 26.001964] kunit_try_run_case+0x1a5/0x480 [ 26.001988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.002011] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.002034] ? __kthread_parkme+0x82/0x180 [ 26.002058] ? preempt_count_sub+0x50/0x80 [ 26.002091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.002114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.002136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.002158] kthread+0x337/0x6f0 [ 26.002176] ? trace_preempt_on+0x20/0xc0 [ 26.002197] ? __pfx_kthread+0x10/0x10 [ 26.002217] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.002280] ? calculate_sigpending+0x7b/0xa0 [ 26.002304] ? __pfx_kthread+0x10/0x10 [ 26.002325] ret_from_fork+0x116/0x1d0 [ 26.002342] ? __pfx_kthread+0x10/0x10 [ 26.002361] ret_from_fork_asm+0x1a/0x30 [ 26.002393] </TASK> [ 26.002403] [ 26.012763] Allocated by task 241: [ 26.012921] kasan_save_stack+0x45/0x70 [ 26.013059] kasan_save_track+0x18/0x40 [ 26.013196] kasan_save_alloc_info+0x3b/0x50 [ 26.013476] __kasan_kmalloc+0xb7/0xc0 [ 26.013665] __kmalloc_cache_noprof+0x189/0x420 [ 26.013886] kmalloc_double_kzfree+0xa9/0x350 [ 26.014121] kunit_try_run_case+0x1a5/0x480 [ 26.014492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.014701] kthread+0x337/0x6f0 [ 26.014870] ret_from_fork+0x116/0x1d0 [ 26.015054] ret_from_fork_asm+0x1a/0x30 [ 26.015371] [ 26.015448] Freed by task 241: [ 26.015595] kasan_save_stack+0x45/0x70 [ 26.015725] kasan_save_track+0x18/0x40 [ 26.015897] kasan_save_free_info+0x3f/0x60 [ 26.016113] __kasan_slab_free+0x56/0x70 [ 26.016388] kfree+0x222/0x3f0 [ 26.016549] kfree_sensitive+0x67/0x90 [ 26.016720] kmalloc_double_kzfree+0x12b/0x350 [ 26.016874] kunit_try_run_case+0x1a5/0x480 [ 26.017045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.017369] kthread+0x337/0x6f0 [ 26.017538] ret_from_fork+0x116/0x1d0 [ 26.017704] ret_from_fork_asm+0x1a/0x30 [ 26.017865] [ 26.017957] The buggy address belongs to the object at ffff888104561cc0 [ 26.017957] which belongs to the cache kmalloc-16 of size 16 [ 26.018589] The buggy address is located 0 bytes inside of [ 26.018589] freed 16-byte region [ffff888104561cc0, ffff888104561cd0) [ 26.019044] [ 26.019145] The buggy address belongs to the physical page: [ 26.019457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104561 [ 26.019817] flags: 0x200000000000000(node=0|zone=2) [ 26.020002] page_type: f5(slab) [ 26.020180] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.020609] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.020906] page dumped because: kasan: bad access detected [ 26.021089] [ 26.021151] Memory state around the buggy address: [ 26.021375] ffff888104561b80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 26.021589] ffff888104561c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.021888] >ffff888104561c80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 26.022218] ^ [ 26.022611] ffff888104561d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.022880] ffff888104561d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.023096] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.968949] ================================================================== [ 25.969493] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.969813] Read of size 1 at addr ffff8881061782a8 by task kunit_try_catch/237 [ 25.970287] [ 25.970462] CPU: 0 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.970523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.970535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.970556] Call Trace: [ 25.970568] <TASK> [ 25.970586] dump_stack_lvl+0x73/0xb0 [ 25.970616] print_report+0xd1/0x610 [ 25.970637] ? __virt_addr_valid+0x1db/0x2d0 [ 25.970660] ? kmalloc_uaf2+0x4a8/0x520 [ 25.970683] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.970708] ? kmalloc_uaf2+0x4a8/0x520 [ 25.970727] kasan_report+0x141/0x180 [ 25.970748] ? kmalloc_uaf2+0x4a8/0x520 [ 25.970772] __asan_report_load1_noabort+0x18/0x20 [ 25.970819] kmalloc_uaf2+0x4a8/0x520 [ 25.970839] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.970857] ? finish_task_switch.isra.0+0x153/0x700 [ 25.970879] ? __switch_to+0x47/0xf80 [ 25.970905] ? __schedule+0x10c6/0x2b60 [ 25.970927] ? __pfx_read_tsc+0x10/0x10 [ 25.970948] ? ktime_get_ts64+0x86/0x230 [ 25.970972] kunit_try_run_case+0x1a5/0x480 [ 25.970996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.971017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.971039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.971061] ? __kthread_parkme+0x82/0x180 [ 25.971096] ? preempt_count_sub+0x50/0x80 [ 25.971117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.971140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.971161] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.971183] kthread+0x337/0x6f0 [ 25.971202] ? trace_preempt_on+0x20/0xc0 [ 25.971232] ? __pfx_kthread+0x10/0x10 [ 25.971253] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.971274] ? calculate_sigpending+0x7b/0xa0 [ 25.971297] ? __pfx_kthread+0x10/0x10 [ 25.971318] ret_from_fork+0x116/0x1d0 [ 25.971336] ? __pfx_kthread+0x10/0x10 [ 25.971355] ret_from_fork_asm+0x1a/0x30 [ 25.971386] </TASK> [ 25.971396] [ 25.979473] Allocated by task 237: [ 25.979601] kasan_save_stack+0x45/0x70 [ 25.979741] kasan_save_track+0x18/0x40 [ 25.979876] kasan_save_alloc_info+0x3b/0x50 [ 25.980254] __kasan_kmalloc+0xb7/0xc0 [ 25.980624] __kmalloc_cache_noprof+0x189/0x420 [ 25.980835] kmalloc_uaf2+0xc6/0x520 [ 25.980995] kunit_try_run_case+0x1a5/0x480 [ 25.981191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.982744] kthread+0x337/0x6f0 [ 25.982938] ret_from_fork+0x116/0x1d0 [ 25.983141] ret_from_fork_asm+0x1a/0x30 [ 25.983450] [ 25.983520] Freed by task 237: [ 25.983625] kasan_save_stack+0x45/0x70 [ 25.984328] kasan_save_track+0x18/0x40 [ 25.984527] kasan_save_free_info+0x3f/0x60 [ 25.984733] __kasan_slab_free+0x56/0x70 [ 25.984923] kfree+0x222/0x3f0 [ 25.985101] kmalloc_uaf2+0x14c/0x520 [ 25.985300] kunit_try_run_case+0x1a5/0x480 [ 25.985489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.985727] kthread+0x337/0x6f0 [ 25.985889] ret_from_fork+0x116/0x1d0 [ 25.986045] ret_from_fork_asm+0x1a/0x30 [ 25.986305] [ 25.986385] The buggy address belongs to the object at ffff888106178280 [ 25.986385] which belongs to the cache kmalloc-64 of size 64 [ 25.986860] The buggy address is located 40 bytes inside of [ 25.986860] freed 64-byte region [ffff888106178280, ffff8881061782c0) [ 25.987418] [ 25.987495] The buggy address belongs to the physical page: [ 25.987742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106178 [ 25.988052] flags: 0x200000000000000(node=0|zone=2) [ 25.988238] page_type: f5(slab) [ 25.988453] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.988787] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.989040] page dumped because: kasan: bad access detected [ 25.989217] [ 25.989280] Memory state around the buggy address: [ 25.989562] ffff888106178180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.989838] ffff888106178200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.990141] >ffff888106178280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.990352] ^ [ 25.990493] ffff888106178300: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.990701] ffff888106178380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.991010] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.917689] ================================================================== [ 25.918130] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.919311] Write of size 33 at addr ffff888106086680 by task kunit_try_catch/235 [ 25.919628] [ 25.919742] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.919792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.919803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.919824] Call Trace: [ 25.919838] <TASK> [ 25.919855] dump_stack_lvl+0x73/0xb0 [ 25.919887] print_report+0xd1/0x610 [ 25.919908] ? __virt_addr_valid+0x1db/0x2d0 [ 25.919932] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.919952] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.919976] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.919997] kasan_report+0x141/0x180 [ 25.920018] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.920043] kasan_check_range+0x10c/0x1c0 [ 25.920065] __asan_memset+0x27/0x50 [ 25.920098] kmalloc_uaf_memset+0x1a3/0x360 [ 25.920118] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.920140] ? __schedule+0x10c6/0x2b60 [ 25.920162] ? __pfx_read_tsc+0x10/0x10 [ 25.920182] ? ktime_get_ts64+0x86/0x230 [ 25.920219] kunit_try_run_case+0x1a5/0x480 [ 25.920242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.920263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.920294] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.920317] ? __kthread_parkme+0x82/0x180 [ 25.920357] ? preempt_count_sub+0x50/0x80 [ 25.920380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.920405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.920431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.920458] kthread+0x337/0x6f0 [ 25.920480] ? trace_preempt_on+0x20/0xc0 [ 25.920506] ? __pfx_kthread+0x10/0x10 [ 25.920527] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.920551] ? calculate_sigpending+0x7b/0xa0 [ 25.920577] ? __pfx_kthread+0x10/0x10 [ 25.920601] ret_from_fork+0x116/0x1d0 [ 25.920621] ? __pfx_kthread+0x10/0x10 [ 25.920645] ret_from_fork_asm+0x1a/0x30 [ 25.920677] </TASK> [ 25.920688] [ 25.931876] Allocated by task 235: [ 25.932445] kasan_save_stack+0x45/0x70 [ 25.933285] kasan_save_track+0x18/0x40 [ 25.935332] kasan_save_alloc_info+0x3b/0x50 [ 25.935494] __kasan_kmalloc+0xb7/0xc0 [ 25.935621] __kmalloc_cache_noprof+0x189/0x420 [ 25.935767] kmalloc_uaf_memset+0xa9/0x360 [ 25.935899] kunit_try_run_case+0x1a5/0x480 [ 25.936034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.936226] kthread+0x337/0x6f0 [ 25.936345] ret_from_fork+0x116/0x1d0 [ 25.936496] ret_from_fork_asm+0x1a/0x30 [ 25.937466] [ 25.937574] Freed by task 235: [ 25.937726] kasan_save_stack+0x45/0x70 [ 25.937915] kasan_save_track+0x18/0x40 [ 25.940567] kasan_save_free_info+0x3f/0x60 [ 25.941312] __kasan_slab_free+0x56/0x70 [ 25.942851] kfree+0x222/0x3f0 [ 25.943392] kmalloc_uaf_memset+0x12b/0x360 [ 25.943942] kunit_try_run_case+0x1a5/0x480 [ 25.944394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.944635] kthread+0x337/0x6f0 [ 25.944784] ret_from_fork+0x116/0x1d0 [ 25.944949] ret_from_fork_asm+0x1a/0x30 [ 25.945131] [ 25.945209] The buggy address belongs to the object at ffff888106086680 [ 25.945209] which belongs to the cache kmalloc-64 of size 64 [ 25.949777] The buggy address is located 0 bytes inside of [ 25.949777] freed 64-byte region [ffff888106086680, ffff8881060866c0) [ 25.950459] [ 25.950530] The buggy address belongs to the physical page: [ 25.950695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106086 [ 25.952196] flags: 0x200000000000000(node=0|zone=2) [ 25.952652] page_type: f5(slab) [ 25.952940] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.953581] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.955681] page dumped because: kasan: bad access detected [ 25.956737] [ 25.957227] Memory state around the buggy address: [ 25.958874] ffff888106086580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.959499] ffff888106086600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.959712] >ffff888106086680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.959915] ^ [ 25.960023] ffff888106086700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.961488] ffff888106086780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.962407] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.892164] ================================================================== [ 25.892822] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.893112] Read of size 1 at addr ffff8881048d1ae8 by task kunit_try_catch/233 [ 25.893397] [ 25.893498] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.893625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.893638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.893658] Call Trace: [ 25.893669] <TASK> [ 25.893683] dump_stack_lvl+0x73/0xb0 [ 25.893711] print_report+0xd1/0x610 [ 25.893732] ? __virt_addr_valid+0x1db/0x2d0 [ 25.893755] ? kmalloc_uaf+0x320/0x380 [ 25.893774] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.893798] ? kmalloc_uaf+0x320/0x380 [ 25.893818] kasan_report+0x141/0x180 [ 25.893839] ? kmalloc_uaf+0x320/0x380 [ 25.893862] __asan_report_load1_noabort+0x18/0x20 [ 25.893886] kmalloc_uaf+0x320/0x380 [ 25.893905] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.893932] ? __schedule+0x10c6/0x2b60 [ 25.893955] ? __pfx_read_tsc+0x10/0x10 [ 25.893975] ? ktime_get_ts64+0x86/0x230 [ 25.893999] kunit_try_run_case+0x1a5/0x480 [ 25.894021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.894042] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.894064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.894096] ? __kthread_parkme+0x82/0x180 [ 25.894120] ? preempt_count_sub+0x50/0x80 [ 25.894142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.894165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.894186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.894208] kthread+0x337/0x6f0 [ 25.894226] ? trace_preempt_on+0x20/0xc0 [ 25.894249] ? __pfx_kthread+0x10/0x10 [ 25.894268] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.894290] ? calculate_sigpending+0x7b/0xa0 [ 25.894312] ? __pfx_kthread+0x10/0x10 [ 25.894333] ret_from_fork+0x116/0x1d0 [ 25.894350] ? __pfx_kthread+0x10/0x10 [ 25.894370] ret_from_fork_asm+0x1a/0x30 [ 25.894400] </TASK> [ 25.894461] [ 25.901235] Allocated by task 233: [ 25.901359] kasan_save_stack+0x45/0x70 [ 25.901495] kasan_save_track+0x18/0x40 [ 25.901621] kasan_save_alloc_info+0x3b/0x50 [ 25.901760] __kasan_kmalloc+0xb7/0xc0 [ 25.901883] __kmalloc_cache_noprof+0x189/0x420 [ 25.902035] kmalloc_uaf+0xaa/0x380 [ 25.902161] kunit_try_run_case+0x1a5/0x480 [ 25.902297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.902460] kthread+0x337/0x6f0 [ 25.902571] ret_from_fork+0x116/0x1d0 [ 25.902693] ret_from_fork_asm+0x1a/0x30 [ 25.902861] [ 25.902944] Freed by task 233: [ 25.903097] kasan_save_stack+0x45/0x70 [ 25.903278] kasan_save_track+0x18/0x40 [ 25.903575] kasan_save_free_info+0x3f/0x60 [ 25.903728] __kasan_slab_free+0x56/0x70 [ 25.903857] kfree+0x222/0x3f0 [ 25.903965] kmalloc_uaf+0x12c/0x380 [ 25.904099] kunit_try_run_case+0x1a5/0x480 [ 25.904237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.904401] kthread+0x337/0x6f0 [ 25.904677] ret_from_fork+0x116/0x1d0 [ 25.904864] ret_from_fork_asm+0x1a/0x30 [ 25.905056] [ 25.905150] The buggy address belongs to the object at ffff8881048d1ae0 [ 25.905150] which belongs to the cache kmalloc-16 of size 16 [ 25.905656] The buggy address is located 8 bytes inside of [ 25.905656] freed 16-byte region [ffff8881048d1ae0, ffff8881048d1af0) [ 25.906111] [ 25.906194] The buggy address belongs to the physical page: [ 25.906455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1048d1 [ 25.906722] flags: 0x200000000000000(node=0|zone=2) [ 25.906949] page_type: f5(slab) [ 25.907103] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.907459] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.907740] page dumped because: kasan: bad access detected [ 25.907947] [ 25.908025] Memory state around the buggy address: [ 25.908215] ffff8881048d1980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.908523] ffff8881048d1a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.908730] >ffff8881048d1a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.908935] ^ [ 25.909134] ffff8881048d1b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909342] ffff8881048d1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.909547] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.869483] ================================================================== [ 25.870022] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.870409] Read of size 64 at addr ffff888106178204 by task kunit_try_catch/231 [ 25.870711] [ 25.870797] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.870844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.870856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.870876] Call Trace: [ 25.870887] <TASK> [ 25.870902] dump_stack_lvl+0x73/0xb0 [ 25.870930] print_report+0xd1/0x610 [ 25.870951] ? __virt_addr_valid+0x1db/0x2d0 [ 25.870974] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.870997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.871021] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.871044] kasan_report+0x141/0x180 [ 25.871065] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.871104] kasan_check_range+0x10c/0x1c0 [ 25.871126] __asan_memmove+0x27/0x70 [ 25.871149] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.871171] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.871197] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.871225] kunit_try_run_case+0x1a5/0x480 [ 25.871247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.871268] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.871540] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.871570] ? __kthread_parkme+0x82/0x180 [ 25.871595] ? preempt_count_sub+0x50/0x80 [ 25.871618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.871641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.871664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.871686] kthread+0x337/0x6f0 [ 25.871705] ? trace_preempt_on+0x20/0xc0 [ 25.871728] ? __pfx_kthread+0x10/0x10 [ 25.871748] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.871768] ? calculate_sigpending+0x7b/0xa0 [ 25.871791] ? __pfx_kthread+0x10/0x10 [ 25.871811] ret_from_fork+0x116/0x1d0 [ 25.871829] ? __pfx_kthread+0x10/0x10 [ 25.871848] ret_from_fork_asm+0x1a/0x30 [ 25.871879] </TASK> [ 25.871888] [ 25.878593] Allocated by task 231: [ 25.878717] kasan_save_stack+0x45/0x70 [ 25.878853] kasan_save_track+0x18/0x40 [ 25.878981] kasan_save_alloc_info+0x3b/0x50 [ 25.879625] __kasan_kmalloc+0xb7/0xc0 [ 25.879828] __kmalloc_cache_noprof+0x189/0x420 [ 25.880065] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.880310] kunit_try_run_case+0x1a5/0x480 [ 25.880477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.880808] kthread+0x337/0x6f0 [ 25.880958] ret_from_fork+0x116/0x1d0 [ 25.881132] ret_from_fork_asm+0x1a/0x30 [ 25.881351] [ 25.881437] The buggy address belongs to the object at ffff888106178200 [ 25.881437] which belongs to the cache kmalloc-64 of size 64 [ 25.881852] The buggy address is located 4 bytes inside of [ 25.881852] allocated 64-byte region [ffff888106178200, ffff888106178240) [ 25.882215] [ 25.882301] The buggy address belongs to the physical page: [ 25.882542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106178 [ 25.882888] flags: 0x200000000000000(node=0|zone=2) [ 25.883138] page_type: f5(slab) [ 25.883296] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.883782] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.884091] page dumped because: kasan: bad access detected [ 25.884412] [ 25.884485] Memory state around the buggy address: [ 25.884634] ffff888106178100: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 25.884842] ffff888106178180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.885094] >ffff888106178200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.885651] ^ [ 25.885895] ffff888106178280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.886223] ffff888106178300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.886577] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.849854] ================================================================== [ 25.850326] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.850618] Read of size 18446744073709551614 at addr ffff888106086384 by task kunit_try_catch/229 [ 25.851393] [ 25.851510] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.851559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.851570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.851590] Call Trace: [ 25.851602] <TASK> [ 25.851615] dump_stack_lvl+0x73/0xb0 [ 25.851645] print_report+0xd1/0x610 [ 25.851666] ? __virt_addr_valid+0x1db/0x2d0 [ 25.851688] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.851711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.851737] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.851781] kasan_report+0x141/0x180 [ 25.851802] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.851831] kasan_check_range+0x10c/0x1c0 [ 25.851853] __asan_memmove+0x27/0x70 [ 25.851876] kmalloc_memmove_negative_size+0x171/0x330 [ 25.851899] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.851923] ? __schedule+0x10c6/0x2b60 [ 25.851945] ? __pfx_read_tsc+0x10/0x10 [ 25.851965] ? ktime_get_ts64+0x86/0x230 [ 25.851988] kunit_try_run_case+0x1a5/0x480 [ 25.852011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.852032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.852053] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.852075] ? __kthread_parkme+0x82/0x180 [ 25.852114] ? preempt_count_sub+0x50/0x80 [ 25.852137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.852159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.852180] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.852202] kthread+0x337/0x6f0 [ 25.852220] ? trace_preempt_on+0x20/0xc0 [ 25.852244] ? __pfx_kthread+0x10/0x10 [ 25.852317] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.852340] ? calculate_sigpending+0x7b/0xa0 [ 25.852362] ? __pfx_kthread+0x10/0x10 [ 25.852383] ret_from_fork+0x116/0x1d0 [ 25.852401] ? __pfx_kthread+0x10/0x10 [ 25.852421] ret_from_fork_asm+0x1a/0x30 [ 25.852452] </TASK> [ 25.852463] [ 25.859766] Allocated by task 229: [ 25.859988] kasan_save_stack+0x45/0x70 [ 25.860194] kasan_save_track+0x18/0x40 [ 25.860714] kasan_save_alloc_info+0x3b/0x50 [ 25.860884] __kasan_kmalloc+0xb7/0xc0 [ 25.861009] __kmalloc_cache_noprof+0x189/0x420 [ 25.861172] kmalloc_memmove_negative_size+0xac/0x330 [ 25.861634] kunit_try_run_case+0x1a5/0x480 [ 25.861833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.862085] kthread+0x337/0x6f0 [ 25.862234] ret_from_fork+0x116/0x1d0 [ 25.862407] ret_from_fork_asm+0x1a/0x30 [ 25.862590] [ 25.862677] The buggy address belongs to the object at ffff888106086380 [ 25.862677] which belongs to the cache kmalloc-64 of size 64 [ 25.863146] The buggy address is located 4 bytes inside of [ 25.863146] 64-byte region [ffff888106086380, ffff8881060863c0) [ 25.863575] [ 25.863670] The buggy address belongs to the physical page: [ 25.863904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106086 [ 25.864215] flags: 0x200000000000000(node=0|zone=2) [ 25.864502] page_type: f5(slab) [ 25.864670] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.864944] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.865218] page dumped because: kasan: bad access detected [ 25.865580] [ 25.865656] Memory state around the buggy address: [ 25.865890] ffff888106086280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.866126] ffff888106086300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.866333] >ffff888106086380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.866536] ^ [ 25.866643] ffff888106086400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.866946] ffff888106086480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.867254] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.825789] ================================================================== [ 25.826246] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.826481] Write of size 16 at addr ffff888105f2fc69 by task kunit_try_catch/227 [ 25.826698] [ 25.826777] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.826824] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.826836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.826856] Call Trace: [ 25.826867] <TASK> [ 25.826883] dump_stack_lvl+0x73/0xb0 [ 25.826911] print_report+0xd1/0x610 [ 25.826931] ? __virt_addr_valid+0x1db/0x2d0 [ 25.826954] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.826974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.826998] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.827018] kasan_report+0x141/0x180 [ 25.827039] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.827064] kasan_check_range+0x10c/0x1c0 [ 25.827096] __asan_memset+0x27/0x50 [ 25.827118] kmalloc_oob_memset_16+0x166/0x330 [ 25.827139] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.827160] ? __schedule+0x10c6/0x2b60 [ 25.827182] ? __pfx_read_tsc+0x10/0x10 [ 25.827202] ? ktime_get_ts64+0x86/0x230 [ 25.827226] kunit_try_run_case+0x1a5/0x480 [ 25.827249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.827269] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.827290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.827312] ? __kthread_parkme+0x82/0x180 [ 25.827335] ? preempt_count_sub+0x50/0x80 [ 25.827357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.827379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.827400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.827421] kthread+0x337/0x6f0 [ 25.827439] ? trace_preempt_on+0x20/0xc0 [ 25.827460] ? __pfx_kthread+0x10/0x10 [ 25.827479] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.827500] ? calculate_sigpending+0x7b/0xa0 [ 25.827522] ? __pfx_kthread+0x10/0x10 [ 25.827541] ret_from_fork+0x116/0x1d0 [ 25.827559] ? __pfx_kthread+0x10/0x10 [ 25.827577] ret_from_fork_asm+0x1a/0x30 [ 25.827607] </TASK> [ 25.827617] [ 25.838693] Allocated by task 227: [ 25.838866] kasan_save_stack+0x45/0x70 [ 25.839056] kasan_save_track+0x18/0x40 [ 25.839195] kasan_save_alloc_info+0x3b/0x50 [ 25.839335] __kasan_kmalloc+0xb7/0xc0 [ 25.839457] __kmalloc_cache_noprof+0x189/0x420 [ 25.839715] kmalloc_oob_memset_16+0xac/0x330 [ 25.839917] kunit_try_run_case+0x1a5/0x480 [ 25.840122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.840642] kthread+0x337/0x6f0 [ 25.840797] ret_from_fork+0x116/0x1d0 [ 25.840956] ret_from_fork_asm+0x1a/0x30 [ 25.841139] [ 25.841205] The buggy address belongs to the object at ffff888105f2fc00 [ 25.841205] which belongs to the cache kmalloc-128 of size 128 [ 25.841812] The buggy address is located 105 bytes inside of [ 25.841812] allocated 120-byte region [ffff888105f2fc00, ffff888105f2fc78) [ 25.842279] [ 25.842346] The buggy address belongs to the physical page: [ 25.842511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f2f [ 25.843193] flags: 0x200000000000000(node=0|zone=2) [ 25.843470] page_type: f5(slab) [ 25.843591] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.843813] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.844133] page dumped because: kasan: bad access detected [ 25.844586] [ 25.844677] Memory state around the buggy address: [ 25.844892] ffff888105f2fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.845182] ffff888105f2fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.845655] >ffff888105f2fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.845938] ^ [ 25.846180] ffff888105f2fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.846421] ffff888105f2fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.846724] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.803130] ================================================================== [ 25.803702] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.804004] Write of size 8 at addr ffff88810553d771 by task kunit_try_catch/225 [ 25.804280] [ 25.804380] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.804424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.804435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.804455] Call Trace: [ 25.804466] <TASK> [ 25.804479] dump_stack_lvl+0x73/0xb0 [ 25.804507] print_report+0xd1/0x610 [ 25.804528] ? __virt_addr_valid+0x1db/0x2d0 [ 25.804550] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.804570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.804594] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.804615] kasan_report+0x141/0x180 [ 25.804636] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.804663] kasan_check_range+0x10c/0x1c0 [ 25.804685] __asan_memset+0x27/0x50 [ 25.804708] kmalloc_oob_memset_8+0x166/0x330 [ 25.804729] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.804751] ? __schedule+0x10c6/0x2b60 [ 25.804773] ? __pfx_read_tsc+0x10/0x10 [ 25.804793] ? ktime_get_ts64+0x86/0x230 [ 25.804816] kunit_try_run_case+0x1a5/0x480 [ 25.804838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.804859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.804881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.804904] ? __kthread_parkme+0x82/0x180 [ 25.804927] ? preempt_count_sub+0x50/0x80 [ 25.804949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.804972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.804994] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.805016] kthread+0x337/0x6f0 [ 25.805034] ? trace_preempt_on+0x20/0xc0 [ 25.805057] ? __pfx_kthread+0x10/0x10 [ 25.805170] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.805199] ? calculate_sigpending+0x7b/0xa0 [ 25.805222] ? __pfx_kthread+0x10/0x10 [ 25.805355] ret_from_fork+0x116/0x1d0 [ 25.805384] ? __pfx_kthread+0x10/0x10 [ 25.805406] ret_from_fork_asm+0x1a/0x30 [ 25.805437] </TASK> [ 25.805448] [ 25.814231] Allocated by task 225: [ 25.814457] kasan_save_stack+0x45/0x70 [ 25.814651] kasan_save_track+0x18/0x40 [ 25.814801] kasan_save_alloc_info+0x3b/0x50 [ 25.814996] __kasan_kmalloc+0xb7/0xc0 [ 25.815158] __kmalloc_cache_noprof+0x189/0x420 [ 25.815496] kmalloc_oob_memset_8+0xac/0x330 [ 25.815683] kunit_try_run_case+0x1a5/0x480 [ 25.815870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.816095] kthread+0x337/0x6f0 [ 25.816327] ret_from_fork+0x116/0x1d0 [ 25.816491] ret_from_fork_asm+0x1a/0x30 [ 25.816675] [ 25.816749] The buggy address belongs to the object at ffff88810553d700 [ 25.816749] which belongs to the cache kmalloc-128 of size 128 [ 25.817121] The buggy address is located 113 bytes inside of [ 25.817121] allocated 120-byte region [ffff88810553d700, ffff88810553d778) [ 25.817789] [ 25.817872] The buggy address belongs to the physical page: [ 25.818041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.818415] flags: 0x200000000000000(node=0|zone=2) [ 25.818658] page_type: f5(slab) [ 25.818818] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.819172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.819503] page dumped because: kasan: bad access detected [ 25.819858] [ 25.819929] Memory state around the buggy address: [ 25.820125] ffff88810553d600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.820630] ffff88810553d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.820922] >ffff88810553d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.821161] ^ [ 25.821364] ffff88810553d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.821668] ffff88810553d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822061] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.781510] ================================================================== [ 25.781964] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.782310] Write of size 4 at addr ffff88810553d675 by task kunit_try_catch/223 [ 25.782989] [ 25.783120] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.783170] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.783181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.783202] Call Trace: [ 25.783212] <TASK> [ 25.783228] dump_stack_lvl+0x73/0xb0 [ 25.783339] print_report+0xd1/0x610 [ 25.783361] ? __virt_addr_valid+0x1db/0x2d0 [ 25.783384] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.783412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.783437] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.783458] kasan_report+0x141/0x180 [ 25.783479] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.783504] kasan_check_range+0x10c/0x1c0 [ 25.783526] __asan_memset+0x27/0x50 [ 25.783550] kmalloc_oob_memset_4+0x166/0x330 [ 25.783571] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.783593] ? __schedule+0x10c6/0x2b60 [ 25.783614] ? __pfx_read_tsc+0x10/0x10 [ 25.783635] ? ktime_get_ts64+0x86/0x230 [ 25.783658] kunit_try_run_case+0x1a5/0x480 [ 25.783682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.783702] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.783724] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.783746] ? __kthread_parkme+0x82/0x180 [ 25.783769] ? preempt_count_sub+0x50/0x80 [ 25.783791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.783814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.783835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.783857] kthread+0x337/0x6f0 [ 25.783875] ? trace_preempt_on+0x20/0xc0 [ 25.783899] ? __pfx_kthread+0x10/0x10 [ 25.783918] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.783938] ? calculate_sigpending+0x7b/0xa0 [ 25.783961] ? __pfx_kthread+0x10/0x10 [ 25.783981] ret_from_fork+0x116/0x1d0 [ 25.783999] ? __pfx_kthread+0x10/0x10 [ 25.784018] ret_from_fork_asm+0x1a/0x30 [ 25.784048] </TASK> [ 25.784058] [ 25.790963] Allocated by task 223: [ 25.791149] kasan_save_stack+0x45/0x70 [ 25.791412] kasan_save_track+0x18/0x40 [ 25.791840] kasan_save_alloc_info+0x3b/0x50 [ 25.792052] __kasan_kmalloc+0xb7/0xc0 [ 25.792289] __kmalloc_cache_noprof+0x189/0x420 [ 25.792501] kmalloc_oob_memset_4+0xac/0x330 [ 25.792659] kunit_try_run_case+0x1a5/0x480 [ 25.792858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.793061] kthread+0x337/0x6f0 [ 25.793230] ret_from_fork+0x116/0x1d0 [ 25.793559] ret_from_fork_asm+0x1a/0x30 [ 25.793735] [ 25.793822] The buggy address belongs to the object at ffff88810553d600 [ 25.793822] which belongs to the cache kmalloc-128 of size 128 [ 25.794399] The buggy address is located 117 bytes inside of [ 25.794399] allocated 120-byte region [ffff88810553d600, ffff88810553d678) [ 25.794857] [ 25.794952] The buggy address belongs to the physical page: [ 25.795156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.795577] flags: 0x200000000000000(node=0|zone=2) [ 25.795782] page_type: f5(slab) [ 25.795944] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.796305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.796608] page dumped because: kasan: bad access detected [ 25.796804] [ 25.796888] Memory state around the buggy address: [ 25.797053] ffff88810553d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.797279] ffff88810553d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.797489] >ffff88810553d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.797692] ^ [ 25.797978] ffff88810553d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.798294] ffff88810553d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.799036] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.757844] ================================================================== [ 25.758448] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 25.758763] Write of size 2 at addr ffff888105f2fb77 by task kunit_try_catch/221 [ 25.759019] [ 25.759127] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.759173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.759185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.759204] Call Trace: [ 25.759216] <TASK> [ 25.759229] dump_stack_lvl+0x73/0xb0 [ 25.759311] print_report+0xd1/0x610 [ 25.759333] ? __virt_addr_valid+0x1db/0x2d0 [ 25.759355] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.759375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.759400] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.759421] kasan_report+0x141/0x180 [ 25.759442] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.759467] kasan_check_range+0x10c/0x1c0 [ 25.759489] __asan_memset+0x27/0x50 [ 25.759512] kmalloc_oob_memset_2+0x166/0x330 [ 25.759534] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.759556] ? __schedule+0x10c6/0x2b60 [ 25.759578] ? __pfx_read_tsc+0x10/0x10 [ 25.759598] ? ktime_get_ts64+0x86/0x230 [ 25.759621] kunit_try_run_case+0x1a5/0x480 [ 25.759643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.759664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.759686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.759708] ? __kthread_parkme+0x82/0x180 [ 25.759731] ? preempt_count_sub+0x50/0x80 [ 25.759753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.759776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.759797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.759819] kthread+0x337/0x6f0 [ 25.759837] ? trace_preempt_on+0x20/0xc0 [ 25.759860] ? __pfx_kthread+0x10/0x10 [ 25.759879] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.759899] ? calculate_sigpending+0x7b/0xa0 [ 25.759921] ? __pfx_kthread+0x10/0x10 [ 25.759941] ret_from_fork+0x116/0x1d0 [ 25.759959] ? __pfx_kthread+0x10/0x10 [ 25.759979] ret_from_fork_asm+0x1a/0x30 [ 25.760009] </TASK> [ 25.760019] [ 25.766407] Allocated by task 221: [ 25.766648] kasan_save_stack+0x45/0x70 [ 25.766791] kasan_save_track+0x18/0x40 [ 25.766919] kasan_save_alloc_info+0x3b/0x50 [ 25.767058] __kasan_kmalloc+0xb7/0xc0 [ 25.767190] __kmalloc_cache_noprof+0x189/0x420 [ 25.769385] kmalloc_oob_memset_2+0xac/0x330 [ 25.769623] kunit_try_run_case+0x1a5/0x480 [ 25.769838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.770013] kthread+0x337/0x6f0 [ 25.770142] ret_from_fork+0x116/0x1d0 [ 25.770498] ret_from_fork_asm+0x1a/0x30 [ 25.770707] [ 25.770799] The buggy address belongs to the object at ffff888105f2fb00 [ 25.770799] which belongs to the cache kmalloc-128 of size 128 [ 25.771257] The buggy address is located 119 bytes inside of [ 25.771257] allocated 120-byte region [ffff888105f2fb00, ffff888105f2fb78) [ 25.771701] [ 25.771772] The buggy address belongs to the physical page: [ 25.771936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f2f [ 25.772274] flags: 0x200000000000000(node=0|zone=2) [ 25.772959] page_type: f5(slab) [ 25.773154] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.773525] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.773733] page dumped because: kasan: bad access detected [ 25.775283] [ 25.775359] Memory state around the buggy address: [ 25.775507] ffff888105f2fa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.775708] ffff888105f2fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.775907] >ffff888105f2fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.776287] ^ [ 25.776508] ffff888105f2fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.776763] ffff888105f2fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.777066] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 25.278876] ================================================================== [ 25.279711] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 25.279970] Read of size 1 at addr ffff8881061c0000 by task kunit_try_catch/203 [ 25.280269] [ 25.280364] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.280649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.280663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.280685] Call Trace: [ 25.280697] <TASK> [ 25.280714] dump_stack_lvl+0x73/0xb0 [ 25.280745] print_report+0xd1/0x610 [ 25.280766] ? __virt_addr_valid+0x1db/0x2d0 [ 25.280789] ? page_alloc_uaf+0x356/0x3d0 [ 25.280809] ? kasan_addr_to_slab+0x11/0xa0 [ 25.280828] ? page_alloc_uaf+0x356/0x3d0 [ 25.280849] kasan_report+0x141/0x180 [ 25.280870] ? page_alloc_uaf+0x356/0x3d0 [ 25.281054] __asan_report_load1_noabort+0x18/0x20 [ 25.281092] page_alloc_uaf+0x356/0x3d0 [ 25.281113] ? __pfx_page_alloc_uaf+0x10/0x10 [ 25.281134] ? __schedule+0x10c6/0x2b60 [ 25.281156] ? __pfx_read_tsc+0x10/0x10 [ 25.281177] ? ktime_get_ts64+0x86/0x230 [ 25.281203] kunit_try_run_case+0x1a5/0x480 [ 25.281226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.281319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.281344] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.281367] ? __kthread_parkme+0x82/0x180 [ 25.281391] ? preempt_count_sub+0x50/0x80 [ 25.281413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.281437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.281459] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.281482] kthread+0x337/0x6f0 [ 25.281500] ? trace_preempt_on+0x20/0xc0 [ 25.281523] ? __pfx_kthread+0x10/0x10 [ 25.281542] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.281563] ? calculate_sigpending+0x7b/0xa0 [ 25.281586] ? __pfx_kthread+0x10/0x10 [ 25.281606] ret_from_fork+0x116/0x1d0 [ 25.281624] ? __pfx_kthread+0x10/0x10 [ 25.281643] ret_from_fork_asm+0x1a/0x30 [ 25.281674] </TASK> [ 25.281684] [ 25.289756] The buggy address belongs to the physical page: [ 25.290211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061c0 [ 25.290823] flags: 0x200000000000000(node=0|zone=2) [ 25.290985] page_type: f0(buddy) [ 25.291140] raw: 0200000000000000 ffff88817fffc4f0 ffff88817fffc4f0 0000000000000000 [ 25.292127] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 25.292962] page dumped because: kasan: bad access detected [ 25.293569] [ 25.293890] Memory state around the buggy address: [ 25.294315] ffff8881061bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.294908] ffff8881061bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.295707] >ffff8881061c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.296213] ^ [ 25.296607] ffff8881061c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.297123] ffff8881061c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.297793] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 25.247278] ================================================================== [ 25.249424] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 25.250367] Free of addr ffff888105f54001 by task kunit_try_catch/199 [ 25.250582] [ 25.250665] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.250715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.250726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.250746] Call Trace: [ 25.250759] <TASK> [ 25.250774] dump_stack_lvl+0x73/0xb0 [ 25.250803] print_report+0xd1/0x610 [ 25.250860] ? __virt_addr_valid+0x1db/0x2d0 [ 25.250884] ? kasan_addr_to_slab+0x11/0xa0 [ 25.250903] ? kfree+0x274/0x3f0 [ 25.250923] kasan_report_invalid_free+0x10a/0x130 [ 25.250946] ? kfree+0x274/0x3f0 [ 25.250969] ? kfree+0x274/0x3f0 [ 25.250988] __kasan_kfree_large+0x86/0xd0 [ 25.251009] free_large_kmalloc+0x52/0x110 [ 25.251032] kfree+0x274/0x3f0 [ 25.251069] kmalloc_large_invalid_free+0x120/0x2b0 [ 25.251102] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 25.251125] ? __schedule+0x10c6/0x2b60 [ 25.251968] ? __pfx_read_tsc+0x10/0x10 [ 25.252186] ? ktime_get_ts64+0x86/0x230 [ 25.252217] kunit_try_run_case+0x1a5/0x480 [ 25.252257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.252289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.253552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.253578] ? __kthread_parkme+0x82/0x180 [ 25.253602] ? preempt_count_sub+0x50/0x80 [ 25.253625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.253647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.253670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.253692] kthread+0x337/0x6f0 [ 25.253710] ? trace_preempt_on+0x20/0xc0 [ 25.253733] ? __pfx_kthread+0x10/0x10 [ 25.253752] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.253772] ? calculate_sigpending+0x7b/0xa0 [ 25.253794] ? __pfx_kthread+0x10/0x10 [ 25.253814] ret_from_fork+0x116/0x1d0 [ 25.253832] ? __pfx_kthread+0x10/0x10 [ 25.253851] ret_from_fork_asm+0x1a/0x30 [ 25.253881] </TASK> [ 25.253891] [ 25.265060] The buggy address belongs to the physical page: [ 25.265242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f54 [ 25.265600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.266139] flags: 0x200000000000040(head|node=0|zone=2) [ 25.266769] page_type: f8(unknown) [ 25.267213] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.267595] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.267838] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.268095] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.268815] head: 0200000000000002 ffffea000417d501 00000000ffffffff 00000000ffffffff [ 25.269176] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.269618] page dumped because: kasan: bad access detected [ 25.269823] [ 25.269887] Memory state around the buggy address: [ 25.270120] ffff888105f53f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.270968] ffff888105f53f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271247] >ffff888105f54000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.271822] ^ [ 25.271984] ffff888105f54080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.272277] ffff888105f54100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.272835] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 25.220820] ================================================================== [ 25.222028] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 25.222603] Read of size 1 at addr ffff888106028000 by task kunit_try_catch/197 [ 25.223533] [ 25.223765] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.223903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.223918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.223938] Call Trace: [ 25.223951] <TASK> [ 25.223965] dump_stack_lvl+0x73/0xb0 [ 25.223995] print_report+0xd1/0x610 [ 25.224016] ? __virt_addr_valid+0x1db/0x2d0 [ 25.224038] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.224058] ? kasan_addr_to_slab+0x11/0xa0 [ 25.224089] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.224109] kasan_report+0x141/0x180 [ 25.224130] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.224154] __asan_report_load1_noabort+0x18/0x20 [ 25.224177] kmalloc_large_uaf+0x2f1/0x340 [ 25.224197] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 25.224217] ? __schedule+0x10c6/0x2b60 [ 25.224247] ? __pfx_read_tsc+0x10/0x10 [ 25.224267] ? ktime_get_ts64+0x86/0x230 [ 25.224291] kunit_try_run_case+0x1a5/0x480 [ 25.224313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.224334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.224356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.224378] ? __kthread_parkme+0x82/0x180 [ 25.224401] ? preempt_count_sub+0x50/0x80 [ 25.224423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.224446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.224467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.224489] kthread+0x337/0x6f0 [ 25.224507] ? trace_preempt_on+0x20/0xc0 [ 25.224530] ? __pfx_kthread+0x10/0x10 [ 25.224549] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.224569] ? calculate_sigpending+0x7b/0xa0 [ 25.224591] ? __pfx_kthread+0x10/0x10 [ 25.224612] ret_from_fork+0x116/0x1d0 [ 25.224630] ? __pfx_kthread+0x10/0x10 [ 25.224650] ret_from_fork_asm+0x1a/0x30 [ 25.224680] </TASK> [ 25.224690] [ 25.235075] The buggy address belongs to the physical page: [ 25.235640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106028 [ 25.235890] flags: 0x200000000000000(node=0|zone=2) [ 25.236063] raw: 0200000000000000 ffffea0004180b08 ffff88815b039fc0 0000000000000000 [ 25.236504] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.236827] page dumped because: kasan: bad access detected [ 25.237043] [ 25.237136] Memory state around the buggy address: [ 25.237431] ffff888106027f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.237721] ffff888106027f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238008] >ffff888106028000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.238412] ^ [ 25.238573] ffff888106028080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.238876] ffff888106028100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.239164] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 25.189512] ================================================================== [ 25.190952] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 25.191891] Write of size 1 at addr ffff888105f5600a by task kunit_try_catch/195 [ 25.192817] [ 25.193049] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.193109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.193121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.193141] Call Trace: [ 25.193153] <TASK> [ 25.193168] dump_stack_lvl+0x73/0xb0 [ 25.193199] print_report+0xd1/0x610 [ 25.193221] ? __virt_addr_valid+0x1db/0x2d0 [ 25.193243] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.193317] ? kasan_addr_to_slab+0x11/0xa0 [ 25.193339] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.193360] kasan_report+0x141/0x180 [ 25.193392] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.193419] __asan_report_store1_noabort+0x1b/0x30 [ 25.193442] kmalloc_large_oob_right+0x2e9/0x330 [ 25.193464] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 25.193487] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 25.193528] kunit_try_run_case+0x1a5/0x480 [ 25.193552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.193593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.193616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.193638] ? __kthread_parkme+0x82/0x180 [ 25.193661] ? preempt_count_sub+0x50/0x80 [ 25.193682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.193705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.193726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.193748] kthread+0x337/0x6f0 [ 25.193766] ? trace_preempt_on+0x20/0xc0 [ 25.193789] ? __pfx_kthread+0x10/0x10 [ 25.193808] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.193829] ? calculate_sigpending+0x7b/0xa0 [ 25.193851] ? __pfx_kthread+0x10/0x10 [ 25.193872] ret_from_fork+0x116/0x1d0 [ 25.193892] ? __pfx_kthread+0x10/0x10 [ 25.193911] ret_from_fork_asm+0x1a/0x30 [ 25.193947] </TASK> [ 25.193958] [ 25.207758] The buggy address belongs to the physical page: [ 25.208372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f54 [ 25.208973] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.209403] flags: 0x200000000000040(head|node=0|zone=2) [ 25.209720] page_type: f8(unknown) [ 25.210032] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.210842] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.211219] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.212151] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.212555] head: 0200000000000002 ffffea000417d501 00000000ffffffff 00000000ffffffff [ 25.213256] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.213646] page dumped because: kasan: bad access detected [ 25.213807] [ 25.213867] Memory state around the buggy address: [ 25.214016] ffff888105f55f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.214648] ffff888105f55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.215478] >ffff888105f56000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.216781] ^ [ 25.217163] ffff888105f56080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.217888] ffff888105f56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.218115] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 25.154208] ================================================================== [ 25.155709] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 25.156792] Write of size 1 at addr ffff888102b4df00 by task kunit_try_catch/193 [ 25.157720] [ 25.158025] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.158095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.158107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.158127] Call Trace: [ 25.158140] <TASK> [ 25.158156] dump_stack_lvl+0x73/0xb0 [ 25.158189] print_report+0xd1/0x610 [ 25.158209] ? __virt_addr_valid+0x1db/0x2d0 [ 25.158232] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.158421] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158445] kasan_report+0x141/0x180 [ 25.158468] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158495] __asan_report_store1_noabort+0x1b/0x30 [ 25.158518] kmalloc_big_oob_right+0x316/0x370 [ 25.158571] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 25.158594] ? __schedule+0x10c6/0x2b60 [ 25.158618] ? __pfx_read_tsc+0x10/0x10 [ 25.158638] ? ktime_get_ts64+0x86/0x230 [ 25.158683] kunit_try_run_case+0x1a5/0x480 [ 25.158719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.158740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.158762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.158784] ? __kthread_parkme+0x82/0x180 [ 25.158808] ? preempt_count_sub+0x50/0x80 [ 25.158831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.158853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.158875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.158897] kthread+0x337/0x6f0 [ 25.158915] ? trace_preempt_on+0x20/0xc0 [ 25.158938] ? __pfx_kthread+0x10/0x10 [ 25.158957] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.158977] ? calculate_sigpending+0x7b/0xa0 [ 25.159000] ? __pfx_kthread+0x10/0x10 [ 25.159021] ret_from_fork+0x116/0x1d0 [ 25.159038] ? __pfx_kthread+0x10/0x10 [ 25.159057] ret_from_fork_asm+0x1a/0x30 [ 25.159098] </TASK> [ 25.159108] [ 25.170046] Allocated by task 193: [ 25.170552] kasan_save_stack+0x45/0x70 [ 25.170934] kasan_save_track+0x18/0x40 [ 25.171299] kasan_save_alloc_info+0x3b/0x50 [ 25.171705] __kasan_kmalloc+0xb7/0xc0 [ 25.172047] __kmalloc_cache_noprof+0x189/0x420 [ 25.172557] kmalloc_big_oob_right+0xa9/0x370 [ 25.172948] kunit_try_run_case+0x1a5/0x480 [ 25.173377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.173867] kthread+0x337/0x6f0 [ 25.174185] ret_from_fork+0x116/0x1d0 [ 25.174617] ret_from_fork_asm+0x1a/0x30 [ 25.174997] [ 25.175179] The buggy address belongs to the object at ffff888102b4c000 [ 25.175179] which belongs to the cache kmalloc-8k of size 8192 [ 25.176355] The buggy address is located 0 bytes to the right of [ 25.176355] allocated 7936-byte region [ffff888102b4c000, ffff888102b4df00) [ 25.177628] [ 25.177819] The buggy address belongs to the physical page: [ 25.178351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b48 [ 25.179060] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.179813] flags: 0x200000000000040(head|node=0|zone=2) [ 25.180297] page_type: f5(slab) [ 25.180418] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 25.180640] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 25.180864] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 25.181097] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 25.181320] head: 0200000000000003 ffffea00040ad201 00000000ffffffff 00000000ffffffff [ 25.181544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 25.181765] page dumped because: kasan: bad access detected [ 25.181939] [ 25.182002] Memory state around the buggy address: [ 25.182430] ffff888102b4de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.183101] ffff888102b4de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.183929] >ffff888102b4df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.184780] ^ [ 25.185098] ffff888102b4df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.185818] ffff888102b4e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.186506] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 25.104550] ================================================================== [ 25.104946] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.105212] Write of size 1 at addr ffff88810553d478 by task kunit_try_catch/191 [ 25.106415] [ 25.106772] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.106826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.106838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.106858] Call Trace: [ 25.106870] <TASK> [ 25.106885] dump_stack_lvl+0x73/0xb0 [ 25.106953] print_report+0xd1/0x610 [ 25.106975] ? __virt_addr_valid+0x1db/0x2d0 [ 25.106998] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107134] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.107165] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107189] kasan_report+0x141/0x180 [ 25.107210] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107239] __asan_report_store1_noabort+0x1b/0x30 [ 25.107262] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.107285] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.107309] ? __schedule+0x10c6/0x2b60 [ 25.107331] ? __pfx_read_tsc+0x10/0x10 [ 25.107351] ? ktime_get_ts64+0x86/0x230 [ 25.107375] kunit_try_run_case+0x1a5/0x480 [ 25.107398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107418] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.107440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.107462] ? __kthread_parkme+0x82/0x180 [ 25.107485] ? preempt_count_sub+0x50/0x80 [ 25.107507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.107530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.107551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.107573] kthread+0x337/0x6f0 [ 25.107591] ? trace_preempt_on+0x20/0xc0 [ 25.107614] ? __pfx_kthread+0x10/0x10 [ 25.107633] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.107654] ? calculate_sigpending+0x7b/0xa0 [ 25.107676] ? __pfx_kthread+0x10/0x10 [ 25.107696] ret_from_fork+0x116/0x1d0 [ 25.107714] ? __pfx_kthread+0x10/0x10 [ 25.107733] ret_from_fork_asm+0x1a/0x30 [ 25.107763] </TASK> [ 25.107773] [ 25.120446] Allocated by task 191: [ 25.120605] kasan_save_stack+0x45/0x70 [ 25.121039] kasan_save_track+0x18/0x40 [ 25.121299] kasan_save_alloc_info+0x3b/0x50 [ 25.121436] __kasan_kmalloc+0xb7/0xc0 [ 25.121555] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.121983] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.122155] kunit_try_run_case+0x1a5/0x480 [ 25.122573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.122892] kthread+0x337/0x6f0 [ 25.123004] ret_from_fork+0x116/0x1d0 [ 25.123136] ret_from_fork_asm+0x1a/0x30 [ 25.123606] [ 25.123752] The buggy address belongs to the object at ffff88810553d400 [ 25.123752] which belongs to the cache kmalloc-128 of size 128 [ 25.124825] The buggy address is located 0 bytes to the right of [ 25.124825] allocated 120-byte region [ffff88810553d400, ffff88810553d478) [ 25.126100] [ 25.126286] The buggy address belongs to the physical page: [ 25.126686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.127469] flags: 0x200000000000000(node=0|zone=2) [ 25.127889] page_type: f5(slab) [ 25.128216] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.128846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.129445] page dumped because: kasan: bad access detected [ 25.129727] [ 25.129788] Memory state around the buggy address: [ 25.129940] ffff88810553d300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.130150] ffff88810553d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.130380] >ffff88810553d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.130781] ^ [ 25.131051] ffff88810553d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131382] ffff88810553d500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131822] ================================================================== [ 25.132628] ================================================================== [ 25.132856] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133251] Write of size 1 at addr ffff88810553d578 by task kunit_try_catch/191 [ 25.133637] [ 25.133743] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250717 #1 PREEMPT(voluntary) [ 25.133788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.133819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.133838] Call Trace: [ 25.133871] <TASK> [ 25.133884] dump_stack_lvl+0x73/0xb0 [ 25.133912] print_report+0xd1/0x610 [ 25.133937] ? __virt_addr_valid+0x1db/0x2d0 [ 25.133958] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.134005] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134029] kasan_report+0x141/0x180 [ 25.134050] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134090] __asan_report_store1_noabort+0x1b/0x30 [ 25.134113] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134136] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.134161] ? __schedule+0x10c6/0x2b60 [ 25.134183] ? __pfx_read_tsc+0x10/0x10 [ 25.134203] ? ktime_get_ts64+0x86/0x230 [ 25.134227] kunit_try_run_case+0x1a5/0x480 [ 25.134263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.134285] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.134405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.134430] ? __kthread_parkme+0x82/0x180 [ 25.134453] ? preempt_count_sub+0x50/0x80 [ 25.134475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.134498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.134521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.134543] kthread+0x337/0x6f0 [ 25.134561] ? trace_preempt_on+0x20/0xc0 [ 25.134583] ? __pfx_kthread+0x10/0x10 [ 25.134602] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.134624] ? calculate_sigpending+0x7b/0xa0 [ 25.134646] ? __pfx_kthread+0x10/0x10 [ 25.134666] ret_from_fork+0x116/0x1d0 [ 25.134684] ? __pfx_kthread+0x10/0x10 [ 25.134703] ret_from_fork_asm+0x1a/0x30 [ 25.134733] </TASK> [ 25.134742] [ 25.142200] Allocated by task 191: [ 25.142458] kasan_save_stack+0x45/0x70 [ 25.142627] kasan_save_track+0x18/0x40 [ 25.142902] kasan_save_alloc_info+0x3b/0x50 [ 25.143089] __kasan_kmalloc+0xb7/0xc0 [ 25.143210] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.143379] kmalloc_track_caller_oob_right+0x19a/0x520 [ 25.143566] kunit_try_run_case+0x1a5/0x480 [ 25.143762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.144033] kthread+0x337/0x6f0 [ 25.144238] ret_from_fork+0x116/0x1d0 [ 25.144437] ret_from_fork_asm+0x1a/0x30 [ 25.144784] [ 25.144869] The buggy address belongs to the object at ffff88810553d500 [ 25.144869] which belongs to the cache kmalloc-128 of size 128 [ 25.145491] The buggy address is located 0 bytes to the right of [ 25.145491] allocated 120-byte region [ffff88810553d500, ffff88810553d578) [ 25.145846] [ 25.145938] The buggy address belongs to the physical page: [ 25.146187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10553d [ 25.146589] flags: 0x200000000000000(node=0|zone=2) [ 25.146818] page_type: f5(slab) [ 25.147060] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.147314] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.147705] page dumped because: kasan: bad access detected [ 25.147978] [ 25.148076] Memory state around the buggy address: [ 25.148313] ffff88810553d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.148543] ffff88810553d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.148887] >ffff88810553d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.149258] ^ [ 25.149632] ffff88810553d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149965] ffff88810553d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.150189] ==================================================================