Date
July 22, 2025, 5:13 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 29.265986] ================================================================== [ 29.267303] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 29.268254] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.269083] [ 29.269381] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.269444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.269460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.269493] Call Trace: [ 29.269512] <TASK> [ 29.269534] dump_stack_lvl+0x73/0xb0 [ 29.269570] print_report+0xd1/0x640 [ 29.269597] ? __virt_addr_valid+0x1db/0x2d0 [ 29.269625] ? _copy_from_user+0x32/0x90 [ 29.269647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.269677] ? _copy_from_user+0x32/0x90 [ 29.269700] kasan_report+0x141/0x180 [ 29.269725] ? _copy_from_user+0x32/0x90 [ 29.269751] kasan_check_range+0x10c/0x1c0 [ 29.269776] __kasan_check_write+0x18/0x20 [ 29.269803] _copy_from_user+0x32/0x90 [ 29.269826] copy_user_test_oob+0x2be/0x10f0 [ 29.269863] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.269889] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.269924] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.269954] kunit_try_run_case+0x1a5/0x480 [ 29.269979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.270004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.270030] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.270056] ? __kthread_parkme+0x82/0x180 [ 29.270079] ? preempt_count_sub+0x50/0x80 [ 29.270104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.270129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.270155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.270196] kthread+0x337/0x6f0 [ 29.270217] ? trace_preempt_on+0x20/0xc0 [ 29.270245] ? __pfx_kthread+0x10/0x10 [ 29.270269] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.270296] ? calculate_sigpending+0x7b/0xa0 [ 29.270323] ? __pfx_kthread+0x10/0x10 [ 29.270347] ret_from_fork+0x116/0x1d0 [ 29.270370] ? __pfx_kthread+0x10/0x10 [ 29.270393] ret_from_fork_asm+0x1a/0x30 [ 29.270427] </TASK> [ 29.270442] [ 29.283411] Allocated by task 333: [ 29.283750] kasan_save_stack+0x45/0x70 [ 29.284117] kasan_save_track+0x18/0x40 [ 29.284557] kasan_save_alloc_info+0x3b/0x50 [ 29.284967] __kasan_kmalloc+0xb7/0xc0 [ 29.285155] __kmalloc_noprof+0x1ca/0x510 [ 29.285530] kunit_kmalloc_array+0x25/0x60 [ 29.285999] copy_user_test_oob+0xab/0x10f0 [ 29.286153] kunit_try_run_case+0x1a5/0x480 [ 29.286300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.286566] kthread+0x337/0x6f0 [ 29.286875] ret_from_fork+0x116/0x1d0 [ 29.287226] ret_from_fork_asm+0x1a/0x30 [ 29.287671] [ 29.287847] The buggy address belongs to the object at ffff888104975500 [ 29.287847] which belongs to the cache kmalloc-128 of size 128 [ 29.288989] The buggy address is located 0 bytes inside of [ 29.288989] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.290075] [ 29.290191] The buggy address belongs to the physical page: [ 29.290382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.291133] flags: 0x200000000000000(node=0|zone=2) [ 29.291627] page_type: f5(slab) [ 29.291900] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.292138] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.292908] page dumped because: kasan: bad access detected [ 29.293652] [ 29.293823] Memory state around the buggy address: [ 29.294148] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.294372] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.294939] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.295631] ^ [ 29.296260] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.296710] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.296954] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.200811] ================================================================== [ 29.202265] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.203723] Read of size 8 at addr ffff888106002578 by task kunit_try_catch/329 [ 29.203983] [ 29.204082] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.204139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.204154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.204425] Call Trace: [ 29.204442] <TASK> [ 29.204478] dump_stack_lvl+0x73/0xb0 [ 29.204516] print_report+0xd1/0x640 [ 29.204550] ? __virt_addr_valid+0x1db/0x2d0 [ 29.204600] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.204656] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204683] kasan_report+0x141/0x180 [ 29.204709] ? copy_to_kernel_nofault+0x225/0x260 [ 29.204740] __asan_report_load8_noabort+0x18/0x20 [ 29.204767] copy_to_kernel_nofault+0x225/0x260 [ 29.204794] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.204819] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.204855] ? __schedule+0x10da/0x2b60 [ 29.204892] ? finish_task_switch.isra.0+0x153/0x700 [ 29.204918] ? finish_task_switch.isra.0+0x156/0x700 [ 29.204950] ? __pfx_read_tsc+0x10/0x10 [ 29.204975] ? ktime_get_ts64+0x86/0x230 [ 29.205003] kunit_try_run_case+0x1a5/0x480 [ 29.205031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.205082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.205110] ? __kthread_parkme+0x82/0x180 [ 29.205132] ? preempt_count_sub+0x50/0x80 [ 29.205155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.205182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.205207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.205233] kthread+0x337/0x6f0 [ 29.205254] ? trace_preempt_on+0x20/0xc0 [ 29.205280] ? __pfx_kthread+0x10/0x10 [ 29.205303] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.205338] ? calculate_sigpending+0x7b/0xa0 [ 29.205365] ? __pfx_kthread+0x10/0x10 [ 29.205399] ret_from_fork+0x116/0x1d0 [ 29.205421] ? __pfx_kthread+0x10/0x10 [ 29.205444] ret_from_fork_asm+0x1a/0x30 [ 29.205477] </TASK> [ 29.205491] [ 29.217772] Allocated by task 329: [ 29.218547] kasan_save_stack+0x45/0x70 [ 29.218710] kasan_save_track+0x18/0x40 [ 29.218921] kasan_save_alloc_info+0x3b/0x50 [ 29.219108] __kasan_kmalloc+0xb7/0xc0 [ 29.219324] __kmalloc_cache_noprof+0x189/0x420 [ 29.219782] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.220002] kunit_try_run_case+0x1a5/0x480 [ 29.220335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.220804] kthread+0x337/0x6f0 [ 29.220965] ret_from_fork+0x116/0x1d0 [ 29.221258] ret_from_fork_asm+0x1a/0x30 [ 29.221456] [ 29.221559] The buggy address belongs to the object at ffff888106002500 [ 29.221559] which belongs to the cache kmalloc-128 of size 128 [ 29.222367] The buggy address is located 0 bytes to the right of [ 29.222367] allocated 120-byte region [ffff888106002500, ffff888106002578) [ 29.223296] [ 29.223416] The buggy address belongs to the physical page: [ 29.223657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 29.224006] flags: 0x200000000000000(node=0|zone=2) [ 29.224234] page_type: f5(slab) [ 29.224638] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.225069] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.225441] page dumped because: kasan: bad access detected [ 29.225769] [ 29.225969] Memory state around the buggy address: [ 29.226369] ffff888106002400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.226757] ffff888106002480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.227100] >ffff888106002500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.227392] ^ [ 29.227816] ffff888106002580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.228122] ffff888106002600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.228620] ================================================================== [ 29.229602] ================================================================== [ 29.229917] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.230264] Write of size 8 at addr ffff888106002578 by task kunit_try_catch/329 [ 29.230763] [ 29.230926] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.230978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.230993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.231016] Call Trace: [ 29.231030] <TASK> [ 29.231046] dump_stack_lvl+0x73/0xb0 [ 29.231077] print_report+0xd1/0x640 [ 29.231103] ? __virt_addr_valid+0x1db/0x2d0 [ 29.231130] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.231305] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231335] kasan_report+0x141/0x180 [ 29.231361] ? copy_to_kernel_nofault+0x99/0x260 [ 29.231391] kasan_check_range+0x10c/0x1c0 [ 29.231417] __kasan_check_write+0x18/0x20 [ 29.231442] copy_to_kernel_nofault+0x99/0x260 [ 29.231565] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.231595] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.231621] ? __schedule+0x10da/0x2b60 [ 29.231647] ? finish_task_switch.isra.0+0x153/0x700 [ 29.231671] ? finish_task_switch.isra.0+0x156/0x700 [ 29.231703] ? __pfx_read_tsc+0x10/0x10 [ 29.231727] ? ktime_get_ts64+0x86/0x230 [ 29.231753] kunit_try_run_case+0x1a5/0x480 [ 29.231779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.231841] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.231868] ? __kthread_parkme+0x82/0x180 [ 29.231890] ? preempt_count_sub+0x50/0x80 [ 29.231914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.231940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.231966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.231992] kthread+0x337/0x6f0 [ 29.232012] ? trace_preempt_on+0x20/0xc0 [ 29.232036] ? __pfx_kthread+0x10/0x10 [ 29.232059] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.232084] ? calculate_sigpending+0x7b/0xa0 [ 29.232109] ? __pfx_kthread+0x10/0x10 [ 29.232132] ret_from_fork+0x116/0x1d0 [ 29.232153] ? __pfx_kthread+0x10/0x10 [ 29.232176] ret_from_fork_asm+0x1a/0x30 [ 29.232208] </TASK> [ 29.232221] [ 29.243151] Allocated by task 329: [ 29.243783] kasan_save_stack+0x45/0x70 [ 29.243977] kasan_save_track+0x18/0x40 [ 29.244176] kasan_save_alloc_info+0x3b/0x50 [ 29.244607] __kasan_kmalloc+0xb7/0xc0 [ 29.244807] __kmalloc_cache_noprof+0x189/0x420 [ 29.245039] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.245431] kunit_try_run_case+0x1a5/0x480 [ 29.245635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.245977] kthread+0x337/0x6f0 [ 29.246285] ret_from_fork+0x116/0x1d0 [ 29.246469] ret_from_fork_asm+0x1a/0x30 [ 29.246814] [ 29.246918] The buggy address belongs to the object at ffff888106002500 [ 29.246918] which belongs to the cache kmalloc-128 of size 128 [ 29.247542] The buggy address is located 0 bytes to the right of [ 29.247542] allocated 120-byte region [ffff888106002500, ffff888106002578) [ 29.248286] [ 29.248526] The buggy address belongs to the physical page: [ 29.248767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 29.249103] flags: 0x200000000000000(node=0|zone=2) [ 29.249528] page_type: f5(slab) [ 29.249700] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.250142] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.250566] page dumped because: kasan: bad access detected [ 29.250782] [ 29.250895] Memory state around the buggy address: [ 29.251244] ffff888106002400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.251686] ffff888106002480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.251984] >ffff888106002500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.252346] ^ [ 29.252683] ffff888106002580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.253213] ffff888106002600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.253520] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 28.243066] ================================================================== [ 28.243365] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 28.244069] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.244416] [ 28.244643] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.244698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.244713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.244736] Call Trace: [ 28.244753] <TASK> [ 28.244768] dump_stack_lvl+0x73/0xb0 [ 28.244924] print_report+0xd1/0x640 [ 28.244951] ? __virt_addr_valid+0x1db/0x2d0 [ 28.244979] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.245002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.245030] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.245054] kasan_report+0x141/0x180 [ 28.245078] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.245107] __asan_report_load4_noabort+0x18/0x20 [ 28.245133] kasan_atomics_helper+0x4a02/0x5450 [ 28.245157] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.245181] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.245219] ? kasan_atomics+0x152/0x310 [ 28.245247] kasan_atomics+0x1dc/0x310 [ 28.245272] ? __pfx_kasan_atomics+0x10/0x10 [ 28.245299] ? __pfx_read_tsc+0x10/0x10 [ 28.245322] ? ktime_get_ts64+0x86/0x230 [ 28.245348] kunit_try_run_case+0x1a5/0x480 [ 28.245374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.245399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.245425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.245452] ? __kthread_parkme+0x82/0x180 [ 28.245495] ? preempt_count_sub+0x50/0x80 [ 28.245521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.245548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.245574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.245599] kthread+0x337/0x6f0 [ 28.245621] ? trace_preempt_on+0x20/0xc0 [ 28.245647] ? __pfx_kthread+0x10/0x10 [ 28.245669] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.245695] ? calculate_sigpending+0x7b/0xa0 [ 28.245720] ? __pfx_kthread+0x10/0x10 [ 28.245744] ret_from_fork+0x116/0x1d0 [ 28.245765] ? __pfx_kthread+0x10/0x10 [ 28.245788] ret_from_fork_asm+0x1a/0x30 [ 28.245821] </TASK> [ 28.245845] [ 28.256228] Allocated by task 313: [ 28.256732] kasan_save_stack+0x45/0x70 [ 28.256935] kasan_save_track+0x18/0x40 [ 28.257122] kasan_save_alloc_info+0x3b/0x50 [ 28.257722] __kasan_kmalloc+0xb7/0xc0 [ 28.257887] __kmalloc_cache_noprof+0x189/0x420 [ 28.258119] kasan_atomics+0x95/0x310 [ 28.258466] kunit_try_run_case+0x1a5/0x480 [ 28.258861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.259149] kthread+0x337/0x6f0 [ 28.259402] ret_from_fork+0x116/0x1d0 [ 28.259619] ret_from_fork_asm+0x1a/0x30 [ 28.259825] [ 28.259994] The buggy address belongs to the object at ffff8881058a7e80 [ 28.259994] which belongs to the cache kmalloc-64 of size 64 [ 28.260673] The buggy address is located 0 bytes to the right of [ 28.260673] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.261313] [ 28.261613] The buggy address belongs to the physical page: [ 28.261930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.262415] flags: 0x200000000000000(node=0|zone=2) [ 28.262666] page_type: f5(slab) [ 28.262921] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.263363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.263720] page dumped because: kasan: bad access detected [ 28.264169] [ 28.264287] Memory state around the buggy address: [ 28.264503] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.265037] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.265338] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.265673] ^ [ 28.266122] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.266588] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.266854] ================================================================== [ 27.578145] ================================================================== [ 27.578553] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 27.578854] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.579160] [ 27.579325] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.579377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.579391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.579414] Call Trace: [ 27.579432] <TASK> [ 27.579448] dump_stack_lvl+0x73/0xb0 [ 27.579477] print_report+0xd1/0x640 [ 27.579502] ? __virt_addr_valid+0x1db/0x2d0 [ 27.579528] ? kasan_atomics_helper+0x3df/0x5450 [ 27.579608] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.579640] ? kasan_atomics_helper+0x3df/0x5450 [ 27.579665] kasan_report+0x141/0x180 [ 27.579689] ? kasan_atomics_helper+0x3df/0x5450 [ 27.579717] kasan_check_range+0x10c/0x1c0 [ 27.579744] __kasan_check_read+0x15/0x20 [ 27.579770] kasan_atomics_helper+0x3df/0x5450 [ 27.579795] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.579819] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.579859] ? kasan_atomics+0x152/0x310 [ 27.579887] kasan_atomics+0x1dc/0x310 [ 27.579912] ? __pfx_kasan_atomics+0x10/0x10 [ 27.579938] ? __pfx_read_tsc+0x10/0x10 [ 27.579962] ? ktime_get_ts64+0x86/0x230 [ 27.579987] kunit_try_run_case+0x1a5/0x480 [ 27.580014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.580039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.580067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.580094] ? __kthread_parkme+0x82/0x180 [ 27.580117] ? preempt_count_sub+0x50/0x80 [ 27.580142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.580169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.580208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.580234] kthread+0x337/0x6f0 [ 27.580256] ? trace_preempt_on+0x20/0xc0 [ 27.580282] ? __pfx_kthread+0x10/0x10 [ 27.580305] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.580331] ? calculate_sigpending+0x7b/0xa0 [ 27.580357] ? __pfx_kthread+0x10/0x10 [ 27.580381] ret_from_fork+0x116/0x1d0 [ 27.580402] ? __pfx_kthread+0x10/0x10 [ 27.580425] ret_from_fork_asm+0x1a/0x30 [ 27.580457] </TASK> [ 27.580481] [ 27.588636] Allocated by task 313: [ 27.588789] kasan_save_stack+0x45/0x70 [ 27.589013] kasan_save_track+0x18/0x40 [ 27.589191] kasan_save_alloc_info+0x3b/0x50 [ 27.589371] __kasan_kmalloc+0xb7/0xc0 [ 27.589610] __kmalloc_cache_noprof+0x189/0x420 [ 27.589871] kasan_atomics+0x95/0x310 [ 27.590014] kunit_try_run_case+0x1a5/0x480 [ 27.590166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.590396] kthread+0x337/0x6f0 [ 27.590563] ret_from_fork+0x116/0x1d0 [ 27.590928] ret_from_fork_asm+0x1a/0x30 [ 27.591107] [ 27.591213] The buggy address belongs to the object at ffff8881058a7e80 [ 27.591213] which belongs to the cache kmalloc-64 of size 64 [ 27.591766] The buggy address is located 0 bytes to the right of [ 27.591766] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.592307] [ 27.592403] The buggy address belongs to the physical page: [ 27.592709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.593072] flags: 0x200000000000000(node=0|zone=2) [ 27.593312] page_type: f5(slab) [ 27.593436] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.593674] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.593913] page dumped because: kasan: bad access detected [ 27.594088] [ 27.594157] Memory state around the buggy address: [ 27.594382] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.594715] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.595041] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.595613] ^ [ 27.595775] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.596008] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.596223] ================================================================== [ 27.708271] ================================================================== [ 27.708799] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 27.709119] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.709366] [ 27.709573] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.709628] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.709827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.709869] Call Trace: [ 27.709888] <TASK> [ 27.709905] dump_stack_lvl+0x73/0xb0 [ 27.709937] print_report+0xd1/0x640 [ 27.709962] ? __virt_addr_valid+0x1db/0x2d0 [ 27.709987] ? kasan_atomics_helper+0x697/0x5450 [ 27.710010] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.710038] ? kasan_atomics_helper+0x697/0x5450 [ 27.710062] kasan_report+0x141/0x180 [ 27.710087] ? kasan_atomics_helper+0x697/0x5450 [ 27.710116] kasan_check_range+0x10c/0x1c0 [ 27.710142] __kasan_check_write+0x18/0x20 [ 27.710490] kasan_atomics_helper+0x697/0x5450 [ 27.710520] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.710558] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.710584] ? kasan_atomics+0x152/0x310 [ 27.710613] kasan_atomics+0x1dc/0x310 [ 27.710637] ? __pfx_kasan_atomics+0x10/0x10 [ 27.710663] ? __pfx_read_tsc+0x10/0x10 [ 27.710687] ? ktime_get_ts64+0x86/0x230 [ 27.710714] kunit_try_run_case+0x1a5/0x480 [ 27.710741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.710766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.710793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.710820] ? __kthread_parkme+0x82/0x180 [ 27.710854] ? preempt_count_sub+0x50/0x80 [ 27.710880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.710907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.710933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.710959] kthread+0x337/0x6f0 [ 27.710980] ? trace_preempt_on+0x20/0xc0 [ 27.711005] ? __pfx_kthread+0x10/0x10 [ 27.711028] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.711053] ? calculate_sigpending+0x7b/0xa0 [ 27.711078] ? __pfx_kthread+0x10/0x10 [ 27.711101] ret_from_fork+0x116/0x1d0 [ 27.711123] ? __pfx_kthread+0x10/0x10 [ 27.711145] ret_from_fork_asm+0x1a/0x30 [ 27.711178] </TASK> [ 27.711191] [ 27.723380] Allocated by task 313: [ 27.723934] kasan_save_stack+0x45/0x70 [ 27.724133] kasan_save_track+0x18/0x40 [ 27.724541] kasan_save_alloc_info+0x3b/0x50 [ 27.724907] __kasan_kmalloc+0xb7/0xc0 [ 27.725108] __kmalloc_cache_noprof+0x189/0x420 [ 27.725535] kasan_atomics+0x95/0x310 [ 27.725846] kunit_try_run_case+0x1a5/0x480 [ 27.726069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.726451] kthread+0x337/0x6f0 [ 27.726754] ret_from_fork+0x116/0x1d0 [ 27.726925] ret_from_fork_asm+0x1a/0x30 [ 27.727129] [ 27.727407] The buggy address belongs to the object at ffff8881058a7e80 [ 27.727407] which belongs to the cache kmalloc-64 of size 64 [ 27.728121] The buggy address is located 0 bytes to the right of [ 27.728121] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.729027] [ 27.729351] The buggy address belongs to the physical page: [ 27.729804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.730242] flags: 0x200000000000000(node=0|zone=2) [ 27.730437] page_type: f5(slab) [ 27.730799] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.731243] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.731718] page dumped because: kasan: bad access detected [ 27.731972] [ 27.732072] Memory state around the buggy address: [ 27.732263] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.732893] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.733311] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.733958] ^ [ 27.734151] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.734743] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.735158] ================================================================== [ 27.889338] ================================================================== [ 27.889759] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 27.890080] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.890426] [ 27.890608] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.890659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.890674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.890706] Call Trace: [ 27.890722] <TASK> [ 27.890737] dump_stack_lvl+0x73/0xb0 [ 27.890776] print_report+0xd1/0x640 [ 27.890801] ? __virt_addr_valid+0x1db/0x2d0 [ 27.890826] ? kasan_atomics_helper+0xac7/0x5450 [ 27.890858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.890886] ? kasan_atomics_helper+0xac7/0x5450 [ 27.890909] kasan_report+0x141/0x180 [ 27.890933] ? kasan_atomics_helper+0xac7/0x5450 [ 27.890960] kasan_check_range+0x10c/0x1c0 [ 27.890985] __kasan_check_write+0x18/0x20 [ 27.891010] kasan_atomics_helper+0xac7/0x5450 [ 27.891034] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.891058] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.891083] ? kasan_atomics+0x152/0x310 [ 27.891111] kasan_atomics+0x1dc/0x310 [ 27.891142] ? __pfx_kasan_atomics+0x10/0x10 [ 27.891168] ? __pfx_read_tsc+0x10/0x10 [ 27.891215] ? ktime_get_ts64+0x86/0x230 [ 27.891240] kunit_try_run_case+0x1a5/0x480 [ 27.891267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.891292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.891318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.891345] ? __kthread_parkme+0x82/0x180 [ 27.891367] ? preempt_count_sub+0x50/0x80 [ 27.891392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.891418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.891492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.891522] kthread+0x337/0x6f0 [ 27.891545] ? trace_preempt_on+0x20/0xc0 [ 27.891572] ? __pfx_kthread+0x10/0x10 [ 27.891598] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.891624] ? calculate_sigpending+0x7b/0xa0 [ 27.891660] ? __pfx_kthread+0x10/0x10 [ 27.891684] ret_from_fork+0x116/0x1d0 [ 27.891717] ? __pfx_kthread+0x10/0x10 [ 27.891739] ret_from_fork_asm+0x1a/0x30 [ 27.891772] </TASK> [ 27.891784] [ 27.900351] Allocated by task 313: [ 27.900612] kasan_save_stack+0x45/0x70 [ 27.900769] kasan_save_track+0x18/0x40 [ 27.900927] kasan_save_alloc_info+0x3b/0x50 [ 27.901187] __kasan_kmalloc+0xb7/0xc0 [ 27.901375] __kmalloc_cache_noprof+0x189/0x420 [ 27.901604] kasan_atomics+0x95/0x310 [ 27.901789] kunit_try_run_case+0x1a5/0x480 [ 27.902005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.902625] kthread+0x337/0x6f0 [ 27.902802] ret_from_fork+0x116/0x1d0 [ 27.902978] ret_from_fork_asm+0x1a/0x30 [ 27.903148] [ 27.903238] The buggy address belongs to the object at ffff8881058a7e80 [ 27.903238] which belongs to the cache kmalloc-64 of size 64 [ 27.904565] The buggy address is located 0 bytes to the right of [ 27.904565] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.905860] [ 27.905972] The buggy address belongs to the physical page: [ 27.906447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.906844] flags: 0x200000000000000(node=0|zone=2) [ 27.907061] page_type: f5(slab) [ 27.907442] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.907999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.908735] page dumped because: kasan: bad access detected [ 27.909191] [ 27.909449] Memory state around the buggy address: [ 27.909923] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.910508] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.911015] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.911726] ^ [ 27.911974] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.912431] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.913061] ================================================================== [ 27.869624] ================================================================== [ 27.869980] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 27.870289] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.870827] [ 27.870943] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.871008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.871023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.871046] Call Trace: [ 27.871063] <TASK> [ 27.871090] dump_stack_lvl+0x73/0xb0 [ 27.871122] print_report+0xd1/0x640 [ 27.871166] ? __virt_addr_valid+0x1db/0x2d0 [ 27.871192] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.871214] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.871244] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.871267] kasan_report+0x141/0x180 [ 27.871291] ? kasan_atomics_helper+0xa2b/0x5450 [ 27.871319] kasan_check_range+0x10c/0x1c0 [ 27.871345] __kasan_check_write+0x18/0x20 [ 27.871370] kasan_atomics_helper+0xa2b/0x5450 [ 27.871401] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.871426] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.871523] ? kasan_atomics+0x152/0x310 [ 27.871553] kasan_atomics+0x1dc/0x310 [ 27.871579] ? __pfx_kasan_atomics+0x10/0x10 [ 27.871605] ? __pfx_read_tsc+0x10/0x10 [ 27.871628] ? ktime_get_ts64+0x86/0x230 [ 27.871655] kunit_try_run_case+0x1a5/0x480 [ 27.871683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.871707] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.871735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.871763] ? __kthread_parkme+0x82/0x180 [ 27.871785] ? preempt_count_sub+0x50/0x80 [ 27.871811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.871848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.871883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.871908] kthread+0x337/0x6f0 [ 27.871930] ? trace_preempt_on+0x20/0xc0 [ 27.871967] ? __pfx_kthread+0x10/0x10 [ 27.871989] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.872015] ? calculate_sigpending+0x7b/0xa0 [ 27.872040] ? __pfx_kthread+0x10/0x10 [ 27.872064] ret_from_fork+0x116/0x1d0 [ 27.872086] ? __pfx_kthread+0x10/0x10 [ 27.872108] ret_from_fork_asm+0x1a/0x30 [ 27.872140] </TASK> [ 27.872172] [ 27.880385] Allocated by task 313: [ 27.880591] kasan_save_stack+0x45/0x70 [ 27.880794] kasan_save_track+0x18/0x40 [ 27.881004] kasan_save_alloc_info+0x3b/0x50 [ 27.881211] __kasan_kmalloc+0xb7/0xc0 [ 27.881346] __kmalloc_cache_noprof+0x189/0x420 [ 27.881578] kasan_atomics+0x95/0x310 [ 27.881764] kunit_try_run_case+0x1a5/0x480 [ 27.882205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.882407] kthread+0x337/0x6f0 [ 27.882661] ret_from_fork+0x116/0x1d0 [ 27.882867] ret_from_fork_asm+0x1a/0x30 [ 27.883093] [ 27.883214] The buggy address belongs to the object at ffff8881058a7e80 [ 27.883214] which belongs to the cache kmalloc-64 of size 64 [ 27.883737] The buggy address is located 0 bytes to the right of [ 27.883737] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.884134] [ 27.884262] The buggy address belongs to the physical page: [ 27.884588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.884971] flags: 0x200000000000000(node=0|zone=2) [ 27.885230] page_type: f5(slab) [ 27.885399] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.885798] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.886045] page dumped because: kasan: bad access detected [ 27.886312] [ 27.886429] Memory state around the buggy address: [ 27.886866] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.887238] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.887627] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.887931] ^ [ 27.888160] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.888569] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.888891] ================================================================== [ 28.885688] ================================================================== [ 28.885992] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 28.886536] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.886877] [ 28.886978] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.887064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.887080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.887115] Call Trace: [ 28.887133] <TASK> [ 28.887148] dump_stack_lvl+0x73/0xb0 [ 28.887177] print_report+0xd1/0x640 [ 28.887244] ? __virt_addr_valid+0x1db/0x2d0 [ 28.887281] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.887305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.887333] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.887357] kasan_report+0x141/0x180 [ 28.887381] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.887409] kasan_check_range+0x10c/0x1c0 [ 28.887434] __kasan_check_write+0x18/0x20 [ 28.887477] kasan_atomics_helper+0x1eaa/0x5450 [ 28.887504] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.887529] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.887558] ? kasan_atomics+0x152/0x310 [ 28.887617] kasan_atomics+0x1dc/0x310 [ 28.887642] ? __pfx_kasan_atomics+0x10/0x10 [ 28.887680] ? __pfx_read_tsc+0x10/0x10 [ 28.887703] ? ktime_get_ts64+0x86/0x230 [ 28.887728] kunit_try_run_case+0x1a5/0x480 [ 28.887755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.887781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.887811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.887847] ? __kthread_parkme+0x82/0x180 [ 28.887870] ? preempt_count_sub+0x50/0x80 [ 28.887895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.887921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.887968] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.887993] kthread+0x337/0x6f0 [ 28.888038] ? trace_preempt_on+0x20/0xc0 [ 28.888063] ? __pfx_kthread+0x10/0x10 [ 28.888085] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.888121] ? calculate_sigpending+0x7b/0xa0 [ 28.888146] ? __pfx_kthread+0x10/0x10 [ 28.888169] ret_from_fork+0x116/0x1d0 [ 28.888190] ? __pfx_kthread+0x10/0x10 [ 28.888213] ret_from_fork_asm+0x1a/0x30 [ 28.888245] </TASK> [ 28.888257] [ 28.897312] Allocated by task 313: [ 28.897540] kasan_save_stack+0x45/0x70 [ 28.897738] kasan_save_track+0x18/0x40 [ 28.898074] kasan_save_alloc_info+0x3b/0x50 [ 28.898336] __kasan_kmalloc+0xb7/0xc0 [ 28.899275] __kmalloc_cache_noprof+0x189/0x420 [ 28.899477] kasan_atomics+0x95/0x310 [ 28.899618] kunit_try_run_case+0x1a5/0x480 [ 28.899769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.900021] kthread+0x337/0x6f0 [ 28.900193] ret_from_fork+0x116/0x1d0 [ 28.900382] ret_from_fork_asm+0x1a/0x30 [ 28.900579] [ 28.900675] The buggy address belongs to the object at ffff8881058a7e80 [ 28.900675] which belongs to the cache kmalloc-64 of size 64 [ 28.901850] The buggy address is located 0 bytes to the right of [ 28.901850] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.903142] [ 28.903228] The buggy address belongs to the physical page: [ 28.903415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.903658] flags: 0x200000000000000(node=0|zone=2) [ 28.903818] page_type: f5(slab) [ 28.903949] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.904192] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.904525] page dumped because: kasan: bad access detected [ 28.904775] [ 28.904965] Memory state around the buggy address: [ 28.905186] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.905518] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.905853] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.906103] ^ [ 28.906363] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.906730] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.907101] ================================================================== [ 28.964084] ================================================================== [ 28.964378] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 28.964807] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.965900] [ 28.966013] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.966066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.966251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.966277] Call Trace: [ 28.966297] <TASK> [ 28.966313] dump_stack_lvl+0x73/0xb0 [ 28.966347] print_report+0xd1/0x640 [ 28.966372] ? __virt_addr_valid+0x1db/0x2d0 [ 28.966398] ? kasan_atomics_helper+0x2006/0x5450 [ 28.966422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.966450] ? kasan_atomics_helper+0x2006/0x5450 [ 28.966531] kasan_report+0x141/0x180 [ 28.966556] ? kasan_atomics_helper+0x2006/0x5450 [ 28.966585] kasan_check_range+0x10c/0x1c0 [ 28.966611] __kasan_check_write+0x18/0x20 [ 28.966636] kasan_atomics_helper+0x2006/0x5450 [ 28.966663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.966688] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.966714] ? kasan_atomics+0x152/0x310 [ 28.966742] kasan_atomics+0x1dc/0x310 [ 28.966767] ? __pfx_kasan_atomics+0x10/0x10 [ 28.966793] ? __pfx_read_tsc+0x10/0x10 [ 28.966817] ? ktime_get_ts64+0x86/0x230 [ 28.966855] kunit_try_run_case+0x1a5/0x480 [ 28.966883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.966908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.966936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.966964] ? __kthread_parkme+0x82/0x180 [ 28.966986] ? preempt_count_sub+0x50/0x80 [ 28.967011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.967037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.967061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.967088] kthread+0x337/0x6f0 [ 28.967110] ? trace_preempt_on+0x20/0xc0 [ 28.967135] ? __pfx_kthread+0x10/0x10 [ 28.967157] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.967184] ? calculate_sigpending+0x7b/0xa0 [ 28.967209] ? __pfx_kthread+0x10/0x10 [ 28.967232] ret_from_fork+0x116/0x1d0 [ 28.967254] ? __pfx_kthread+0x10/0x10 [ 28.967276] ret_from_fork_asm+0x1a/0x30 [ 28.967308] </TASK> [ 28.967321] [ 28.979150] Allocated by task 313: [ 28.979513] kasan_save_stack+0x45/0x70 [ 28.979759] kasan_save_track+0x18/0x40 [ 28.979961] kasan_save_alloc_info+0x3b/0x50 [ 28.980292] __kasan_kmalloc+0xb7/0xc0 [ 28.980550] __kmalloc_cache_noprof+0x189/0x420 [ 28.980969] kasan_atomics+0x95/0x310 [ 28.981272] kunit_try_run_case+0x1a5/0x480 [ 28.981435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.981949] kthread+0x337/0x6f0 [ 28.982125] ret_from_fork+0x116/0x1d0 [ 28.982446] ret_from_fork_asm+0x1a/0x30 [ 28.982859] [ 28.982955] The buggy address belongs to the object at ffff8881058a7e80 [ 28.982955] which belongs to the cache kmalloc-64 of size 64 [ 28.983905] The buggy address is located 0 bytes to the right of [ 28.983905] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.984710] [ 28.984847] The buggy address belongs to the physical page: [ 28.985397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.985784] flags: 0x200000000000000(node=0|zone=2) [ 28.986185] page_type: f5(slab) [ 28.986316] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.986997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.987368] page dumped because: kasan: bad access detected [ 28.987788] [ 28.987903] Memory state around the buggy address: [ 28.988311] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.988858] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.989287] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.989823] ^ [ 28.990081] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.990383] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.991093] ================================================================== [ 29.119781] ================================================================== [ 29.120314] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.121012] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.121548] [ 29.121752] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.121805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.121820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.121854] Call Trace: [ 29.121873] <TASK> [ 29.121899] dump_stack_lvl+0x73/0xb0 [ 29.121931] print_report+0xd1/0x640 [ 29.121956] ? __virt_addr_valid+0x1db/0x2d0 [ 29.121993] ? kasan_atomics_helper+0x224c/0x5450 [ 29.122017] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.122045] ? kasan_atomics_helper+0x224c/0x5450 [ 29.122070] kasan_report+0x141/0x180 [ 29.122095] ? kasan_atomics_helper+0x224c/0x5450 [ 29.122123] kasan_check_range+0x10c/0x1c0 [ 29.122169] __kasan_check_write+0x18/0x20 [ 29.122195] kasan_atomics_helper+0x224c/0x5450 [ 29.122219] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.122243] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.122270] ? kasan_atomics+0x152/0x310 [ 29.122298] kasan_atomics+0x1dc/0x310 [ 29.122322] ? __pfx_kasan_atomics+0x10/0x10 [ 29.122349] ? __pfx_read_tsc+0x10/0x10 [ 29.122372] ? ktime_get_ts64+0x86/0x230 [ 29.122399] kunit_try_run_case+0x1a5/0x480 [ 29.122425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.122535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.122563] ? __kthread_parkme+0x82/0x180 [ 29.122586] ? preempt_count_sub+0x50/0x80 [ 29.122612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.122641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.122669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.122696] kthread+0x337/0x6f0 [ 29.122718] ? trace_preempt_on+0x20/0xc0 [ 29.122744] ? __pfx_kthread+0x10/0x10 [ 29.122767] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.122792] ? calculate_sigpending+0x7b/0xa0 [ 29.122819] ? __pfx_kthread+0x10/0x10 [ 29.122854] ret_from_fork+0x116/0x1d0 [ 29.122876] ? __pfx_kthread+0x10/0x10 [ 29.122900] ret_from_fork_asm+0x1a/0x30 [ 29.122933] </TASK> [ 29.122947] [ 29.136481] Allocated by task 313: [ 29.136847] kasan_save_stack+0x45/0x70 [ 29.137353] kasan_save_track+0x18/0x40 [ 29.137828] kasan_save_alloc_info+0x3b/0x50 [ 29.138276] __kasan_kmalloc+0xb7/0xc0 [ 29.138849] __kmalloc_cache_noprof+0x189/0x420 [ 29.139303] kasan_atomics+0x95/0x310 [ 29.139699] kunit_try_run_case+0x1a5/0x480 [ 29.139989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.140173] kthread+0x337/0x6f0 [ 29.140486] ret_from_fork+0x116/0x1d0 [ 29.140884] ret_from_fork_asm+0x1a/0x30 [ 29.141257] [ 29.141412] The buggy address belongs to the object at ffff8881058a7e80 [ 29.141412] which belongs to the cache kmalloc-64 of size 64 [ 29.142227] The buggy address is located 0 bytes to the right of [ 29.142227] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.142771] [ 29.142867] The buggy address belongs to the physical page: [ 29.143358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.144069] flags: 0x200000000000000(node=0|zone=2) [ 29.144407] page_type: f5(slab) [ 29.144543] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.144789] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.145035] page dumped because: kasan: bad access detected [ 29.145223] [ 29.145294] Memory state around the buggy address: [ 29.145452] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.146188] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.146891] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.147625] ^ [ 29.147965] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.148204] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.149012] ================================================================== [ 28.054315] ================================================================== [ 28.054546] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.054816] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.055437] [ 28.055601] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.055655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.055670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.055693] Call Trace: [ 28.055709] <TASK> [ 28.055724] dump_stack_lvl+0x73/0xb0 [ 28.055753] print_report+0xd1/0x640 [ 28.055777] ? __virt_addr_valid+0x1db/0x2d0 [ 28.055802] ? kasan_atomics_helper+0xe78/0x5450 [ 28.055825] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.055869] ? kasan_atomics_helper+0xe78/0x5450 [ 28.055892] kasan_report+0x141/0x180 [ 28.055916] ? kasan_atomics_helper+0xe78/0x5450 [ 28.055944] kasan_check_range+0x10c/0x1c0 [ 28.055969] __kasan_check_write+0x18/0x20 [ 28.055995] kasan_atomics_helper+0xe78/0x5450 [ 28.056019] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.056043] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.056070] ? kasan_atomics+0x152/0x310 [ 28.056097] kasan_atomics+0x1dc/0x310 [ 28.056122] ? __pfx_kasan_atomics+0x10/0x10 [ 28.056148] ? __pfx_read_tsc+0x10/0x10 [ 28.056172] ? ktime_get_ts64+0x86/0x230 [ 28.056197] kunit_try_run_case+0x1a5/0x480 [ 28.056225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056249] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.056276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.056303] ? __kthread_parkme+0x82/0x180 [ 28.056325] ? preempt_count_sub+0x50/0x80 [ 28.056350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.056376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.056402] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.056428] kthread+0x337/0x6f0 [ 28.056449] ? trace_preempt_on+0x20/0xc0 [ 28.056473] ? __pfx_kthread+0x10/0x10 [ 28.056496] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.056522] ? calculate_sigpending+0x7b/0xa0 [ 28.056546] ? __pfx_kthread+0x10/0x10 [ 28.056571] ret_from_fork+0x116/0x1d0 [ 28.056593] ? __pfx_kthread+0x10/0x10 [ 28.056615] ret_from_fork_asm+0x1a/0x30 [ 28.056648] </TASK> [ 28.056660] [ 28.064784] Allocated by task 313: [ 28.064987] kasan_save_stack+0x45/0x70 [ 28.065206] kasan_save_track+0x18/0x40 [ 28.065356] kasan_save_alloc_info+0x3b/0x50 [ 28.065654] __kasan_kmalloc+0xb7/0xc0 [ 28.065824] __kmalloc_cache_noprof+0x189/0x420 [ 28.066040] kasan_atomics+0x95/0x310 [ 28.066268] kunit_try_run_case+0x1a5/0x480 [ 28.066454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.066880] kthread+0x337/0x6f0 [ 28.067040] ret_from_fork+0x116/0x1d0 [ 28.067236] ret_from_fork_asm+0x1a/0x30 [ 28.067430] [ 28.067571] The buggy address belongs to the object at ffff8881058a7e80 [ 28.067571] which belongs to the cache kmalloc-64 of size 64 [ 28.068065] The buggy address is located 0 bytes to the right of [ 28.068065] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.068666] [ 28.068767] The buggy address belongs to the physical page: [ 28.068997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.069293] flags: 0x200000000000000(node=0|zone=2) [ 28.069569] page_type: f5(slab) [ 28.069777] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.070102] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.070400] page dumped because: kasan: bad access detected [ 28.070729] [ 28.070827] Memory state around the buggy address: [ 28.071066] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.071403] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.071632] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.071871] ^ [ 28.072093] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.072631] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.072880] ================================================================== [ 29.046935] ================================================================== [ 29.047663] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 29.048109] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.048529] [ 29.048807] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.049088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.049106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.049130] Call Trace: [ 29.049149] <TASK> [ 29.049175] dump_stack_lvl+0x73/0xb0 [ 29.049208] print_report+0xd1/0x640 [ 29.049233] ? __virt_addr_valid+0x1db/0x2d0 [ 29.049259] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.049282] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.049310] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.049333] kasan_report+0x141/0x180 [ 29.049358] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.049386] __asan_report_load8_noabort+0x18/0x20 [ 29.049413] kasan_atomics_helper+0x4fb2/0x5450 [ 29.049437] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.049472] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.049498] ? kasan_atomics+0x152/0x310 [ 29.049527] kasan_atomics+0x1dc/0x310 [ 29.049551] ? __pfx_kasan_atomics+0x10/0x10 [ 29.049578] ? __pfx_read_tsc+0x10/0x10 [ 29.049601] ? ktime_get_ts64+0x86/0x230 [ 29.049627] kunit_try_run_case+0x1a5/0x480 [ 29.049654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.049679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.049706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.049735] ? __kthread_parkme+0x82/0x180 [ 29.049757] ? preempt_count_sub+0x50/0x80 [ 29.049783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.049809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.049849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.049875] kthread+0x337/0x6f0 [ 29.049897] ? trace_preempt_on+0x20/0xc0 [ 29.049922] ? __pfx_kthread+0x10/0x10 [ 29.049945] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.049970] ? calculate_sigpending+0x7b/0xa0 [ 29.049995] ? __pfx_kthread+0x10/0x10 [ 29.050020] ret_from_fork+0x116/0x1d0 [ 29.050041] ? __pfx_kthread+0x10/0x10 [ 29.050063] ret_from_fork_asm+0x1a/0x30 [ 29.050096] </TASK> [ 29.050108] [ 29.059320] Allocated by task 313: [ 29.059522] kasan_save_stack+0x45/0x70 [ 29.059729] kasan_save_track+0x18/0x40 [ 29.059931] kasan_save_alloc_info+0x3b/0x50 [ 29.060312] __kasan_kmalloc+0xb7/0xc0 [ 29.060448] __kmalloc_cache_noprof+0x189/0x420 [ 29.060607] kasan_atomics+0x95/0x310 [ 29.060761] kunit_try_run_case+0x1a5/0x480 [ 29.060986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.061299] kthread+0x337/0x6f0 [ 29.061560] ret_from_fork+0x116/0x1d0 [ 29.061747] ret_from_fork_asm+0x1a/0x30 [ 29.061953] [ 29.062049] The buggy address belongs to the object at ffff8881058a7e80 [ 29.062049] which belongs to the cache kmalloc-64 of size 64 [ 29.062753] The buggy address is located 0 bytes to the right of [ 29.062753] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.063137] [ 29.063296] The buggy address belongs to the physical page: [ 29.063570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.063924] flags: 0x200000000000000(node=0|zone=2) [ 29.064168] page_type: f5(slab) [ 29.064290] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.064858] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.065207] page dumped because: kasan: bad access detected [ 29.065375] [ 29.065499] Memory state around the buggy address: [ 29.065720] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.066048] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.066295] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.066505] ^ [ 29.066656] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.066982] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.067321] ================================================================== [ 27.767741] ================================================================== [ 27.768417] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 27.768695] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.769230] [ 27.769418] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.769483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.769499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.769523] Call Trace: [ 27.769543] <TASK> [ 27.769560] dump_stack_lvl+0x73/0xb0 [ 27.769590] print_report+0xd1/0x640 [ 27.769614] ? __virt_addr_valid+0x1db/0x2d0 [ 27.769710] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.769734] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.769762] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.769786] kasan_report+0x141/0x180 [ 27.769811] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.769849] kasan_check_range+0x10c/0x1c0 [ 27.769875] __kasan_check_write+0x18/0x20 [ 27.769900] kasan_atomics_helper+0x7c7/0x5450 [ 27.769925] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.769949] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.769976] ? kasan_atomics+0x152/0x310 [ 27.770004] kasan_atomics+0x1dc/0x310 [ 27.770029] ? __pfx_kasan_atomics+0x10/0x10 [ 27.770056] ? __pfx_read_tsc+0x10/0x10 [ 27.770080] ? ktime_get_ts64+0x86/0x230 [ 27.770106] kunit_try_run_case+0x1a5/0x480 [ 27.770132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.770158] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.770185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.770213] ? __kthread_parkme+0x82/0x180 [ 27.770235] ? preempt_count_sub+0x50/0x80 [ 27.770260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.770286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.770312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.770338] kthread+0x337/0x6f0 [ 27.770359] ? trace_preempt_on+0x20/0xc0 [ 27.770384] ? __pfx_kthread+0x10/0x10 [ 27.770406] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.770431] ? calculate_sigpending+0x7b/0xa0 [ 27.770457] ? __pfx_kthread+0x10/0x10 [ 27.770481] ret_from_fork+0x116/0x1d0 [ 27.770502] ? __pfx_kthread+0x10/0x10 [ 27.770524] ret_from_fork_asm+0x1a/0x30 [ 27.770557] </TASK> [ 27.770569] [ 27.784818] Allocated by task 313: [ 27.785199] kasan_save_stack+0x45/0x70 [ 27.785640] kasan_save_track+0x18/0x40 [ 27.785881] kasan_save_alloc_info+0x3b/0x50 [ 27.786037] __kasan_kmalloc+0xb7/0xc0 [ 27.786184] __kmalloc_cache_noprof+0x189/0x420 [ 27.786650] kasan_atomics+0x95/0x310 [ 27.787033] kunit_try_run_case+0x1a5/0x480 [ 27.787449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.788122] kthread+0x337/0x6f0 [ 27.788541] ret_from_fork+0x116/0x1d0 [ 27.788821] ret_from_fork_asm+0x1a/0x30 [ 27.789132] [ 27.789216] The buggy address belongs to the object at ffff8881058a7e80 [ 27.789216] which belongs to the cache kmalloc-64 of size 64 [ 27.790181] The buggy address is located 0 bytes to the right of [ 27.790181] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.791048] [ 27.791127] The buggy address belongs to the physical page: [ 27.791568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.792345] flags: 0x200000000000000(node=0|zone=2) [ 27.793009] page_type: f5(slab) [ 27.793400] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.793876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.794114] page dumped because: kasan: bad access detected [ 27.794602] [ 27.794797] Memory state around the buggy address: [ 27.795288] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.796024] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.796749] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.797145] ^ [ 27.797749] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.798251] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.798541] ================================================================== [ 28.591977] ================================================================== [ 28.592318] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 28.592633] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.592934] [ 28.593044] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.593095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.593111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.593134] Call Trace: [ 28.593152] <TASK> [ 28.593170] dump_stack_lvl+0x73/0xb0 [ 28.593197] print_report+0xd1/0x640 [ 28.593223] ? __virt_addr_valid+0x1db/0x2d0 [ 28.593249] ? kasan_atomics_helper+0x1818/0x5450 [ 28.593271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.593298] ? kasan_atomics_helper+0x1818/0x5450 [ 28.593321] kasan_report+0x141/0x180 [ 28.593344] ? kasan_atomics_helper+0x1818/0x5450 [ 28.593371] kasan_check_range+0x10c/0x1c0 [ 28.593396] __kasan_check_write+0x18/0x20 [ 28.593421] kasan_atomics_helper+0x1818/0x5450 [ 28.593444] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.593467] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.593492] ? kasan_atomics+0x152/0x310 [ 28.593520] kasan_atomics+0x1dc/0x310 [ 28.593543] ? __pfx_kasan_atomics+0x10/0x10 [ 28.593568] ? __pfx_read_tsc+0x10/0x10 [ 28.593591] ? ktime_get_ts64+0x86/0x230 [ 28.593617] kunit_try_run_case+0x1a5/0x480 [ 28.593642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.593667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.593694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.593721] ? __kthread_parkme+0x82/0x180 [ 28.593742] ? preempt_count_sub+0x50/0x80 [ 28.593766] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.593791] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.593816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.593875] kthread+0x337/0x6f0 [ 28.593898] ? trace_preempt_on+0x20/0xc0 [ 28.593923] ? __pfx_kthread+0x10/0x10 [ 28.593945] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.593971] ? calculate_sigpending+0x7b/0xa0 [ 28.593997] ? __pfx_kthread+0x10/0x10 [ 28.594020] ret_from_fork+0x116/0x1d0 [ 28.594042] ? __pfx_kthread+0x10/0x10 [ 28.594077] ret_from_fork_asm+0x1a/0x30 [ 28.594110] </TASK> [ 28.594123] [ 28.605300] Allocated by task 313: [ 28.605788] kasan_save_stack+0x45/0x70 [ 28.606163] kasan_save_track+0x18/0x40 [ 28.606546] kasan_save_alloc_info+0x3b/0x50 [ 28.606889] __kasan_kmalloc+0xb7/0xc0 [ 28.607082] __kmalloc_cache_noprof+0x189/0x420 [ 28.607459] kasan_atomics+0x95/0x310 [ 28.607806] kunit_try_run_case+0x1a5/0x480 [ 28.608018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.608493] kthread+0x337/0x6f0 [ 28.608923] ret_from_fork+0x116/0x1d0 [ 28.609267] ret_from_fork_asm+0x1a/0x30 [ 28.609618] [ 28.609725] The buggy address belongs to the object at ffff8881058a7e80 [ 28.609725] which belongs to the cache kmalloc-64 of size 64 [ 28.610423] The buggy address is located 0 bytes to the right of [ 28.610423] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.611546] [ 28.611654] The buggy address belongs to the physical page: [ 28.611889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.612521] flags: 0x200000000000000(node=0|zone=2) [ 28.612960] page_type: f5(slab) [ 28.613138] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.613513] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.613813] page dumped because: kasan: bad access detected [ 28.614050] [ 28.614133] Memory state around the buggy address: [ 28.614843] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.615581] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.615899] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.616165] ^ [ 28.616358] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.616622] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.616900] ================================================================== [ 27.657645] ================================================================== [ 27.657991] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 27.658351] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.658852] [ 27.658996] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.659047] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.659063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.659085] Call Trace: [ 27.659101] <TASK> [ 27.659117] dump_stack_lvl+0x73/0xb0 [ 27.659147] print_report+0xd1/0x640 [ 27.659172] ? __virt_addr_valid+0x1db/0x2d0 [ 27.659197] ? kasan_atomics_helper+0x565/0x5450 [ 27.659231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.659259] ? kasan_atomics_helper+0x565/0x5450 [ 27.659311] kasan_report+0x141/0x180 [ 27.659336] ? kasan_atomics_helper+0x565/0x5450 [ 27.659364] kasan_check_range+0x10c/0x1c0 [ 27.659397] __kasan_check_write+0x18/0x20 [ 27.659421] kasan_atomics_helper+0x565/0x5450 [ 27.659467] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.659491] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.659517] ? kasan_atomics+0x152/0x310 [ 27.659546] kasan_atomics+0x1dc/0x310 [ 27.659571] ? __pfx_kasan_atomics+0x10/0x10 [ 27.659597] ? __pfx_read_tsc+0x10/0x10 [ 27.659620] ? ktime_get_ts64+0x86/0x230 [ 27.659645] kunit_try_run_case+0x1a5/0x480 [ 27.659672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.659696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.659777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.659804] ? __kthread_parkme+0x82/0x180 [ 27.659842] ? preempt_count_sub+0x50/0x80 [ 27.659868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.659894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.659919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.659944] kthread+0x337/0x6f0 [ 27.659966] ? trace_preempt_on+0x20/0xc0 [ 27.659990] ? __pfx_kthread+0x10/0x10 [ 27.660013] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.660038] ? calculate_sigpending+0x7b/0xa0 [ 27.660062] ? __pfx_kthread+0x10/0x10 [ 27.660085] ret_from_fork+0x116/0x1d0 [ 27.660106] ? __pfx_kthread+0x10/0x10 [ 27.660128] ret_from_fork_asm+0x1a/0x30 [ 27.660177] </TASK> [ 27.660191] [ 27.668786] Allocated by task 313: [ 27.668992] kasan_save_stack+0x45/0x70 [ 27.669209] kasan_save_track+0x18/0x40 [ 27.669432] kasan_save_alloc_info+0x3b/0x50 [ 27.669637] __kasan_kmalloc+0xb7/0xc0 [ 27.669775] __kmalloc_cache_noprof+0x189/0x420 [ 27.669965] kasan_atomics+0x95/0x310 [ 27.670162] kunit_try_run_case+0x1a5/0x480 [ 27.670373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.670591] kthread+0x337/0x6f0 [ 27.670712] ret_from_fork+0x116/0x1d0 [ 27.670994] ret_from_fork_asm+0x1a/0x30 [ 27.671248] [ 27.671343] The buggy address belongs to the object at ffff8881058a7e80 [ 27.671343] which belongs to the cache kmalloc-64 of size 64 [ 27.671920] The buggy address is located 0 bytes to the right of [ 27.671920] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.672524] [ 27.672624] The buggy address belongs to the physical page: [ 27.672894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.673272] flags: 0x200000000000000(node=0|zone=2) [ 27.673575] page_type: f5(slab) [ 27.673751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.674108] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.674394] page dumped because: kasan: bad access detected [ 27.674731] [ 27.674811] Memory state around the buggy address: [ 27.675085] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.675438] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.675838] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.676180] ^ [ 27.676426] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.676835] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.677067] ================================================================== [ 28.860785] ================================================================== [ 28.861108] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 28.861988] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.862722] [ 28.862859] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.862915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.862932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.862955] Call Trace: [ 28.862974] <TASK> [ 28.862991] dump_stack_lvl+0x73/0xb0 [ 28.863021] print_report+0xd1/0x640 [ 28.863046] ? __virt_addr_valid+0x1db/0x2d0 [ 28.863072] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.863095] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.863123] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.863148] kasan_report+0x141/0x180 [ 28.863175] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.863203] kasan_check_range+0x10c/0x1c0 [ 28.863228] __kasan_check_write+0x18/0x20 [ 28.863254] kasan_atomics_helper+0x1e12/0x5450 [ 28.863279] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.863304] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.863330] ? kasan_atomics+0x152/0x310 [ 28.863358] kasan_atomics+0x1dc/0x310 [ 28.863382] ? __pfx_kasan_atomics+0x10/0x10 [ 28.863408] ? __pfx_read_tsc+0x10/0x10 [ 28.863432] ? ktime_get_ts64+0x86/0x230 [ 28.863460] kunit_try_run_case+0x1a5/0x480 [ 28.863487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863511] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.863537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.863565] ? __kthread_parkme+0x82/0x180 [ 28.863589] ? preempt_count_sub+0x50/0x80 [ 28.863614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.863651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.863677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.863703] kthread+0x337/0x6f0 [ 28.863735] ? trace_preempt_on+0x20/0xc0 [ 28.863761] ? __pfx_kthread+0x10/0x10 [ 28.863783] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.863809] ? calculate_sigpending+0x7b/0xa0 [ 28.863841] ? __pfx_kthread+0x10/0x10 [ 28.863865] ret_from_fork+0x116/0x1d0 [ 28.863886] ? __pfx_kthread+0x10/0x10 [ 28.863909] ret_from_fork_asm+0x1a/0x30 [ 28.863941] </TASK> [ 28.863953] [ 28.872507] Allocated by task 313: [ 28.872644] kasan_save_stack+0x45/0x70 [ 28.872789] kasan_save_track+0x18/0x40 [ 28.873091] kasan_save_alloc_info+0x3b/0x50 [ 28.873324] __kasan_kmalloc+0xb7/0xc0 [ 28.873642] __kmalloc_cache_noprof+0x189/0x420 [ 28.874553] kasan_atomics+0x95/0x310 [ 28.874819] kunit_try_run_case+0x1a5/0x480 [ 28.875727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.876231] kthread+0x337/0x6f0 [ 28.876400] ret_from_fork+0x116/0x1d0 [ 28.876761] ret_from_fork_asm+0x1a/0x30 [ 28.877256] [ 28.877378] The buggy address belongs to the object at ffff8881058a7e80 [ 28.877378] which belongs to the cache kmalloc-64 of size 64 [ 28.878194] The buggy address is located 0 bytes to the right of [ 28.878194] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.879114] [ 28.879277] The buggy address belongs to the physical page: [ 28.879795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.880279] flags: 0x200000000000000(node=0|zone=2) [ 28.880709] page_type: f5(slab) [ 28.880965] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.881660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.882317] page dumped because: kasan: bad access detected [ 28.882509] [ 28.882633] Memory state around the buggy address: [ 28.882909] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.883188] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.883705] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.884032] ^ [ 28.884335] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.884630] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.885115] ================================================================== [ 27.849734] ================================================================== [ 27.850086] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 27.850433] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.850898] [ 27.851012] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.851063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.851110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.851134] Call Trace: [ 27.851152] <TASK> [ 27.851180] dump_stack_lvl+0x73/0xb0 [ 27.851229] print_report+0xd1/0x640 [ 27.851253] ? __virt_addr_valid+0x1db/0x2d0 [ 27.851277] ? kasan_atomics_helper+0x992/0x5450 [ 27.851331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.851371] ? kasan_atomics_helper+0x992/0x5450 [ 27.851406] kasan_report+0x141/0x180 [ 27.851431] ? kasan_atomics_helper+0x992/0x5450 [ 27.851521] kasan_check_range+0x10c/0x1c0 [ 27.851548] __kasan_check_write+0x18/0x20 [ 27.851574] kasan_atomics_helper+0x992/0x5450 [ 27.851598] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.851622] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.851664] ? kasan_atomics+0x152/0x310 [ 27.851691] kasan_atomics+0x1dc/0x310 [ 27.851716] ? __pfx_kasan_atomics+0x10/0x10 [ 27.851741] ? __pfx_read_tsc+0x10/0x10 [ 27.851764] ? ktime_get_ts64+0x86/0x230 [ 27.851791] kunit_try_run_case+0x1a5/0x480 [ 27.851818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.851853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.851880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.851907] ? __kthread_parkme+0x82/0x180 [ 27.851929] ? preempt_count_sub+0x50/0x80 [ 27.851954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.851980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.852006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.852032] kthread+0x337/0x6f0 [ 27.852053] ? trace_preempt_on+0x20/0xc0 [ 27.852078] ? __pfx_kthread+0x10/0x10 [ 27.852100] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.852125] ? calculate_sigpending+0x7b/0xa0 [ 27.852150] ? __pfx_kthread+0x10/0x10 [ 27.852174] ret_from_fork+0x116/0x1d0 [ 27.852202] ? __pfx_kthread+0x10/0x10 [ 27.852224] ret_from_fork_asm+0x1a/0x30 [ 27.852257] </TASK> [ 27.852269] [ 27.860804] Allocated by task 313: [ 27.860976] kasan_save_stack+0x45/0x70 [ 27.861130] kasan_save_track+0x18/0x40 [ 27.861366] kasan_save_alloc_info+0x3b/0x50 [ 27.861607] __kasan_kmalloc+0xb7/0xc0 [ 27.861795] __kmalloc_cache_noprof+0x189/0x420 [ 27.862012] kasan_atomics+0x95/0x310 [ 27.862208] kunit_try_run_case+0x1a5/0x480 [ 27.862366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.862620] kthread+0x337/0x6f0 [ 27.862823] ret_from_fork+0x116/0x1d0 [ 27.863021] ret_from_fork_asm+0x1a/0x30 [ 27.863246] [ 27.863339] The buggy address belongs to the object at ffff8881058a7e80 [ 27.863339] which belongs to the cache kmalloc-64 of size 64 [ 27.863956] The buggy address is located 0 bytes to the right of [ 27.863956] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.864365] [ 27.864536] The buggy address belongs to the physical page: [ 27.864843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.865226] flags: 0x200000000000000(node=0|zone=2) [ 27.865662] page_type: f5(slab) [ 27.865868] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.866242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.866669] page dumped because: kasan: bad access detected [ 27.866925] [ 27.867029] Memory state around the buggy address: [ 27.867270] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.867620] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.867978] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.868314] ^ [ 27.868599] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.868854] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.869075] ================================================================== [ 28.375109] ================================================================== [ 28.375465] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 28.375725] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.376097] [ 28.376266] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.376316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.376331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.376355] Call Trace: [ 28.376374] <TASK> [ 28.376391] dump_stack_lvl+0x73/0xb0 [ 28.376421] print_report+0xd1/0x640 [ 28.376448] ? __virt_addr_valid+0x1db/0x2d0 [ 28.376474] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.376497] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.376525] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.376550] kasan_report+0x141/0x180 [ 28.376574] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.376601] kasan_check_range+0x10c/0x1c0 [ 28.376627] __kasan_check_read+0x15/0x20 [ 28.376652] kasan_atomics_helper+0x13b5/0x5450 [ 28.376677] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.376704] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.376730] ? kasan_atomics+0x152/0x310 [ 28.376758] kasan_atomics+0x1dc/0x310 [ 28.376783] ? __pfx_kasan_atomics+0x10/0x10 [ 28.376810] ? __pfx_read_tsc+0x10/0x10 [ 28.376845] ? ktime_get_ts64+0x86/0x230 [ 28.376876] kunit_try_run_case+0x1a5/0x480 [ 28.376904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.376927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.376955] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.376982] ? __kthread_parkme+0x82/0x180 [ 28.377004] ? preempt_count_sub+0x50/0x80 [ 28.377030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.377055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.377080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.377106] kthread+0x337/0x6f0 [ 28.377128] ? trace_preempt_on+0x20/0xc0 [ 28.377152] ? __pfx_kthread+0x10/0x10 [ 28.377187] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.377212] ? calculate_sigpending+0x7b/0xa0 [ 28.377238] ? __pfx_kthread+0x10/0x10 [ 28.377261] ret_from_fork+0x116/0x1d0 [ 28.377283] ? __pfx_kthread+0x10/0x10 [ 28.377305] ret_from_fork_asm+0x1a/0x30 [ 28.377338] </TASK> [ 28.377350] [ 28.385427] Allocated by task 313: [ 28.385636] kasan_save_stack+0x45/0x70 [ 28.385847] kasan_save_track+0x18/0x40 [ 28.386120] kasan_save_alloc_info+0x3b/0x50 [ 28.386553] __kasan_kmalloc+0xb7/0xc0 [ 28.386705] __kmalloc_cache_noprof+0x189/0x420 [ 28.386956] kasan_atomics+0x95/0x310 [ 28.387096] kunit_try_run_case+0x1a5/0x480 [ 28.387245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.387423] kthread+0x337/0x6f0 [ 28.387616] ret_from_fork+0x116/0x1d0 [ 28.387996] ret_from_fork_asm+0x1a/0x30 [ 28.388232] [ 28.388326] The buggy address belongs to the object at ffff8881058a7e80 [ 28.388326] which belongs to the cache kmalloc-64 of size 64 [ 28.389102] The buggy address is located 0 bytes to the right of [ 28.389102] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.389809] [ 28.389980] The buggy address belongs to the physical page: [ 28.390185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.390636] flags: 0x200000000000000(node=0|zone=2) [ 28.390827] page_type: f5(slab) [ 28.390958] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.391440] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.391794] page dumped because: kasan: bad access detected [ 28.392040] [ 28.392121] Memory state around the buggy address: [ 28.392342] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.392744] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.393091] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.393391] ^ [ 28.393585] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.393863] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.394240] ================================================================== [ 28.991851] ================================================================== [ 28.992091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 28.992564] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.993568] [ 28.993813] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.993995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.994011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.994034] Call Trace: [ 28.994052] <TASK> [ 28.994069] dump_stack_lvl+0x73/0xb0 [ 28.994101] print_report+0xd1/0x640 [ 28.994125] ? __virt_addr_valid+0x1db/0x2d0 [ 28.994152] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.994185] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.994214] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.994239] kasan_report+0x141/0x180 [ 28.994263] ? kasan_atomics_helper+0x4f98/0x5450 [ 28.994292] __asan_report_load8_noabort+0x18/0x20 [ 28.994319] kasan_atomics_helper+0x4f98/0x5450 [ 28.994346] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.994370] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.994397] ? kasan_atomics+0x152/0x310 [ 28.994424] kasan_atomics+0x1dc/0x310 [ 28.994450] ? __pfx_kasan_atomics+0x10/0x10 [ 28.994478] ? __pfx_read_tsc+0x10/0x10 [ 28.994504] ? ktime_get_ts64+0x86/0x230 [ 28.994529] kunit_try_run_case+0x1a5/0x480 [ 28.994556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.994580] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.994608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.994635] ? __kthread_parkme+0x82/0x180 [ 28.994656] ? preempt_count_sub+0x50/0x80 [ 28.994681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.994707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.994733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.994758] kthread+0x337/0x6f0 [ 28.994780] ? trace_preempt_on+0x20/0xc0 [ 28.994804] ? __pfx_kthread+0x10/0x10 [ 28.994826] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.994866] ? calculate_sigpending+0x7b/0xa0 [ 28.994890] ? __pfx_kthread+0x10/0x10 [ 28.994914] ret_from_fork+0x116/0x1d0 [ 28.994935] ? __pfx_kthread+0x10/0x10 [ 28.994957] ret_from_fork_asm+0x1a/0x30 [ 28.994990] </TASK> [ 28.995002] [ 29.006858] Allocated by task 313: [ 29.007310] kasan_save_stack+0x45/0x70 [ 29.007608] kasan_save_track+0x18/0x40 [ 29.007779] kasan_save_alloc_info+0x3b/0x50 [ 29.008012] __kasan_kmalloc+0xb7/0xc0 [ 29.008433] __kmalloc_cache_noprof+0x189/0x420 [ 29.008634] kasan_atomics+0x95/0x310 [ 29.008827] kunit_try_run_case+0x1a5/0x480 [ 29.009098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.009840] kthread+0x337/0x6f0 [ 29.010100] ret_from_fork+0x116/0x1d0 [ 29.010410] ret_from_fork_asm+0x1a/0x30 [ 29.010733] [ 29.010946] The buggy address belongs to the object at ffff8881058a7e80 [ 29.010946] which belongs to the cache kmalloc-64 of size 64 [ 29.011612] The buggy address is located 0 bytes to the right of [ 29.011612] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.012467] [ 29.012553] The buggy address belongs to the physical page: [ 29.013136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.013492] flags: 0x200000000000000(node=0|zone=2) [ 29.013934] page_type: f5(slab) [ 29.014196] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.014639] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.015026] page dumped because: kasan: bad access detected [ 29.015361] [ 29.015563] Memory state around the buggy address: [ 29.016040] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.016617] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.017032] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.017475] ^ [ 29.017937] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.018353] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.018917] ================================================================== [ 29.090154] ================================================================== [ 29.090395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 29.090636] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.090874] [ 29.090961] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.091014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.091028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.091051] Call Trace: [ 29.091069] <TASK> [ 29.091086] dump_stack_lvl+0x73/0xb0 [ 29.091113] print_report+0xd1/0x640 [ 29.091138] ? __virt_addr_valid+0x1db/0x2d0 [ 29.091162] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.091186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.091215] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.091239] kasan_report+0x141/0x180 [ 29.091263] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.091291] __asan_report_load8_noabort+0x18/0x20 [ 29.091317] kasan_atomics_helper+0x4fa5/0x5450 [ 29.091341] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.091365] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.091391] ? kasan_atomics+0x152/0x310 [ 29.091418] kasan_atomics+0x1dc/0x310 [ 29.091443] ? __pfx_kasan_atomics+0x10/0x10 [ 29.091470] ? __pfx_read_tsc+0x10/0x10 [ 29.091493] ? ktime_get_ts64+0x86/0x230 [ 29.091520] kunit_try_run_case+0x1a5/0x480 [ 29.091546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.091570] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.091597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.091624] ? __kthread_parkme+0x82/0x180 [ 29.091645] ? preempt_count_sub+0x50/0x80 [ 29.091670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.091696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.091721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.091747] kthread+0x337/0x6f0 [ 29.091767] ? trace_preempt_on+0x20/0xc0 [ 29.091792] ? __pfx_kthread+0x10/0x10 [ 29.091815] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.091923] ? calculate_sigpending+0x7b/0xa0 [ 29.091951] ? __pfx_kthread+0x10/0x10 [ 29.091976] ret_from_fork+0x116/0x1d0 [ 29.091998] ? __pfx_kthread+0x10/0x10 [ 29.092021] ret_from_fork_asm+0x1a/0x30 [ 29.092053] </TASK> [ 29.092066] [ 29.105262] Allocated by task 313: [ 29.105670] kasan_save_stack+0x45/0x70 [ 29.106040] kasan_save_track+0x18/0x40 [ 29.106425] kasan_save_alloc_info+0x3b/0x50 [ 29.107033] __kasan_kmalloc+0xb7/0xc0 [ 29.107431] __kmalloc_cache_noprof+0x189/0x420 [ 29.107929] kasan_atomics+0x95/0x310 [ 29.108263] kunit_try_run_case+0x1a5/0x480 [ 29.108435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.109007] kthread+0x337/0x6f0 [ 29.109300] ret_from_fork+0x116/0x1d0 [ 29.109437] ret_from_fork_asm+0x1a/0x30 [ 29.109586] [ 29.109657] The buggy address belongs to the object at ffff8881058a7e80 [ 29.109657] which belongs to the cache kmalloc-64 of size 64 [ 29.110536] The buggy address is located 0 bytes to the right of [ 29.110536] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.111798] [ 29.111995] The buggy address belongs to the physical page: [ 29.112583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.113057] flags: 0x200000000000000(node=0|zone=2) [ 29.113340] page_type: f5(slab) [ 29.113735] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.114433] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.114860] page dumped because: kasan: bad access detected [ 29.115038] [ 29.115107] Memory state around the buggy address: [ 29.115519] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.116156] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.117015] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.117707] ^ [ 29.118023] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.118249] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.118900] ================================================================== [ 28.476298] ================================================================== [ 28.476539] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 28.477051] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.477385] [ 28.477805] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.477876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.477892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.477915] Call Trace: [ 28.477939] <TASK> [ 28.477955] dump_stack_lvl+0x73/0xb0 [ 28.477986] print_report+0xd1/0x640 [ 28.478010] ? __virt_addr_valid+0x1db/0x2d0 [ 28.478035] ? kasan_atomics_helper+0x151d/0x5450 [ 28.478058] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.478086] ? kasan_atomics_helper+0x151d/0x5450 [ 28.478110] kasan_report+0x141/0x180 [ 28.478135] ? kasan_atomics_helper+0x151d/0x5450 [ 28.478162] kasan_check_range+0x10c/0x1c0 [ 28.478188] __kasan_check_write+0x18/0x20 [ 28.478213] kasan_atomics_helper+0x151d/0x5450 [ 28.478238] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.478263] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.478289] ? kasan_atomics+0x152/0x310 [ 28.478316] kasan_atomics+0x1dc/0x310 [ 28.478341] ? __pfx_kasan_atomics+0x10/0x10 [ 28.478367] ? __pfx_read_tsc+0x10/0x10 [ 28.478391] ? ktime_get_ts64+0x86/0x230 [ 28.478416] kunit_try_run_case+0x1a5/0x480 [ 28.478443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.478469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.478497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.478524] ? __kthread_parkme+0x82/0x180 [ 28.478547] ? preempt_count_sub+0x50/0x80 [ 28.478571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.478596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.478622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.478646] kthread+0x337/0x6f0 [ 28.478668] ? trace_preempt_on+0x20/0xc0 [ 28.478693] ? __pfx_kthread+0x10/0x10 [ 28.478715] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.478740] ? calculate_sigpending+0x7b/0xa0 [ 28.478768] ? __pfx_kthread+0x10/0x10 [ 28.478793] ret_from_fork+0x116/0x1d0 [ 28.478814] ? __pfx_kthread+0x10/0x10 [ 28.478845] ret_from_fork_asm+0x1a/0x30 [ 28.478878] </TASK> [ 28.478890] [ 28.487074] Allocated by task 313: [ 28.487437] kasan_save_stack+0x45/0x70 [ 28.487667] kasan_save_track+0x18/0x40 [ 28.487804] kasan_save_alloc_info+0x3b/0x50 [ 28.487963] __kasan_kmalloc+0xb7/0xc0 [ 28.488092] __kmalloc_cache_noprof+0x189/0x420 [ 28.488598] kasan_atomics+0x95/0x310 [ 28.488796] kunit_try_run_case+0x1a5/0x480 [ 28.488998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.489353] kthread+0x337/0x6f0 [ 28.490260] ret_from_fork+0x116/0x1d0 [ 28.490482] ret_from_fork_asm+0x1a/0x30 [ 28.490640] [ 28.490732] The buggy address belongs to the object at ffff8881058a7e80 [ 28.490732] which belongs to the cache kmalloc-64 of size 64 [ 28.491742] The buggy address is located 0 bytes to the right of [ 28.491742] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.492748] [ 28.492870] The buggy address belongs to the physical page: [ 28.493116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.493372] flags: 0x200000000000000(node=0|zone=2) [ 28.493673] page_type: f5(slab) [ 28.493858] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.494178] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.494622] page dumped because: kasan: bad access detected [ 28.494885] [ 28.494960] Memory state around the buggy address: [ 28.495150] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.495537] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.495819] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.496158] ^ [ 28.496397] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.496722] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.497036] ================================================================== [ 28.313733] ================================================================== [ 28.314310] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 28.314605] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.315084] [ 28.315172] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.315245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.315260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.315283] Call Trace: [ 28.315325] <TASK> [ 28.315341] dump_stack_lvl+0x73/0xb0 [ 28.315385] print_report+0xd1/0x640 [ 28.315409] ? __virt_addr_valid+0x1db/0x2d0 [ 28.315435] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.315458] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.315487] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.315511] kasan_report+0x141/0x180 [ 28.315535] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.315562] kasan_check_range+0x10c/0x1c0 [ 28.315588] __kasan_check_write+0x18/0x20 [ 28.315613] kasan_atomics_helper+0x12e6/0x5450 [ 28.315637] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.315661] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.315686] ? kasan_atomics+0x152/0x310 [ 28.315714] kasan_atomics+0x1dc/0x310 [ 28.315738] ? __pfx_kasan_atomics+0x10/0x10 [ 28.315765] ? __pfx_read_tsc+0x10/0x10 [ 28.315787] ? ktime_get_ts64+0x86/0x230 [ 28.315812] kunit_try_run_case+0x1a5/0x480 [ 28.315850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.315875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.315913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.315940] ? __kthread_parkme+0x82/0x180 [ 28.315962] ? preempt_count_sub+0x50/0x80 [ 28.315986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.316014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.316042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.316096] kthread+0x337/0x6f0 [ 28.316118] ? trace_preempt_on+0x20/0xc0 [ 28.316143] ? __pfx_kthread+0x10/0x10 [ 28.316166] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.316190] ? calculate_sigpending+0x7b/0xa0 [ 28.316216] ? __pfx_kthread+0x10/0x10 [ 28.316241] ret_from_fork+0x116/0x1d0 [ 28.316263] ? __pfx_kthread+0x10/0x10 [ 28.316286] ret_from_fork_asm+0x1a/0x30 [ 28.316318] </TASK> [ 28.316332] [ 28.324912] Allocated by task 313: [ 28.325090] kasan_save_stack+0x45/0x70 [ 28.325494] kasan_save_track+0x18/0x40 [ 28.325679] kasan_save_alloc_info+0x3b/0x50 [ 28.325890] __kasan_kmalloc+0xb7/0xc0 [ 28.326103] __kmalloc_cache_noprof+0x189/0x420 [ 28.326296] kasan_atomics+0x95/0x310 [ 28.326480] kunit_try_run_case+0x1a5/0x480 [ 28.326801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.327100] kthread+0x337/0x6f0 [ 28.327264] ret_from_fork+0x116/0x1d0 [ 28.327419] ret_from_fork_asm+0x1a/0x30 [ 28.327627] [ 28.327699] The buggy address belongs to the object at ffff8881058a7e80 [ 28.327699] which belongs to the cache kmalloc-64 of size 64 [ 28.328077] The buggy address is located 0 bytes to the right of [ 28.328077] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.328462] [ 28.328535] The buggy address belongs to the physical page: [ 28.328711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.329292] flags: 0x200000000000000(node=0|zone=2) [ 28.330530] page_type: f5(slab) [ 28.331197] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.331943] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.332757] page dumped because: kasan: bad access detected [ 28.332978] [ 28.333057] Memory state around the buggy address: [ 28.333225] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.333449] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.333673] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.334518] ^ [ 28.335364] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.336407] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.337431] ================================================================== [ 28.805065] ================================================================== [ 28.805599] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 28.806272] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.806896] [ 28.807168] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.807240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.807256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.807280] Call Trace: [ 28.807305] <TASK> [ 28.807323] dump_stack_lvl+0x73/0xb0 [ 28.807353] print_report+0xd1/0x640 [ 28.807377] ? __virt_addr_valid+0x1db/0x2d0 [ 28.807402] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.807425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.807452] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.807506] kasan_report+0x141/0x180 [ 28.807531] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.807558] kasan_check_range+0x10c/0x1c0 [ 28.807583] __kasan_check_write+0x18/0x20 [ 28.807609] kasan_atomics_helper+0x1ce1/0x5450 [ 28.807634] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.807658] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.807684] ? kasan_atomics+0x152/0x310 [ 28.807712] kasan_atomics+0x1dc/0x310 [ 28.807736] ? __pfx_kasan_atomics+0x10/0x10 [ 28.807763] ? __pfx_read_tsc+0x10/0x10 [ 28.807786] ? ktime_get_ts64+0x86/0x230 [ 28.807811] kunit_try_run_case+0x1a5/0x480 [ 28.807849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.807873] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.807901] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.807928] ? __kthread_parkme+0x82/0x180 [ 28.807950] ? preempt_count_sub+0x50/0x80 [ 28.807974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.808000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.808025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.808051] kthread+0x337/0x6f0 [ 28.808072] ? trace_preempt_on+0x20/0xc0 [ 28.808097] ? __pfx_kthread+0x10/0x10 [ 28.808119] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.808144] ? calculate_sigpending+0x7b/0xa0 [ 28.808179] ? __pfx_kthread+0x10/0x10 [ 28.808202] ret_from_fork+0x116/0x1d0 [ 28.808224] ? __pfx_kthread+0x10/0x10 [ 28.808246] ret_from_fork_asm+0x1a/0x30 [ 28.808278] </TASK> [ 28.808291] [ 28.821777] Allocated by task 313: [ 28.822088] kasan_save_stack+0x45/0x70 [ 28.822444] kasan_save_track+0x18/0x40 [ 28.822819] kasan_save_alloc_info+0x3b/0x50 [ 28.823043] __kasan_kmalloc+0xb7/0xc0 [ 28.823472] __kmalloc_cache_noprof+0x189/0x420 [ 28.823759] kasan_atomics+0x95/0x310 [ 28.824070] kunit_try_run_case+0x1a5/0x480 [ 28.824425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.824949] kthread+0x337/0x6f0 [ 28.825269] ret_from_fork+0x116/0x1d0 [ 28.825472] ret_from_fork_asm+0x1a/0x30 [ 28.825974] [ 28.826085] The buggy address belongs to the object at ffff8881058a7e80 [ 28.826085] which belongs to the cache kmalloc-64 of size 64 [ 28.827014] The buggy address is located 0 bytes to the right of [ 28.827014] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.827955] [ 28.828213] The buggy address belongs to the physical page: [ 28.828715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.829074] flags: 0x200000000000000(node=0|zone=2) [ 28.829532] page_type: f5(slab) [ 28.829977] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.830596] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.830931] page dumped because: kasan: bad access detected [ 28.831152] [ 28.831436] Memory state around the buggy address: [ 28.831941] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.832536] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.832778] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.833268] ^ [ 28.833453] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.833785] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.834110] ================================================================== [ 27.679321] ================================================================== [ 27.680255] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 27.680608] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.680950] [ 27.681043] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.681094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.681109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.681133] Call Trace: [ 27.681150] <TASK> [ 27.681167] dump_stack_lvl+0x73/0xb0 [ 27.681194] print_report+0xd1/0x640 [ 27.681218] ? __virt_addr_valid+0x1db/0x2d0 [ 27.681242] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.681265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.681293] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.681316] kasan_report+0x141/0x180 [ 27.681340] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.681367] kasan_check_range+0x10c/0x1c0 [ 27.681393] __kasan_check_write+0x18/0x20 [ 27.681417] kasan_atomics_helper+0x5fe/0x5450 [ 27.681440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.681463] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.681488] ? kasan_atomics+0x152/0x310 [ 27.681517] kasan_atomics+0x1dc/0x310 [ 27.681540] ? __pfx_kasan_atomics+0x10/0x10 [ 27.681566] ? __pfx_read_tsc+0x10/0x10 [ 27.681588] ? ktime_get_ts64+0x86/0x230 [ 27.681861] kunit_try_run_case+0x1a5/0x480 [ 27.681890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.681915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.681942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.681982] ? __kthread_parkme+0x82/0x180 [ 27.682005] ? preempt_count_sub+0x50/0x80 [ 27.682041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.682068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.682094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.682120] kthread+0x337/0x6f0 [ 27.682141] ? trace_preempt_on+0x20/0xc0 [ 27.682174] ? __pfx_kthread+0x10/0x10 [ 27.682196] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.682221] ? calculate_sigpending+0x7b/0xa0 [ 27.682247] ? __pfx_kthread+0x10/0x10 [ 27.682270] ret_from_fork+0x116/0x1d0 [ 27.682291] ? __pfx_kthread+0x10/0x10 [ 27.682313] ret_from_fork_asm+0x1a/0x30 [ 27.682346] </TASK> [ 27.682358] [ 27.695569] Allocated by task 313: [ 27.695976] kasan_save_stack+0x45/0x70 [ 27.696393] kasan_save_track+0x18/0x40 [ 27.696770] kasan_save_alloc_info+0x3b/0x50 [ 27.697202] __kasan_kmalloc+0xb7/0xc0 [ 27.697550] __kmalloc_cache_noprof+0x189/0x420 [ 27.697774] kasan_atomics+0x95/0x310 [ 27.697950] kunit_try_run_case+0x1a5/0x480 [ 27.698138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.698370] kthread+0x337/0x6f0 [ 27.698927] ret_from_fork+0x116/0x1d0 [ 27.699324] ret_from_fork_asm+0x1a/0x30 [ 27.699671] [ 27.699912] The buggy address belongs to the object at ffff8881058a7e80 [ 27.699912] which belongs to the cache kmalloc-64 of size 64 [ 27.700920] The buggy address is located 0 bytes to the right of [ 27.700920] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.702056] [ 27.702271] The buggy address belongs to the physical page: [ 27.702782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.703461] flags: 0x200000000000000(node=0|zone=2) [ 27.703682] page_type: f5(slab) [ 27.703849] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.704219] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.704665] page dumped because: kasan: bad access detected [ 27.704949] [ 27.705046] Memory state around the buggy address: [ 27.705237] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.705745] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.706153] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.706578] ^ [ 27.706809] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.707094] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.707395] ================================================================== [ 27.799366] ================================================================== [ 27.800073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 27.800757] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.801125] [ 27.801319] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.801380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.801405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.801430] Call Trace: [ 27.801455] <TASK> [ 27.801471] dump_stack_lvl+0x73/0xb0 [ 27.801501] print_report+0xd1/0x640 [ 27.801526] ? __virt_addr_valid+0x1db/0x2d0 [ 27.801551] ? kasan_atomics_helper+0x860/0x5450 [ 27.801574] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.801603] ? kasan_atomics_helper+0x860/0x5450 [ 27.801667] kasan_report+0x141/0x180 [ 27.801694] ? kasan_atomics_helper+0x860/0x5450 [ 27.801722] kasan_check_range+0x10c/0x1c0 [ 27.801747] __kasan_check_write+0x18/0x20 [ 27.801773] kasan_atomics_helper+0x860/0x5450 [ 27.801798] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.801822] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.801861] ? kasan_atomics+0x152/0x310 [ 27.801890] kasan_atomics+0x1dc/0x310 [ 27.801914] ? __pfx_kasan_atomics+0x10/0x10 [ 27.801941] ? __pfx_read_tsc+0x10/0x10 [ 27.801964] ? ktime_get_ts64+0x86/0x230 [ 27.801990] kunit_try_run_case+0x1a5/0x480 [ 27.802016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.802041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.802069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.802095] ? __kthread_parkme+0x82/0x180 [ 27.802117] ? preempt_count_sub+0x50/0x80 [ 27.802141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.802166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.802192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.802218] kthread+0x337/0x6f0 [ 27.802239] ? trace_preempt_on+0x20/0xc0 [ 27.802265] ? __pfx_kthread+0x10/0x10 [ 27.802287] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.802313] ? calculate_sigpending+0x7b/0xa0 [ 27.802337] ? __pfx_kthread+0x10/0x10 [ 27.802361] ret_from_fork+0x116/0x1d0 [ 27.802383] ? __pfx_kthread+0x10/0x10 [ 27.802405] ret_from_fork_asm+0x1a/0x30 [ 27.802437] </TASK> [ 27.802451] [ 27.815852] Allocated by task 313: [ 27.816199] kasan_save_stack+0x45/0x70 [ 27.816662] kasan_save_track+0x18/0x40 [ 27.817122] kasan_save_alloc_info+0x3b/0x50 [ 27.817283] __kasan_kmalloc+0xb7/0xc0 [ 27.817416] __kmalloc_cache_noprof+0x189/0x420 [ 27.817893] kasan_atomics+0x95/0x310 [ 27.818274] kunit_try_run_case+0x1a5/0x480 [ 27.818786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.819305] kthread+0x337/0x6f0 [ 27.819825] ret_from_fork+0x116/0x1d0 [ 27.820040] ret_from_fork_asm+0x1a/0x30 [ 27.820215] [ 27.820373] The buggy address belongs to the object at ffff8881058a7e80 [ 27.820373] which belongs to the cache kmalloc-64 of size 64 [ 27.821559] The buggy address is located 0 bytes to the right of [ 27.821559] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.821955] [ 27.822029] The buggy address belongs to the physical page: [ 27.822234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.822636] flags: 0x200000000000000(node=0|zone=2) [ 27.822872] page_type: f5(slab) [ 27.823016] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.823364] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.823709] page dumped because: kasan: bad access detected [ 27.823947] [ 27.824018] Memory state around the buggy address: [ 27.824176] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.824498] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.824988] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.825335] ^ [ 27.825574] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.826058] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.826418] ================================================================== [ 27.974798] ================================================================== [ 27.975454] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 27.976272] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.976989] [ 27.977169] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.977220] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.977236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.977260] Call Trace: [ 27.977277] <TASK> [ 27.977294] dump_stack_lvl+0x73/0xb0 [ 27.977323] print_report+0xd1/0x640 [ 27.977349] ? __virt_addr_valid+0x1db/0x2d0 [ 27.977373] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.977397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.977424] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.977448] kasan_report+0x141/0x180 [ 27.977521] ? kasan_atomics_helper+0x4a84/0x5450 [ 27.977549] __asan_report_load4_noabort+0x18/0x20 [ 27.977576] kasan_atomics_helper+0x4a84/0x5450 [ 27.977601] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.977624] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.977650] ? kasan_atomics+0x152/0x310 [ 27.977679] kasan_atomics+0x1dc/0x310 [ 27.977704] ? __pfx_kasan_atomics+0x10/0x10 [ 27.977729] ? __pfx_read_tsc+0x10/0x10 [ 27.977753] ? ktime_get_ts64+0x86/0x230 [ 27.977778] kunit_try_run_case+0x1a5/0x480 [ 27.977804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.977850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.977878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.977905] ? __kthread_parkme+0x82/0x180 [ 27.977927] ? preempt_count_sub+0x50/0x80 [ 27.977952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.977979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.978005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.978031] kthread+0x337/0x6f0 [ 27.978053] ? trace_preempt_on+0x20/0xc0 [ 27.978078] ? __pfx_kthread+0x10/0x10 [ 27.978100] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.978125] ? calculate_sigpending+0x7b/0xa0 [ 27.978150] ? __pfx_kthread+0x10/0x10 [ 27.978173] ret_from_fork+0x116/0x1d0 [ 27.978194] ? __pfx_kthread+0x10/0x10 [ 27.978217] ret_from_fork_asm+0x1a/0x30 [ 27.978249] </TASK> [ 27.978262] [ 27.992026] Allocated by task 313: [ 27.992372] kasan_save_stack+0x45/0x70 [ 27.992772] kasan_save_track+0x18/0x40 [ 27.993334] kasan_save_alloc_info+0x3b/0x50 [ 27.993784] __kasan_kmalloc+0xb7/0xc0 [ 27.994133] __kmalloc_cache_noprof+0x189/0x420 [ 27.994631] kasan_atomics+0x95/0x310 [ 27.994958] kunit_try_run_case+0x1a5/0x480 [ 27.995109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.995565] kthread+0x337/0x6f0 [ 27.995928] ret_from_fork+0x116/0x1d0 [ 27.996306] ret_from_fork_asm+0x1a/0x30 [ 27.996730] [ 27.996815] The buggy address belongs to the object at ffff8881058a7e80 [ 27.996815] which belongs to the cache kmalloc-64 of size 64 [ 27.997221] The buggy address is located 0 bytes to the right of [ 27.997221] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.998657] [ 27.998849] The buggy address belongs to the physical page: [ 27.999494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.000244] flags: 0x200000000000000(node=0|zone=2) [ 28.000504] page_type: f5(slab) [ 28.000872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.001401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.001983] page dumped because: kasan: bad access detected [ 28.002660] [ 28.002826] Memory state around the buggy address: [ 28.003027] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.003278] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.003614] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.004224] ^ [ 28.004749] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.005232] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.005454] ================================================================== [ 28.267596] ================================================================== [ 28.268182] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 28.268671] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.269105] [ 28.269222] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.269274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.269289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.269311] Call Trace: [ 28.269330] <TASK> [ 28.269348] dump_stack_lvl+0x73/0xb0 [ 28.269614] print_report+0xd1/0x640 [ 28.269642] ? __virt_addr_valid+0x1db/0x2d0 [ 28.269668] ? kasan_atomics_helper+0x1217/0x5450 [ 28.269691] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.269719] ? kasan_atomics_helper+0x1217/0x5450 [ 28.269743] kasan_report+0x141/0x180 [ 28.269767] ? kasan_atomics_helper+0x1217/0x5450 [ 28.269794] kasan_check_range+0x10c/0x1c0 [ 28.269820] __kasan_check_write+0x18/0x20 [ 28.269859] kasan_atomics_helper+0x1217/0x5450 [ 28.269884] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.269909] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.269935] ? kasan_atomics+0x152/0x310 [ 28.269962] kasan_atomics+0x1dc/0x310 [ 28.269988] ? __pfx_kasan_atomics+0x10/0x10 [ 28.270015] ? __pfx_read_tsc+0x10/0x10 [ 28.270038] ? ktime_get_ts64+0x86/0x230 [ 28.270065] kunit_try_run_case+0x1a5/0x480 [ 28.270091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.270116] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.270145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.270173] ? __kthread_parkme+0x82/0x180 [ 28.270195] ? preempt_count_sub+0x50/0x80 [ 28.270219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.270245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.270271] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.270297] kthread+0x337/0x6f0 [ 28.270320] ? trace_preempt_on+0x20/0xc0 [ 28.270345] ? __pfx_kthread+0x10/0x10 [ 28.270367] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.270392] ? calculate_sigpending+0x7b/0xa0 [ 28.270418] ? __pfx_kthread+0x10/0x10 [ 28.270441] ret_from_fork+0x116/0x1d0 [ 28.270463] ? __pfx_kthread+0x10/0x10 [ 28.270487] ret_from_fork_asm+0x1a/0x30 [ 28.270520] </TASK> [ 28.270533] [ 28.281880] Allocated by task 313: [ 28.282169] kasan_save_stack+0x45/0x70 [ 28.282540] kasan_save_track+0x18/0x40 [ 28.282727] kasan_save_alloc_info+0x3b/0x50 [ 28.282937] __kasan_kmalloc+0xb7/0xc0 [ 28.283117] __kmalloc_cache_noprof+0x189/0x420 [ 28.283495] kasan_atomics+0x95/0x310 [ 28.283937] kunit_try_run_case+0x1a5/0x480 [ 28.284228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.284580] kthread+0x337/0x6f0 [ 28.284730] ret_from_fork+0x116/0x1d0 [ 28.285095] ret_from_fork_asm+0x1a/0x30 [ 28.285392] [ 28.285569] The buggy address belongs to the object at ffff8881058a7e80 [ 28.285569] which belongs to the cache kmalloc-64 of size 64 [ 28.286234] The buggy address is located 0 bytes to the right of [ 28.286234] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.287015] [ 28.287167] The buggy address belongs to the physical page: [ 28.287484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.287914] flags: 0x200000000000000(node=0|zone=2) [ 28.288114] page_type: f5(slab) [ 28.288376] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.288920] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.289352] page dumped because: kasan: bad access detected [ 28.289649] [ 28.289811] Memory state around the buggy address: [ 28.290327] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.290770] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.291156] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.291449] ^ [ 28.291871] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.292321] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.292784] ================================================================== [ 28.555956] ================================================================== [ 28.556430] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 28.557005] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.557341] [ 28.557465] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.557516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.557530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.557553] Call Trace: [ 28.557570] <TASK> [ 28.557645] dump_stack_lvl+0x73/0xb0 [ 28.557676] print_report+0xd1/0x640 [ 28.557701] ? __virt_addr_valid+0x1db/0x2d0 [ 28.557726] ? kasan_atomics_helper+0x177f/0x5450 [ 28.557749] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.557778] ? kasan_atomics_helper+0x177f/0x5450 [ 28.557801] kasan_report+0x141/0x180 [ 28.557825] ? kasan_atomics_helper+0x177f/0x5450 [ 28.557868] kasan_check_range+0x10c/0x1c0 [ 28.557893] __kasan_check_write+0x18/0x20 [ 28.557953] kasan_atomics_helper+0x177f/0x5450 [ 28.557979] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.558004] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.558030] ? kasan_atomics+0x152/0x310 [ 28.558058] kasan_atomics+0x1dc/0x310 [ 28.558083] ? __pfx_kasan_atomics+0x10/0x10 [ 28.558110] ? __pfx_read_tsc+0x10/0x10 [ 28.558133] ? ktime_get_ts64+0x86/0x230 [ 28.558159] kunit_try_run_case+0x1a5/0x480 [ 28.558188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.558214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.558241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.558269] ? __kthread_parkme+0x82/0x180 [ 28.558291] ? preempt_count_sub+0x50/0x80 [ 28.558316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.558342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.558368] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.558394] kthread+0x337/0x6f0 [ 28.558416] ? trace_preempt_on+0x20/0xc0 [ 28.558441] ? __pfx_kthread+0x10/0x10 [ 28.558463] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.558489] ? calculate_sigpending+0x7b/0xa0 [ 28.558514] ? __pfx_kthread+0x10/0x10 [ 28.558585] ret_from_fork+0x116/0x1d0 [ 28.558609] ? __pfx_kthread+0x10/0x10 [ 28.558632] ret_from_fork_asm+0x1a/0x30 [ 28.558665] </TASK> [ 28.558678] [ 28.576882] Allocated by task 313: [ 28.577551] kasan_save_stack+0x45/0x70 [ 28.578151] kasan_save_track+0x18/0x40 [ 28.578717] kasan_save_alloc_info+0x3b/0x50 [ 28.579343] __kasan_kmalloc+0xb7/0xc0 [ 28.579916] __kmalloc_cache_noprof+0x189/0x420 [ 28.580441] kasan_atomics+0x95/0x310 [ 28.580671] kunit_try_run_case+0x1a5/0x480 [ 28.580826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.581026] kthread+0x337/0x6f0 [ 28.581152] ret_from_fork+0x116/0x1d0 [ 28.581985] ret_from_fork_asm+0x1a/0x30 [ 28.583918] [ 28.584006] The buggy address belongs to the object at ffff8881058a7e80 [ 28.584006] which belongs to the cache kmalloc-64 of size 64 [ 28.585058] The buggy address is located 0 bytes to the right of [ 28.585058] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.585876] [ 28.585963] The buggy address belongs to the physical page: [ 28.586171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.586930] flags: 0x200000000000000(node=0|zone=2) [ 28.587403] page_type: f5(slab) [ 28.587964] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.588693] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.589337] page dumped because: kasan: bad access detected [ 28.589519] [ 28.589589] Memory state around the buggy address: [ 28.589756] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.589993] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.590288] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.590579] ^ [ 28.590786] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.591118] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.591469] ================================================================== [ 28.779717] ================================================================== [ 28.780046] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 28.780561] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.780797] [ 28.780981] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.781061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.781077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.781099] Call Trace: [ 28.781117] <TASK> [ 28.781134] dump_stack_lvl+0x73/0xb0 [ 28.781164] print_report+0xd1/0x640 [ 28.781189] ? __virt_addr_valid+0x1db/0x2d0 [ 28.781216] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.781240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.781267] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.781290] kasan_report+0x141/0x180 [ 28.781335] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.781365] __asan_report_load8_noabort+0x18/0x20 [ 28.781392] kasan_atomics_helper+0x4f30/0x5450 [ 28.781416] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.781440] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.781512] ? kasan_atomics+0x152/0x310 [ 28.781541] kasan_atomics+0x1dc/0x310 [ 28.781567] ? __pfx_kasan_atomics+0x10/0x10 [ 28.781592] ? __pfx_read_tsc+0x10/0x10 [ 28.781616] ? ktime_get_ts64+0x86/0x230 [ 28.781642] kunit_try_run_case+0x1a5/0x480 [ 28.781669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.781693] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.781720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.781747] ? __kthread_parkme+0x82/0x180 [ 28.781768] ? preempt_count_sub+0x50/0x80 [ 28.781794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.781819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.781855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.781881] kthread+0x337/0x6f0 [ 28.781902] ? trace_preempt_on+0x20/0xc0 [ 28.781927] ? __pfx_kthread+0x10/0x10 [ 28.781949] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.781975] ? calculate_sigpending+0x7b/0xa0 [ 28.782000] ? __pfx_kthread+0x10/0x10 [ 28.782024] ret_from_fork+0x116/0x1d0 [ 28.782045] ? __pfx_kthread+0x10/0x10 [ 28.782068] ret_from_fork_asm+0x1a/0x30 [ 28.782100] </TASK> [ 28.782112] [ 28.791574] Allocated by task 313: [ 28.791930] kasan_save_stack+0x45/0x70 [ 28.792090] kasan_save_track+0x18/0x40 [ 28.792590] kasan_save_alloc_info+0x3b/0x50 [ 28.793026] __kasan_kmalloc+0xb7/0xc0 [ 28.793392] __kmalloc_cache_noprof+0x189/0x420 [ 28.793843] kasan_atomics+0x95/0x310 [ 28.794026] kunit_try_run_case+0x1a5/0x480 [ 28.794218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.794694] kthread+0x337/0x6f0 [ 28.795006] ret_from_fork+0x116/0x1d0 [ 28.795487] ret_from_fork_asm+0x1a/0x30 [ 28.795819] [ 28.795920] The buggy address belongs to the object at ffff8881058a7e80 [ 28.795920] which belongs to the cache kmalloc-64 of size 64 [ 28.796774] The buggy address is located 0 bytes to the right of [ 28.796774] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.797827] [ 28.797942] The buggy address belongs to the physical page: [ 28.798180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.798848] flags: 0x200000000000000(node=0|zone=2) [ 28.799317] page_type: f5(slab) [ 28.799704] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.800019] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.800628] page dumped because: kasan: bad access detected [ 28.800969] [ 28.801196] Memory state around the buggy address: [ 28.801421] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.801897] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.802439] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.802947] ^ [ 28.803161] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.803460] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.803741] ================================================================== [ 28.219183] ================================================================== [ 28.219604] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 28.219890] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.220403] [ 28.220589] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.220643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.220659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.220683] Call Trace: [ 28.220701] <TASK> [ 28.220717] dump_stack_lvl+0x73/0xb0 [ 28.220747] print_report+0xd1/0x640 [ 28.220772] ? __virt_addr_valid+0x1db/0x2d0 [ 28.220796] ? kasan_atomics_helper+0x1148/0x5450 [ 28.220819] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.220862] ? kasan_atomics_helper+0x1148/0x5450 [ 28.220892] kasan_report+0x141/0x180 [ 28.220918] ? kasan_atomics_helper+0x1148/0x5450 [ 28.220947] kasan_check_range+0x10c/0x1c0 [ 28.220973] __kasan_check_write+0x18/0x20 [ 28.221001] kasan_atomics_helper+0x1148/0x5450 [ 28.221026] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.221049] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.221076] ? kasan_atomics+0x152/0x310 [ 28.221104] kasan_atomics+0x1dc/0x310 [ 28.221129] ? __pfx_kasan_atomics+0x10/0x10 [ 28.221156] ? __pfx_read_tsc+0x10/0x10 [ 28.221501] ? ktime_get_ts64+0x86/0x230 [ 28.221528] kunit_try_run_case+0x1a5/0x480 [ 28.221556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.221581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.221608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.221636] ? __kthread_parkme+0x82/0x180 [ 28.221658] ? preempt_count_sub+0x50/0x80 [ 28.221682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.221708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.221734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.221759] kthread+0x337/0x6f0 [ 28.221781] ? trace_preempt_on+0x20/0xc0 [ 28.221806] ? __pfx_kthread+0x10/0x10 [ 28.221840] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.221868] ? calculate_sigpending+0x7b/0xa0 [ 28.221893] ? __pfx_kthread+0x10/0x10 [ 28.221918] ret_from_fork+0x116/0x1d0 [ 28.221938] ? __pfx_kthread+0x10/0x10 [ 28.221961] ret_from_fork_asm+0x1a/0x30 [ 28.221994] </TASK> [ 28.222007] [ 28.232422] Allocated by task 313: [ 28.232643] kasan_save_stack+0x45/0x70 [ 28.232850] kasan_save_track+0x18/0x40 [ 28.232993] kasan_save_alloc_info+0x3b/0x50 [ 28.233243] __kasan_kmalloc+0xb7/0xc0 [ 28.233878] __kmalloc_cache_noprof+0x189/0x420 [ 28.234122] kasan_atomics+0x95/0x310 [ 28.234327] kunit_try_run_case+0x1a5/0x480 [ 28.234611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.235034] kthread+0x337/0x6f0 [ 28.235354] ret_from_fork+0x116/0x1d0 [ 28.235544] ret_from_fork_asm+0x1a/0x30 [ 28.235735] [ 28.235869] The buggy address belongs to the object at ffff8881058a7e80 [ 28.235869] which belongs to the cache kmalloc-64 of size 64 [ 28.236325] The buggy address is located 0 bytes to the right of [ 28.236325] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.237295] [ 28.237397] The buggy address belongs to the physical page: [ 28.237597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.238125] flags: 0x200000000000000(node=0|zone=2) [ 28.238358] page_type: f5(slab) [ 28.238681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.239144] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.239426] page dumped because: kasan: bad access detected [ 28.239877] [ 28.239975] Memory state around the buggy address: [ 28.240161] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.240692] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.241006] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.241401] ^ [ 28.241776] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.242040] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.242499] ================================================================== [ 27.473954] ================================================================== [ 27.475688] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 27.476847] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.477249] [ 27.477386] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.477439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.477452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.477526] Call Trace: [ 27.477579] <TASK> [ 27.477597] dump_stack_lvl+0x73/0xb0 [ 27.477632] print_report+0xd1/0x640 [ 27.477655] ? __virt_addr_valid+0x1db/0x2d0 [ 27.477681] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.477703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.477760] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.477784] kasan_report+0x141/0x180 [ 27.477807] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.477845] __asan_report_load4_noabort+0x18/0x20 [ 27.477870] kasan_atomics_helper+0x4bbc/0x5450 [ 27.477894] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.477918] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.477976] ? kasan_atomics+0x152/0x310 [ 27.478004] kasan_atomics+0x1dc/0x310 [ 27.478027] ? __pfx_kasan_atomics+0x10/0x10 [ 27.478052] ? __pfx_read_tsc+0x10/0x10 [ 27.478075] ? ktime_get_ts64+0x86/0x230 [ 27.478129] kunit_try_run_case+0x1a5/0x480 [ 27.478180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.478227] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.478265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.478291] ? __kthread_parkme+0x82/0x180 [ 27.478312] ? preempt_count_sub+0x50/0x80 [ 27.478336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.478360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.478385] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.478409] kthread+0x337/0x6f0 [ 27.478430] ? trace_preempt_on+0x20/0xc0 [ 27.478453] ? __pfx_kthread+0x10/0x10 [ 27.478492] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.478516] ? calculate_sigpending+0x7b/0xa0 [ 27.478541] ? __pfx_kthread+0x10/0x10 [ 27.478563] ret_from_fork+0x116/0x1d0 [ 27.478583] ? __pfx_kthread+0x10/0x10 [ 27.478604] ret_from_fork_asm+0x1a/0x30 [ 27.478635] </TASK> [ 27.478647] [ 27.489311] Allocated by task 313: [ 27.489517] kasan_save_stack+0x45/0x70 [ 27.489824] kasan_save_track+0x18/0x40 [ 27.489977] kasan_save_alloc_info+0x3b/0x50 [ 27.490123] __kasan_kmalloc+0xb7/0xc0 [ 27.490402] __kmalloc_cache_noprof+0x189/0x420 [ 27.491005] kasan_atomics+0x95/0x310 [ 27.491219] kunit_try_run_case+0x1a5/0x480 [ 27.491552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.491862] kthread+0x337/0x6f0 [ 27.492048] ret_from_fork+0x116/0x1d0 [ 27.492241] ret_from_fork_asm+0x1a/0x30 [ 27.492525] [ 27.492636] The buggy address belongs to the object at ffff8881058a7e80 [ 27.492636] which belongs to the cache kmalloc-64 of size 64 [ 27.493336] The buggy address is located 0 bytes to the right of [ 27.493336] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.494046] [ 27.494154] The buggy address belongs to the physical page: [ 27.494455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.495042] flags: 0x200000000000000(node=0|zone=2) [ 27.495383] page_type: f5(slab) [ 27.495512] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.496091] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.496529] page dumped because: kasan: bad access detected [ 27.496732] [ 27.496886] Memory state around the buggy address: [ 27.497111] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.497439] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.497846] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.498200] ^ [ 27.498429] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.498893] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.499280] ================================================================== [ 29.149998] ================================================================== [ 29.150502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.151073] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.151583] [ 29.151791] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.151851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.151867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.151891] Call Trace: [ 29.151908] <TASK> [ 29.151925] dump_stack_lvl+0x73/0xb0 [ 29.151954] print_report+0xd1/0x640 [ 29.151979] ? __virt_addr_valid+0x1db/0x2d0 [ 29.152004] ? kasan_atomics_helper+0x5115/0x5450 [ 29.152027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.152055] ? kasan_atomics_helper+0x5115/0x5450 [ 29.152103] kasan_report+0x141/0x180 [ 29.152127] ? kasan_atomics_helper+0x5115/0x5450 [ 29.152156] __asan_report_load8_noabort+0x18/0x20 [ 29.152194] kasan_atomics_helper+0x5115/0x5450 [ 29.152218] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.152242] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.152269] ? kasan_atomics+0x152/0x310 [ 29.152298] kasan_atomics+0x1dc/0x310 [ 29.152323] ? __pfx_kasan_atomics+0x10/0x10 [ 29.152350] ? __pfx_read_tsc+0x10/0x10 [ 29.152375] ? ktime_get_ts64+0x86/0x230 [ 29.152401] kunit_try_run_case+0x1a5/0x480 [ 29.152429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.152454] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.152496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.152525] ? __kthread_parkme+0x82/0x180 [ 29.152547] ? preempt_count_sub+0x50/0x80 [ 29.152572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.152599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.152625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.152651] kthread+0x337/0x6f0 [ 29.152672] ? trace_preempt_on+0x20/0xc0 [ 29.152697] ? __pfx_kthread+0x10/0x10 [ 29.152720] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.152746] ? calculate_sigpending+0x7b/0xa0 [ 29.152772] ? __pfx_kthread+0x10/0x10 [ 29.152796] ret_from_fork+0x116/0x1d0 [ 29.152817] ? __pfx_kthread+0x10/0x10 [ 29.152850] ret_from_fork_asm+0x1a/0x30 [ 29.152888] </TASK> [ 29.152900] [ 29.164759] Allocated by task 313: [ 29.164922] kasan_save_stack+0x45/0x70 [ 29.165067] kasan_save_track+0x18/0x40 [ 29.165298] kasan_save_alloc_info+0x3b/0x50 [ 29.165671] __kasan_kmalloc+0xb7/0xc0 [ 29.166084] __kmalloc_cache_noprof+0x189/0x420 [ 29.166590] kasan_atomics+0x95/0x310 [ 29.166990] kunit_try_run_case+0x1a5/0x480 [ 29.167448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.167965] kthread+0x337/0x6f0 [ 29.168284] ret_from_fork+0x116/0x1d0 [ 29.168667] ret_from_fork_asm+0x1a/0x30 [ 29.169083] [ 29.169241] The buggy address belongs to the object at ffff8881058a7e80 [ 29.169241] which belongs to the cache kmalloc-64 of size 64 [ 29.170008] The buggy address is located 0 bytes to the right of [ 29.170008] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.170411] [ 29.170483] The buggy address belongs to the physical page: [ 29.170686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.171358] flags: 0x200000000000000(node=0|zone=2) [ 29.171781] page_type: f5(slab) [ 29.172298] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.172708] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.173438] page dumped because: kasan: bad access detected [ 29.173999] [ 29.174076] Memory state around the buggy address: [ 29.174353] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.175036] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.175535] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.176151] ^ [ 29.176385] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.176900] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.177688] ================================================================== [ 28.694579] ================================================================== [ 28.694874] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 28.695402] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.696036] [ 28.696141] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.696192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.696208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.696230] Call Trace: [ 28.696247] <TASK> [ 28.696265] dump_stack_lvl+0x73/0xb0 [ 28.696295] print_report+0xd1/0x640 [ 28.696319] ? __virt_addr_valid+0x1db/0x2d0 [ 28.696346] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.696397] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696422] kasan_report+0x141/0x180 [ 28.696446] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.696487] kasan_check_range+0x10c/0x1c0 [ 28.696513] __kasan_check_write+0x18/0x20 [ 28.696539] kasan_atomics_helper+0x1a7f/0x5450 [ 28.696564] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.696588] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.696616] ? kasan_atomics+0x152/0x310 [ 28.696645] kasan_atomics+0x1dc/0x310 [ 28.696670] ? __pfx_kasan_atomics+0x10/0x10 [ 28.696696] ? __pfx_read_tsc+0x10/0x10 [ 28.696719] ? ktime_get_ts64+0x86/0x230 [ 28.696745] kunit_try_run_case+0x1a5/0x480 [ 28.696771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.696796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.696823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.696862] ? __kthread_parkme+0x82/0x180 [ 28.696890] ? preempt_count_sub+0x50/0x80 [ 28.696915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.696941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.696967] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.696996] kthread+0x337/0x6f0 [ 28.697018] ? trace_preempt_on+0x20/0xc0 [ 28.697045] ? __pfx_kthread+0x10/0x10 [ 28.697067] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.697093] ? calculate_sigpending+0x7b/0xa0 [ 28.697118] ? __pfx_kthread+0x10/0x10 [ 28.697142] ret_from_fork+0x116/0x1d0 [ 28.697385] ? __pfx_kthread+0x10/0x10 [ 28.697417] ret_from_fork_asm+0x1a/0x30 [ 28.697452] </TASK> [ 28.697464] [ 28.713903] Allocated by task 313: [ 28.714044] kasan_save_stack+0x45/0x70 [ 28.714213] kasan_save_track+0x18/0x40 [ 28.714618] kasan_save_alloc_info+0x3b/0x50 [ 28.715067] __kasan_kmalloc+0xb7/0xc0 [ 28.715494] __kmalloc_cache_noprof+0x189/0x420 [ 28.715948] kasan_atomics+0x95/0x310 [ 28.716342] kunit_try_run_case+0x1a5/0x480 [ 28.716739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.717020] kthread+0x337/0x6f0 [ 28.717348] ret_from_fork+0x116/0x1d0 [ 28.717742] ret_from_fork_asm+0x1a/0x30 [ 28.718173] [ 28.718283] The buggy address belongs to the object at ffff8881058a7e80 [ 28.718283] which belongs to the cache kmalloc-64 of size 64 [ 28.719234] The buggy address is located 0 bytes to the right of [ 28.719234] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.720401] [ 28.720654] The buggy address belongs to the physical page: [ 28.720842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.721129] flags: 0x200000000000000(node=0|zone=2) [ 28.721614] page_type: f5(slab) [ 28.722014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.722843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.723615] page dumped because: kasan: bad access detected [ 28.724198] [ 28.724352] Memory state around the buggy address: [ 28.724855] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.725411] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.725712] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.725939] ^ [ 28.726091] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.726355] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.726631] ================================================================== [ 27.638233] ================================================================== [ 27.638610] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 27.638963] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.639294] [ 27.639380] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.639439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.639519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.639542] Call Trace: [ 27.639558] <TASK> [ 27.639584] dump_stack_lvl+0x73/0xb0 [ 27.639613] print_report+0xd1/0x640 [ 27.639637] ? __virt_addr_valid+0x1db/0x2d0 [ 27.639674] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.639697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.639724] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.639748] kasan_report+0x141/0x180 [ 27.639772] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.639800] __asan_report_store4_noabort+0x1b/0x30 [ 27.639827] kasan_atomics_helper+0x4b3a/0x5450 [ 27.639863] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.639888] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.639917] ? kasan_atomics+0x152/0x310 [ 27.639946] kasan_atomics+0x1dc/0x310 [ 27.639971] ? __pfx_kasan_atomics+0x10/0x10 [ 27.639996] ? __pfx_read_tsc+0x10/0x10 [ 27.640020] ? ktime_get_ts64+0x86/0x230 [ 27.640053] kunit_try_run_case+0x1a5/0x480 [ 27.640080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.640104] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.640142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.640170] ? __kthread_parkme+0x82/0x180 [ 27.640211] ? preempt_count_sub+0x50/0x80 [ 27.640235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.640261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.640287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.640313] kthread+0x337/0x6f0 [ 27.640334] ? trace_preempt_on+0x20/0xc0 [ 27.640359] ? __pfx_kthread+0x10/0x10 [ 27.640381] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.640407] ? calculate_sigpending+0x7b/0xa0 [ 27.640431] ? __pfx_kthread+0x10/0x10 [ 27.640510] ret_from_fork+0x116/0x1d0 [ 27.640533] ? __pfx_kthread+0x10/0x10 [ 27.640555] ret_from_fork_asm+0x1a/0x30 [ 27.640598] </TASK> [ 27.640611] [ 27.648884] Allocated by task 313: [ 27.649040] kasan_save_stack+0x45/0x70 [ 27.649283] kasan_save_track+0x18/0x40 [ 27.649548] kasan_save_alloc_info+0x3b/0x50 [ 27.649785] __kasan_kmalloc+0xb7/0xc0 [ 27.649972] __kmalloc_cache_noprof+0x189/0x420 [ 27.650189] kasan_atomics+0x95/0x310 [ 27.650394] kunit_try_run_case+0x1a5/0x480 [ 27.650620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.650896] kthread+0x337/0x6f0 [ 27.651067] ret_from_fork+0x116/0x1d0 [ 27.651256] ret_from_fork_asm+0x1a/0x30 [ 27.651500] [ 27.651628] The buggy address belongs to the object at ffff8881058a7e80 [ 27.651628] which belongs to the cache kmalloc-64 of size 64 [ 27.652060] The buggy address is located 0 bytes to the right of [ 27.652060] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.652450] [ 27.652519] The buggy address belongs to the physical page: [ 27.652856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.653247] flags: 0x200000000000000(node=0|zone=2) [ 27.653635] page_type: f5(slab) [ 27.653814] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.654137] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.654546] page dumped because: kasan: bad access detected [ 27.654774] [ 27.654880] Memory state around the buggy address: [ 27.655111] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.655357] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.655771] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.656102] ^ [ 27.656359] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.656741] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.657069] ================================================================== [ 27.553308] ================================================================== [ 27.553789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 27.554126] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.554559] [ 27.554674] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.554725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.554740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.554828] Call Trace: [ 27.554857] <TASK> [ 27.554874] dump_stack_lvl+0x73/0xb0 [ 27.554904] print_report+0xd1/0x640 [ 27.554929] ? __virt_addr_valid+0x1db/0x2d0 [ 27.554954] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.554978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.555007] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.555031] kasan_report+0x141/0x180 [ 27.555055] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.555082] __asan_report_store4_noabort+0x1b/0x30 [ 27.555110] kasan_atomics_helper+0x4b6e/0x5450 [ 27.555135] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.555160] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.555223] ? kasan_atomics+0x152/0x310 [ 27.555253] kasan_atomics+0x1dc/0x310 [ 27.555278] ? __pfx_kasan_atomics+0x10/0x10 [ 27.555304] ? __pfx_read_tsc+0x10/0x10 [ 27.555328] ? ktime_get_ts64+0x86/0x230 [ 27.555354] kunit_try_run_case+0x1a5/0x480 [ 27.555381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.555422] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.555449] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.555477] ? __kthread_parkme+0x82/0x180 [ 27.555499] ? preempt_count_sub+0x50/0x80 [ 27.555567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.555594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.555620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.555645] kthread+0x337/0x6f0 [ 27.555667] ? trace_preempt_on+0x20/0xc0 [ 27.555692] ? __pfx_kthread+0x10/0x10 [ 27.555715] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.555740] ? calculate_sigpending+0x7b/0xa0 [ 27.555765] ? __pfx_kthread+0x10/0x10 [ 27.555789] ret_from_fork+0x116/0x1d0 [ 27.555810] ? __pfx_kthread+0x10/0x10 [ 27.555846] ret_from_fork_asm+0x1a/0x30 [ 27.555879] </TASK> [ 27.555893] [ 27.564078] Allocated by task 313: [ 27.564214] kasan_save_stack+0x45/0x70 [ 27.564586] kasan_save_track+0x18/0x40 [ 27.564807] kasan_save_alloc_info+0x3b/0x50 [ 27.565040] __kasan_kmalloc+0xb7/0xc0 [ 27.565282] __kmalloc_cache_noprof+0x189/0x420 [ 27.565446] kasan_atomics+0x95/0x310 [ 27.565583] kunit_try_run_case+0x1a5/0x480 [ 27.565730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.565956] kthread+0x337/0x6f0 [ 27.566124] ret_from_fork+0x116/0x1d0 [ 27.566384] ret_from_fork_asm+0x1a/0x30 [ 27.566582] [ 27.566675] The buggy address belongs to the object at ffff8881058a7e80 [ 27.566675] which belongs to the cache kmalloc-64 of size 64 [ 27.567958] The buggy address is located 0 bytes to the right of [ 27.567958] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.569285] [ 27.569378] The buggy address belongs to the physical page: [ 27.570087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.570768] flags: 0x200000000000000(node=0|zone=2) [ 27.571242] page_type: f5(slab) [ 27.571410] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.572061] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.572877] page dumped because: kasan: bad access detected [ 27.573282] [ 27.573498] Memory state around the buggy address: [ 27.573724] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.574022] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.574696] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.575399] ^ [ 27.575933] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.576392] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.576888] ================================================================== [ 27.826975] ================================================================== [ 27.827284] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 27.827732] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.828064] [ 27.828177] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.828229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.828244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.828267] Call Trace: [ 27.828284] <TASK> [ 27.828300] dump_stack_lvl+0x73/0xb0 [ 27.828331] print_report+0xd1/0x640 [ 27.828356] ? __virt_addr_valid+0x1db/0x2d0 [ 27.828381] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.828405] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.828434] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.828512] kasan_report+0x141/0x180 [ 27.828540] ? kasan_atomics_helper+0x8f9/0x5450 [ 27.828568] kasan_check_range+0x10c/0x1c0 [ 27.828595] __kasan_check_write+0x18/0x20 [ 27.828620] kasan_atomics_helper+0x8f9/0x5450 [ 27.828645] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.828669] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.828696] ? kasan_atomics+0x152/0x310 [ 27.828725] kasan_atomics+0x1dc/0x310 [ 27.828750] ? __pfx_kasan_atomics+0x10/0x10 [ 27.828776] ? __pfx_read_tsc+0x10/0x10 [ 27.828800] ? ktime_get_ts64+0x86/0x230 [ 27.828826] kunit_try_run_case+0x1a5/0x480 [ 27.828873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.828898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.828926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.828952] ? __kthread_parkme+0x82/0x180 [ 27.828974] ? preempt_count_sub+0x50/0x80 [ 27.828999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.829025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.829050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.829076] kthread+0x337/0x6f0 [ 27.829097] ? trace_preempt_on+0x20/0xc0 [ 27.829121] ? __pfx_kthread+0x10/0x10 [ 27.829144] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.829182] ? calculate_sigpending+0x7b/0xa0 [ 27.829209] ? __pfx_kthread+0x10/0x10 [ 27.829235] ret_from_fork+0x116/0x1d0 [ 27.829259] ? __pfx_kthread+0x10/0x10 [ 27.829282] ret_from_fork_asm+0x1a/0x30 [ 27.829315] </TASK> [ 27.829328] [ 27.839277] Allocated by task 313: [ 27.839899] kasan_save_stack+0x45/0x70 [ 27.840140] kasan_save_track+0x18/0x40 [ 27.840343] kasan_save_alloc_info+0x3b/0x50 [ 27.840558] __kasan_kmalloc+0xb7/0xc0 [ 27.840751] __kmalloc_cache_noprof+0x189/0x420 [ 27.840996] kasan_atomics+0x95/0x310 [ 27.841175] kunit_try_run_case+0x1a5/0x480 [ 27.841375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.841633] kthread+0x337/0x6f0 [ 27.841792] ret_from_fork+0x116/0x1d0 [ 27.842228] ret_from_fork_asm+0x1a/0x30 [ 27.842400] [ 27.842566] The buggy address belongs to the object at ffff8881058a7e80 [ 27.842566] which belongs to the cache kmalloc-64 of size 64 [ 27.843269] The buggy address is located 0 bytes to the right of [ 27.843269] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.843909] [ 27.844043] The buggy address belongs to the physical page: [ 27.844358] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.844849] flags: 0x200000000000000(node=0|zone=2) [ 27.845096] page_type: f5(slab) [ 27.845291] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.845730] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.846119] page dumped because: kasan: bad access detected [ 27.846664] [ 27.846795] Memory state around the buggy address: [ 27.847031] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.847423] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.847807] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.848161] ^ [ 27.848354] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.848807] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.849147] ================================================================== [ 28.907726] ================================================================== [ 28.908066] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 28.908429] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.908775] [ 28.908893] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.908943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.908959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.908982] Call Trace: [ 28.908999] <TASK> [ 28.909015] dump_stack_lvl+0x73/0xb0 [ 28.909044] print_report+0xd1/0x640 [ 28.909069] ? __virt_addr_valid+0x1db/0x2d0 [ 28.909095] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.909118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.909186] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.909226] kasan_report+0x141/0x180 [ 28.909264] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.909293] kasan_check_range+0x10c/0x1c0 [ 28.909319] __kasan_check_write+0x18/0x20 [ 28.909344] kasan_atomics_helper+0x1f43/0x5450 [ 28.909368] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.909393] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.909419] ? kasan_atomics+0x152/0x310 [ 28.909465] kasan_atomics+0x1dc/0x310 [ 28.909491] ? __pfx_kasan_atomics+0x10/0x10 [ 28.909517] ? __pfx_read_tsc+0x10/0x10 [ 28.909541] ? ktime_get_ts64+0x86/0x230 [ 28.909566] kunit_try_run_case+0x1a5/0x480 [ 28.909592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.909617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.909644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.909670] ? __kthread_parkme+0x82/0x180 [ 28.909692] ? preempt_count_sub+0x50/0x80 [ 28.909717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.909742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.909768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.909794] kthread+0x337/0x6f0 [ 28.909815] ? trace_preempt_on+0x20/0xc0 [ 28.909850] ? __pfx_kthread+0x10/0x10 [ 28.909873] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.909899] ? calculate_sigpending+0x7b/0xa0 [ 28.909924] ? __pfx_kthread+0x10/0x10 [ 28.909947] ret_from_fork+0x116/0x1d0 [ 28.909987] ? __pfx_kthread+0x10/0x10 [ 28.910010] ret_from_fork_asm+0x1a/0x30 [ 28.910042] </TASK> [ 28.910054] [ 28.918272] Allocated by task 313: [ 28.918398] kasan_save_stack+0x45/0x70 [ 28.918792] kasan_save_track+0x18/0x40 [ 28.919204] kasan_save_alloc_info+0x3b/0x50 [ 28.919435] __kasan_kmalloc+0xb7/0xc0 [ 28.919670] __kmalloc_cache_noprof+0x189/0x420 [ 28.919952] kasan_atomics+0x95/0x310 [ 28.920177] kunit_try_run_case+0x1a5/0x480 [ 28.920411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.921027] kthread+0x337/0x6f0 [ 28.921710] ret_from_fork+0x116/0x1d0 [ 28.921920] ret_from_fork_asm+0x1a/0x30 [ 28.922182] [ 28.922302] The buggy address belongs to the object at ffff8881058a7e80 [ 28.922302] which belongs to the cache kmalloc-64 of size 64 [ 28.924243] The buggy address is located 0 bytes to the right of [ 28.924243] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.925773] [ 28.925875] The buggy address belongs to the physical page: [ 28.926061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.926328] flags: 0x200000000000000(node=0|zone=2) [ 28.926843] page_type: f5(slab) [ 28.927243] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.928127] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.928931] page dumped because: kasan: bad access detected [ 28.929327] [ 28.929399] Memory state around the buggy address: [ 28.929843] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.930487] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.930954] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.931202] ^ [ 28.931692] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.932430] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.933108] ================================================================== [ 28.338566] ================================================================== [ 28.339959] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 28.341204] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.341452] [ 28.341897] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.341953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.341967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.342126] Call Trace: [ 28.342145] <TASK> [ 28.342187] dump_stack_lvl+0x73/0xb0 [ 28.342220] print_report+0xd1/0x640 [ 28.342247] ? __virt_addr_valid+0x1db/0x2d0 [ 28.342272] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.342296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.342323] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.342353] kasan_report+0x141/0x180 [ 28.342377] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.342406] __asan_report_load4_noabort+0x18/0x20 [ 28.342432] kasan_atomics_helper+0x49ce/0x5450 [ 28.342483] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.342508] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.342535] ? kasan_atomics+0x152/0x310 [ 28.342562] kasan_atomics+0x1dc/0x310 [ 28.342587] ? __pfx_kasan_atomics+0x10/0x10 [ 28.342613] ? __pfx_read_tsc+0x10/0x10 [ 28.342636] ? ktime_get_ts64+0x86/0x230 [ 28.342662] kunit_try_run_case+0x1a5/0x480 [ 28.342689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.342714] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.342741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.342767] ? __kthread_parkme+0x82/0x180 [ 28.342788] ? preempt_count_sub+0x50/0x80 [ 28.342813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.342849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.342874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.342900] kthread+0x337/0x6f0 [ 28.342921] ? trace_preempt_on+0x20/0xc0 [ 28.342945] ? __pfx_kthread+0x10/0x10 [ 28.342968] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.342993] ? calculate_sigpending+0x7b/0xa0 [ 28.343018] ? __pfx_kthread+0x10/0x10 [ 28.343041] ret_from_fork+0x116/0x1d0 [ 28.343064] ? __pfx_kthread+0x10/0x10 [ 28.343086] ret_from_fork_asm+0x1a/0x30 [ 28.343119] </TASK> [ 28.343132] [ 28.360456] Allocated by task 313: [ 28.361081] kasan_save_stack+0x45/0x70 [ 28.361308] kasan_save_track+0x18/0x40 [ 28.361452] kasan_save_alloc_info+0x3b/0x50 [ 28.361612] __kasan_kmalloc+0xb7/0xc0 [ 28.362313] __kmalloc_cache_noprof+0x189/0x420 [ 28.362916] kasan_atomics+0x95/0x310 [ 28.363418] kunit_try_run_case+0x1a5/0x480 [ 28.364062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.364512] kthread+0x337/0x6f0 [ 28.364649] ret_from_fork+0x116/0x1d0 [ 28.364788] ret_from_fork_asm+0x1a/0x30 [ 28.364946] [ 28.365020] The buggy address belongs to the object at ffff8881058a7e80 [ 28.365020] which belongs to the cache kmalloc-64 of size 64 [ 28.365933] The buggy address is located 0 bytes to the right of [ 28.365933] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.366855] [ 28.366966] The buggy address belongs to the physical page: [ 28.367432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.367923] flags: 0x200000000000000(node=0|zone=2) [ 28.368325] page_type: f5(slab) [ 28.368648] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.369001] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.369748] page dumped because: kasan: bad access detected [ 28.370055] [ 28.370301] Memory state around the buggy address: [ 28.370780] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.371283] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.371927] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.372394] ^ [ 28.373040] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.373756] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.374351] ================================================================== [ 28.751258] ================================================================== [ 28.751673] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 28.752290] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.752823] [ 28.753001] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.753091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.753106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.753129] Call Trace: [ 28.753148] <TASK> [ 28.753165] dump_stack_lvl+0x73/0xb0 [ 28.753195] print_report+0xd1/0x640 [ 28.753220] ? __virt_addr_valid+0x1db/0x2d0 [ 28.753281] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.753307] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.753337] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.753361] kasan_report+0x141/0x180 [ 28.753387] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.753444] kasan_check_range+0x10c/0x1c0 [ 28.753471] __kasan_check_write+0x18/0x20 [ 28.753496] kasan_atomics_helper+0x1c18/0x5450 [ 28.753590] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.753615] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.753681] ? kasan_atomics+0x152/0x310 [ 28.753710] kasan_atomics+0x1dc/0x310 [ 28.753736] ? __pfx_kasan_atomics+0x10/0x10 [ 28.753763] ? __pfx_read_tsc+0x10/0x10 [ 28.753788] ? ktime_get_ts64+0x86/0x230 [ 28.753814] kunit_try_run_case+0x1a5/0x480 [ 28.753886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.753911] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.753939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.753965] ? __kthread_parkme+0x82/0x180 [ 28.753987] ? preempt_count_sub+0x50/0x80 [ 28.754043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.754068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.754094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.754120] kthread+0x337/0x6f0 [ 28.754141] ? trace_preempt_on+0x20/0xc0 [ 28.754178] ? __pfx_kthread+0x10/0x10 [ 28.754228] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.754256] ? calculate_sigpending+0x7b/0xa0 [ 28.754281] ? __pfx_kthread+0x10/0x10 [ 28.754304] ret_from_fork+0x116/0x1d0 [ 28.754326] ? __pfx_kthread+0x10/0x10 [ 28.754349] ret_from_fork_asm+0x1a/0x30 [ 28.754383] </TASK> [ 28.754396] [ 28.766733] Allocated by task 313: [ 28.767091] kasan_save_stack+0x45/0x70 [ 28.767395] kasan_save_track+0x18/0x40 [ 28.767747] kasan_save_alloc_info+0x3b/0x50 [ 28.768145] __kasan_kmalloc+0xb7/0xc0 [ 28.768354] __kmalloc_cache_noprof+0x189/0x420 [ 28.768534] kasan_atomics+0x95/0x310 [ 28.768728] kunit_try_run_case+0x1a5/0x480 [ 28.768960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.769762] kthread+0x337/0x6f0 [ 28.769965] ret_from_fork+0x116/0x1d0 [ 28.770116] ret_from_fork_asm+0x1a/0x30 [ 28.770534] [ 28.770962] The buggy address belongs to the object at ffff8881058a7e80 [ 28.770962] which belongs to the cache kmalloc-64 of size 64 [ 28.771677] The buggy address is located 0 bytes to the right of [ 28.771677] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.772403] [ 28.772851] The buggy address belongs to the physical page: [ 28.773114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.773664] flags: 0x200000000000000(node=0|zone=2) [ 28.774020] page_type: f5(slab) [ 28.774347] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.775007] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.775473] page dumped because: kasan: bad access detected [ 28.775819] [ 28.775909] Memory state around the buggy address: [ 28.776460] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.776961] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.777484] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.777802] ^ [ 28.778021] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.778584] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.778982] ================================================================== [ 28.834632] ================================================================== [ 28.834965] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 28.835283] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.835573] [ 28.835681] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.835732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.835747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.835771] Call Trace: [ 28.835799] <TASK> [ 28.835815] dump_stack_lvl+0x73/0xb0 [ 28.835858] print_report+0xd1/0x640 [ 28.835886] ? __virt_addr_valid+0x1db/0x2d0 [ 28.835913] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.835936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.835963] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.835988] kasan_report+0x141/0x180 [ 28.836013] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.836043] kasan_check_range+0x10c/0x1c0 [ 28.836071] __kasan_check_write+0x18/0x20 [ 28.836103] kasan_atomics_helper+0x1d7a/0x5450 [ 28.836137] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.836171] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.836197] ? kasan_atomics+0x152/0x310 [ 28.836225] kasan_atomics+0x1dc/0x310 [ 28.836251] ? __pfx_kasan_atomics+0x10/0x10 [ 28.836277] ? __pfx_read_tsc+0x10/0x10 [ 28.836300] ? ktime_get_ts64+0x86/0x230 [ 28.836326] kunit_try_run_case+0x1a5/0x480 [ 28.836353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.836380] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.836408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.836435] ? __kthread_parkme+0x82/0x180 [ 28.836456] ? preempt_count_sub+0x50/0x80 [ 28.836487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.836512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.836540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.836565] kthread+0x337/0x6f0 [ 28.836587] ? trace_preempt_on+0x20/0xc0 [ 28.836612] ? __pfx_kthread+0x10/0x10 [ 28.836634] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.836659] ? calculate_sigpending+0x7b/0xa0 [ 28.836683] ? __pfx_kthread+0x10/0x10 [ 28.836706] ret_from_fork+0x116/0x1d0 [ 28.836727] ? __pfx_kthread+0x10/0x10 [ 28.836749] ret_from_fork_asm+0x1a/0x30 [ 28.836781] </TASK> [ 28.836793] [ 28.847426] Allocated by task 313: [ 28.847745] kasan_save_stack+0x45/0x70 [ 28.848138] kasan_save_track+0x18/0x40 [ 28.848655] kasan_save_alloc_info+0x3b/0x50 [ 28.848913] __kasan_kmalloc+0xb7/0xc0 [ 28.849093] __kmalloc_cache_noprof+0x189/0x420 [ 28.849553] kasan_atomics+0x95/0x310 [ 28.849917] kunit_try_run_case+0x1a5/0x480 [ 28.850129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.850354] kthread+0x337/0x6f0 [ 28.850749] ret_from_fork+0x116/0x1d0 [ 28.851102] ret_from_fork_asm+0x1a/0x30 [ 28.851448] [ 28.851608] The buggy address belongs to the object at ffff8881058a7e80 [ 28.851608] which belongs to the cache kmalloc-64 of size 64 [ 28.852070] The buggy address is located 0 bytes to the right of [ 28.852070] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.853133] [ 28.853481] The buggy address belongs to the physical page: [ 28.853891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.854369] flags: 0x200000000000000(node=0|zone=2) [ 28.854819] page_type: f5(slab) [ 28.855232] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.855916] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.856395] page dumped because: kasan: bad access detected [ 28.856851] [ 28.857112] Memory state around the buggy address: [ 28.857344] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.857867] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.858157] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.858431] ^ [ 28.858940] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859425] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.859883] ================================================================== [ 27.596748] ================================================================== [ 27.597107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 27.597666] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.598030] [ 27.598142] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.598192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.598206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.598230] Call Trace: [ 27.598248] <TASK> [ 27.598263] dump_stack_lvl+0x73/0xb0 [ 27.598291] print_report+0xd1/0x640 [ 27.598316] ? __virt_addr_valid+0x1db/0x2d0 [ 27.598341] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.598363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.598391] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.598414] kasan_report+0x141/0x180 [ 27.598438] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.598466] __asan_report_load4_noabort+0x18/0x20 [ 27.598491] kasan_atomics_helper+0x4b54/0x5450 [ 27.598517] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.598540] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.598565] ? kasan_atomics+0x152/0x310 [ 27.598593] kasan_atomics+0x1dc/0x310 [ 27.598618] ? __pfx_kasan_atomics+0x10/0x10 [ 27.598643] ? __pfx_read_tsc+0x10/0x10 [ 27.598667] ? ktime_get_ts64+0x86/0x230 [ 27.598693] kunit_try_run_case+0x1a5/0x480 [ 27.598720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.598771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.598798] ? __kthread_parkme+0x82/0x180 [ 27.598820] ? preempt_count_sub+0x50/0x80 [ 27.598856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.598909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.598935] kthread+0x337/0x6f0 [ 27.598956] ? trace_preempt_on+0x20/0xc0 [ 27.598982] ? __pfx_kthread+0x10/0x10 [ 27.599004] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.599030] ? calculate_sigpending+0x7b/0xa0 [ 27.599056] ? __pfx_kthread+0x10/0x10 [ 27.599079] ret_from_fork+0x116/0x1d0 [ 27.599100] ? __pfx_kthread+0x10/0x10 [ 27.599123] ret_from_fork_asm+0x1a/0x30 [ 27.599156] </TASK> [ 27.599168] [ 27.609195] Allocated by task 313: [ 27.609531] kasan_save_stack+0x45/0x70 [ 27.609762] kasan_save_track+0x18/0x40 [ 27.609997] kasan_save_alloc_info+0x3b/0x50 [ 27.610213] __kasan_kmalloc+0xb7/0xc0 [ 27.610507] __kmalloc_cache_noprof+0x189/0x420 [ 27.610769] kasan_atomics+0x95/0x310 [ 27.610985] kunit_try_run_case+0x1a5/0x480 [ 27.611244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.611549] kthread+0x337/0x6f0 [ 27.611816] ret_from_fork+0x116/0x1d0 [ 27.612014] ret_from_fork_asm+0x1a/0x30 [ 27.612164] [ 27.612237] The buggy address belongs to the object at ffff8881058a7e80 [ 27.612237] which belongs to the cache kmalloc-64 of size 64 [ 27.612820] The buggy address is located 0 bytes to the right of [ 27.612820] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.613294] [ 27.613394] The buggy address belongs to the physical page: [ 27.613861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.614292] flags: 0x200000000000000(node=0|zone=2) [ 27.614547] page_type: f5(slab) [ 27.614750] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.615079] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.615374] page dumped because: kasan: bad access detected [ 27.615713] [ 27.615810] Memory state around the buggy address: [ 27.616010] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.616302] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.616698] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.617003] ^ [ 27.617251] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.617637] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.617966] ================================================================== [ 28.446550] ================================================================== [ 28.447251] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 28.447909] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.448770] [ 28.448995] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.449048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.449073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.449097] Call Trace: [ 28.449114] <TASK> [ 28.449152] dump_stack_lvl+0x73/0xb0 [ 28.449184] print_report+0xd1/0x640 [ 28.449210] ? __virt_addr_valid+0x1db/0x2d0 [ 28.449238] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.449263] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.449291] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.449314] kasan_report+0x141/0x180 [ 28.449339] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.449367] __asan_report_store8_noabort+0x1b/0x30 [ 28.449395] kasan_atomics_helper+0x50d4/0x5450 [ 28.449429] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.449453] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.449479] ? kasan_atomics+0x152/0x310 [ 28.449518] kasan_atomics+0x1dc/0x310 [ 28.449542] ? __pfx_kasan_atomics+0x10/0x10 [ 28.449583] ? __pfx_read_tsc+0x10/0x10 [ 28.449606] ? ktime_get_ts64+0x86/0x230 [ 28.449633] kunit_try_run_case+0x1a5/0x480 [ 28.449659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.449685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.449712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.449740] ? __kthread_parkme+0x82/0x180 [ 28.449762] ? preempt_count_sub+0x50/0x80 [ 28.449788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.449814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.449850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.449876] kthread+0x337/0x6f0 [ 28.449898] ? trace_preempt_on+0x20/0xc0 [ 28.449924] ? __pfx_kthread+0x10/0x10 [ 28.449946] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.449971] ? calculate_sigpending+0x7b/0xa0 [ 28.449997] ? __pfx_kthread+0x10/0x10 [ 28.450020] ret_from_fork+0x116/0x1d0 [ 28.450041] ? __pfx_kthread+0x10/0x10 [ 28.450063] ret_from_fork_asm+0x1a/0x30 [ 28.450096] </TASK> [ 28.450108] [ 28.464501] Allocated by task 313: [ 28.464749] kasan_save_stack+0x45/0x70 [ 28.465045] kasan_save_track+0x18/0x40 [ 28.465477] kasan_save_alloc_info+0x3b/0x50 [ 28.465959] __kasan_kmalloc+0xb7/0xc0 [ 28.466342] __kmalloc_cache_noprof+0x189/0x420 [ 28.466775] kasan_atomics+0x95/0x310 [ 28.467112] kunit_try_run_case+0x1a5/0x480 [ 28.467418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.467764] kthread+0x337/0x6f0 [ 28.468183] ret_from_fork+0x116/0x1d0 [ 28.468408] ret_from_fork_asm+0x1a/0x30 [ 28.468552] [ 28.468622] The buggy address belongs to the object at ffff8881058a7e80 [ 28.468622] which belongs to the cache kmalloc-64 of size 64 [ 28.469055] The buggy address is located 0 bytes to the right of [ 28.469055] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.469730] [ 28.469802] The buggy address belongs to the physical page: [ 28.470067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.470385] flags: 0x200000000000000(node=0|zone=2) [ 28.470718] page_type: f5(slab) [ 28.470905] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.471196] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.471899] page dumped because: kasan: bad access detected [ 28.472074] [ 28.472141] Memory state around the buggy address: [ 28.472345] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.473317] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.474050] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.474557] ^ [ 28.475046] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.475558] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.475862] ================================================================== [ 28.293211] ================================================================== [ 28.293848] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 28.294518] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.294823] [ 28.294948] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.294999] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.295014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.295037] Call Trace: [ 28.295053] <TASK> [ 28.295070] dump_stack_lvl+0x73/0xb0 [ 28.295100] print_report+0xd1/0x640 [ 28.295124] ? __virt_addr_valid+0x1db/0x2d0 [ 28.295150] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.295173] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.295200] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.295225] kasan_report+0x141/0x180 [ 28.295250] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.295278] __asan_report_load4_noabort+0x18/0x20 [ 28.295337] kasan_atomics_helper+0x49e8/0x5450 [ 28.295361] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.295385] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.295411] ? kasan_atomics+0x152/0x310 [ 28.295439] kasan_atomics+0x1dc/0x310 [ 28.295463] ? __pfx_kasan_atomics+0x10/0x10 [ 28.295489] ? __pfx_read_tsc+0x10/0x10 [ 28.295512] ? ktime_get_ts64+0x86/0x230 [ 28.295552] kunit_try_run_case+0x1a5/0x480 [ 28.295581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.295605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.295632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.295660] ? __kthread_parkme+0x82/0x180 [ 28.295682] ? preempt_count_sub+0x50/0x80 [ 28.295706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.295733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.295759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.295785] kthread+0x337/0x6f0 [ 28.295807] ? trace_preempt_on+0x20/0xc0 [ 28.295845] ? __pfx_kthread+0x10/0x10 [ 28.295869] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.295896] ? calculate_sigpending+0x7b/0xa0 [ 28.295922] ? __pfx_kthread+0x10/0x10 [ 28.295946] ret_from_fork+0x116/0x1d0 [ 28.295969] ? __pfx_kthread+0x10/0x10 [ 28.295993] ret_from_fork_asm+0x1a/0x30 [ 28.296027] </TASK> [ 28.296040] [ 28.304712] Allocated by task 313: [ 28.304854] kasan_save_stack+0x45/0x70 [ 28.305002] kasan_save_track+0x18/0x40 [ 28.305302] kasan_save_alloc_info+0x3b/0x50 [ 28.305524] __kasan_kmalloc+0xb7/0xc0 [ 28.305710] __kmalloc_cache_noprof+0x189/0x420 [ 28.306042] kasan_atomics+0x95/0x310 [ 28.306226] kunit_try_run_case+0x1a5/0x480 [ 28.306430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.306654] kthread+0x337/0x6f0 [ 28.306775] ret_from_fork+0x116/0x1d0 [ 28.306916] ret_from_fork_asm+0x1a/0x30 [ 28.307053] [ 28.307124] The buggy address belongs to the object at ffff8881058a7e80 [ 28.307124] which belongs to the cache kmalloc-64 of size 64 [ 28.307634] The buggy address is located 0 bytes to the right of [ 28.307634] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.308240] [ 28.308334] The buggy address belongs to the physical page: [ 28.308701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.308960] flags: 0x200000000000000(node=0|zone=2) [ 28.309121] page_type: f5(slab) [ 28.309237] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.309602] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.310328] page dumped because: kasan: bad access detected [ 28.310649] [ 28.310722] Memory state around the buggy address: [ 28.310956] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.311179] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.311397] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.311660] ^ [ 28.312112] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.312786] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.313115] ================================================================== [ 27.500197] ================================================================== [ 27.500779] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 27.501095] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.501375] [ 27.501482] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.501600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.501700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.501722] Call Trace: [ 27.501735] <TASK> [ 27.501749] dump_stack_lvl+0x73/0xb0 [ 27.501778] print_report+0xd1/0x640 [ 27.501802] ? __virt_addr_valid+0x1db/0x2d0 [ 27.501826] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.501859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.501886] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.501908] kasan_report+0x141/0x180 [ 27.501932] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.501959] __asan_report_store4_noabort+0x1b/0x30 [ 27.501986] kasan_atomics_helper+0x4ba2/0x5450 [ 27.502010] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.502032] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.502057] ? kasan_atomics+0x152/0x310 [ 27.502084] kasan_atomics+0x1dc/0x310 [ 27.502107] ? __pfx_kasan_atomics+0x10/0x10 [ 27.502131] ? __pfx_read_tsc+0x10/0x10 [ 27.502154] ? ktime_get_ts64+0x86/0x230 [ 27.502227] kunit_try_run_case+0x1a5/0x480 [ 27.502254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.502278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.502304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.502330] ? __kthread_parkme+0x82/0x180 [ 27.502350] ? preempt_count_sub+0x50/0x80 [ 27.502373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.502397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.502421] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.502447] kthread+0x337/0x6f0 [ 27.502507] ? trace_preempt_on+0x20/0xc0 [ 27.502532] ? __pfx_kthread+0x10/0x10 [ 27.502553] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.502578] ? calculate_sigpending+0x7b/0xa0 [ 27.502602] ? __pfx_kthread+0x10/0x10 [ 27.502624] ret_from_fork+0x116/0x1d0 [ 27.502645] ? __pfx_kthread+0x10/0x10 [ 27.502665] ret_from_fork_asm+0x1a/0x30 [ 27.502697] </TASK> [ 27.502709] [ 27.513689] Allocated by task 313: [ 27.513844] kasan_save_stack+0x45/0x70 [ 27.514324] kasan_save_track+0x18/0x40 [ 27.514921] kasan_save_alloc_info+0x3b/0x50 [ 27.515140] __kasan_kmalloc+0xb7/0xc0 [ 27.515294] __kmalloc_cache_noprof+0x189/0x420 [ 27.515760] kasan_atomics+0x95/0x310 [ 27.516048] kunit_try_run_case+0x1a5/0x480 [ 27.516356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.516555] kthread+0x337/0x6f0 [ 27.516926] ret_from_fork+0x116/0x1d0 [ 27.517284] ret_from_fork_asm+0x1a/0x30 [ 27.517632] [ 27.517866] The buggy address belongs to the object at ffff8881058a7e80 [ 27.517866] which belongs to the cache kmalloc-64 of size 64 [ 27.518612] The buggy address is located 0 bytes to the right of [ 27.518612] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.519314] [ 27.519404] The buggy address belongs to the physical page: [ 27.519779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.520273] flags: 0x200000000000000(node=0|zone=2) [ 27.520512] page_type: f5(slab) [ 27.520668] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.521043] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.521760] page dumped because: kasan: bad access detected [ 27.522175] [ 27.522366] Memory state around the buggy address: [ 27.522803] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.523236] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.523736] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.524140] ^ [ 27.524441] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.524980] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.525451] ================================================================== [ 28.536616] ================================================================== [ 28.536894] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 28.537501] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.537754] [ 28.537856] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.537905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.537920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.537942] Call Trace: [ 28.537959] <TASK> [ 28.537976] dump_stack_lvl+0x73/0xb0 [ 28.538006] print_report+0xd1/0x640 [ 28.538032] ? __virt_addr_valid+0x1db/0x2d0 [ 28.538058] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.538082] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.538110] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.538134] kasan_report+0x141/0x180 [ 28.538158] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.538197] kasan_check_range+0x10c/0x1c0 [ 28.538223] __kasan_check_write+0x18/0x20 [ 28.538249] kasan_atomics_helper+0x16e7/0x5450 [ 28.538274] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.538298] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.538325] ? kasan_atomics+0x152/0x310 [ 28.538353] kasan_atomics+0x1dc/0x310 [ 28.538378] ? __pfx_kasan_atomics+0x10/0x10 [ 28.538404] ? __pfx_read_tsc+0x10/0x10 [ 28.538427] ? ktime_get_ts64+0x86/0x230 [ 28.538453] kunit_try_run_case+0x1a5/0x480 [ 28.538525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.538550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.538578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.538605] ? __kthread_parkme+0x82/0x180 [ 28.538627] ? preempt_count_sub+0x50/0x80 [ 28.538653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.538679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.538705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.538731] kthread+0x337/0x6f0 [ 28.538753] ? trace_preempt_on+0x20/0xc0 [ 28.538778] ? __pfx_kthread+0x10/0x10 [ 28.538801] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.538827] ? calculate_sigpending+0x7b/0xa0 [ 28.538865] ? __pfx_kthread+0x10/0x10 [ 28.538889] ret_from_fork+0x116/0x1d0 [ 28.538910] ? __pfx_kthread+0x10/0x10 [ 28.538933] ret_from_fork_asm+0x1a/0x30 [ 28.538966] </TASK> [ 28.538979] [ 28.547441] Allocated by task 313: [ 28.547627] kasan_save_stack+0x45/0x70 [ 28.547779] kasan_save_track+0x18/0x40 [ 28.547931] kasan_save_alloc_info+0x3b/0x50 [ 28.548084] __kasan_kmalloc+0xb7/0xc0 [ 28.548249] __kmalloc_cache_noprof+0x189/0x420 [ 28.548624] kasan_atomics+0x95/0x310 [ 28.548820] kunit_try_run_case+0x1a5/0x480 [ 28.549044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.549296] kthread+0x337/0x6f0 [ 28.549504] ret_from_fork+0x116/0x1d0 [ 28.549649] ret_from_fork_asm+0x1a/0x30 [ 28.549848] [ 28.549944] The buggy address belongs to the object at ffff8881058a7e80 [ 28.549944] which belongs to the cache kmalloc-64 of size 64 [ 28.550451] The buggy address is located 0 bytes to the right of [ 28.550451] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.551005] [ 28.551100] The buggy address belongs to the physical page: [ 28.551404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.551963] flags: 0x200000000000000(node=0|zone=2) [ 28.552240] page_type: f5(slab) [ 28.552402] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.552723] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.552977] page dumped because: kasan: bad access detected [ 28.553158] [ 28.553226] Memory state around the buggy address: [ 28.553386] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.553791] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.554139] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.554454] ^ [ 28.554679] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.555051] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.555582] ================================================================== [ 27.945286] ================================================================== [ 27.945760] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 27.946024] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.946403] [ 27.946566] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.946632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.946647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.946682] Call Trace: [ 27.946701] <TASK> [ 27.946717] dump_stack_lvl+0x73/0xb0 [ 27.946747] print_report+0xd1/0x640 [ 27.946772] ? __virt_addr_valid+0x1db/0x2d0 [ 27.946798] ? kasan_atomics_helper+0xc70/0x5450 [ 27.946820] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.946860] ? kasan_atomics_helper+0xc70/0x5450 [ 27.946883] kasan_report+0x141/0x180 [ 27.946908] ? kasan_atomics_helper+0xc70/0x5450 [ 27.946945] kasan_check_range+0x10c/0x1c0 [ 27.946971] __kasan_check_write+0x18/0x20 [ 27.947007] kasan_atomics_helper+0xc70/0x5450 [ 27.947041] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.947065] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.947091] ? kasan_atomics+0x152/0x310 [ 27.947130] kasan_atomics+0x1dc/0x310 [ 27.947155] ? __pfx_kasan_atomics+0x10/0x10 [ 27.947181] ? __pfx_read_tsc+0x10/0x10 [ 27.947204] ? ktime_get_ts64+0x86/0x230 [ 27.947231] kunit_try_run_case+0x1a5/0x480 [ 27.947258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.947282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.947318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.947345] ? __kthread_parkme+0x82/0x180 [ 27.947377] ? preempt_count_sub+0x50/0x80 [ 27.947403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.947429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.947455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.947480] kthread+0x337/0x6f0 [ 27.947502] ? trace_preempt_on+0x20/0xc0 [ 27.947528] ? __pfx_kthread+0x10/0x10 [ 27.947551] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.947576] ? calculate_sigpending+0x7b/0xa0 [ 27.947602] ? __pfx_kthread+0x10/0x10 [ 27.947669] ret_from_fork+0x116/0x1d0 [ 27.947691] ? __pfx_kthread+0x10/0x10 [ 27.947732] ret_from_fork_asm+0x1a/0x30 [ 27.947765] </TASK> [ 27.947777] [ 27.959587] Allocated by task 313: [ 27.959809] kasan_save_stack+0x45/0x70 [ 27.960082] kasan_save_track+0x18/0x40 [ 27.960796] kasan_save_alloc_info+0x3b/0x50 [ 27.961678] __kasan_kmalloc+0xb7/0xc0 [ 27.961985] __kmalloc_cache_noprof+0x189/0x420 [ 27.962151] kasan_atomics+0x95/0x310 [ 27.962283] kunit_try_run_case+0x1a5/0x480 [ 27.962445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.963316] kthread+0x337/0x6f0 [ 27.963484] ret_from_fork+0x116/0x1d0 [ 27.963807] ret_from_fork_asm+0x1a/0x30 [ 27.964178] [ 27.964343] The buggy address belongs to the object at ffff8881058a7e80 [ 27.964343] which belongs to the cache kmalloc-64 of size 64 [ 27.964997] The buggy address is located 0 bytes to the right of [ 27.964997] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.965876] [ 27.966080] The buggy address belongs to the physical page: [ 27.966613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.967657] flags: 0x200000000000000(node=0|zone=2) [ 27.968325] page_type: f5(slab) [ 27.968643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.968907] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.969139] page dumped because: kasan: bad access detected [ 27.969610] [ 27.969811] Memory state around the buggy address: [ 27.970285] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.971007] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.971642] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.972331] ^ [ 27.972963] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.973364] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.973957] ================================================================== [ 28.617326] ================================================================== [ 28.618494] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 28.618983] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.619779] [ 28.620022] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.620192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.620215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.620240] Call Trace: [ 28.620259] <TASK> [ 28.620277] dump_stack_lvl+0x73/0xb0 [ 28.620308] print_report+0xd1/0x640 [ 28.620333] ? __virt_addr_valid+0x1db/0x2d0 [ 28.620397] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.620420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.620448] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.620472] kasan_report+0x141/0x180 [ 28.620497] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.620524] kasan_check_range+0x10c/0x1c0 [ 28.620552] __kasan_check_write+0x18/0x20 [ 28.620576] kasan_atomics_helper+0x18b1/0x5450 [ 28.620601] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.620625] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.620651] ? kasan_atomics+0x152/0x310 [ 28.620695] kasan_atomics+0x1dc/0x310 [ 28.620719] ? __pfx_kasan_atomics+0x10/0x10 [ 28.620745] ? __pfx_read_tsc+0x10/0x10 [ 28.620768] ? ktime_get_ts64+0x86/0x230 [ 28.620794] kunit_try_run_case+0x1a5/0x480 [ 28.620820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.620855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.620889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.620915] ? __kthread_parkme+0x82/0x180 [ 28.620938] ? preempt_count_sub+0x50/0x80 [ 28.620963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.620990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.621015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.621040] kthread+0x337/0x6f0 [ 28.621062] ? trace_preempt_on+0x20/0xc0 [ 28.621087] ? __pfx_kthread+0x10/0x10 [ 28.621109] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.621134] ? calculate_sigpending+0x7b/0xa0 [ 28.621167] ? __pfx_kthread+0x10/0x10 [ 28.621190] ret_from_fork+0x116/0x1d0 [ 28.621211] ? __pfx_kthread+0x10/0x10 [ 28.621233] ret_from_fork_asm+0x1a/0x30 [ 28.621266] </TASK> [ 28.621278] [ 28.634350] Allocated by task 313: [ 28.634744] kasan_save_stack+0x45/0x70 [ 28.634949] kasan_save_track+0x18/0x40 [ 28.635541] kasan_save_alloc_info+0x3b/0x50 [ 28.635805] __kasan_kmalloc+0xb7/0xc0 [ 28.636176] __kmalloc_cache_noprof+0x189/0x420 [ 28.636584] kasan_atomics+0x95/0x310 [ 28.636985] kunit_try_run_case+0x1a5/0x480 [ 28.637175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.637391] kthread+0x337/0x6f0 [ 28.637539] ret_from_fork+0x116/0x1d0 [ 28.637798] ret_from_fork_asm+0x1a/0x30 [ 28.638015] [ 28.638134] The buggy address belongs to the object at ffff8881058a7e80 [ 28.638134] which belongs to the cache kmalloc-64 of size 64 [ 28.638737] The buggy address is located 0 bytes to the right of [ 28.638737] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.639288] [ 28.639586] The buggy address belongs to the physical page: [ 28.639874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.640248] flags: 0x200000000000000(node=0|zone=2) [ 28.641045] page_type: f5(slab) [ 28.641187] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.641480] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.641936] page dumped because: kasan: bad access detected [ 28.642332] [ 28.642442] Memory state around the buggy address: [ 28.642746] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.643611] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.644052] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.644599] ^ [ 28.644804] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.645125] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.645665] ================================================================== [ 28.646393] ================================================================== [ 28.647134] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 28.647602] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.647967] [ 28.648089] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.648141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.648156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.648179] Call Trace: [ 28.648196] <TASK> [ 28.648211] dump_stack_lvl+0x73/0xb0 [ 28.648241] print_report+0xd1/0x640 [ 28.648265] ? __virt_addr_valid+0x1db/0x2d0 [ 28.648290] ? kasan_atomics_helper+0x194a/0x5450 [ 28.648315] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.648345] ? kasan_atomics_helper+0x194a/0x5450 [ 28.648370] kasan_report+0x141/0x180 [ 28.648394] ? kasan_atomics_helper+0x194a/0x5450 [ 28.648423] kasan_check_range+0x10c/0x1c0 [ 28.648448] __kasan_check_write+0x18/0x20 [ 28.648666] kasan_atomics_helper+0x194a/0x5450 [ 28.648692] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.648716] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.648742] ? kasan_atomics+0x152/0x310 [ 28.648770] kasan_atomics+0x1dc/0x310 [ 28.648795] ? __pfx_kasan_atomics+0x10/0x10 [ 28.648821] ? __pfx_read_tsc+0x10/0x10 [ 28.648857] ? ktime_get_ts64+0x86/0x230 [ 28.648887] kunit_try_run_case+0x1a5/0x480 [ 28.648915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.648939] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.648966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.648993] ? __kthread_parkme+0x82/0x180 [ 28.649015] ? preempt_count_sub+0x50/0x80 [ 28.649039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.649067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.649095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.649121] kthread+0x337/0x6f0 [ 28.649142] ? trace_preempt_on+0x20/0xc0 [ 28.649176] ? __pfx_kthread+0x10/0x10 [ 28.649198] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.649224] ? calculate_sigpending+0x7b/0xa0 [ 28.649248] ? __pfx_kthread+0x10/0x10 [ 28.649272] ret_from_fork+0x116/0x1d0 [ 28.649293] ? __pfx_kthread+0x10/0x10 [ 28.649316] ret_from_fork_asm+0x1a/0x30 [ 28.649349] </TASK> [ 28.649362] [ 28.659963] Allocated by task 313: [ 28.660131] kasan_save_stack+0x45/0x70 [ 28.660281] kasan_save_track+0x18/0x40 [ 28.660785] kasan_save_alloc_info+0x3b/0x50 [ 28.661123] __kasan_kmalloc+0xb7/0xc0 [ 28.661292] __kmalloc_cache_noprof+0x189/0x420 [ 28.661789] kasan_atomics+0x95/0x310 [ 28.661975] kunit_try_run_case+0x1a5/0x480 [ 28.662181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.662622] kthread+0x337/0x6f0 [ 28.662755] ret_from_fork+0x116/0x1d0 [ 28.662960] ret_from_fork_asm+0x1a/0x30 [ 28.663136] [ 28.663228] The buggy address belongs to the object at ffff8881058a7e80 [ 28.663228] which belongs to the cache kmalloc-64 of size 64 [ 28.664066] The buggy address is located 0 bytes to the right of [ 28.664066] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.664898] [ 28.664983] The buggy address belongs to the physical page: [ 28.665234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.665798] flags: 0x200000000000000(node=0|zone=2) [ 28.665996] page_type: f5(slab) [ 28.666169] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.666788] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.667091] page dumped because: kasan: bad access detected [ 28.667322] [ 28.667444] Memory state around the buggy address: [ 28.667824] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.668126] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.668736] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.669133] ^ [ 28.669325] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.669749] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.670247] ================================================================== [ 29.019624] ================================================================== [ 29.020187] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 29.020700] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.021252] [ 29.021488] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.021647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.021666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.021689] Call Trace: [ 29.021709] <TASK> [ 29.021726] dump_stack_lvl+0x73/0xb0 [ 29.021758] print_report+0xd1/0x640 [ 29.021783] ? __virt_addr_valid+0x1db/0x2d0 [ 29.021809] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.021847] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.021877] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.021902] kasan_report+0x141/0x180 [ 29.021927] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.021955] kasan_check_range+0x10c/0x1c0 [ 29.021981] __kasan_check_write+0x18/0x20 [ 29.022006] kasan_atomics_helper+0x20c8/0x5450 [ 29.022031] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.022055] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.022081] ? kasan_atomics+0x152/0x310 [ 29.022109] kasan_atomics+0x1dc/0x310 [ 29.022133] ? __pfx_kasan_atomics+0x10/0x10 [ 29.022160] ? __pfx_read_tsc+0x10/0x10 [ 29.022185] ? ktime_get_ts64+0x86/0x230 [ 29.022212] kunit_try_run_case+0x1a5/0x480 [ 29.022239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.022263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.022291] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.022319] ? __kthread_parkme+0x82/0x180 [ 29.022341] ? preempt_count_sub+0x50/0x80 [ 29.022365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.022391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.022416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.022442] kthread+0x337/0x6f0 [ 29.022464] ? trace_preempt_on+0x20/0xc0 [ 29.022489] ? __pfx_kthread+0x10/0x10 [ 29.022511] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.022536] ? calculate_sigpending+0x7b/0xa0 [ 29.022561] ? __pfx_kthread+0x10/0x10 [ 29.022584] ret_from_fork+0x116/0x1d0 [ 29.022605] ? __pfx_kthread+0x10/0x10 [ 29.022628] ret_from_fork_asm+0x1a/0x30 [ 29.022661] </TASK> [ 29.022673] [ 29.034273] Allocated by task 313: [ 29.034804] kasan_save_stack+0x45/0x70 [ 29.034994] kasan_save_track+0x18/0x40 [ 29.035193] kasan_save_alloc_info+0x3b/0x50 [ 29.035667] __kasan_kmalloc+0xb7/0xc0 [ 29.035954] __kmalloc_cache_noprof+0x189/0x420 [ 29.036401] kasan_atomics+0x95/0x310 [ 29.036575] kunit_try_run_case+0x1a5/0x480 [ 29.036988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.037380] kthread+0x337/0x6f0 [ 29.037624] ret_from_fork+0x116/0x1d0 [ 29.038044] ret_from_fork_asm+0x1a/0x30 [ 29.038266] [ 29.038590] The buggy address belongs to the object at ffff8881058a7e80 [ 29.038590] which belongs to the cache kmalloc-64 of size 64 [ 29.039212] The buggy address is located 0 bytes to the right of [ 29.039212] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.040113] [ 29.040301] The buggy address belongs to the physical page: [ 29.040711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.041344] flags: 0x200000000000000(node=0|zone=2) [ 29.041717] page_type: f5(slab) [ 29.041886] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.042532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.043195] page dumped because: kasan: bad access detected [ 29.043412] [ 29.043674] Memory state around the buggy address: [ 29.043960] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.044311] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.044759] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.045077] ^ [ 29.045467] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.045855] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.046183] ================================================================== [ 29.067846] ================================================================== [ 29.068427] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 29.069035] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 29.069430] [ 29.069634] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.069686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.069701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.069724] Call Trace: [ 29.069740] <TASK> [ 29.069755] dump_stack_lvl+0x73/0xb0 [ 29.069784] print_report+0xd1/0x640 [ 29.069857] ? __virt_addr_valid+0x1db/0x2d0 [ 29.069883] ? kasan_atomics_helper+0x218a/0x5450 [ 29.069906] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.069934] ? kasan_atomics_helper+0x218a/0x5450 [ 29.069958] kasan_report+0x141/0x180 [ 29.069983] ? kasan_atomics_helper+0x218a/0x5450 [ 29.070011] kasan_check_range+0x10c/0x1c0 [ 29.070038] __kasan_check_write+0x18/0x20 [ 29.070064] kasan_atomics_helper+0x218a/0x5450 [ 29.070089] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.070113] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.070139] ? kasan_atomics+0x152/0x310 [ 29.070186] kasan_atomics+0x1dc/0x310 [ 29.070211] ? __pfx_kasan_atomics+0x10/0x10 [ 29.070238] ? __pfx_read_tsc+0x10/0x10 [ 29.070261] ? ktime_get_ts64+0x86/0x230 [ 29.070288] kunit_try_run_case+0x1a5/0x480 [ 29.070315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.070374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.070402] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.070429] ? __kthread_parkme+0x82/0x180 [ 29.070472] ? preempt_count_sub+0x50/0x80 [ 29.070508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.070566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.070594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.070620] kthread+0x337/0x6f0 [ 29.070641] ? trace_preempt_on+0x20/0xc0 [ 29.070667] ? __pfx_kthread+0x10/0x10 [ 29.070689] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.070715] ? calculate_sigpending+0x7b/0xa0 [ 29.070771] ? __pfx_kthread+0x10/0x10 [ 29.070795] ret_from_fork+0x116/0x1d0 [ 29.070817] ? __pfx_kthread+0x10/0x10 [ 29.070849] ret_from_fork_asm+0x1a/0x30 [ 29.070912] </TASK> [ 29.070925] [ 29.078906] Allocated by task 313: [ 29.079155] kasan_save_stack+0x45/0x70 [ 29.079518] kasan_save_track+0x18/0x40 [ 29.079709] kasan_save_alloc_info+0x3b/0x50 [ 29.079976] __kasan_kmalloc+0xb7/0xc0 [ 29.080107] __kmalloc_cache_noprof+0x189/0x420 [ 29.080257] kasan_atomics+0x95/0x310 [ 29.080383] kunit_try_run_case+0x1a5/0x480 [ 29.080524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.080693] kthread+0x337/0x6f0 [ 29.080808] ret_from_fork+0x116/0x1d0 [ 29.081232] ret_from_fork_asm+0x1a/0x30 [ 29.081447] [ 29.081541] The buggy address belongs to the object at ffff8881058a7e80 [ 29.081541] which belongs to the cache kmalloc-64 of size 64 [ 29.082081] The buggy address is located 0 bytes to the right of [ 29.082081] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 29.082884] [ 29.083053] The buggy address belongs to the physical page: [ 29.083669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 29.084046] flags: 0x200000000000000(node=0|zone=2) [ 29.084318] page_type: f5(slab) [ 29.084583] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.084856] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.085083] page dumped because: kasan: bad access detected [ 29.085263] [ 29.085359] Memory state around the buggy address: [ 29.085661] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.086023] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.086431] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.086930] ^ [ 29.087089] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.089006] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.089779] ================================================================== [ 27.735964] ================================================================== [ 27.736349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 27.737109] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.737788] [ 27.737912] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.737967] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.737984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.738007] Call Trace: [ 27.738025] <TASK> [ 27.738040] dump_stack_lvl+0x73/0xb0 [ 27.738071] print_report+0xd1/0x640 [ 27.738096] ? __virt_addr_valid+0x1db/0x2d0 [ 27.738122] ? kasan_atomics_helper+0x72f/0x5450 [ 27.738145] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.738310] ? kasan_atomics_helper+0x72f/0x5450 [ 27.738340] kasan_report+0x141/0x180 [ 27.738365] ? kasan_atomics_helper+0x72f/0x5450 [ 27.738393] kasan_check_range+0x10c/0x1c0 [ 27.738419] __kasan_check_write+0x18/0x20 [ 27.738444] kasan_atomics_helper+0x72f/0x5450 [ 27.738520] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.738545] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.738572] ? kasan_atomics+0x152/0x310 [ 27.738600] kasan_atomics+0x1dc/0x310 [ 27.738624] ? __pfx_kasan_atomics+0x10/0x10 [ 27.738651] ? __pfx_read_tsc+0x10/0x10 [ 27.738673] ? ktime_get_ts64+0x86/0x230 [ 27.738699] kunit_try_run_case+0x1a5/0x480 [ 27.738727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.738752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.738779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.738806] ? __kthread_parkme+0x82/0x180 [ 27.738839] ? preempt_count_sub+0x50/0x80 [ 27.738865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.738892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.738919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.738945] kthread+0x337/0x6f0 [ 27.738966] ? trace_preempt_on+0x20/0xc0 [ 27.738991] ? __pfx_kthread+0x10/0x10 [ 27.739013] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.739038] ? calculate_sigpending+0x7b/0xa0 [ 27.739064] ? __pfx_kthread+0x10/0x10 [ 27.739088] ret_from_fork+0x116/0x1d0 [ 27.739109] ? __pfx_kthread+0x10/0x10 [ 27.739131] ret_from_fork_asm+0x1a/0x30 [ 27.739164] </TASK> [ 27.739176] [ 27.752666] Allocated by task 313: [ 27.753124] kasan_save_stack+0x45/0x70 [ 27.753419] kasan_save_track+0x18/0x40 [ 27.753886] kasan_save_alloc_info+0x3b/0x50 [ 27.754208] __kasan_kmalloc+0xb7/0xc0 [ 27.754529] __kmalloc_cache_noprof+0x189/0x420 [ 27.754912] kasan_atomics+0x95/0x310 [ 27.755054] kunit_try_run_case+0x1a5/0x480 [ 27.755240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.755813] kthread+0x337/0x6f0 [ 27.756145] ret_from_fork+0x116/0x1d0 [ 27.756682] ret_from_fork_asm+0x1a/0x30 [ 27.757097] [ 27.757295] The buggy address belongs to the object at ffff8881058a7e80 [ 27.757295] which belongs to the cache kmalloc-64 of size 64 [ 27.758025] The buggy address is located 0 bytes to the right of [ 27.758025] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.759084] [ 27.759257] The buggy address belongs to the physical page: [ 27.759918] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.760412] flags: 0x200000000000000(node=0|zone=2) [ 27.760931] page_type: f5(slab) [ 27.761247] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.761909] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.762153] page dumped because: kasan: bad access detected [ 27.762329] [ 27.762398] Memory state around the buggy address: [ 27.762842] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.763506] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.764219] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.765055] ^ [ 27.765605] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.766228] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.767003] ================================================================== [ 28.171043] ================================================================== [ 28.171293] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.171792] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.172193] [ 28.172288] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.172340] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.172355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.172379] Call Trace: [ 28.172394] <TASK> [ 28.172410] dump_stack_lvl+0x73/0xb0 [ 28.172440] print_report+0xd1/0x640 [ 28.172464] ? __virt_addr_valid+0x1db/0x2d0 [ 28.172490] ? kasan_atomics_helper+0x1079/0x5450 [ 28.172513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.172541] ? kasan_atomics_helper+0x1079/0x5450 [ 28.172565] kasan_report+0x141/0x180 [ 28.172589] ? kasan_atomics_helper+0x1079/0x5450 [ 28.172617] kasan_check_range+0x10c/0x1c0 [ 28.172643] __kasan_check_write+0x18/0x20 [ 28.172669] kasan_atomics_helper+0x1079/0x5450 [ 28.172693] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.172717] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.172743] ? kasan_atomics+0x152/0x310 [ 28.172771] kasan_atomics+0x1dc/0x310 [ 28.172796] ? __pfx_kasan_atomics+0x10/0x10 [ 28.172822] ? __pfx_read_tsc+0x10/0x10 [ 28.172858] ? ktime_get_ts64+0x86/0x230 [ 28.172888] kunit_try_run_case+0x1a5/0x480 [ 28.172923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.172960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.172987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.173016] ? __kthread_parkme+0x82/0x180 [ 28.173039] ? preempt_count_sub+0x50/0x80 [ 28.173064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.173090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.173116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.173143] kthread+0x337/0x6f0 [ 28.173172] ? trace_preempt_on+0x20/0xc0 [ 28.173198] ? __pfx_kthread+0x10/0x10 [ 28.173220] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.173246] ? calculate_sigpending+0x7b/0xa0 [ 28.173271] ? __pfx_kthread+0x10/0x10 [ 28.173295] ret_from_fork+0x116/0x1d0 [ 28.173318] ? __pfx_kthread+0x10/0x10 [ 28.173340] ret_from_fork_asm+0x1a/0x30 [ 28.173372] </TASK> [ 28.173385] [ 28.184078] Allocated by task 313: [ 28.184224] kasan_save_stack+0x45/0x70 [ 28.184377] kasan_save_track+0x18/0x40 [ 28.185118] kasan_save_alloc_info+0x3b/0x50 [ 28.185352] __kasan_kmalloc+0xb7/0xc0 [ 28.185525] __kmalloc_cache_noprof+0x189/0x420 [ 28.185864] kasan_atomics+0x95/0x310 [ 28.186043] kunit_try_run_case+0x1a5/0x480 [ 28.186228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.186779] kthread+0x337/0x6f0 [ 28.186947] ret_from_fork+0x116/0x1d0 [ 28.187249] ret_from_fork_asm+0x1a/0x30 [ 28.187596] [ 28.187676] The buggy address belongs to the object at ffff8881058a7e80 [ 28.187676] which belongs to the cache kmalloc-64 of size 64 [ 28.188170] The buggy address is located 0 bytes to the right of [ 28.188170] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.189092] [ 28.189243] The buggy address belongs to the physical page: [ 28.189581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.190122] flags: 0x200000000000000(node=0|zone=2) [ 28.190345] page_type: f5(slab) [ 28.190582] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.190892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.191195] page dumped because: kasan: bad access detected [ 28.191409] [ 28.191500] Memory state around the buggy address: [ 28.191680] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.192001] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.192650] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.192984] ^ [ 28.193297] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.193569] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.194069] ================================================================== [ 28.035154] ================================================================== [ 28.035501] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.035909] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.036334] [ 28.036449] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.036500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.036515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.036538] Call Trace: [ 28.036556] <TASK> [ 28.036572] dump_stack_lvl+0x73/0xb0 [ 28.036603] print_report+0xd1/0x640 [ 28.036628] ? __virt_addr_valid+0x1db/0x2d0 [ 28.036655] ? kasan_atomics_helper+0xde0/0x5450 [ 28.036678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.036706] ? kasan_atomics_helper+0xde0/0x5450 [ 28.036731] kasan_report+0x141/0x180 [ 28.036755] ? kasan_atomics_helper+0xde0/0x5450 [ 28.036783] kasan_check_range+0x10c/0x1c0 [ 28.036809] __kasan_check_write+0x18/0x20 [ 28.036847] kasan_atomics_helper+0xde0/0x5450 [ 28.036876] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.036901] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.036927] ? kasan_atomics+0x152/0x310 [ 28.036955] kasan_atomics+0x1dc/0x310 [ 28.036980] ? __pfx_kasan_atomics+0x10/0x10 [ 28.037006] ? __pfx_read_tsc+0x10/0x10 [ 28.037029] ? ktime_get_ts64+0x86/0x230 [ 28.037055] kunit_try_run_case+0x1a5/0x480 [ 28.037082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.037107] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.037136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.037163] ? __kthread_parkme+0x82/0x180 [ 28.037185] ? preempt_count_sub+0x50/0x80 [ 28.037211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.037238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.037263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.037289] kthread+0x337/0x6f0 [ 28.037311] ? trace_preempt_on+0x20/0xc0 [ 28.037337] ? __pfx_kthread+0x10/0x10 [ 28.037360] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.037385] ? calculate_sigpending+0x7b/0xa0 [ 28.037411] ? __pfx_kthread+0x10/0x10 [ 28.037434] ret_from_fork+0x116/0x1d0 [ 28.037456] ? __pfx_kthread+0x10/0x10 [ 28.037478] ret_from_fork_asm+0x1a/0x30 [ 28.037513] </TASK> [ 28.037526] [ 28.045289] Allocated by task 313: [ 28.045423] kasan_save_stack+0x45/0x70 [ 28.045571] kasan_save_track+0x18/0x40 [ 28.045716] kasan_save_alloc_info+0x3b/0x50 [ 28.045945] __kasan_kmalloc+0xb7/0xc0 [ 28.046222] __kmalloc_cache_noprof+0x189/0x420 [ 28.046439] kasan_atomics+0x95/0x310 [ 28.046622] kunit_try_run_case+0x1a5/0x480 [ 28.046837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.047145] kthread+0x337/0x6f0 [ 28.047322] ret_from_fork+0x116/0x1d0 [ 28.047546] ret_from_fork_asm+0x1a/0x30 [ 28.047692] [ 28.047761] The buggy address belongs to the object at ffff8881058a7e80 [ 28.047761] which belongs to the cache kmalloc-64 of size 64 [ 28.048395] The buggy address is located 0 bytes to the right of [ 28.048395] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.049208] [ 28.049316] The buggy address belongs to the physical page: [ 28.049627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.049944] flags: 0x200000000000000(node=0|zone=2) [ 28.050114] page_type: f5(slab) [ 28.050402] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.051014] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.051430] page dumped because: kasan: bad access detected [ 28.051700] [ 28.051778] Memory state around the buggy address: [ 28.051990] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.052315] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.052587] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.052804] ^ [ 28.053014] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.053340] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.053886] ================================================================== [ 28.108942] ================================================================== [ 28.109210] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.109935] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.110668] [ 28.110808] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.110869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.110884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.110908] Call Trace: [ 28.110927] <TASK> [ 28.110945] dump_stack_lvl+0x73/0xb0 [ 28.110992] print_report+0xd1/0x640 [ 28.111018] ? __virt_addr_valid+0x1db/0x2d0 [ 28.111057] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.111091] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.111119] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.111153] kasan_report+0x141/0x180 [ 28.111178] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.111206] kasan_check_range+0x10c/0x1c0 [ 28.111232] __kasan_check_write+0x18/0x20 [ 28.111257] kasan_atomics_helper+0xfa9/0x5450 [ 28.111282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.111306] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.111333] ? kasan_atomics+0x152/0x310 [ 28.111360] kasan_atomics+0x1dc/0x310 [ 28.111385] ? __pfx_kasan_atomics+0x10/0x10 [ 28.111411] ? __pfx_read_tsc+0x10/0x10 [ 28.111435] ? ktime_get_ts64+0x86/0x230 [ 28.111476] kunit_try_run_case+0x1a5/0x480 [ 28.111504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.111556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.111583] ? __kthread_parkme+0x82/0x180 [ 28.111605] ? preempt_count_sub+0x50/0x80 [ 28.111631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.111657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.111682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.111710] kthread+0x337/0x6f0 [ 28.111732] ? trace_preempt_on+0x20/0xc0 [ 28.111758] ? __pfx_kthread+0x10/0x10 [ 28.111780] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.111806] ? calculate_sigpending+0x7b/0xa0 [ 28.111841] ? __pfx_kthread+0x10/0x10 [ 28.111865] ret_from_fork+0x116/0x1d0 [ 28.111886] ? __pfx_kthread+0x10/0x10 [ 28.111909] ret_from_fork_asm+0x1a/0x30 [ 28.111942] </TASK> [ 28.111954] [ 28.126657] Allocated by task 313: [ 28.126936] kasan_save_stack+0x45/0x70 [ 28.127496] kasan_save_track+0x18/0x40 [ 28.127700] kasan_save_alloc_info+0x3b/0x50 [ 28.127900] __kasan_kmalloc+0xb7/0xc0 [ 28.128070] __kmalloc_cache_noprof+0x189/0x420 [ 28.128273] kasan_atomics+0x95/0x310 [ 28.128437] kunit_try_run_case+0x1a5/0x480 [ 28.128629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.129323] kthread+0x337/0x6f0 [ 28.129826] ret_from_fork+0x116/0x1d0 [ 28.130219] ret_from_fork_asm+0x1a/0x30 [ 28.130764] [ 28.130882] The buggy address belongs to the object at ffff8881058a7e80 [ 28.130882] which belongs to the cache kmalloc-64 of size 64 [ 28.131892] The buggy address is located 0 bytes to the right of [ 28.131892] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.132955] [ 28.133065] The buggy address belongs to the physical page: [ 28.133781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.134461] flags: 0x200000000000000(node=0|zone=2) [ 28.134910] page_type: f5(slab) [ 28.135064] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.136057] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.136549] page dumped because: kasan: bad access detected [ 28.136781] [ 28.136883] Memory state around the buggy address: [ 28.137080] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.137993] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.138513] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.138998] ^ [ 28.139511] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.140224] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.140538] ================================================================== [ 27.526100] ================================================================== [ 27.526562] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 27.527340] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.527585] [ 27.527946] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.528003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.528019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.528042] Call Trace: [ 27.528061] <TASK> [ 27.528077] dump_stack_lvl+0x73/0xb0 [ 27.528109] print_report+0xd1/0x640 [ 27.528134] ? __virt_addr_valid+0x1db/0x2d0 [ 27.528289] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.528321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.528350] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.528375] kasan_report+0x141/0x180 [ 27.528401] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.528430] __asan_report_load4_noabort+0x18/0x20 [ 27.528506] kasan_atomics_helper+0x4b88/0x5450 [ 27.528537] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.528561] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.528589] ? kasan_atomics+0x152/0x310 [ 27.528617] kasan_atomics+0x1dc/0x310 [ 27.528641] ? __pfx_kasan_atomics+0x10/0x10 [ 27.528667] ? __pfx_read_tsc+0x10/0x10 [ 27.528690] ? ktime_get_ts64+0x86/0x230 [ 27.528717] kunit_try_run_case+0x1a5/0x480 [ 27.528743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.528768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.528797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.528825] ? __kthread_parkme+0x82/0x180 [ 27.528860] ? preempt_count_sub+0x50/0x80 [ 27.528892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.528918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.528943] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.528969] kthread+0x337/0x6f0 [ 27.528992] ? trace_preempt_on+0x20/0xc0 [ 27.529017] ? __pfx_kthread+0x10/0x10 [ 27.529041] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.529067] ? calculate_sigpending+0x7b/0xa0 [ 27.529093] ? __pfx_kthread+0x10/0x10 [ 27.529117] ret_from_fork+0x116/0x1d0 [ 27.529139] ? __pfx_kthread+0x10/0x10 [ 27.529162] ret_from_fork_asm+0x1a/0x30 [ 27.529194] </TASK> [ 27.529206] [ 27.540234] Allocated by task 313: [ 27.541005] kasan_save_stack+0x45/0x70 [ 27.541210] kasan_save_track+0x18/0x40 [ 27.541745] kasan_save_alloc_info+0x3b/0x50 [ 27.541990] __kasan_kmalloc+0xb7/0xc0 [ 27.542308] __kmalloc_cache_noprof+0x189/0x420 [ 27.542655] kasan_atomics+0x95/0x310 [ 27.542841] kunit_try_run_case+0x1a5/0x480 [ 27.543053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.543497] kthread+0x337/0x6f0 [ 27.543856] ret_from_fork+0x116/0x1d0 [ 27.544062] ret_from_fork_asm+0x1a/0x30 [ 27.544395] [ 27.544497] The buggy address belongs to the object at ffff8881058a7e80 [ 27.544497] which belongs to the cache kmalloc-64 of size 64 [ 27.545378] The buggy address is located 0 bytes to the right of [ 27.545378] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.546267] [ 27.546394] The buggy address belongs to the physical page: [ 27.546974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.547411] flags: 0x200000000000000(node=0|zone=2) [ 27.547774] page_type: f5(slab) [ 27.547969] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.548477] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.548871] page dumped because: kasan: bad access detected [ 27.549123] [ 27.549395] Memory state around the buggy address: [ 27.549621] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.549941] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.550654] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.550939] ^ [ 27.551469] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.551961] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.552525] ================================================================== [ 28.194675] ================================================================== [ 28.195067] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 28.195632] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.196274] [ 28.196385] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.196436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.196452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.196475] Call Trace: [ 28.196558] <TASK> [ 28.196576] dump_stack_lvl+0x73/0xb0 [ 28.196608] print_report+0xd1/0x640 [ 28.196633] ? __virt_addr_valid+0x1db/0x2d0 [ 28.196660] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.196683] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.196711] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.196894] kasan_report+0x141/0x180 [ 28.196921] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.196950] __asan_report_load4_noabort+0x18/0x20 [ 28.196978] kasan_atomics_helper+0x4a1c/0x5450 [ 28.197004] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.197029] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.197056] ? kasan_atomics+0x152/0x310 [ 28.197083] kasan_atomics+0x1dc/0x310 [ 28.197108] ? __pfx_kasan_atomics+0x10/0x10 [ 28.197134] ? __pfx_read_tsc+0x10/0x10 [ 28.197166] ? ktime_get_ts64+0x86/0x230 [ 28.197193] kunit_try_run_case+0x1a5/0x480 [ 28.197220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.197246] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.197272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.197299] ? __kthread_parkme+0x82/0x180 [ 28.197321] ? preempt_count_sub+0x50/0x80 [ 28.197346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.197372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.197398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.197423] kthread+0x337/0x6f0 [ 28.197445] ? trace_preempt_on+0x20/0xc0 [ 28.197485] ? __pfx_kthread+0x10/0x10 [ 28.197508] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.197533] ? calculate_sigpending+0x7b/0xa0 [ 28.197559] ? __pfx_kthread+0x10/0x10 [ 28.197582] ret_from_fork+0x116/0x1d0 [ 28.197603] ? __pfx_kthread+0x10/0x10 [ 28.197626] ret_from_fork_asm+0x1a/0x30 [ 28.197658] </TASK> [ 28.197671] [ 28.207693] Allocated by task 313: [ 28.207880] kasan_save_stack+0x45/0x70 [ 28.208225] kasan_save_track+0x18/0x40 [ 28.208487] kasan_save_alloc_info+0x3b/0x50 [ 28.208769] __kasan_kmalloc+0xb7/0xc0 [ 28.209183] __kmalloc_cache_noprof+0x189/0x420 [ 28.209471] kasan_atomics+0x95/0x310 [ 28.209756] kunit_try_run_case+0x1a5/0x480 [ 28.210041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.210403] kthread+0x337/0x6f0 [ 28.210573] ret_from_fork+0x116/0x1d0 [ 28.210948] ret_from_fork_asm+0x1a/0x30 [ 28.211253] [ 28.211332] The buggy address belongs to the object at ffff8881058a7e80 [ 28.211332] which belongs to the cache kmalloc-64 of size 64 [ 28.212167] The buggy address is located 0 bytes to the right of [ 28.212167] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.212718] [ 28.212859] The buggy address belongs to the physical page: [ 28.213057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.213378] flags: 0x200000000000000(node=0|zone=2) [ 28.214073] page_type: f5(slab) [ 28.214297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.214844] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.215309] page dumped because: kasan: bad access detected [ 28.215513] [ 28.215711] Memory state around the buggy address: [ 28.215999] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.216618] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.216960] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.217448] ^ [ 28.217628] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.218140] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.218478] ================================================================== [ 28.670782] ================================================================== [ 28.671107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 28.671639] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.672080] [ 28.672271] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.672389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.672406] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.672430] Call Trace: [ 28.672448] <TASK> [ 28.672476] dump_stack_lvl+0x73/0xb0 [ 28.672507] print_report+0xd1/0x640 [ 28.672629] ? __virt_addr_valid+0x1db/0x2d0 [ 28.672660] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.672684] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.672712] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.672737] kasan_report+0x141/0x180 [ 28.672762] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.672790] kasan_check_range+0x10c/0x1c0 [ 28.672927] __kasan_check_write+0x18/0x20 [ 28.672954] kasan_atomics_helper+0x19e3/0x5450 [ 28.672979] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.673003] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.673029] ? kasan_atomics+0x152/0x310 [ 28.673057] kasan_atomics+0x1dc/0x310 [ 28.673081] ? __pfx_kasan_atomics+0x10/0x10 [ 28.673107] ? __pfx_read_tsc+0x10/0x10 [ 28.673130] ? ktime_get_ts64+0x86/0x230 [ 28.673156] kunit_try_run_case+0x1a5/0x480 [ 28.673190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.673215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.673244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.673270] ? __kthread_parkme+0x82/0x180 [ 28.673291] ? preempt_count_sub+0x50/0x80 [ 28.673315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.673342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.673366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.673393] kthread+0x337/0x6f0 [ 28.673415] ? trace_preempt_on+0x20/0xc0 [ 28.673439] ? __pfx_kthread+0x10/0x10 [ 28.673470] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.673495] ? calculate_sigpending+0x7b/0xa0 [ 28.673520] ? __pfx_kthread+0x10/0x10 [ 28.673543] ret_from_fork+0x116/0x1d0 [ 28.673564] ? __pfx_kthread+0x10/0x10 [ 28.673587] ret_from_fork_asm+0x1a/0x30 [ 28.673620] </TASK> [ 28.673632] [ 28.683690] Allocated by task 313: [ 28.683901] kasan_save_stack+0x45/0x70 [ 28.684333] kasan_save_track+0x18/0x40 [ 28.684703] kasan_save_alloc_info+0x3b/0x50 [ 28.684958] __kasan_kmalloc+0xb7/0xc0 [ 28.685122] __kmalloc_cache_noprof+0x189/0x420 [ 28.685497] kasan_atomics+0x95/0x310 [ 28.685704] kunit_try_run_case+0x1a5/0x480 [ 28.685995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.686191] kthread+0x337/0x6f0 [ 28.686413] ret_from_fork+0x116/0x1d0 [ 28.686698] ret_from_fork_asm+0x1a/0x30 [ 28.686910] [ 28.687006] The buggy address belongs to the object at ffff8881058a7e80 [ 28.687006] which belongs to the cache kmalloc-64 of size 64 [ 28.687866] The buggy address is located 0 bytes to the right of [ 28.687866] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.688678] [ 28.688885] The buggy address belongs to the physical page: [ 28.689078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.689635] flags: 0x200000000000000(node=0|zone=2) [ 28.689996] page_type: f5(slab) [ 28.690150] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.690626] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.690955] page dumped because: kasan: bad access detected [ 28.691204] [ 28.691286] Memory state around the buggy address: [ 28.691681] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.692094] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.692600] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.692883] ^ [ 28.693202] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.693508] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.693983] ================================================================== [ 28.934189] ================================================================== [ 28.934779] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 28.935359] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.935895] [ 28.936093] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.936144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.936159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.936182] Call Trace: [ 28.936202] <TASK> [ 28.936219] dump_stack_lvl+0x73/0xb0 [ 28.936249] print_report+0xd1/0x640 [ 28.936286] ? __virt_addr_valid+0x1db/0x2d0 [ 28.936311] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.936335] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.936377] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.936401] kasan_report+0x141/0x180 [ 28.936426] ? kasan_atomics_helper+0x4f71/0x5450 [ 28.936454] __asan_report_load8_noabort+0x18/0x20 [ 28.936529] kasan_atomics_helper+0x4f71/0x5450 [ 28.936556] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.936580] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.936607] ? kasan_atomics+0x152/0x310 [ 28.936636] kasan_atomics+0x1dc/0x310 [ 28.936661] ? __pfx_kasan_atomics+0x10/0x10 [ 28.936687] ? __pfx_read_tsc+0x10/0x10 [ 28.936711] ? ktime_get_ts64+0x86/0x230 [ 28.936738] kunit_try_run_case+0x1a5/0x480 [ 28.936765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.936789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.936816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.936853] ? __kthread_parkme+0x82/0x180 [ 28.936881] ? preempt_count_sub+0x50/0x80 [ 28.936906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.936932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.936956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.936982] kthread+0x337/0x6f0 [ 28.937004] ? trace_preempt_on+0x20/0xc0 [ 28.937028] ? __pfx_kthread+0x10/0x10 [ 28.937051] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.937076] ? calculate_sigpending+0x7b/0xa0 [ 28.937101] ? __pfx_kthread+0x10/0x10 [ 28.937124] ret_from_fork+0x116/0x1d0 [ 28.937147] ? __pfx_kthread+0x10/0x10 [ 28.937180] ret_from_fork_asm+0x1a/0x30 [ 28.937214] </TASK> [ 28.937227] [ 28.950791] Allocated by task 313: [ 28.951142] kasan_save_stack+0x45/0x70 [ 28.951365] kasan_save_track+0x18/0x40 [ 28.951860] kasan_save_alloc_info+0x3b/0x50 [ 28.952253] __kasan_kmalloc+0xb7/0xc0 [ 28.952606] __kmalloc_cache_noprof+0x189/0x420 [ 28.952816] kasan_atomics+0x95/0x310 [ 28.953032] kunit_try_run_case+0x1a5/0x480 [ 28.953439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.953907] kthread+0x337/0x6f0 [ 28.954286] ret_from_fork+0x116/0x1d0 [ 28.954476] ret_from_fork_asm+0x1a/0x30 [ 28.954821] [ 28.954953] The buggy address belongs to the object at ffff8881058a7e80 [ 28.954953] which belongs to the cache kmalloc-64 of size 64 [ 28.955787] The buggy address is located 0 bytes to the right of [ 28.955787] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.956638] [ 28.956789] The buggy address belongs to the physical page: [ 28.956988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.957569] flags: 0x200000000000000(node=0|zone=2) [ 28.958175] page_type: f5(slab) [ 28.958477] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.958968] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.959528] page dumped because: kasan: bad access detected [ 28.959864] [ 28.959969] Memory state around the buggy address: [ 28.960401] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.960824] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.961382] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.961909] ^ [ 28.962257] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.962751] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.963387] ================================================================== [ 28.006314] ================================================================== [ 28.006955] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.007582] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.007818] [ 28.007921] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.007973] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.007988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.008012] Call Trace: [ 28.008029] <TASK> [ 28.008047] dump_stack_lvl+0x73/0xb0 [ 28.008076] print_report+0xd1/0x640 [ 28.008101] ? __virt_addr_valid+0x1db/0x2d0 [ 28.008127] ? kasan_atomics_helper+0xd47/0x5450 [ 28.008150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.008178] ? kasan_atomics_helper+0xd47/0x5450 [ 28.008201] kasan_report+0x141/0x180 [ 28.008226] ? kasan_atomics_helper+0xd47/0x5450 [ 28.008253] kasan_check_range+0x10c/0x1c0 [ 28.008279] __kasan_check_write+0x18/0x20 [ 28.008305] kasan_atomics_helper+0xd47/0x5450 [ 28.008329] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.008353] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.008381] ? kasan_atomics+0x152/0x310 [ 28.008410] kasan_atomics+0x1dc/0x310 [ 28.008436] ? __pfx_kasan_atomics+0x10/0x10 [ 28.008463] ? __pfx_read_tsc+0x10/0x10 [ 28.008487] ? ktime_get_ts64+0x86/0x230 [ 28.008514] kunit_try_run_case+0x1a5/0x480 [ 28.008552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.008577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.008607] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.008634] ? __kthread_parkme+0x82/0x180 [ 28.008657] ? preempt_count_sub+0x50/0x80 [ 28.008681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.008708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.008734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.008759] kthread+0x337/0x6f0 [ 28.008782] ? trace_preempt_on+0x20/0xc0 [ 28.008806] ? __pfx_kthread+0x10/0x10 [ 28.008838] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.008863] ? calculate_sigpending+0x7b/0xa0 [ 28.008894] ? __pfx_kthread+0x10/0x10 [ 28.008918] ret_from_fork+0x116/0x1d0 [ 28.008940] ? __pfx_kthread+0x10/0x10 [ 28.008962] ret_from_fork_asm+0x1a/0x30 [ 28.008996] </TASK> [ 28.009008] [ 28.023287] Allocated by task 313: [ 28.023426] kasan_save_stack+0x45/0x70 [ 28.023823] kasan_save_track+0x18/0x40 [ 28.024193] kasan_save_alloc_info+0x3b/0x50 [ 28.024794] __kasan_kmalloc+0xb7/0xc0 [ 28.025172] __kmalloc_cache_noprof+0x189/0x420 [ 28.025681] kasan_atomics+0x95/0x310 [ 28.025853] kunit_try_run_case+0x1a5/0x480 [ 28.026008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.026233] kthread+0x337/0x6f0 [ 28.026531] ret_from_fork+0x116/0x1d0 [ 28.026954] ret_from_fork_asm+0x1a/0x30 [ 28.027358] [ 28.027532] The buggy address belongs to the object at ffff8881058a7e80 [ 28.027532] which belongs to the cache kmalloc-64 of size 64 [ 28.028744] The buggy address is located 0 bytes to the right of [ 28.028744] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.029845] [ 28.030018] The buggy address belongs to the physical page: [ 28.030545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.030796] flags: 0x200000000000000(node=0|zone=2) [ 28.030980] page_type: f5(slab) [ 28.031103] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.031354] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.031811] page dumped because: kasan: bad access detected [ 28.032032] [ 28.032114] Memory state around the buggy address: [ 28.032552] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.032854] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.033141] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.033468] ^ [ 28.033674] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.033951] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.034271] ================================================================== [ 28.419886] ================================================================== [ 28.420121] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 28.420377] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.420753] [ 28.420894] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.420958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.420972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.421006] Call Trace: [ 28.421024] <TASK> [ 28.421041] dump_stack_lvl+0x73/0xb0 [ 28.421070] print_report+0xd1/0x640 [ 28.421094] ? __virt_addr_valid+0x1db/0x2d0 [ 28.421118] ? kasan_atomics_helper+0x1467/0x5450 [ 28.421141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.421169] ? kasan_atomics_helper+0x1467/0x5450 [ 28.421363] kasan_report+0x141/0x180 [ 28.421405] ? kasan_atomics_helper+0x1467/0x5450 [ 28.421435] kasan_check_range+0x10c/0x1c0 [ 28.421462] __kasan_check_write+0x18/0x20 [ 28.421487] kasan_atomics_helper+0x1467/0x5450 [ 28.421514] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.421538] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.421565] ? kasan_atomics+0x152/0x310 [ 28.421593] kasan_atomics+0x1dc/0x310 [ 28.421617] ? __pfx_kasan_atomics+0x10/0x10 [ 28.421643] ? __pfx_read_tsc+0x10/0x10 [ 28.421667] ? ktime_get_ts64+0x86/0x230 [ 28.421693] kunit_try_run_case+0x1a5/0x480 [ 28.421720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.421744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.421772] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.421799] ? __kthread_parkme+0x82/0x180 [ 28.421821] ? preempt_count_sub+0x50/0x80 [ 28.421858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.421884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.421910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.421936] kthread+0x337/0x6f0 [ 28.421967] ? trace_preempt_on+0x20/0xc0 [ 28.421992] ? __pfx_kthread+0x10/0x10 [ 28.422014] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.422136] ? calculate_sigpending+0x7b/0xa0 [ 28.422179] ? __pfx_kthread+0x10/0x10 [ 28.422220] ret_from_fork+0x116/0x1d0 [ 28.422243] ? __pfx_kthread+0x10/0x10 [ 28.422277] ret_from_fork_asm+0x1a/0x30 [ 28.422310] </TASK> [ 28.422323] [ 28.434210] Allocated by task 313: [ 28.434383] kasan_save_stack+0x45/0x70 [ 28.434793] kasan_save_track+0x18/0x40 [ 28.435000] kasan_save_alloc_info+0x3b/0x50 [ 28.435429] __kasan_kmalloc+0xb7/0xc0 [ 28.435741] __kmalloc_cache_noprof+0x189/0x420 [ 28.435958] kasan_atomics+0x95/0x310 [ 28.436113] kunit_try_run_case+0x1a5/0x480 [ 28.436535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.437120] kthread+0x337/0x6f0 [ 28.437301] ret_from_fork+0x116/0x1d0 [ 28.437699] ret_from_fork_asm+0x1a/0x30 [ 28.438054] [ 28.438163] The buggy address belongs to the object at ffff8881058a7e80 [ 28.438163] which belongs to the cache kmalloc-64 of size 64 [ 28.438884] The buggy address is located 0 bytes to the right of [ 28.438884] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.439722] [ 28.439821] The buggy address belongs to the physical page: [ 28.440054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.440793] flags: 0x200000000000000(node=0|zone=2) [ 28.441417] page_type: f5(slab) [ 28.441760] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.442074] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.442802] page dumped because: kasan: bad access detected [ 28.443044] [ 28.443131] Memory state around the buggy address: [ 28.443582] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.443893] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.444396] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.444894] ^ [ 28.445582] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.445905] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.446127] ================================================================== [ 28.394593] ================================================================== [ 28.394823] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 28.395076] Read of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.395303] [ 28.395385] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.395434] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.395449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.395470] Call Trace: [ 28.395486] <TASK> [ 28.395501] dump_stack_lvl+0x73/0xb0 [ 28.395527] print_report+0xd1/0x640 [ 28.395550] ? __virt_addr_valid+0x1db/0x2d0 [ 28.395575] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.395598] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.395626] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.395649] kasan_report+0x141/0x180 [ 28.395673] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.395701] __asan_report_load8_noabort+0x18/0x20 [ 28.395740] kasan_atomics_helper+0x4eae/0x5450 [ 28.395766] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.395790] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.395816] ? kasan_atomics+0x152/0x310 [ 28.395853] kasan_atomics+0x1dc/0x310 [ 28.395878] ? __pfx_kasan_atomics+0x10/0x10 [ 28.395905] ? __pfx_read_tsc+0x10/0x10 [ 28.395929] ? ktime_get_ts64+0x86/0x230 [ 28.395954] kunit_try_run_case+0x1a5/0x480 [ 28.395981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.396006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.396033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.396060] ? __kthread_parkme+0x82/0x180 [ 28.396082] ? preempt_count_sub+0x50/0x80 [ 28.396107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.396133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.396159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.396185] kthread+0x337/0x6f0 [ 28.396207] ? trace_preempt_on+0x20/0xc0 [ 28.396231] ? __pfx_kthread+0x10/0x10 [ 28.396254] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.396279] ? calculate_sigpending+0x7b/0xa0 [ 28.396305] ? __pfx_kthread+0x10/0x10 [ 28.396327] ret_from_fork+0x116/0x1d0 [ 28.396349] ? __pfx_kthread+0x10/0x10 [ 28.396372] ret_from_fork_asm+0x1a/0x30 [ 28.396404] </TASK> [ 28.396416] [ 28.405328] Allocated by task 313: [ 28.405460] kasan_save_stack+0x45/0x70 [ 28.405604] kasan_save_track+0x18/0x40 [ 28.405740] kasan_save_alloc_info+0x3b/0x50 [ 28.405902] __kasan_kmalloc+0xb7/0xc0 [ 28.406036] __kmalloc_cache_noprof+0x189/0x420 [ 28.406193] kasan_atomics+0x95/0x310 [ 28.406326] kunit_try_run_case+0x1a5/0x480 [ 28.406719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.406985] kthread+0x337/0x6f0 [ 28.407155] ret_from_fork+0x116/0x1d0 [ 28.407347] ret_from_fork_asm+0x1a/0x30 [ 28.407540] [ 28.407633] The buggy address belongs to the object at ffff8881058a7e80 [ 28.407633] which belongs to the cache kmalloc-64 of size 64 [ 28.408179] The buggy address is located 0 bytes to the right of [ 28.408179] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.408742] [ 28.408934] The buggy address belongs to the physical page: [ 28.409192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.411753] flags: 0x200000000000000(node=0|zone=2) [ 28.412601] page_type: f5(slab) [ 28.413078] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.413863] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.414108] page dumped because: kasan: bad access detected [ 28.414887] [ 28.415377] Memory state around the buggy address: [ 28.416332] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.417646] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.417913] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.418145] ^ [ 28.418312] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.418863] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.419481] ================================================================== [ 28.517076] ================================================================== [ 28.517383] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 28.517763] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.518048] [ 28.518135] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.518186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.518201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.518225] Call Trace: [ 28.518244] <TASK> [ 28.518260] dump_stack_lvl+0x73/0xb0 [ 28.518288] print_report+0xd1/0x640 [ 28.518313] ? __virt_addr_valid+0x1db/0x2d0 [ 28.518338] ? kasan_atomics_helper+0x164f/0x5450 [ 28.518362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.518390] ? kasan_atomics_helper+0x164f/0x5450 [ 28.518413] kasan_report+0x141/0x180 [ 28.518438] ? kasan_atomics_helper+0x164f/0x5450 [ 28.518466] kasan_check_range+0x10c/0x1c0 [ 28.518492] __kasan_check_write+0x18/0x20 [ 28.518517] kasan_atomics_helper+0x164f/0x5450 [ 28.518543] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.518567] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.518593] ? kasan_atomics+0x152/0x310 [ 28.518621] kasan_atomics+0x1dc/0x310 [ 28.518645] ? __pfx_kasan_atomics+0x10/0x10 [ 28.518672] ? __pfx_read_tsc+0x10/0x10 [ 28.518695] ? ktime_get_ts64+0x86/0x230 [ 28.518722] kunit_try_run_case+0x1a5/0x480 [ 28.518748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.518773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.518799] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.518827] ? __kthread_parkme+0x82/0x180 [ 28.518861] ? preempt_count_sub+0x50/0x80 [ 28.518886] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.518912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.518938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.518964] kthread+0x337/0x6f0 [ 28.518987] ? trace_preempt_on+0x20/0xc0 [ 28.519013] ? __pfx_kthread+0x10/0x10 [ 28.519036] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.519061] ? calculate_sigpending+0x7b/0xa0 [ 28.519087] ? __pfx_kthread+0x10/0x10 [ 28.519110] ret_from_fork+0x116/0x1d0 [ 28.519132] ? __pfx_kthread+0x10/0x10 [ 28.519154] ret_from_fork_asm+0x1a/0x30 [ 28.519242] </TASK> [ 28.519255] [ 28.528222] Allocated by task 313: [ 28.528365] kasan_save_stack+0x45/0x70 [ 28.528540] kasan_save_track+0x18/0x40 [ 28.528738] kasan_save_alloc_info+0x3b/0x50 [ 28.529209] __kasan_kmalloc+0xb7/0xc0 [ 28.529389] __kmalloc_cache_noprof+0x189/0x420 [ 28.529749] kasan_atomics+0x95/0x310 [ 28.529954] kunit_try_run_case+0x1a5/0x480 [ 28.530134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.530325] kthread+0x337/0x6f0 [ 28.530448] ret_from_fork+0x116/0x1d0 [ 28.530581] ret_from_fork_asm+0x1a/0x30 [ 28.530722] [ 28.530793] The buggy address belongs to the object at ffff8881058a7e80 [ 28.530793] which belongs to the cache kmalloc-64 of size 64 [ 28.531168] The buggy address is located 0 bytes to the right of [ 28.531168] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.531739] [ 28.531841] The buggy address belongs to the physical page: [ 28.532092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.532444] flags: 0x200000000000000(node=0|zone=2) [ 28.532725] page_type: f5(slab) [ 28.532862] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.533104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.533334] page dumped because: kasan: bad access detected [ 28.533512] [ 28.533650] Memory state around the buggy address: [ 28.533889] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.534268] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.534784] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.535120] ^ [ 28.535592] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.535872] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.536157] ================================================================== [ 28.497478] ================================================================== [ 28.497789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 28.498101] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.498491] [ 28.498601] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.498652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.498667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.498689] Call Trace: [ 28.498706] <TASK> [ 28.498723] dump_stack_lvl+0x73/0xb0 [ 28.498751] print_report+0xd1/0x640 [ 28.498776] ? __virt_addr_valid+0x1db/0x2d0 [ 28.498802] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.498825] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.498864] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.498888] kasan_report+0x141/0x180 [ 28.498912] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.498942] kasan_check_range+0x10c/0x1c0 [ 28.498969] __kasan_check_write+0x18/0x20 [ 28.498994] kasan_atomics_helper+0x15b6/0x5450 [ 28.499019] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.499043] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.499070] ? kasan_atomics+0x152/0x310 [ 28.499098] kasan_atomics+0x1dc/0x310 [ 28.499122] ? __pfx_kasan_atomics+0x10/0x10 [ 28.499149] ? __pfx_read_tsc+0x10/0x10 [ 28.499172] ? ktime_get_ts64+0x86/0x230 [ 28.499198] kunit_try_run_case+0x1a5/0x480 [ 28.499225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.499251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.499280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.499307] ? __kthread_parkme+0x82/0x180 [ 28.499329] ? preempt_count_sub+0x50/0x80 [ 28.499354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.499381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.499406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.499433] kthread+0x337/0x6f0 [ 28.499454] ? trace_preempt_on+0x20/0xc0 [ 28.499479] ? __pfx_kthread+0x10/0x10 [ 28.499502] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.499528] ? calculate_sigpending+0x7b/0xa0 [ 28.499554] ? __pfx_kthread+0x10/0x10 [ 28.499578] ret_from_fork+0x116/0x1d0 [ 28.499599] ? __pfx_kthread+0x10/0x10 [ 28.499622] ret_from_fork_asm+0x1a/0x30 [ 28.499654] </TASK> [ 28.499667] [ 28.507775] Allocated by task 313: [ 28.507929] kasan_save_stack+0x45/0x70 [ 28.508099] kasan_save_track+0x18/0x40 [ 28.508445] kasan_save_alloc_info+0x3b/0x50 [ 28.508705] __kasan_kmalloc+0xb7/0xc0 [ 28.508915] __kmalloc_cache_noprof+0x189/0x420 [ 28.509140] kasan_atomics+0x95/0x310 [ 28.509343] kunit_try_run_case+0x1a5/0x480 [ 28.509703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.509946] kthread+0x337/0x6f0 [ 28.510120] ret_from_fork+0x116/0x1d0 [ 28.510346] ret_from_fork_asm+0x1a/0x30 [ 28.510610] [ 28.510689] The buggy address belongs to the object at ffff8881058a7e80 [ 28.510689] which belongs to the cache kmalloc-64 of size 64 [ 28.511210] The buggy address is located 0 bytes to the right of [ 28.511210] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.511851] [ 28.511938] The buggy address belongs to the physical page: [ 28.512188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.512577] flags: 0x200000000000000(node=0|zone=2) [ 28.512785] page_type: f5(slab) [ 28.512964] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.513205] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.513435] page dumped because: kasan: bad access detected [ 28.513608] [ 28.513676] Memory state around the buggy address: [ 28.513840] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.514159] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.514820] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.515155] ^ [ 28.515327] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.515957] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.516344] ================================================================== [ 28.073725] ================================================================== [ 28.073998] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.074231] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.074523] [ 28.075642] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.075695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.075710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.075732] Call Trace: [ 28.075749] <TASK> [ 28.075764] dump_stack_lvl+0x73/0xb0 [ 28.075794] print_report+0xd1/0x640 [ 28.075820] ? __virt_addr_valid+0x1db/0x2d0 [ 28.075860] ? kasan_atomics_helper+0xf10/0x5450 [ 28.075885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.075914] ? kasan_atomics_helper+0xf10/0x5450 [ 28.075938] kasan_report+0x141/0x180 [ 28.075962] ? kasan_atomics_helper+0xf10/0x5450 [ 28.075990] kasan_check_range+0x10c/0x1c0 [ 28.076016] __kasan_check_write+0x18/0x20 [ 28.076042] kasan_atomics_helper+0xf10/0x5450 [ 28.076067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.076091] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.076117] ? kasan_atomics+0x152/0x310 [ 28.076145] kasan_atomics+0x1dc/0x310 [ 28.076801] ? __pfx_kasan_atomics+0x10/0x10 [ 28.076850] ? __pfx_read_tsc+0x10/0x10 [ 28.076880] ? ktime_get_ts64+0x86/0x230 [ 28.076908] kunit_try_run_case+0x1a5/0x480 [ 28.076936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.076961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.076988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.077016] ? __kthread_parkme+0x82/0x180 [ 28.077037] ? preempt_count_sub+0x50/0x80 [ 28.077062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.077088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.077114] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.077139] kthread+0x337/0x6f0 [ 28.077409] ? trace_preempt_on+0x20/0xc0 [ 28.077437] ? __pfx_kthread+0x10/0x10 [ 28.077508] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.077537] ? calculate_sigpending+0x7b/0xa0 [ 28.077563] ? __pfx_kthread+0x10/0x10 [ 28.077586] ret_from_fork+0x116/0x1d0 [ 28.077607] ? __pfx_kthread+0x10/0x10 [ 28.077630] ret_from_fork_asm+0x1a/0x30 [ 28.077663] </TASK> [ 28.077676] [ 28.087655] Allocated by task 313: [ 28.088433] kasan_save_stack+0x45/0x70 [ 28.088951] kasan_save_track+0x18/0x40 [ 28.089617] kasan_save_alloc_info+0x3b/0x50 [ 28.090255] __kasan_kmalloc+0xb7/0xc0 [ 28.090923] __kmalloc_cache_noprof+0x189/0x420 [ 28.091651] kasan_atomics+0x95/0x310 [ 28.092304] kunit_try_run_case+0x1a5/0x480 [ 28.093092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.093951] kthread+0x337/0x6f0 [ 28.094559] ret_from_fork+0x116/0x1d0 [ 28.095257] ret_from_fork_asm+0x1a/0x30 [ 28.095905] [ 28.096308] The buggy address belongs to the object at ffff8881058a7e80 [ 28.096308] which belongs to the cache kmalloc-64 of size 64 [ 28.098153] The buggy address is located 0 bytes to the right of [ 28.098153] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.099925] [ 28.100397] The buggy address belongs to the physical page: [ 28.101041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.101838] flags: 0x200000000000000(node=0|zone=2) [ 28.102514] page_type: f5(slab) [ 28.102652] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.102904] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.103138] page dumped because: kasan: bad access detected [ 28.103625] [ 28.103872] Memory state around the buggy address: [ 28.104281] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.105119] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.105885] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.106640] ^ [ 28.107096] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.107708] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.108239] ================================================================== [ 28.727087] ================================================================== [ 28.727475] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 28.727794] Write of size 8 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.728093] [ 28.728197] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.728246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.728261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.728285] Call Trace: [ 28.728303] <TASK> [ 28.728318] dump_stack_lvl+0x73/0xb0 [ 28.728348] print_report+0xd1/0x640 [ 28.728373] ? __virt_addr_valid+0x1db/0x2d0 [ 28.728399] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.728422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.728450] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.728473] kasan_report+0x141/0x180 [ 28.728497] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.728525] kasan_check_range+0x10c/0x1c0 [ 28.728551] __kasan_check_write+0x18/0x20 [ 28.728575] kasan_atomics_helper+0x1b22/0x5450 [ 28.728600] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.728623] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.728649] ? kasan_atomics+0x152/0x310 [ 28.728677] kasan_atomics+0x1dc/0x310 [ 28.728702] ? __pfx_kasan_atomics+0x10/0x10 [ 28.728727] ? __pfx_read_tsc+0x10/0x10 [ 28.728751] ? ktime_get_ts64+0x86/0x230 [ 28.728777] kunit_try_run_case+0x1a5/0x480 [ 28.728803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.728828] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.728874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.728902] ? __kthread_parkme+0x82/0x180 [ 28.728923] ? preempt_count_sub+0x50/0x80 [ 28.728948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.728974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.728999] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.729024] kthread+0x337/0x6f0 [ 28.729046] ? trace_preempt_on+0x20/0xc0 [ 28.729071] ? __pfx_kthread+0x10/0x10 [ 28.729093] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.729118] ? calculate_sigpending+0x7b/0xa0 [ 28.729144] ? __pfx_kthread+0x10/0x10 [ 28.729167] ret_from_fork+0x116/0x1d0 [ 28.729189] ? __pfx_kthread+0x10/0x10 [ 28.729211] ret_from_fork_asm+0x1a/0x30 [ 28.729243] </TASK> [ 28.729255] [ 28.736770] Allocated by task 313: [ 28.736926] kasan_save_stack+0x45/0x70 [ 28.737946] kasan_save_track+0x18/0x40 [ 28.738132] kasan_save_alloc_info+0x3b/0x50 [ 28.738282] __kasan_kmalloc+0xb7/0xc0 [ 28.738412] __kmalloc_cache_noprof+0x189/0x420 [ 28.738914] kasan_atomics+0x95/0x310 [ 28.739229] kunit_try_run_case+0x1a5/0x480 [ 28.739425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.739691] kthread+0x337/0x6f0 [ 28.739811] ret_from_fork+0x116/0x1d0 [ 28.739949] ret_from_fork_asm+0x1a/0x30 [ 28.740179] [ 28.740276] The buggy address belongs to the object at ffff8881058a7e80 [ 28.740276] which belongs to the cache kmalloc-64 of size 64 [ 28.740892] The buggy address is located 0 bytes to the right of [ 28.740892] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.741880] [ 28.741992] The buggy address belongs to the physical page: [ 28.742210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.743356] flags: 0x200000000000000(node=0|zone=2) [ 28.744128] page_type: f5(slab) [ 28.744368] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.744619] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.744872] page dumped because: kasan: bad access detected [ 28.745051] [ 28.745121] Memory state around the buggy address: [ 28.745280] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.745502] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.745723] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.746983] ^ [ 28.747960] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.749073] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.750212] ================================================================== [ 27.914296] ================================================================== [ 27.915128] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 27.915624] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.916234] [ 27.916491] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.916554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.916569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.916594] Call Trace: [ 27.916614] <TASK> [ 27.916632] dump_stack_lvl+0x73/0xb0 [ 27.916662] print_report+0xd1/0x640 [ 27.916687] ? __virt_addr_valid+0x1db/0x2d0 [ 27.916712] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.916737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.916767] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.916791] kasan_report+0x141/0x180 [ 27.916816] ? kasan_atomics_helper+0xb6a/0x5450 [ 27.916855] kasan_check_range+0x10c/0x1c0 [ 27.916885] __kasan_check_write+0x18/0x20 [ 27.916911] kasan_atomics_helper+0xb6a/0x5450 [ 27.916936] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.916960] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.916987] ? kasan_atomics+0x152/0x310 [ 27.917015] kasan_atomics+0x1dc/0x310 [ 27.917040] ? __pfx_kasan_atomics+0x10/0x10 [ 27.917067] ? __pfx_read_tsc+0x10/0x10 [ 27.917091] ? ktime_get_ts64+0x86/0x230 [ 27.917117] kunit_try_run_case+0x1a5/0x480 [ 27.917144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.917303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.917341] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.917385] ? __kthread_parkme+0x82/0x180 [ 27.917409] ? preempt_count_sub+0x50/0x80 [ 27.917478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.917506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.917533] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.917558] kthread+0x337/0x6f0 [ 27.917580] ? trace_preempt_on+0x20/0xc0 [ 27.917607] ? __pfx_kthread+0x10/0x10 [ 27.917630] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.917655] ? calculate_sigpending+0x7b/0xa0 [ 27.917680] ? __pfx_kthread+0x10/0x10 [ 27.917703] ret_from_fork+0x116/0x1d0 [ 27.917725] ? __pfx_kthread+0x10/0x10 [ 27.917747] ret_from_fork_asm+0x1a/0x30 [ 27.917779] </TASK> [ 27.917792] [ 27.931307] Allocated by task 313: [ 27.931663] kasan_save_stack+0x45/0x70 [ 27.931868] kasan_save_track+0x18/0x40 [ 27.932053] kasan_save_alloc_info+0x3b/0x50 [ 27.932654] __kasan_kmalloc+0xb7/0xc0 [ 27.933084] __kmalloc_cache_noprof+0x189/0x420 [ 27.933374] kasan_atomics+0x95/0x310 [ 27.933752] kunit_try_run_case+0x1a5/0x480 [ 27.933976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.934502] kthread+0x337/0x6f0 [ 27.934956] ret_from_fork+0x116/0x1d0 [ 27.935326] ret_from_fork_asm+0x1a/0x30 [ 27.935809] [ 27.935936] The buggy address belongs to the object at ffff8881058a7e80 [ 27.935936] which belongs to the cache kmalloc-64 of size 64 [ 27.937000] The buggy address is located 0 bytes to the right of [ 27.937000] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.937758] [ 27.937869] The buggy address belongs to the physical page: [ 27.938091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.939060] flags: 0x200000000000000(node=0|zone=2) [ 27.939354] page_type: f5(slab) [ 27.939871] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.940599] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.940921] page dumped because: kasan: bad access detected [ 27.941148] [ 27.941497] Memory state around the buggy address: [ 27.941726] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.942022] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.942677] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.942984] ^ [ 27.943474] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.943998] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.944697] ================================================================== [ 28.141846] ================================================================== [ 28.142206] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.142693] Read of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 28.143037] [ 28.143134] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 28.143186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.143203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.143230] Call Trace: [ 28.143245] <TASK> [ 28.143262] dump_stack_lvl+0x73/0xb0 [ 28.143292] print_report+0xd1/0x640 [ 28.143316] ? __virt_addr_valid+0x1db/0x2d0 [ 28.143342] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.143365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.143394] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.143418] kasan_report+0x141/0x180 [ 28.143442] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.143483] __asan_report_load4_noabort+0x18/0x20 [ 28.143510] kasan_atomics_helper+0x4a36/0x5450 [ 28.143535] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.143560] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.143587] ? kasan_atomics+0x152/0x310 [ 28.143615] kasan_atomics+0x1dc/0x310 [ 28.143641] ? __pfx_kasan_atomics+0x10/0x10 [ 28.143667] ? __pfx_read_tsc+0x10/0x10 [ 28.143691] ? ktime_get_ts64+0x86/0x230 [ 28.143716] kunit_try_run_case+0x1a5/0x480 [ 28.143743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.143768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.143796] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.143823] ? __kthread_parkme+0x82/0x180 [ 28.143855] ? preempt_count_sub+0x50/0x80 [ 28.143880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.143907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.143933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.143960] kthread+0x337/0x6f0 [ 28.143981] ? trace_preempt_on+0x20/0xc0 [ 28.144006] ? __pfx_kthread+0x10/0x10 [ 28.144029] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.144055] ? calculate_sigpending+0x7b/0xa0 [ 28.144080] ? __pfx_kthread+0x10/0x10 [ 28.144103] ret_from_fork+0x116/0x1d0 [ 28.144124] ? __pfx_kthread+0x10/0x10 [ 28.144147] ret_from_fork_asm+0x1a/0x30 [ 28.144179] </TASK> [ 28.144193] [ 28.157189] Allocated by task 313: [ 28.157372] kasan_save_stack+0x45/0x70 [ 28.157616] kasan_save_track+0x18/0x40 [ 28.157785] kasan_save_alloc_info+0x3b/0x50 [ 28.157974] __kasan_kmalloc+0xb7/0xc0 [ 28.158134] __kmalloc_cache_noprof+0x189/0x420 [ 28.158816] kasan_atomics+0x95/0x310 [ 28.159365] kunit_try_run_case+0x1a5/0x480 [ 28.159972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.160408] kthread+0x337/0x6f0 [ 28.160751] ret_from_fork+0x116/0x1d0 [ 28.160963] ret_from_fork_asm+0x1a/0x30 [ 28.161137] [ 28.161609] The buggy address belongs to the object at ffff8881058a7e80 [ 28.161609] which belongs to the cache kmalloc-64 of size 64 [ 28.162363] The buggy address is located 0 bytes to the right of [ 28.162363] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 28.163427] [ 28.163710] The buggy address belongs to the physical page: [ 28.163966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 28.164525] flags: 0x200000000000000(node=0|zone=2) [ 28.164988] page_type: f5(slab) [ 28.165345] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.165962] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.166580] page dumped because: kasan: bad access detected [ 28.166838] [ 28.166930] Memory state around the buggy address: [ 28.167138] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.167419] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.168135] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.168741] ^ [ 28.169157] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.169646] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.170098] ================================================================== [ 27.618473] ================================================================== [ 27.618995] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 27.619374] Write of size 4 at addr ffff8881058a7eb0 by task kunit_try_catch/313 [ 27.619799] [ 27.619922] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.619972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.619989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.620011] Call Trace: [ 27.620028] <TASK> [ 27.620044] dump_stack_lvl+0x73/0xb0 [ 27.620074] print_report+0xd1/0x640 [ 27.620099] ? __virt_addr_valid+0x1db/0x2d0 [ 27.620125] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.620176] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.620204] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.620228] kasan_report+0x141/0x180 [ 27.620263] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.620290] kasan_check_range+0x10c/0x1c0 [ 27.620316] __kasan_check_write+0x18/0x20 [ 27.620341] kasan_atomics_helper+0x4a0/0x5450 [ 27.620375] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.620399] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.620424] ? kasan_atomics+0x152/0x310 [ 27.620518] kasan_atomics+0x1dc/0x310 [ 27.620549] ? __pfx_kasan_atomics+0x10/0x10 [ 27.620574] ? __pfx_read_tsc+0x10/0x10 [ 27.620598] ? ktime_get_ts64+0x86/0x230 [ 27.620623] kunit_try_run_case+0x1a5/0x480 [ 27.620651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.620675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.620702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.620730] ? __kthread_parkme+0x82/0x180 [ 27.620751] ? preempt_count_sub+0x50/0x80 [ 27.620776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.620802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.620839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.620869] kthread+0x337/0x6f0 [ 27.620891] ? trace_preempt_on+0x20/0xc0 [ 27.620917] ? __pfx_kthread+0x10/0x10 [ 27.620939] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.620964] ? calculate_sigpending+0x7b/0xa0 [ 27.620990] ? __pfx_kthread+0x10/0x10 [ 27.621012] ret_from_fork+0x116/0x1d0 [ 27.621034] ? __pfx_kthread+0x10/0x10 [ 27.621056] ret_from_fork_asm+0x1a/0x30 [ 27.621089] </TASK> [ 27.621103] [ 27.629376] Allocated by task 313: [ 27.629521] kasan_save_stack+0x45/0x70 [ 27.629672] kasan_save_track+0x18/0x40 [ 27.629813] kasan_save_alloc_info+0x3b/0x50 [ 27.630219] __kasan_kmalloc+0xb7/0xc0 [ 27.630524] __kmalloc_cache_noprof+0x189/0x420 [ 27.630757] kasan_atomics+0x95/0x310 [ 27.630960] kunit_try_run_case+0x1a5/0x480 [ 27.631172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.631463] kthread+0x337/0x6f0 [ 27.631668] ret_from_fork+0x116/0x1d0 [ 27.631871] ret_from_fork_asm+0x1a/0x30 [ 27.632071] [ 27.632185] The buggy address belongs to the object at ffff8881058a7e80 [ 27.632185] which belongs to the cache kmalloc-64 of size 64 [ 27.632742] The buggy address is located 0 bytes to the right of [ 27.632742] allocated 48-byte region [ffff8881058a7e80, ffff8881058a7eb0) [ 27.633303] [ 27.633379] The buggy address belongs to the physical page: [ 27.633622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a7 [ 27.633901] flags: 0x200000000000000(node=0|zone=2) [ 27.634148] page_type: f5(slab) [ 27.634339] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.634869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.635214] page dumped because: kasan: bad access detected [ 27.635460] [ 27.635543] Memory state around the buggy address: [ 27.635702] ffff8881058a7d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.636034] ffff8881058a7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.636522] >ffff8881058a7e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.636842] ^ [ 27.637088] ffff8881058a7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.637422] ffff8881058a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.637779] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 27.416699] ================================================================== [ 27.416978] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.417399] Read of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.417946] [ 27.418047] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.418096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.418109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.418130] Call Trace: [ 27.418145] <TASK> [ 27.418160] dump_stack_lvl+0x73/0xb0 [ 27.418190] print_report+0xd1/0x640 [ 27.418214] ? __virt_addr_valid+0x1db/0x2d0 [ 27.418239] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.418267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.418295] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.418323] kasan_report+0x141/0x180 [ 27.418346] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.418378] kasan_check_range+0x10c/0x1c0 [ 27.418403] __kasan_check_read+0x15/0x20 [ 27.418427] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.418455] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.418483] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.418509] ? trace_hardirqs_on+0x37/0xe0 [ 27.418531] ? kasan_bitops_generic+0x92/0x1c0 [ 27.418558] kasan_bitops_generic+0x121/0x1c0 [ 27.418583] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.418610] ? __pfx_read_tsc+0x10/0x10 [ 27.418632] ? ktime_get_ts64+0x86/0x230 [ 27.418658] kunit_try_run_case+0x1a5/0x480 [ 27.418684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.418796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.418826] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.418939] ? __kthread_parkme+0x82/0x180 [ 27.418961] ? preempt_count_sub+0x50/0x80 [ 27.418986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.419012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.419037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.419062] kthread+0x337/0x6f0 [ 27.419096] ? trace_preempt_on+0x20/0xc0 [ 27.419120] ? __pfx_kthread+0x10/0x10 [ 27.419142] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.419179] ? calculate_sigpending+0x7b/0xa0 [ 27.419203] ? __pfx_kthread+0x10/0x10 [ 27.419225] ret_from_fork+0x116/0x1d0 [ 27.419247] ? __pfx_kthread+0x10/0x10 [ 27.419269] ret_from_fork_asm+0x1a/0x30 [ 27.419301] </TASK> [ 27.419312] [ 27.428991] Allocated by task 309: [ 27.429127] kasan_save_stack+0x45/0x70 [ 27.429274] kasan_save_track+0x18/0x40 [ 27.429408] kasan_save_alloc_info+0x3b/0x50 [ 27.429560] __kasan_kmalloc+0xb7/0xc0 [ 27.429817] __kmalloc_cache_noprof+0x189/0x420 [ 27.430477] kasan_bitops_generic+0x92/0x1c0 [ 27.431086] kunit_try_run_case+0x1a5/0x480 [ 27.432080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.432777] kthread+0x337/0x6f0 [ 27.433297] ret_from_fork+0x116/0x1d0 [ 27.433935] ret_from_fork_asm+0x1a/0x30 [ 27.434105] [ 27.434416] The buggy address belongs to the object at ffff888104919c80 [ 27.434416] which belongs to the cache kmalloc-16 of size 16 [ 27.435927] The buggy address is located 8 bytes inside of [ 27.435927] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.437186] [ 27.437374] The buggy address belongs to the physical page: [ 27.437874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.438439] flags: 0x200000000000000(node=0|zone=2) [ 27.438714] page_type: f5(slab) [ 27.438896] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.439230] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.439643] page dumped because: kasan: bad access detected [ 27.439999] [ 27.440105] Memory state around the buggy address: [ 27.440522] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.440766] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.441365] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.441744] ^ [ 27.442278] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.442730] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.443152] ================================================================== [ 27.443939] ================================================================== [ 27.444394] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.445419] Read of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.445810] [ 27.446363] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.446420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.446434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.446512] Call Trace: [ 27.446531] <TASK> [ 27.446547] dump_stack_lvl+0x73/0xb0 [ 27.446579] print_report+0xd1/0x640 [ 27.446689] ? __virt_addr_valid+0x1db/0x2d0 [ 27.446715] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.446743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.446769] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.446798] kasan_report+0x141/0x180 [ 27.446820] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.446867] __asan_report_load8_noabort+0x18/0x20 [ 27.446892] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.446920] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.446949] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.446974] ? trace_hardirqs_on+0x37/0xe0 [ 27.446997] ? kasan_bitops_generic+0x92/0x1c0 [ 27.447025] kasan_bitops_generic+0x121/0x1c0 [ 27.447050] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.447075] ? __pfx_read_tsc+0x10/0x10 [ 27.447097] ? ktime_get_ts64+0x86/0x230 [ 27.447124] kunit_try_run_case+0x1a5/0x480 [ 27.447150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.447175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.447201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.447227] ? __kthread_parkme+0x82/0x180 [ 27.447248] ? preempt_count_sub+0x50/0x80 [ 27.447273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.447297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.447321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.447346] kthread+0x337/0x6f0 [ 27.447367] ? trace_preempt_on+0x20/0xc0 [ 27.447390] ? __pfx_kthread+0x10/0x10 [ 27.447412] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.447435] ? calculate_sigpending+0x7b/0xa0 [ 27.447479] ? __pfx_kthread+0x10/0x10 [ 27.447501] ret_from_fork+0x116/0x1d0 [ 27.447522] ? __pfx_kthread+0x10/0x10 [ 27.447543] ret_from_fork_asm+0x1a/0x30 [ 27.447574] </TASK> [ 27.447585] [ 27.459079] Allocated by task 309: [ 27.459394] kasan_save_stack+0x45/0x70 [ 27.459655] kasan_save_track+0x18/0x40 [ 27.460309] kasan_save_alloc_info+0x3b/0x50 [ 27.460565] __kasan_kmalloc+0xb7/0xc0 [ 27.460769] __kmalloc_cache_noprof+0x189/0x420 [ 27.461008] kasan_bitops_generic+0x92/0x1c0 [ 27.461219] kunit_try_run_case+0x1a5/0x480 [ 27.461435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.461765] kthread+0x337/0x6f0 [ 27.461957] ret_from_fork+0x116/0x1d0 [ 27.462115] ret_from_fork_asm+0x1a/0x30 [ 27.462279] [ 27.462381] The buggy address belongs to the object at ffff888104919c80 [ 27.462381] which belongs to the cache kmalloc-16 of size 16 [ 27.462943] The buggy address is located 8 bytes inside of [ 27.462943] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.463638] [ 27.463713] The buggy address belongs to the physical page: [ 27.463987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.464368] flags: 0x200000000000000(node=0|zone=2) [ 27.464725] page_type: f5(slab) [ 27.464908] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.465202] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.465547] page dumped because: kasan: bad access detected [ 27.465896] [ 27.465984] Memory state around the buggy address: [ 27.466198] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.466506] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.466955] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.467248] ^ [ 27.467451] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.467667] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.468280] ================================================================== [ 27.299761] ================================================================== [ 27.300104] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.300678] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.301063] [ 27.301175] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.301222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.301235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.301258] Call Trace: [ 27.301272] <TASK> [ 27.301297] dump_stack_lvl+0x73/0xb0 [ 27.301325] print_report+0xd1/0x640 [ 27.301349] ? __virt_addr_valid+0x1db/0x2d0 [ 27.301384] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.301412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.301439] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.301507] kasan_report+0x141/0x180 [ 27.301534] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.301573] kasan_check_range+0x10c/0x1c0 [ 27.301598] __kasan_check_write+0x18/0x20 [ 27.301623] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.301651] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.301681] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.301705] ? trace_hardirqs_on+0x37/0xe0 [ 27.301727] ? kasan_bitops_generic+0x92/0x1c0 [ 27.301756] kasan_bitops_generic+0x121/0x1c0 [ 27.301781] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.301806] ? __pfx_read_tsc+0x10/0x10 [ 27.301838] ? ktime_get_ts64+0x86/0x230 [ 27.301865] kunit_try_run_case+0x1a5/0x480 [ 27.301890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.301914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.301941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.301967] ? __kthread_parkme+0x82/0x180 [ 27.301989] ? preempt_count_sub+0x50/0x80 [ 27.302013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.302038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.302063] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.302088] kthread+0x337/0x6f0 [ 27.302108] ? trace_preempt_on+0x20/0xc0 [ 27.302131] ? __pfx_kthread+0x10/0x10 [ 27.302153] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.302177] ? calculate_sigpending+0x7b/0xa0 [ 27.302250] ? __pfx_kthread+0x10/0x10 [ 27.302273] ret_from_fork+0x116/0x1d0 [ 27.302293] ? __pfx_kthread+0x10/0x10 [ 27.302315] ret_from_fork_asm+0x1a/0x30 [ 27.302346] </TASK> [ 27.302358] [ 27.317837] Allocated by task 309: [ 27.317976] kasan_save_stack+0x45/0x70 [ 27.318126] kasan_save_track+0x18/0x40 [ 27.318297] kasan_save_alloc_info+0x3b/0x50 [ 27.318450] __kasan_kmalloc+0xb7/0xc0 [ 27.318760] __kmalloc_cache_noprof+0x189/0x420 [ 27.319046] kasan_bitops_generic+0x92/0x1c0 [ 27.319262] kunit_try_run_case+0x1a5/0x480 [ 27.319412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.319662] kthread+0x337/0x6f0 [ 27.320038] ret_from_fork+0x116/0x1d0 [ 27.320282] ret_from_fork_asm+0x1a/0x30 [ 27.320432] [ 27.320617] The buggy address belongs to the object at ffff888104919c80 [ 27.320617] which belongs to the cache kmalloc-16 of size 16 [ 27.321152] The buggy address is located 8 bytes inside of [ 27.321152] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.321604] [ 27.321688] The buggy address belongs to the physical page: [ 27.321990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.322361] flags: 0x200000000000000(node=0|zone=2) [ 27.322565] page_type: f5(slab) [ 27.322730] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.323080] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.323364] page dumped because: kasan: bad access detected [ 27.323681] [ 27.323770] Memory state around the buggy address: [ 27.323998] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.324524] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.325105] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.325514] ^ [ 27.325676] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.325982] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.326359] ================================================================== [ 27.372317] ================================================================== [ 27.373010] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.373827] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.374220] [ 27.374308] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.374356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.374368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.374390] Call Trace: [ 27.374405] <TASK> [ 27.374418] dump_stack_lvl+0x73/0xb0 [ 27.374449] print_report+0xd1/0x640 [ 27.374571] ? __virt_addr_valid+0x1db/0x2d0 [ 27.374598] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.374665] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.374693] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.374723] kasan_report+0x141/0x180 [ 27.374757] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.374789] kasan_check_range+0x10c/0x1c0 [ 27.374814] __kasan_check_write+0x18/0x20 [ 27.374875] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.374903] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.374943] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.374968] ? trace_hardirqs_on+0x37/0xe0 [ 27.374991] ? kasan_bitops_generic+0x92/0x1c0 [ 27.375019] kasan_bitops_generic+0x121/0x1c0 [ 27.375043] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.375069] ? __pfx_read_tsc+0x10/0x10 [ 27.375091] ? ktime_get_ts64+0x86/0x230 [ 27.375115] kunit_try_run_case+0x1a5/0x480 [ 27.375140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.375175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.375201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.375228] ? __kthread_parkme+0x82/0x180 [ 27.375249] ? preempt_count_sub+0x50/0x80 [ 27.375300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.375326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.375351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.375387] kthread+0x337/0x6f0 [ 27.375409] ? trace_preempt_on+0x20/0xc0 [ 27.375449] ? __pfx_kthread+0x10/0x10 [ 27.375480] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.375504] ? calculate_sigpending+0x7b/0xa0 [ 27.375529] ? __pfx_kthread+0x10/0x10 [ 27.375603] ret_from_fork+0x116/0x1d0 [ 27.375656] ? __pfx_kthread+0x10/0x10 [ 27.375678] ret_from_fork_asm+0x1a/0x30 [ 27.375710] </TASK> [ 27.375733] [ 27.386447] Allocated by task 309: [ 27.386626] kasan_save_stack+0x45/0x70 [ 27.386776] kasan_save_track+0x18/0x40 [ 27.386956] kasan_save_alloc_info+0x3b/0x50 [ 27.387109] __kasan_kmalloc+0xb7/0xc0 [ 27.387242] __kmalloc_cache_noprof+0x189/0x420 [ 27.387459] kasan_bitops_generic+0x92/0x1c0 [ 27.387847] kunit_try_run_case+0x1a5/0x480 [ 27.388110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.388296] kthread+0x337/0x6f0 [ 27.388422] ret_from_fork+0x116/0x1d0 [ 27.388557] ret_from_fork_asm+0x1a/0x30 [ 27.388697] [ 27.388918] The buggy address belongs to the object at ffff888104919c80 [ 27.388918] which belongs to the cache kmalloc-16 of size 16 [ 27.389459] The buggy address is located 8 bytes inside of [ 27.389459] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.390148] [ 27.390256] The buggy address belongs to the physical page: [ 27.390612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.391005] flags: 0x200000000000000(node=0|zone=2) [ 27.391174] page_type: f5(slab) [ 27.391294] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.391905] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.392263] page dumped because: kasan: bad access detected [ 27.392439] [ 27.392507] Memory state around the buggy address: [ 27.392662] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.393041] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.393361] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.393868] ^ [ 27.394163] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.394538] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.394873] ================================================================== [ 27.395330] ================================================================== [ 27.395699] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.396103] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.396493] [ 27.396574] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.396619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.396631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.396654] Call Trace: [ 27.396669] <TASK> [ 27.396683] dump_stack_lvl+0x73/0xb0 [ 27.396712] print_report+0xd1/0x640 [ 27.396735] ? __virt_addr_valid+0x1db/0x2d0 [ 27.396759] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.396787] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.396880] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.396914] kasan_report+0x141/0x180 [ 27.396938] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.396982] kasan_check_range+0x10c/0x1c0 [ 27.397006] __kasan_check_write+0x18/0x20 [ 27.397031] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.397072] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.397101] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.397127] ? trace_hardirqs_on+0x37/0xe0 [ 27.397149] ? kasan_bitops_generic+0x92/0x1c0 [ 27.397178] kasan_bitops_generic+0x121/0x1c0 [ 27.397202] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.397227] ? __pfx_read_tsc+0x10/0x10 [ 27.397250] ? ktime_get_ts64+0x86/0x230 [ 27.397275] kunit_try_run_case+0x1a5/0x480 [ 27.397300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.397324] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.397351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.397377] ? __kthread_parkme+0x82/0x180 [ 27.397398] ? preempt_count_sub+0x50/0x80 [ 27.397422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.397447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.397473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.397498] kthread+0x337/0x6f0 [ 27.397529] ? trace_preempt_on+0x20/0xc0 [ 27.397552] ? __pfx_kthread+0x10/0x10 [ 27.397696] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.397734] ? calculate_sigpending+0x7b/0xa0 [ 27.397759] ? __pfx_kthread+0x10/0x10 [ 27.397840] ret_from_fork+0x116/0x1d0 [ 27.397863] ? __pfx_kthread+0x10/0x10 [ 27.397885] ret_from_fork_asm+0x1a/0x30 [ 27.397917] </TASK> [ 27.397928] [ 27.407629] Allocated by task 309: [ 27.407844] kasan_save_stack+0x45/0x70 [ 27.407995] kasan_save_track+0x18/0x40 [ 27.408198] kasan_save_alloc_info+0x3b/0x50 [ 27.408429] __kasan_kmalloc+0xb7/0xc0 [ 27.408648] __kmalloc_cache_noprof+0x189/0x420 [ 27.408878] kasan_bitops_generic+0x92/0x1c0 [ 27.409107] kunit_try_run_case+0x1a5/0x480 [ 27.409324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.409747] kthread+0x337/0x6f0 [ 27.409906] ret_from_fork+0x116/0x1d0 [ 27.410132] ret_from_fork_asm+0x1a/0x30 [ 27.410309] [ 27.410382] The buggy address belongs to the object at ffff888104919c80 [ 27.410382] which belongs to the cache kmalloc-16 of size 16 [ 27.411075] The buggy address is located 8 bytes inside of [ 27.411075] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.411766] [ 27.411885] The buggy address belongs to the physical page: [ 27.412157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.412600] flags: 0x200000000000000(node=0|zone=2) [ 27.412827] page_type: f5(slab) [ 27.413028] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.413343] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.413572] page dumped because: kasan: bad access detected [ 27.413746] [ 27.413813] Memory state around the buggy address: [ 27.413979] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.414221] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.414696] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.415141] ^ [ 27.415324] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.415733] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.416050] ================================================================== [ 27.256560] ================================================================== [ 27.256938] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.257450] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.257688] [ 27.257770] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.257817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.257839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.257860] Call Trace: [ 27.257876] <TASK> [ 27.257902] dump_stack_lvl+0x73/0xb0 [ 27.257930] print_report+0xd1/0x640 [ 27.257954] ? __virt_addr_valid+0x1db/0x2d0 [ 27.257988] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.258016] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.258044] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.258073] kasan_report+0x141/0x180 [ 27.258096] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.258129] kasan_check_range+0x10c/0x1c0 [ 27.258153] __kasan_check_write+0x18/0x20 [ 27.258177] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.258206] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.258235] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.258259] ? trace_hardirqs_on+0x37/0xe0 [ 27.258283] ? kasan_bitops_generic+0x92/0x1c0 [ 27.258310] kasan_bitops_generic+0x121/0x1c0 [ 27.258335] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.258456] ? __pfx_read_tsc+0x10/0x10 [ 27.258483] ? ktime_get_ts64+0x86/0x230 [ 27.258520] kunit_try_run_case+0x1a5/0x480 [ 27.258547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.258665] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.258700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.258727] ? __kthread_parkme+0x82/0x180 [ 27.258748] ? preempt_count_sub+0x50/0x80 [ 27.258772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.258797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.258821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.258857] kthread+0x337/0x6f0 [ 27.258878] ? trace_preempt_on+0x20/0xc0 [ 27.258902] ? __pfx_kthread+0x10/0x10 [ 27.258985] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.259027] ? calculate_sigpending+0x7b/0xa0 [ 27.259052] ? __pfx_kthread+0x10/0x10 [ 27.259075] ret_from_fork+0x116/0x1d0 [ 27.259106] ? __pfx_kthread+0x10/0x10 [ 27.259128] ret_from_fork_asm+0x1a/0x30 [ 27.259160] </TASK> [ 27.259188] [ 27.268860] Allocated by task 309: [ 27.269038] kasan_save_stack+0x45/0x70 [ 27.269326] kasan_save_track+0x18/0x40 [ 27.269564] kasan_save_alloc_info+0x3b/0x50 [ 27.269809] __kasan_kmalloc+0xb7/0xc0 [ 27.269991] __kmalloc_cache_noprof+0x189/0x420 [ 27.270151] kasan_bitops_generic+0x92/0x1c0 [ 27.270300] kunit_try_run_case+0x1a5/0x480 [ 27.270447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.270624] kthread+0x337/0x6f0 [ 27.270745] ret_from_fork+0x116/0x1d0 [ 27.270914] ret_from_fork_asm+0x1a/0x30 [ 27.271231] [ 27.271336] The buggy address belongs to the object at ffff888104919c80 [ 27.271336] which belongs to the cache kmalloc-16 of size 16 [ 27.271876] The buggy address is located 8 bytes inside of [ 27.271876] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.272640] [ 27.272719] The buggy address belongs to the physical page: [ 27.272916] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.273232] flags: 0x200000000000000(node=0|zone=2) [ 27.273510] page_type: f5(slab) [ 27.273743] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.274116] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.274704] page dumped because: kasan: bad access detected [ 27.274974] [ 27.275061] Memory state around the buggy address: [ 27.275306] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.275771] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.276098] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.276498] ^ [ 27.276740] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.277002] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.277356] ================================================================== [ 27.349697] ================================================================== [ 27.350076] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.350543] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.350941] [ 27.351056] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.351134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.351147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.351168] Call Trace: [ 27.351183] <TASK> [ 27.351209] dump_stack_lvl+0x73/0xb0 [ 27.351246] print_report+0xd1/0x640 [ 27.351270] ? __virt_addr_valid+0x1db/0x2d0 [ 27.351323] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.351350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.351377] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.351416] kasan_report+0x141/0x180 [ 27.351440] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.351497] kasan_check_range+0x10c/0x1c0 [ 27.351522] __kasan_check_write+0x18/0x20 [ 27.351599] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.351630] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.351690] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.351715] ? trace_hardirqs_on+0x37/0xe0 [ 27.351738] ? kasan_bitops_generic+0x92/0x1c0 [ 27.351777] kasan_bitops_generic+0x121/0x1c0 [ 27.351825] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.351863] ? __pfx_read_tsc+0x10/0x10 [ 27.351885] ? ktime_get_ts64+0x86/0x230 [ 27.351950] kunit_try_run_case+0x1a5/0x480 [ 27.351975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.352025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.352060] ? __kthread_parkme+0x82/0x180 [ 27.352084] ? preempt_count_sub+0x50/0x80 [ 27.352108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.352144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.352179] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.352204] kthread+0x337/0x6f0 [ 27.352224] ? trace_preempt_on+0x20/0xc0 [ 27.352248] ? __pfx_kthread+0x10/0x10 [ 27.352270] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.352294] ? calculate_sigpending+0x7b/0xa0 [ 27.352345] ? __pfx_kthread+0x10/0x10 [ 27.352368] ret_from_fork+0x116/0x1d0 [ 27.352389] ? __pfx_kthread+0x10/0x10 [ 27.352422] ret_from_fork_asm+0x1a/0x30 [ 27.352455] </TASK> [ 27.352481] [ 27.362439] Allocated by task 309: [ 27.362701] kasan_save_stack+0x45/0x70 [ 27.362961] kasan_save_track+0x18/0x40 [ 27.363182] kasan_save_alloc_info+0x3b/0x50 [ 27.363420] __kasan_kmalloc+0xb7/0xc0 [ 27.363633] __kmalloc_cache_noprof+0x189/0x420 [ 27.363928] kasan_bitops_generic+0x92/0x1c0 [ 27.364304] kunit_try_run_case+0x1a5/0x480 [ 27.364634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.364911] kthread+0x337/0x6f0 [ 27.365078] ret_from_fork+0x116/0x1d0 [ 27.365392] ret_from_fork_asm+0x1a/0x30 [ 27.365770] [ 27.365920] The buggy address belongs to the object at ffff888104919c80 [ 27.365920] which belongs to the cache kmalloc-16 of size 16 [ 27.366575] The buggy address is located 8 bytes inside of [ 27.366575] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.367074] [ 27.367163] The buggy address belongs to the physical page: [ 27.367444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.367810] flags: 0x200000000000000(node=0|zone=2) [ 27.368164] page_type: f5(slab) [ 27.368375] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.368798] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.369174] page dumped because: kasan: bad access detected [ 27.369461] [ 27.369794] Memory state around the buggy address: [ 27.369979] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.370206] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.370522] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.370979] ^ [ 27.371155] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371527] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.371815] ================================================================== [ 27.277859] ================================================================== [ 27.278367] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.278881] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.279158] [ 27.279278] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.279337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.279350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.279371] Call Trace: [ 27.279385] <TASK> [ 27.279399] dump_stack_lvl+0x73/0xb0 [ 27.279429] print_report+0xd1/0x640 [ 27.279452] ? __virt_addr_valid+0x1db/0x2d0 [ 27.279493] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.279520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.279547] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.279577] kasan_report+0x141/0x180 [ 27.279600] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.279633] kasan_check_range+0x10c/0x1c0 [ 27.279658] __kasan_check_write+0x18/0x20 [ 27.279839] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.279879] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.279909] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.279933] ? trace_hardirqs_on+0x37/0xe0 [ 27.279956] ? kasan_bitops_generic+0x92/0x1c0 [ 27.279985] kasan_bitops_generic+0x121/0x1c0 [ 27.280010] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.280035] ? __pfx_read_tsc+0x10/0x10 [ 27.280057] ? ktime_get_ts64+0x86/0x230 [ 27.280082] kunit_try_run_case+0x1a5/0x480 [ 27.280108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.280131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.280157] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.280183] ? __kthread_parkme+0x82/0x180 [ 27.280204] ? preempt_count_sub+0x50/0x80 [ 27.280228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.280253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.280278] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.280302] kthread+0x337/0x6f0 [ 27.280322] ? trace_preempt_on+0x20/0xc0 [ 27.280345] ? __pfx_kthread+0x10/0x10 [ 27.280367] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.280391] ? calculate_sigpending+0x7b/0xa0 [ 27.280415] ? __pfx_kthread+0x10/0x10 [ 27.280438] ret_from_fork+0x116/0x1d0 [ 27.280458] ? __pfx_kthread+0x10/0x10 [ 27.280479] ret_from_fork_asm+0x1a/0x30 [ 27.280510] </TASK> [ 27.280521] [ 27.289852] Allocated by task 309: [ 27.289984] kasan_save_stack+0x45/0x70 [ 27.290132] kasan_save_track+0x18/0x40 [ 27.290267] kasan_save_alloc_info+0x3b/0x50 [ 27.290415] __kasan_kmalloc+0xb7/0xc0 [ 27.290781] __kmalloc_cache_noprof+0x189/0x420 [ 27.291033] kasan_bitops_generic+0x92/0x1c0 [ 27.291356] kunit_try_run_case+0x1a5/0x480 [ 27.291761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.292082] kthread+0x337/0x6f0 [ 27.292317] ret_from_fork+0x116/0x1d0 [ 27.292546] ret_from_fork_asm+0x1a/0x30 [ 27.292691] [ 27.292760] The buggy address belongs to the object at ffff888104919c80 [ 27.292760] which belongs to the cache kmalloc-16 of size 16 [ 27.293442] The buggy address is located 8 bytes inside of [ 27.293442] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.294026] [ 27.294132] The buggy address belongs to the physical page: [ 27.294388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.294907] flags: 0x200000000000000(node=0|zone=2) [ 27.295110] page_type: f5(slab) [ 27.295270] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.295695] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.296045] page dumped because: kasan: bad access detected [ 27.296296] [ 27.296413] Memory state around the buggy address: [ 27.296695] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.297050] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.297576] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.297902] ^ [ 27.298089] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.298416] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.299048] ================================================================== [ 27.326865] ================================================================== [ 27.327118] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.327630] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.327967] [ 27.328089] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.328137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.328150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.328170] Call Trace: [ 27.328187] <TASK> [ 27.328202] dump_stack_lvl+0x73/0xb0 [ 27.328231] print_report+0xd1/0x640 [ 27.328264] ? __virt_addr_valid+0x1db/0x2d0 [ 27.328288] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.328316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.328354] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.328382] kasan_report+0x141/0x180 [ 27.328405] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.328438] kasan_check_range+0x10c/0x1c0 [ 27.328462] __kasan_check_write+0x18/0x20 [ 27.328488] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.328517] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.328556] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.328580] ? trace_hardirqs_on+0x37/0xe0 [ 27.328603] ? kasan_bitops_generic+0x92/0x1c0 [ 27.328641] kasan_bitops_generic+0x121/0x1c0 [ 27.328666] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.328692] ? __pfx_read_tsc+0x10/0x10 [ 27.328713] ? ktime_get_ts64+0x86/0x230 [ 27.328739] kunit_try_run_case+0x1a5/0x480 [ 27.328781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.328803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.328838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.328870] ? __kthread_parkme+0x82/0x180 [ 27.328891] ? preempt_count_sub+0x50/0x80 [ 27.328915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.329142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.329187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.329225] kthread+0x337/0x6f0 [ 27.329247] ? trace_preempt_on+0x20/0xc0 [ 27.329270] ? __pfx_kthread+0x10/0x10 [ 27.329292] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.329326] ? calculate_sigpending+0x7b/0xa0 [ 27.329350] ? __pfx_kthread+0x10/0x10 [ 27.329373] ret_from_fork+0x116/0x1d0 [ 27.329403] ? __pfx_kthread+0x10/0x10 [ 27.329425] ret_from_fork_asm+0x1a/0x30 [ 27.329457] </TASK> [ 27.329525] [ 27.338689] Allocated by task 309: [ 27.338948] kasan_save_stack+0x45/0x70 [ 27.339103] kasan_save_track+0x18/0x40 [ 27.339239] kasan_save_alloc_info+0x3b/0x50 [ 27.339511] __kasan_kmalloc+0xb7/0xc0 [ 27.339741] __kmalloc_cache_noprof+0x189/0x420 [ 27.340375] kasan_bitops_generic+0x92/0x1c0 [ 27.340630] kunit_try_run_case+0x1a5/0x480 [ 27.340840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.341111] kthread+0x337/0x6f0 [ 27.341517] ret_from_fork+0x116/0x1d0 [ 27.341798] ret_from_fork_asm+0x1a/0x30 [ 27.341960] [ 27.342087] The buggy address belongs to the object at ffff888104919c80 [ 27.342087] which belongs to the cache kmalloc-16 of size 16 [ 27.342899] The buggy address is located 8 bytes inside of [ 27.342899] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.343484] [ 27.343600] The buggy address belongs to the physical page: [ 27.343950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.344435] flags: 0x200000000000000(node=0|zone=2) [ 27.344912] page_type: f5(slab) [ 27.345111] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.345554] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.346011] page dumped because: kasan: bad access detected [ 27.346274] [ 27.346381] Memory state around the buggy address: [ 27.346634] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.346976] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.347379] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.347884] ^ [ 27.348016] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.348680] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.349018] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.213313] ================================================================== [ 27.214052] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.214670] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.215015] [ 27.215110] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.215159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.215182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.215204] Call Trace: [ 27.215218] <TASK> [ 27.215233] dump_stack_lvl+0x73/0xb0 [ 27.215262] print_report+0xd1/0x640 [ 27.215286] ? __virt_addr_valid+0x1db/0x2d0 [ 27.215309] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.215374] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215400] kasan_report+0x141/0x180 [ 27.215435] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215477] kasan_check_range+0x10c/0x1c0 [ 27.215503] __kasan_check_write+0x18/0x20 [ 27.215527] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.215553] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.215628] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.215667] ? trace_hardirqs_on+0x37/0xe0 [ 27.215689] ? kasan_bitops_generic+0x92/0x1c0 [ 27.215718] kasan_bitops_generic+0x116/0x1c0 [ 27.215743] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.215768] ? __pfx_read_tsc+0x10/0x10 [ 27.215790] ? ktime_get_ts64+0x86/0x230 [ 27.215813] kunit_try_run_case+0x1a5/0x480 [ 27.215860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.215884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.215910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.215947] ? __kthread_parkme+0x82/0x180 [ 27.215967] ? preempt_count_sub+0x50/0x80 [ 27.215990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.216015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.216048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.216072] kthread+0x337/0x6f0 [ 27.216092] ? trace_preempt_on+0x20/0xc0 [ 27.216127] ? __pfx_kthread+0x10/0x10 [ 27.216149] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.216183] ? calculate_sigpending+0x7b/0xa0 [ 27.216207] ? __pfx_kthread+0x10/0x10 [ 27.216237] ret_from_fork+0x116/0x1d0 [ 27.216257] ? __pfx_kthread+0x10/0x10 [ 27.216279] ret_from_fork_asm+0x1a/0x30 [ 27.216320] </TASK> [ 27.216331] [ 27.225125] Allocated by task 309: [ 27.225256] kasan_save_stack+0x45/0x70 [ 27.225541] kasan_save_track+0x18/0x40 [ 27.225943] kasan_save_alloc_info+0x3b/0x50 [ 27.226175] __kasan_kmalloc+0xb7/0xc0 [ 27.226363] __kmalloc_cache_noprof+0x189/0x420 [ 27.226799] kasan_bitops_generic+0x92/0x1c0 [ 27.227028] kunit_try_run_case+0x1a5/0x480 [ 27.227305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.227727] kthread+0x337/0x6f0 [ 27.227916] ret_from_fork+0x116/0x1d0 [ 27.228053] ret_from_fork_asm+0x1a/0x30 [ 27.228275] [ 27.228369] The buggy address belongs to the object at ffff888104919c80 [ 27.228369] which belongs to the cache kmalloc-16 of size 16 [ 27.229175] The buggy address is located 8 bytes inside of [ 27.229175] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.229796] [ 27.229890] The buggy address belongs to the physical page: [ 27.230070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.230792] flags: 0x200000000000000(node=0|zone=2) [ 27.231071] page_type: f5(slab) [ 27.231335] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.231816] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.232156] page dumped because: kasan: bad access detected [ 27.232358] [ 27.232427] Memory state around the buggy address: [ 27.232821] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.233226] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.233601] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.233877] ^ [ 27.234257] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.234625] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.235003] ================================================================== [ 27.235592] ================================================================== [ 27.236114] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.236507] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.236878] [ 27.237000] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.237048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.237073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.237094] Call Trace: [ 27.237108] <TASK> [ 27.237122] dump_stack_lvl+0x73/0xb0 [ 27.237162] print_report+0xd1/0x640 [ 27.237208] ? __virt_addr_valid+0x1db/0x2d0 [ 27.237232] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.237297] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237324] kasan_report+0x141/0x180 [ 27.237347] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237377] kasan_check_range+0x10c/0x1c0 [ 27.237402] __kasan_check_write+0x18/0x20 [ 27.237425] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.237598] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.237638] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.237664] ? trace_hardirqs_on+0x37/0xe0 [ 27.237687] ? kasan_bitops_generic+0x92/0x1c0 [ 27.237715] kasan_bitops_generic+0x116/0x1c0 [ 27.237739] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.237765] ? __pfx_read_tsc+0x10/0x10 [ 27.237788] ? ktime_get_ts64+0x86/0x230 [ 27.237812] kunit_try_run_case+0x1a5/0x480 [ 27.237853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.237905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.237930] ? __kthread_parkme+0x82/0x180 [ 27.237950] ? preempt_count_sub+0x50/0x80 [ 27.237974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.238023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.238048] kthread+0x337/0x6f0 [ 27.238068] ? trace_preempt_on+0x20/0xc0 [ 27.238092] ? __pfx_kthread+0x10/0x10 [ 27.238113] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.238137] ? calculate_sigpending+0x7b/0xa0 [ 27.238161] ? __pfx_kthread+0x10/0x10 [ 27.238182] ret_from_fork+0x116/0x1d0 [ 27.238203] ? __pfx_kthread+0x10/0x10 [ 27.238224] ret_from_fork_asm+0x1a/0x30 [ 27.238256] </TASK> [ 27.238267] [ 27.247230] Allocated by task 309: [ 27.247416] kasan_save_stack+0x45/0x70 [ 27.247674] kasan_save_track+0x18/0x40 [ 27.247880] kasan_save_alloc_info+0x3b/0x50 [ 27.248030] __kasan_kmalloc+0xb7/0xc0 [ 27.248163] __kmalloc_cache_noprof+0x189/0x420 [ 27.248416] kasan_bitops_generic+0x92/0x1c0 [ 27.248921] kunit_try_run_case+0x1a5/0x480 [ 27.249119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.249297] kthread+0x337/0x6f0 [ 27.249520] ret_from_fork+0x116/0x1d0 [ 27.249746] ret_from_fork_asm+0x1a/0x30 [ 27.249973] [ 27.250074] The buggy address belongs to the object at ffff888104919c80 [ 27.250074] which belongs to the cache kmalloc-16 of size 16 [ 27.250739] The buggy address is located 8 bytes inside of [ 27.250739] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.251288] [ 27.251405] The buggy address belongs to the physical page: [ 27.251722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.252101] flags: 0x200000000000000(node=0|zone=2) [ 27.252398] page_type: f5(slab) [ 27.252586] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.252826] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.253199] page dumped because: kasan: bad access detected [ 27.253639] [ 27.253746] Memory state around the buggy address: [ 27.253988] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.254274] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.254661] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255035] ^ [ 27.255261] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255653] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.255967] ================================================================== [ 27.128450] ================================================================== [ 27.129256] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.129764] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.130086] [ 27.130173] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.130231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.130244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.130266] Call Trace: [ 27.130290] <TASK> [ 27.130303] dump_stack_lvl+0x73/0xb0 [ 27.130332] print_report+0xd1/0x640 [ 27.130356] ? __virt_addr_valid+0x1db/0x2d0 [ 27.130380] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.130442] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130469] kasan_report+0x141/0x180 [ 27.130492] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130542] kasan_check_range+0x10c/0x1c0 [ 27.130568] __kasan_check_write+0x18/0x20 [ 27.130593] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.130620] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.130697] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.130737] ? trace_hardirqs_on+0x37/0xe0 [ 27.130759] ? kasan_bitops_generic+0x92/0x1c0 [ 27.130788] kasan_bitops_generic+0x116/0x1c0 [ 27.130821] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.130862] ? __pfx_read_tsc+0x10/0x10 [ 27.130885] ? ktime_get_ts64+0x86/0x230 [ 27.130910] kunit_try_run_case+0x1a5/0x480 [ 27.130935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.130959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.130987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.131014] ? __kthread_parkme+0x82/0x180 [ 27.131035] ? preempt_count_sub+0x50/0x80 [ 27.131059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.131084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.131108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.131133] kthread+0x337/0x6f0 [ 27.131154] ? trace_preempt_on+0x20/0xc0 [ 27.131186] ? __pfx_kthread+0x10/0x10 [ 27.131216] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.131240] ? calculate_sigpending+0x7b/0xa0 [ 27.131264] ? __pfx_kthread+0x10/0x10 [ 27.131296] ret_from_fork+0x116/0x1d0 [ 27.131318] ? __pfx_kthread+0x10/0x10 [ 27.131339] ret_from_fork_asm+0x1a/0x30 [ 27.131371] </TASK> [ 27.131383] [ 27.140116] Allocated by task 309: [ 27.140370] kasan_save_stack+0x45/0x70 [ 27.140841] kasan_save_track+0x18/0x40 [ 27.141057] kasan_save_alloc_info+0x3b/0x50 [ 27.141267] __kasan_kmalloc+0xb7/0xc0 [ 27.141593] __kmalloc_cache_noprof+0x189/0x420 [ 27.141959] kasan_bitops_generic+0x92/0x1c0 [ 27.142123] kunit_try_run_case+0x1a5/0x480 [ 27.142608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.142886] kthread+0x337/0x6f0 [ 27.143057] ret_from_fork+0x116/0x1d0 [ 27.143276] ret_from_fork_asm+0x1a/0x30 [ 27.143520] [ 27.143601] The buggy address belongs to the object at ffff888104919c80 [ 27.143601] which belongs to the cache kmalloc-16 of size 16 [ 27.144023] The buggy address is located 8 bytes inside of [ 27.144023] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.144757] [ 27.145070] The buggy address belongs to the physical page: [ 27.145300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.145858] flags: 0x200000000000000(node=0|zone=2) [ 27.146031] page_type: f5(slab) [ 27.146172] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.146609] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.146979] page dumped because: kasan: bad access detected [ 27.147216] [ 27.147382] Memory state around the buggy address: [ 27.147670] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.148003] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.148293] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.148742] ^ [ 27.148938] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.149275] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.149687] ================================================================== [ 27.086766] ================================================================== [ 27.087250] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.087938] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.088241] [ 27.088420] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.088473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.088486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.088508] Call Trace: [ 27.088521] <TASK> [ 27.088538] dump_stack_lvl+0x73/0xb0 [ 27.088608] print_report+0xd1/0x640 [ 27.088632] ? __virt_addr_valid+0x1db/0x2d0 [ 27.088699] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.088755] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088782] kasan_report+0x141/0x180 [ 27.088806] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088858] kasan_check_range+0x10c/0x1c0 [ 27.088891] __kasan_check_write+0x18/0x20 [ 27.088926] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.088954] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.088982] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.089007] ? trace_hardirqs_on+0x37/0xe0 [ 27.089030] ? kasan_bitops_generic+0x92/0x1c0 [ 27.089067] kasan_bitops_generic+0x116/0x1c0 [ 27.089092] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.089129] ? __pfx_read_tsc+0x10/0x10 [ 27.089152] ? ktime_get_ts64+0x86/0x230 [ 27.089188] kunit_try_run_case+0x1a5/0x480 [ 27.089214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.089241] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.089268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.089295] ? __kthread_parkme+0x82/0x180 [ 27.089316] ? preempt_count_sub+0x50/0x80 [ 27.089340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.089366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.089390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.089415] kthread+0x337/0x6f0 [ 27.089436] ? trace_preempt_on+0x20/0xc0 [ 27.089505] ? __pfx_kthread+0x10/0x10 [ 27.089529] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.089554] ? calculate_sigpending+0x7b/0xa0 [ 27.089579] ? __pfx_kthread+0x10/0x10 [ 27.089602] ret_from_fork+0x116/0x1d0 [ 27.089623] ? __pfx_kthread+0x10/0x10 [ 27.089645] ret_from_fork_asm+0x1a/0x30 [ 27.089677] </TASK> [ 27.089689] [ 27.098201] Allocated by task 309: [ 27.098383] kasan_save_stack+0x45/0x70 [ 27.098599] kasan_save_track+0x18/0x40 [ 27.098791] kasan_save_alloc_info+0x3b/0x50 [ 27.099091] __kasan_kmalloc+0xb7/0xc0 [ 27.099333] __kmalloc_cache_noprof+0x189/0x420 [ 27.099622] kasan_bitops_generic+0x92/0x1c0 [ 27.099853] kunit_try_run_case+0x1a5/0x480 [ 27.100044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.100338] kthread+0x337/0x6f0 [ 27.100524] ret_from_fork+0x116/0x1d0 [ 27.100756] ret_from_fork_asm+0x1a/0x30 [ 27.100955] [ 27.101028] The buggy address belongs to the object at ffff888104919c80 [ 27.101028] which belongs to the cache kmalloc-16 of size 16 [ 27.101540] The buggy address is located 8 bytes inside of [ 27.101540] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.102175] [ 27.102362] The buggy address belongs to the physical page: [ 27.102699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.103078] flags: 0x200000000000000(node=0|zone=2) [ 27.103298] page_type: f5(slab) [ 27.103538] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.103890] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.104203] page dumped because: kasan: bad access detected [ 27.104445] [ 27.104612] Memory state around the buggy address: [ 27.104811] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.105141] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.105452] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.105670] ^ [ 27.105793] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.106118] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.106722] ================================================================== [ 27.150180] ================================================================== [ 27.150555] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.150961] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.151283] [ 27.151368] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.151416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.151429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.151450] Call Trace: [ 27.151514] <TASK> [ 27.151531] dump_stack_lvl+0x73/0xb0 [ 27.151560] print_report+0xd1/0x640 [ 27.151595] ? __virt_addr_valid+0x1db/0x2d0 [ 27.151619] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151658] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.151686] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151712] kasan_report+0x141/0x180 [ 27.151735] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151767] kasan_check_range+0x10c/0x1c0 [ 27.151791] __kasan_check_write+0x18/0x20 [ 27.151816] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.151861] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.151889] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.151924] ? trace_hardirqs_on+0x37/0xe0 [ 27.151947] ? kasan_bitops_generic+0x92/0x1c0 [ 27.151976] kasan_bitops_generic+0x116/0x1c0 [ 27.152009] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.152036] ? __pfx_read_tsc+0x10/0x10 [ 27.152059] ? ktime_get_ts64+0x86/0x230 [ 27.152094] kunit_try_run_case+0x1a5/0x480 [ 27.152120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.152144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.152170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.152205] ? __kthread_parkme+0x82/0x180 [ 27.152226] ? preempt_count_sub+0x50/0x80 [ 27.152250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.152286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.152310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.152334] kthread+0x337/0x6f0 [ 27.152355] ? trace_preempt_on+0x20/0xc0 [ 27.152378] ? __pfx_kthread+0x10/0x10 [ 27.152400] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.152424] ? calculate_sigpending+0x7b/0xa0 [ 27.152448] ? __pfx_kthread+0x10/0x10 [ 27.152479] ret_from_fork+0x116/0x1d0 [ 27.152509] ? __pfx_kthread+0x10/0x10 [ 27.152531] ret_from_fork_asm+0x1a/0x30 [ 27.152668] </TASK> [ 27.152684] [ 27.161625] Allocated by task 309: [ 27.161814] kasan_save_stack+0x45/0x70 [ 27.162030] kasan_save_track+0x18/0x40 [ 27.162368] kasan_save_alloc_info+0x3b/0x50 [ 27.162703] __kasan_kmalloc+0xb7/0xc0 [ 27.162895] __kmalloc_cache_noprof+0x189/0x420 [ 27.163069] kasan_bitops_generic+0x92/0x1c0 [ 27.163369] kunit_try_run_case+0x1a5/0x480 [ 27.163772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.164062] kthread+0x337/0x6f0 [ 27.164260] ret_from_fork+0x116/0x1d0 [ 27.164443] ret_from_fork_asm+0x1a/0x30 [ 27.164734] [ 27.164806] The buggy address belongs to the object at ffff888104919c80 [ 27.164806] which belongs to the cache kmalloc-16 of size 16 [ 27.165401] The buggy address is located 8 bytes inside of [ 27.165401] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.166047] [ 27.166134] The buggy address belongs to the physical page: [ 27.166745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.167029] flags: 0x200000000000000(node=0|zone=2) [ 27.167197] page_type: f5(slab) [ 27.167319] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.167554] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.167783] page dumped because: kasan: bad access detected [ 27.168039] [ 27.168129] Memory state around the buggy address: [ 27.168510] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.168826] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.169152] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169392] ^ [ 27.169513] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169737] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.169962] ================================================================== [ 27.191923] ================================================================== [ 27.192562] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.192842] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.193269] [ 27.193386] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.193432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.193445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.193466] Call Trace: [ 27.193480] <TASK> [ 27.193508] dump_stack_lvl+0x73/0xb0 [ 27.193536] print_report+0xd1/0x640 [ 27.193561] ? __virt_addr_valid+0x1db/0x2d0 [ 27.193733] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.193803] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193842] kasan_report+0x141/0x180 [ 27.193868] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193908] kasan_check_range+0x10c/0x1c0 [ 27.193933] __kasan_check_write+0x18/0x20 [ 27.193968] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.193994] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.194021] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.194045] ? trace_hardirqs_on+0x37/0xe0 [ 27.194077] ? kasan_bitops_generic+0x92/0x1c0 [ 27.194105] kasan_bitops_generic+0x116/0x1c0 [ 27.194140] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.194167] ? __pfx_read_tsc+0x10/0x10 [ 27.194189] ? ktime_get_ts64+0x86/0x230 [ 27.194213] kunit_try_run_case+0x1a5/0x480 [ 27.194238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.194271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.194296] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.194322] ? __kthread_parkme+0x82/0x180 [ 27.194353] ? preempt_count_sub+0x50/0x80 [ 27.194377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.194402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.194435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.194460] kthread+0x337/0x6f0 [ 27.194480] ? trace_preempt_on+0x20/0xc0 [ 27.194525] ? __pfx_kthread+0x10/0x10 [ 27.194546] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.194570] ? calculate_sigpending+0x7b/0xa0 [ 27.194600] ? __pfx_kthread+0x10/0x10 [ 27.194622] ret_from_fork+0x116/0x1d0 [ 27.194643] ? __pfx_kthread+0x10/0x10 [ 27.194664] ret_from_fork_asm+0x1a/0x30 [ 27.194695] </TASK> [ 27.194706] [ 27.203894] Allocated by task 309: [ 27.204072] kasan_save_stack+0x45/0x70 [ 27.204370] kasan_save_track+0x18/0x40 [ 27.204815] kasan_save_alloc_info+0x3b/0x50 [ 27.205054] __kasan_kmalloc+0xb7/0xc0 [ 27.205316] __kmalloc_cache_noprof+0x189/0x420 [ 27.205739] kasan_bitops_generic+0x92/0x1c0 [ 27.205985] kunit_try_run_case+0x1a5/0x480 [ 27.206158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.206404] kthread+0x337/0x6f0 [ 27.206762] ret_from_fork+0x116/0x1d0 [ 27.206922] ret_from_fork_asm+0x1a/0x30 [ 27.207064] [ 27.207132] The buggy address belongs to the object at ffff888104919c80 [ 27.207132] which belongs to the cache kmalloc-16 of size 16 [ 27.208038] The buggy address is located 8 bytes inside of [ 27.208038] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.208708] [ 27.208787] The buggy address belongs to the physical page: [ 27.208987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.209232] flags: 0x200000000000000(node=0|zone=2) [ 27.209396] page_type: f5(slab) [ 27.209514] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.209850] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.210195] page dumped because: kasan: bad access detected [ 27.210490] [ 27.210580] Memory state around the buggy address: [ 27.210803] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.211131] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.211447] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.211761] ^ [ 27.212028] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.212549] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.212763] ================================================================== [ 27.170432] ================================================================== [ 27.171238] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.171821] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.172176] [ 27.172281] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.172328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.172341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.172361] Call Trace: [ 27.172378] <TASK> [ 27.172393] dump_stack_lvl+0x73/0xb0 [ 27.172420] print_report+0xd1/0x640 [ 27.172443] ? __virt_addr_valid+0x1db/0x2d0 [ 27.172466] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.172519] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172546] kasan_report+0x141/0x180 [ 27.172569] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172600] kasan_check_range+0x10c/0x1c0 [ 27.172625] __kasan_check_write+0x18/0x20 [ 27.172649] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.172675] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.172703] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.172728] ? trace_hardirqs_on+0x37/0xe0 [ 27.172752] ? kasan_bitops_generic+0x92/0x1c0 [ 27.172780] kasan_bitops_generic+0x116/0x1c0 [ 27.172805] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.172840] ? __pfx_read_tsc+0x10/0x10 [ 27.172863] ? ktime_get_ts64+0x86/0x230 [ 27.172894] kunit_try_run_case+0x1a5/0x480 [ 27.172919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.172943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.172969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.172996] ? __kthread_parkme+0x82/0x180 [ 27.173016] ? preempt_count_sub+0x50/0x80 [ 27.173040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.173065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.173091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.173118] kthread+0x337/0x6f0 [ 27.173141] ? trace_preempt_on+0x20/0xc0 [ 27.173165] ? __pfx_kthread+0x10/0x10 [ 27.173257] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.173282] ? calculate_sigpending+0x7b/0xa0 [ 27.173318] ? __pfx_kthread+0x10/0x10 [ 27.173342] ret_from_fork+0x116/0x1d0 [ 27.173364] ? __pfx_kthread+0x10/0x10 [ 27.173386] ret_from_fork_asm+0x1a/0x30 [ 27.173418] </TASK> [ 27.173429] [ 27.183003] Allocated by task 309: [ 27.183176] kasan_save_stack+0x45/0x70 [ 27.183390] kasan_save_track+0x18/0x40 [ 27.183616] kasan_save_alloc_info+0x3b/0x50 [ 27.183827] __kasan_kmalloc+0xb7/0xc0 [ 27.184049] __kmalloc_cache_noprof+0x189/0x420 [ 27.184262] kasan_bitops_generic+0x92/0x1c0 [ 27.184414] kunit_try_run_case+0x1a5/0x480 [ 27.184560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.184736] kthread+0x337/0x6f0 [ 27.184874] ret_from_fork+0x116/0x1d0 [ 27.185007] ret_from_fork_asm+0x1a/0x30 [ 27.185146] [ 27.185214] The buggy address belongs to the object at ffff888104919c80 [ 27.185214] which belongs to the cache kmalloc-16 of size 16 [ 27.185690] The buggy address is located 8 bytes inside of [ 27.185690] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.186646] [ 27.186748] The buggy address belongs to the physical page: [ 27.187019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.187417] flags: 0x200000000000000(node=0|zone=2) [ 27.187588] page_type: f5(slab) [ 27.187707] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.187949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.188179] page dumped because: kasan: bad access detected [ 27.188349] [ 27.188415] Memory state around the buggy address: [ 27.188942] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.189417] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.189979] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.190598] ^ [ 27.190810] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.191186] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.191537] ================================================================== [ 27.107393] ================================================================== [ 27.108283] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.108874] Write of size 8 at addr ffff888104919c88 by task kunit_try_catch/309 [ 27.109158] [ 27.109266] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.109313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.109326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.109349] Call Trace: [ 27.109363] <TASK> [ 27.109378] dump_stack_lvl+0x73/0xb0 [ 27.109408] print_report+0xd1/0x640 [ 27.109433] ? __virt_addr_valid+0x1db/0x2d0 [ 27.109457] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.109578] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109618] kasan_report+0x141/0x180 [ 27.109643] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109675] kasan_check_range+0x10c/0x1c0 [ 27.109710] __kasan_check_write+0x18/0x20 [ 27.109735] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.109773] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.109802] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.109827] ? trace_hardirqs_on+0x37/0xe0 [ 27.109860] ? kasan_bitops_generic+0x92/0x1c0 [ 27.109897] kasan_bitops_generic+0x116/0x1c0 [ 27.109923] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.109949] ? __pfx_read_tsc+0x10/0x10 [ 27.109983] ? ktime_get_ts64+0x86/0x230 [ 27.110007] kunit_try_run_case+0x1a5/0x480 [ 27.110033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.110065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.110091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.110118] ? __kthread_parkme+0x82/0x180 [ 27.110150] ? preempt_count_sub+0x50/0x80 [ 27.110184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.110209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.110233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.110268] kthread+0x337/0x6f0 [ 27.110289] ? trace_preempt_on+0x20/0xc0 [ 27.110312] ? __pfx_kthread+0x10/0x10 [ 27.110344] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.110368] ? calculate_sigpending+0x7b/0xa0 [ 27.110392] ? __pfx_kthread+0x10/0x10 [ 27.110414] ret_from_fork+0x116/0x1d0 [ 27.110445] ? __pfx_kthread+0x10/0x10 [ 27.110467] ret_from_fork_asm+0x1a/0x30 [ 27.110508] </TASK> [ 27.110561] [ 27.119528] Allocated by task 309: [ 27.119866] kasan_save_stack+0x45/0x70 [ 27.120080] kasan_save_track+0x18/0x40 [ 27.120279] kasan_save_alloc_info+0x3b/0x50 [ 27.120577] __kasan_kmalloc+0xb7/0xc0 [ 27.120771] __kmalloc_cache_noprof+0x189/0x420 [ 27.121031] kasan_bitops_generic+0x92/0x1c0 [ 27.121252] kunit_try_run_case+0x1a5/0x480 [ 27.121455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.121822] kthread+0x337/0x6f0 [ 27.121960] ret_from_fork+0x116/0x1d0 [ 27.122097] ret_from_fork_asm+0x1a/0x30 [ 27.122263] [ 27.122358] The buggy address belongs to the object at ffff888104919c80 [ 27.122358] which belongs to the cache kmalloc-16 of size 16 [ 27.122863] The buggy address is located 8 bytes inside of [ 27.122863] allocated 9-byte region [ffff888104919c80, ffff888104919c89) [ 27.123577] [ 27.123700] The buggy address belongs to the physical page: [ 27.123978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 27.124362] flags: 0x200000000000000(node=0|zone=2) [ 27.124621] page_type: f5(slab) [ 27.124842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.125234] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.125568] page dumped because: kasan: bad access detected [ 27.125910] [ 27.126008] Memory state around the buggy address: [ 27.126234] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.126648] ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.126973] >ffff888104919c80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127191] ^ [ 27.127313] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127530] ffff888104919d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.127876] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.058048] ================================================================== [ 27.059676] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.059905] Read of size 1 at addr ffff888106006150 by task kunit_try_catch/307 [ 27.060204] [ 27.060305] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.060354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.060366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.060388] Call Trace: [ 27.060402] <TASK> [ 27.060417] dump_stack_lvl+0x73/0xb0 [ 27.060444] print_report+0xd1/0x640 [ 27.060513] ? __virt_addr_valid+0x1db/0x2d0 [ 27.060540] ? strnlen+0x73/0x80 [ 27.060560] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.060587] ? strnlen+0x73/0x80 [ 27.060609] kasan_report+0x141/0x180 [ 27.060633] ? strnlen+0x73/0x80 [ 27.060671] __asan_report_load1_noabort+0x18/0x20 [ 27.060697] strnlen+0x73/0x80 [ 27.060720] kasan_strings+0x615/0xe80 [ 27.060753] ? trace_hardirqs_on+0x37/0xe0 [ 27.060777] ? __pfx_kasan_strings+0x10/0x10 [ 27.060798] ? finish_task_switch.isra.0+0x153/0x700 [ 27.060820] ? __switch_to+0x47/0xf80 [ 27.060856] ? __schedule+0x10da/0x2b60 [ 27.060900] ? __pfx_read_tsc+0x10/0x10 [ 27.060923] ? ktime_get_ts64+0x86/0x230 [ 27.060948] kunit_try_run_case+0x1a5/0x480 [ 27.060985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.061008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.061034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.061061] ? __kthread_parkme+0x82/0x180 [ 27.061090] ? preempt_count_sub+0x50/0x80 [ 27.061113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.061137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.061171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.061206] kthread+0x337/0x6f0 [ 27.061226] ? trace_preempt_on+0x20/0xc0 [ 27.061249] ? __pfx_kthread+0x10/0x10 [ 27.061270] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.061303] ? calculate_sigpending+0x7b/0xa0 [ 27.061326] ? __pfx_kthread+0x10/0x10 [ 27.061348] ret_from_fork+0x116/0x1d0 [ 27.061381] ? __pfx_kthread+0x10/0x10 [ 27.061403] ret_from_fork_asm+0x1a/0x30 [ 27.061433] </TASK> [ 27.061444] [ 27.069907] Allocated by task 307: [ 27.070145] kasan_save_stack+0x45/0x70 [ 27.070336] kasan_save_track+0x18/0x40 [ 27.070636] kasan_save_alloc_info+0x3b/0x50 [ 27.070810] __kasan_kmalloc+0xb7/0xc0 [ 27.071007] __kmalloc_cache_noprof+0x189/0x420 [ 27.071270] kasan_strings+0xc0/0xe80 [ 27.071445] kunit_try_run_case+0x1a5/0x480 [ 27.071675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.071951] kthread+0x337/0x6f0 [ 27.072133] ret_from_fork+0x116/0x1d0 [ 27.072316] ret_from_fork_asm+0x1a/0x30 [ 27.072459] [ 27.072525] Freed by task 307: [ 27.072633] kasan_save_stack+0x45/0x70 [ 27.072768] kasan_save_track+0x18/0x40 [ 27.072918] kasan_save_free_info+0x3f/0x60 [ 27.073066] __kasan_slab_free+0x56/0x70 [ 27.073204] kfree+0x222/0x3f0 [ 27.073319] kasan_strings+0x2aa/0xe80 [ 27.073464] kunit_try_run_case+0x1a5/0x480 [ 27.073748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.074018] kthread+0x337/0x6f0 [ 27.074195] ret_from_fork+0x116/0x1d0 [ 27.074384] ret_from_fork_asm+0x1a/0x30 [ 27.074761] [ 27.074871] The buggy address belongs to the object at ffff888106006140 [ 27.074871] which belongs to the cache kmalloc-32 of size 32 [ 27.075748] The buggy address is located 16 bytes inside of [ 27.075748] freed 32-byte region [ffff888106006140, ffff888106006160) [ 27.076290] [ 27.076385] The buggy address belongs to the physical page: [ 27.076906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 27.077430] flags: 0x200000000000000(node=0|zone=2) [ 27.077721] page_type: f5(slab) [ 27.077876] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.078160] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.078429] page dumped because: kasan: bad access detected [ 27.078801] [ 27.078927] Memory state around the buggy address: [ 27.079151] ffff888106006000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.079515] ffff888106006080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.079969] >ffff888106006100: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.080563] ^ [ 27.080878] ffff888106006180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.081136] ffff888106006200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.081360] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.035287] ================================================================== [ 27.035820] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.036038] Read of size 1 at addr ffff888106006150 by task kunit_try_catch/307 [ 27.036559] [ 27.036673] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.036719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.036731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.036753] Call Trace: [ 27.036767] <TASK> [ 27.036781] dump_stack_lvl+0x73/0xb0 [ 27.036808] print_report+0xd1/0x640 [ 27.036844] ? __virt_addr_valid+0x1db/0x2d0 [ 27.036874] ? strlen+0x8f/0xb0 [ 27.036894] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.036920] ? strlen+0x8f/0xb0 [ 27.036941] kasan_report+0x141/0x180 [ 27.036964] ? strlen+0x8f/0xb0 [ 27.036989] __asan_report_load1_noabort+0x18/0x20 [ 27.037013] strlen+0x8f/0xb0 [ 27.037035] kasan_strings+0x57b/0xe80 [ 27.037056] ? trace_hardirqs_on+0x37/0xe0 [ 27.037080] ? __pfx_kasan_strings+0x10/0x10 [ 27.037101] ? finish_task_switch.isra.0+0x153/0x700 [ 27.037123] ? __switch_to+0x47/0xf80 [ 27.037149] ? __schedule+0x10da/0x2b60 [ 27.037185] ? __pfx_read_tsc+0x10/0x10 [ 27.037207] ? ktime_get_ts64+0x86/0x230 [ 27.037231] kunit_try_run_case+0x1a5/0x480 [ 27.037257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.037280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.037306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.037332] ? __kthread_parkme+0x82/0x180 [ 27.037353] ? preempt_count_sub+0x50/0x80 [ 27.037376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.037400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.037423] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.037448] kthread+0x337/0x6f0 [ 27.037510] ? trace_preempt_on+0x20/0xc0 [ 27.037534] ? __pfx_kthread+0x10/0x10 [ 27.037554] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.037578] ? calculate_sigpending+0x7b/0xa0 [ 27.037602] ? __pfx_kthread+0x10/0x10 [ 27.037624] ret_from_fork+0x116/0x1d0 [ 27.037644] ? __pfx_kthread+0x10/0x10 [ 27.037665] ret_from_fork_asm+0x1a/0x30 [ 27.037696] </TASK> [ 27.037707] [ 27.045601] Allocated by task 307: [ 27.045784] kasan_save_stack+0x45/0x70 [ 27.045984] kasan_save_track+0x18/0x40 [ 27.046182] kasan_save_alloc_info+0x3b/0x50 [ 27.046352] __kasan_kmalloc+0xb7/0xc0 [ 27.046697] __kmalloc_cache_noprof+0x189/0x420 [ 27.046954] kasan_strings+0xc0/0xe80 [ 27.047133] kunit_try_run_case+0x1a5/0x480 [ 27.047326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.047721] kthread+0x337/0x6f0 [ 27.047890] ret_from_fork+0x116/0x1d0 [ 27.048080] ret_from_fork_asm+0x1a/0x30 [ 27.048293] [ 27.048360] Freed by task 307: [ 27.048533] kasan_save_stack+0x45/0x70 [ 27.048733] kasan_save_track+0x18/0x40 [ 27.048948] kasan_save_free_info+0x3f/0x60 [ 27.049125] __kasan_slab_free+0x56/0x70 [ 27.049342] kfree+0x222/0x3f0 [ 27.049574] kasan_strings+0x2aa/0xe80 [ 27.049749] kunit_try_run_case+0x1a5/0x480 [ 27.049958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.050148] kthread+0x337/0x6f0 [ 27.050322] ret_from_fork+0x116/0x1d0 [ 27.050557] ret_from_fork_asm+0x1a/0x30 [ 27.050706] [ 27.050802] The buggy address belongs to the object at ffff888106006140 [ 27.050802] which belongs to the cache kmalloc-32 of size 32 [ 27.051401] The buggy address is located 16 bytes inside of [ 27.051401] freed 32-byte region [ffff888106006140, ffff888106006160) [ 27.052077] [ 27.052188] The buggy address belongs to the physical page: [ 27.052426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 27.052789] flags: 0x200000000000000(node=0|zone=2) [ 27.053019] page_type: f5(slab) [ 27.053214] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.053601] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.053889] page dumped because: kasan: bad access detected [ 27.054065] [ 27.054132] Memory state around the buggy address: [ 27.054288] ffff888106006000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.054506] ffff888106006080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.054736] >ffff888106006100: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.055122] ^ [ 27.055734] ffff888106006180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.056082] ffff888106006200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.057182] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.014017] ================================================================== [ 27.014287] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.014502] Read of size 1 at addr ffff888106006150 by task kunit_try_catch/307 [ 27.015010] [ 27.015123] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 27.015180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.015193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.015214] Call Trace: [ 27.015228] <TASK> [ 27.015242] dump_stack_lvl+0x73/0xb0 [ 27.015270] print_report+0xd1/0x640 [ 27.015294] ? __virt_addr_valid+0x1db/0x2d0 [ 27.015319] ? kasan_strings+0xcbc/0xe80 [ 27.015340] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.015367] ? kasan_strings+0xcbc/0xe80 [ 27.015389] kasan_report+0x141/0x180 [ 27.015413] ? kasan_strings+0xcbc/0xe80 [ 27.015440] __asan_report_load1_noabort+0x18/0x20 [ 27.015477] kasan_strings+0xcbc/0xe80 [ 27.015498] ? trace_hardirqs_on+0x37/0xe0 [ 27.015522] ? __pfx_kasan_strings+0x10/0x10 [ 27.015543] ? finish_task_switch.isra.0+0x153/0x700 [ 27.015566] ? __switch_to+0x47/0xf80 [ 27.015591] ? __schedule+0x10da/0x2b60 [ 27.015617] ? __pfx_read_tsc+0x10/0x10 [ 27.015639] ? ktime_get_ts64+0x86/0x230 [ 27.015664] kunit_try_run_case+0x1a5/0x480 [ 27.015690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.015715] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.015740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.015766] ? __kthread_parkme+0x82/0x180 [ 27.015786] ? preempt_count_sub+0x50/0x80 [ 27.015810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.015846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.015871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.015896] kthread+0x337/0x6f0 [ 27.015916] ? trace_preempt_on+0x20/0xc0 [ 27.015939] ? __pfx_kthread+0x10/0x10 [ 27.015960] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.015984] ? calculate_sigpending+0x7b/0xa0 [ 27.016008] ? __pfx_kthread+0x10/0x10 [ 27.016031] ret_from_fork+0x116/0x1d0 [ 27.016051] ? __pfx_kthread+0x10/0x10 [ 27.016071] ret_from_fork_asm+0x1a/0x30 [ 27.016103] </TASK> [ 27.016113] [ 27.023956] Allocated by task 307: [ 27.024128] kasan_save_stack+0x45/0x70 [ 27.024337] kasan_save_track+0x18/0x40 [ 27.024648] kasan_save_alloc_info+0x3b/0x50 [ 27.024887] __kasan_kmalloc+0xb7/0xc0 [ 27.025061] __kmalloc_cache_noprof+0x189/0x420 [ 27.025290] kasan_strings+0xc0/0xe80 [ 27.025499] kunit_try_run_case+0x1a5/0x480 [ 27.025702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.025951] kthread+0x337/0x6f0 [ 27.026104] ret_from_fork+0x116/0x1d0 [ 27.026308] ret_from_fork_asm+0x1a/0x30 [ 27.026655] [ 27.026752] Freed by task 307: [ 27.026901] kasan_save_stack+0x45/0x70 [ 27.027082] kasan_save_track+0x18/0x40 [ 27.027287] kasan_save_free_info+0x3f/0x60 [ 27.027434] __kasan_slab_free+0x56/0x70 [ 27.027686] kfree+0x222/0x3f0 [ 27.027867] kasan_strings+0x2aa/0xe80 [ 27.028047] kunit_try_run_case+0x1a5/0x480 [ 27.028277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.028576] kthread+0x337/0x6f0 [ 27.028708] ret_from_fork+0x116/0x1d0 [ 27.028902] ret_from_fork_asm+0x1a/0x30 [ 27.029087] [ 27.029155] The buggy address belongs to the object at ffff888106006140 [ 27.029155] which belongs to the cache kmalloc-32 of size 32 [ 27.029731] The buggy address is located 16 bytes inside of [ 27.029731] freed 32-byte region [ffff888106006140, ffff888106006160) [ 27.030254] [ 27.030345] The buggy address belongs to the physical page: [ 27.030653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 27.030980] flags: 0x200000000000000(node=0|zone=2) [ 27.031207] page_type: f5(slab) [ 27.031351] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.031803] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.032057] page dumped because: kasan: bad access detected [ 27.032239] [ 27.032310] Memory state around the buggy address: [ 27.032465] ffff888106006000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.032683] ffff888106006080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.032953] >ffff888106006100: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.033695] ^ [ 27.033980] ffff888106006180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.034504] ffff888106006200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.034822] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 26.990818] ================================================================== [ 26.992089] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 26.992751] Read of size 1 at addr ffff888106006150 by task kunit_try_catch/307 [ 26.993066] [ 26.993189] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.993240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.993253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.993276] Call Trace: [ 26.993290] <TASK> [ 26.993306] dump_stack_lvl+0x73/0xb0 [ 26.993334] print_report+0xd1/0x640 [ 26.993358] ? __virt_addr_valid+0x1db/0x2d0 [ 26.993383] ? strcmp+0xb0/0xc0 [ 26.993402] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.993430] ? strcmp+0xb0/0xc0 [ 26.993450] kasan_report+0x141/0x180 [ 26.993474] ? strcmp+0xb0/0xc0 [ 26.993498] __asan_report_load1_noabort+0x18/0x20 [ 26.993523] strcmp+0xb0/0xc0 [ 26.993546] kasan_strings+0x431/0xe80 [ 26.993636] ? trace_hardirqs_on+0x37/0xe0 [ 26.993660] ? __pfx_kasan_strings+0x10/0x10 [ 26.993681] ? finish_task_switch.isra.0+0x153/0x700 [ 26.993703] ? __switch_to+0x47/0xf80 [ 26.993731] ? __schedule+0x10da/0x2b60 [ 26.993757] ? __pfx_read_tsc+0x10/0x10 [ 26.993779] ? ktime_get_ts64+0x86/0x230 [ 26.993804] kunit_try_run_case+0x1a5/0x480 [ 26.993843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.993867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.993892] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.993917] ? __kthread_parkme+0x82/0x180 [ 26.993938] ? preempt_count_sub+0x50/0x80 [ 26.993961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.993986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.994011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.994035] kthread+0x337/0x6f0 [ 26.994056] ? trace_preempt_on+0x20/0xc0 [ 26.994078] ? __pfx_kthread+0x10/0x10 [ 26.994100] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.994124] ? calculate_sigpending+0x7b/0xa0 [ 26.994148] ? __pfx_kthread+0x10/0x10 [ 26.994179] ret_from_fork+0x116/0x1d0 [ 26.994201] ? __pfx_kthread+0x10/0x10 [ 26.994222] ret_from_fork_asm+0x1a/0x30 [ 26.994254] </TASK> [ 26.994264] [ 27.001953] Allocated by task 307: [ 27.002087] kasan_save_stack+0x45/0x70 [ 27.002233] kasan_save_track+0x18/0x40 [ 27.002367] kasan_save_alloc_info+0x3b/0x50 [ 27.002783] __kasan_kmalloc+0xb7/0xc0 [ 27.002994] __kmalloc_cache_noprof+0x189/0x420 [ 27.003212] kasan_strings+0xc0/0xe80 [ 27.003394] kunit_try_run_case+0x1a5/0x480 [ 27.003599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.004023] kthread+0x337/0x6f0 [ 27.004217] ret_from_fork+0x116/0x1d0 [ 27.004425] ret_from_fork_asm+0x1a/0x30 [ 27.004564] [ 27.004636] Freed by task 307: [ 27.004789] kasan_save_stack+0x45/0x70 [ 27.005298] kasan_save_track+0x18/0x40 [ 27.005577] kasan_save_free_info+0x3f/0x60 [ 27.005737] __kasan_slab_free+0x56/0x70 [ 27.005934] kfree+0x222/0x3f0 [ 27.006096] kasan_strings+0x2aa/0xe80 [ 27.006420] kunit_try_run_case+0x1a5/0x480 [ 27.006667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.006888] kthread+0x337/0x6f0 [ 27.007052] ret_from_fork+0x116/0x1d0 [ 27.007282] ret_from_fork_asm+0x1a/0x30 [ 27.007451] [ 27.007531] The buggy address belongs to the object at ffff888106006140 [ 27.007531] which belongs to the cache kmalloc-32 of size 32 [ 27.007910] The buggy address is located 16 bytes inside of [ 27.007910] freed 32-byte region [ffff888106006140, ffff888106006160) [ 27.008267] [ 27.008335] The buggy address belongs to the physical page: [ 27.008559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 27.009040] flags: 0x200000000000000(node=0|zone=2) [ 27.009313] page_type: f5(slab) [ 27.009477] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.009796] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.010047] page dumped because: kasan: bad access detected [ 27.010219] [ 27.010284] Memory state around the buggy address: [ 27.010437] ffff888106006000: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.010972] ffff888106006080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.011750] >ffff888106006100: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.012110] ^ [ 27.012666] ffff888106006180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.012984] ffff888106006200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.013290] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 26.965377] ================================================================== [ 26.965870] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 26.966142] Read of size 1 at addr ffff888106006018 by task kunit_try_catch/305 [ 26.966762] [ 26.966890] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.966941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.966954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.966977] Call Trace: [ 26.966991] <TASK> [ 26.967006] dump_stack_lvl+0x73/0xb0 [ 26.967036] print_report+0xd1/0x640 [ 26.967063] ? __virt_addr_valid+0x1db/0x2d0 [ 26.967088] ? memcmp+0x1b4/0x1d0 [ 26.967108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.967136] ? memcmp+0x1b4/0x1d0 [ 26.967157] kasan_report+0x141/0x180 [ 26.967180] ? memcmp+0x1b4/0x1d0 [ 26.967205] __asan_report_load1_noabort+0x18/0x20 [ 26.967231] memcmp+0x1b4/0x1d0 [ 26.967254] kasan_memcmp+0x18f/0x390 [ 26.967287] ? finish_task_switch.isra.0+0x156/0x700 [ 26.967312] ? __pfx_kasan_memcmp+0x10/0x10 [ 26.967333] ? finish_task_switch.isra.0+0x153/0x700 [ 26.967355] ? __switch_to+0x47/0xf80 [ 26.967385] ? __pfx_read_tsc+0x10/0x10 [ 26.967408] ? ktime_get_ts64+0x86/0x230 [ 26.967434] kunit_try_run_case+0x1a5/0x480 [ 26.967525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.967581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.967607] ? __kthread_parkme+0x82/0x180 [ 26.967628] ? preempt_count_sub+0x50/0x80 [ 26.967651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.967676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.967701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.967725] kthread+0x337/0x6f0 [ 26.967746] ? trace_preempt_on+0x20/0xc0 [ 26.967770] ? __pfx_kthread+0x10/0x10 [ 26.967792] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.967816] ? calculate_sigpending+0x7b/0xa0 [ 26.967853] ? __pfx_kthread+0x10/0x10 [ 26.967875] ret_from_fork+0x116/0x1d0 [ 26.967896] ? __pfx_kthread+0x10/0x10 [ 26.967917] ret_from_fork_asm+0x1a/0x30 [ 26.967949] </TASK> [ 26.967960] [ 26.975452] Allocated by task 305: [ 26.975629] kasan_save_stack+0x45/0x70 [ 26.975776] kasan_save_track+0x18/0x40 [ 26.975981] kasan_save_alloc_info+0x3b/0x50 [ 26.976189] __kasan_kmalloc+0xb7/0xc0 [ 26.976475] __kmalloc_cache_noprof+0x189/0x420 [ 26.976747] kasan_memcmp+0xb7/0x390 [ 26.976931] kunit_try_run_case+0x1a5/0x480 [ 26.977080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.977257] kthread+0x337/0x6f0 [ 26.977419] ret_from_fork+0x116/0x1d0 [ 26.977607] ret_from_fork_asm+0x1a/0x30 [ 26.977796] [ 26.977933] The buggy address belongs to the object at ffff888106006000 [ 26.977933] which belongs to the cache kmalloc-32 of size 32 [ 26.978544] The buggy address is located 0 bytes to the right of [ 26.978544] allocated 24-byte region [ffff888106006000, ffff888106006018) [ 26.978983] [ 26.979076] The buggy address belongs to the physical page: [ 26.979332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106006 [ 26.980051] flags: 0x200000000000000(node=0|zone=2) [ 26.980276] page_type: f5(slab) [ 26.980399] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.981047] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.981367] page dumped because: kasan: bad access detected [ 26.981541] [ 26.981664] Memory state around the buggy address: [ 26.981912] ffff888106005f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.982243] ffff888106005f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.982601] >ffff888106006000: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.982859] ^ [ 26.983054] ffff888106006080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.983399] ffff888106006100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.983898] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 25.531354] ================================================================== [ 25.531862] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.532321] Read of size 1 at addr ffff8881058a9578 by task kunit_try_catch/242 [ 25.532964] [ 25.533109] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.533156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.533177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.533198] Call Trace: [ 25.533213] <TASK> [ 25.533228] dump_stack_lvl+0x73/0xb0 [ 25.533256] print_report+0xd1/0x640 [ 25.533279] ? __virt_addr_valid+0x1db/0x2d0 [ 25.533302] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.533324] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.533351] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.533374] kasan_report+0x141/0x180 [ 25.533396] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.533424] __asan_report_load1_noabort+0x18/0x20 [ 25.533449] ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.533790] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.533821] ? __kasan_check_write+0x18/0x20 [ 25.533859] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.533887] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.533939] ? __pfx_read_tsc+0x10/0x10 [ 25.533962] ? ktime_get_ts64+0x86/0x230 [ 25.533987] kunit_try_run_case+0x1a5/0x480 [ 25.534012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.534035] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.534060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.534086] ? __kthread_parkme+0x82/0x180 [ 25.534106] ? preempt_count_sub+0x50/0x80 [ 25.534129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.534154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.534178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.534202] kthread+0x337/0x6f0 [ 25.534222] ? trace_preempt_on+0x20/0xc0 [ 25.534245] ? __pfx_kthread+0x10/0x10 [ 25.534266] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.534290] ? calculate_sigpending+0x7b/0xa0 [ 25.534314] ? __pfx_kthread+0x10/0x10 [ 25.534336] ret_from_fork+0x116/0x1d0 [ 25.534355] ? __pfx_kthread+0x10/0x10 [ 25.534397] ret_from_fork_asm+0x1a/0x30 [ 25.534428] </TASK> [ 25.534439] [ 25.543102] Allocated by task 242: [ 25.543385] kasan_save_stack+0x45/0x70 [ 25.543706] kasan_save_track+0x18/0x40 [ 25.543933] kasan_save_alloc_info+0x3b/0x50 [ 25.544101] __kasan_kmalloc+0xb7/0xc0 [ 25.544406] __kmalloc_cache_noprof+0x189/0x420 [ 25.544574] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.544825] kunit_try_run_case+0x1a5/0x480 [ 25.545343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.545634] kthread+0x337/0x6f0 [ 25.545757] ret_from_fork+0x116/0x1d0 [ 25.546047] ret_from_fork_asm+0x1a/0x30 [ 25.546508] [ 25.546591] The buggy address belongs to the object at ffff8881058a9500 [ 25.546591] which belongs to the cache kmalloc-128 of size 128 [ 25.547101] The buggy address is located 5 bytes to the right of [ 25.547101] allocated 115-byte region [ffff8881058a9500, ffff8881058a9573) [ 25.547478] [ 25.547674] The buggy address belongs to the physical page: [ 25.547940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.548553] flags: 0x200000000000000(node=0|zone=2) [ 25.548746] page_type: f5(slab) [ 25.548901] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.549321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.549768] page dumped because: kasan: bad access detected [ 25.550003] [ 25.550072] Memory state around the buggy address: [ 25.550369] ffff8881058a9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.550691] ffff8881058a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.551180] >ffff8881058a9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.551453] ^ [ 25.551813] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552047] ffff8881058a9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.552331] ================================================================== [ 25.511424] ================================================================== [ 25.512075] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 25.512413] Read of size 1 at addr ffff8881058a9573 by task kunit_try_catch/242 [ 25.512814] [ 25.512945] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.512996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.513008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.513030] Call Trace: [ 25.513045] <TASK> [ 25.513061] dump_stack_lvl+0x73/0xb0 [ 25.513093] print_report+0xd1/0x640 [ 25.513117] ? __virt_addr_valid+0x1db/0x2d0 [ 25.513142] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.513165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.513192] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.513215] kasan_report+0x141/0x180 [ 25.513262] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.513290] __asan_report_load1_noabort+0x18/0x20 [ 25.513314] ksize_unpoisons_memory+0x81c/0x9b0 [ 25.513339] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.513363] ? __kasan_check_write+0x18/0x20 [ 25.513387] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.513414] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.513441] ? __pfx_read_tsc+0x10/0x10 [ 25.513463] ? ktime_get_ts64+0x86/0x230 [ 25.513629] kunit_try_run_case+0x1a5/0x480 [ 25.513661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.513685] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.513709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.513735] ? __kthread_parkme+0x82/0x180 [ 25.513756] ? preempt_count_sub+0x50/0x80 [ 25.513780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.513804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.513842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.513869] kthread+0x337/0x6f0 [ 25.513889] ? trace_preempt_on+0x20/0xc0 [ 25.513915] ? __pfx_kthread+0x10/0x10 [ 25.513936] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.513959] ? calculate_sigpending+0x7b/0xa0 [ 25.513984] ? __pfx_kthread+0x10/0x10 [ 25.514005] ret_from_fork+0x116/0x1d0 [ 25.514025] ? __pfx_kthread+0x10/0x10 [ 25.514045] ret_from_fork_asm+0x1a/0x30 [ 25.514077] </TASK> [ 25.514088] [ 25.521963] Allocated by task 242: [ 25.522146] kasan_save_stack+0x45/0x70 [ 25.522371] kasan_save_track+0x18/0x40 [ 25.522633] kasan_save_alloc_info+0x3b/0x50 [ 25.522807] __kasan_kmalloc+0xb7/0xc0 [ 25.523036] __kmalloc_cache_noprof+0x189/0x420 [ 25.523281] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.523569] kunit_try_run_case+0x1a5/0x480 [ 25.523764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.524016] kthread+0x337/0x6f0 [ 25.524197] ret_from_fork+0x116/0x1d0 [ 25.524333] ret_from_fork_asm+0x1a/0x30 [ 25.524514] [ 25.524605] The buggy address belongs to the object at ffff8881058a9500 [ 25.524605] which belongs to the cache kmalloc-128 of size 128 [ 25.525057] The buggy address is located 0 bytes to the right of [ 25.525057] allocated 115-byte region [ffff8881058a9500, ffff8881058a9573) [ 25.525442] [ 25.525776] The buggy address belongs to the physical page: [ 25.526071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.526721] flags: 0x200000000000000(node=0|zone=2) [ 25.526904] page_type: f5(slab) [ 25.527028] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.527328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.527690] page dumped because: kasan: bad access detected [ 25.527964] [ 25.528059] Memory state around the buggy address: [ 25.528515] ffff8881058a9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.528880] ffff8881058a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.529114] >ffff8881058a9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.529440] ^ [ 25.529899] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.530511] ffff8881058a9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.530856] ================================================================== [ 25.552806] ================================================================== [ 25.553557] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.553883] Read of size 1 at addr ffff8881058a957f by task kunit_try_catch/242 [ 25.554328] [ 25.554461] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.554507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.554519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.554538] Call Trace: [ 25.554552] <TASK> [ 25.554565] dump_stack_lvl+0x73/0xb0 [ 25.554592] print_report+0xd1/0x640 [ 25.554614] ? __virt_addr_valid+0x1db/0x2d0 [ 25.554638] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.554661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.554687] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.554762] kasan_report+0x141/0x180 [ 25.554785] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.554813] __asan_report_load1_noabort+0x18/0x20 [ 25.554856] ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.554881] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.554905] ? __kasan_check_write+0x18/0x20 [ 25.554929] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.554956] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 25.554983] ? __pfx_read_tsc+0x10/0x10 [ 25.555005] ? ktime_get_ts64+0x86/0x230 [ 25.555029] kunit_try_run_case+0x1a5/0x480 [ 25.555054] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.555077] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 25.555101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.555126] ? __kthread_parkme+0x82/0x180 [ 25.555148] ? preempt_count_sub+0x50/0x80 [ 25.555550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.555584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.555611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.555636] kthread+0x337/0x6f0 [ 25.555656] ? trace_preempt_on+0x20/0xc0 [ 25.555679] ? __pfx_kthread+0x10/0x10 [ 25.555700] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.555724] ? calculate_sigpending+0x7b/0xa0 [ 25.555747] ? __pfx_kthread+0x10/0x10 [ 25.555769] ret_from_fork+0x116/0x1d0 [ 25.555788] ? __pfx_kthread+0x10/0x10 [ 25.555809] ret_from_fork_asm+0x1a/0x30 [ 25.555852] </TASK> [ 25.555863] [ 25.564167] Allocated by task 242: [ 25.564349] kasan_save_stack+0x45/0x70 [ 25.564909] kasan_save_track+0x18/0x40 [ 25.565152] kasan_save_alloc_info+0x3b/0x50 [ 25.565398] __kasan_kmalloc+0xb7/0xc0 [ 25.565640] __kmalloc_cache_noprof+0x189/0x420 [ 25.565801] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.566039] kunit_try_run_case+0x1a5/0x480 [ 25.566341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.566591] kthread+0x337/0x6f0 [ 25.566822] ret_from_fork+0x116/0x1d0 [ 25.566991] ret_from_fork_asm+0x1a/0x30 [ 25.567132] [ 25.567200] The buggy address belongs to the object at ffff8881058a9500 [ 25.567200] which belongs to the cache kmalloc-128 of size 128 [ 25.567557] The buggy address is located 12 bytes to the right of [ 25.567557] allocated 115-byte region [ffff8881058a9500, ffff8881058a9573) [ 25.568161] [ 25.568260] The buggy address belongs to the physical page: [ 25.568655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.568904] flags: 0x200000000000000(node=0|zone=2) [ 25.569061] page_type: f5(slab) [ 25.569411] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.569968] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.570403] page dumped because: kasan: bad access detected [ 25.570748] [ 25.570822] Memory state around the buggy address: [ 25.570988] ffff8881058a9400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.571283] ffff8881058a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.571598] >ffff8881058a9500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.571953] ^ [ 25.572224] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.572441] ffff8881058a9600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.572760] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 25.485176] ================================================================== [ 25.485613] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 25.485857] Free of addr ffff888104919c60 by task kunit_try_catch/240 [ 25.486156] [ 25.486264] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.486309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.486321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.486363] Call Trace: [ 25.486376] <TASK> [ 25.486390] dump_stack_lvl+0x73/0xb0 [ 25.486417] print_report+0xd1/0x640 [ 25.486441] ? __virt_addr_valid+0x1db/0x2d0 [ 25.486482] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.486507] ? kfree_sensitive+0x2e/0x90 [ 25.486528] kasan_report_invalid_free+0x10a/0x130 [ 25.486610] ? kfree_sensitive+0x2e/0x90 [ 25.486635] ? kfree_sensitive+0x2e/0x90 [ 25.486655] check_slab_allocation+0x101/0x130 [ 25.486677] __kasan_slab_pre_free+0x28/0x40 [ 25.486699] kfree+0xf0/0x3f0 [ 25.486720] ? kfree_sensitive+0x2e/0x90 [ 25.486764] kfree_sensitive+0x2e/0x90 [ 25.486784] kmalloc_double_kzfree+0x19c/0x350 [ 25.486808] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.486842] ? __schedule+0x10da/0x2b60 [ 25.486867] ? __pfx_read_tsc+0x10/0x10 [ 25.486889] ? ktime_get_ts64+0x86/0x230 [ 25.486913] kunit_try_run_case+0x1a5/0x480 [ 25.486957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.486980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.487004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.487029] ? __kthread_parkme+0x82/0x180 [ 25.487049] ? preempt_count_sub+0x50/0x80 [ 25.487072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.487095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.487119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.487142] kthread+0x337/0x6f0 [ 25.487162] ? trace_preempt_on+0x20/0xc0 [ 25.487194] ? __pfx_kthread+0x10/0x10 [ 25.487215] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.487238] ? calculate_sigpending+0x7b/0xa0 [ 25.487261] ? __pfx_kthread+0x10/0x10 [ 25.487282] ret_from_fork+0x116/0x1d0 [ 25.487302] ? __pfx_kthread+0x10/0x10 [ 25.487323] ret_from_fork_asm+0x1a/0x30 [ 25.487354] </TASK> [ 25.487365] [ 25.495371] Allocated by task 240: [ 25.495744] kasan_save_stack+0x45/0x70 [ 25.495987] kasan_save_track+0x18/0x40 [ 25.496201] kasan_save_alloc_info+0x3b/0x50 [ 25.496406] __kasan_kmalloc+0xb7/0xc0 [ 25.496685] __kmalloc_cache_noprof+0x189/0x420 [ 25.496859] kmalloc_double_kzfree+0xa9/0x350 [ 25.497016] kunit_try_run_case+0x1a5/0x480 [ 25.497288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.497851] kthread+0x337/0x6f0 [ 25.498041] ret_from_fork+0x116/0x1d0 [ 25.498268] ret_from_fork_asm+0x1a/0x30 [ 25.498470] [ 25.498541] Freed by task 240: [ 25.498859] kasan_save_stack+0x45/0x70 [ 25.499013] kasan_save_track+0x18/0x40 [ 25.499150] kasan_save_free_info+0x3f/0x60 [ 25.499386] __kasan_slab_free+0x56/0x70 [ 25.499578] kfree+0x222/0x3f0 [ 25.499839] kfree_sensitive+0x67/0x90 [ 25.500035] kmalloc_double_kzfree+0x12b/0x350 [ 25.500259] kunit_try_run_case+0x1a5/0x480 [ 25.500472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.500871] kthread+0x337/0x6f0 [ 25.501038] ret_from_fork+0x116/0x1d0 [ 25.501249] ret_from_fork_asm+0x1a/0x30 [ 25.501434] [ 25.501586] The buggy address belongs to the object at ffff888104919c60 [ 25.501586] which belongs to the cache kmalloc-16 of size 16 [ 25.502077] The buggy address is located 0 bytes inside of [ 25.502077] 16-byte region [ffff888104919c60, ffff888104919c70) [ 25.502746] [ 25.502837] The buggy address belongs to the physical page: [ 25.503038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 25.503668] flags: 0x200000000000000(node=0|zone=2) [ 25.503894] page_type: f5(slab) [ 25.504018] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.504510] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.504817] page dumped because: kasan: bad access detected [ 25.505012] [ 25.505080] Memory state around the buggy address: [ 25.505236] ffff888104919b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.505538] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.505864] >ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.506176] ^ [ 25.506565] ffff888104919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.506780] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.507208] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.460373] ================================================================== [ 25.461166] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 25.461517] Read of size 1 at addr ffff888104919c60 by task kunit_try_catch/240 [ 25.461979] [ 25.462109] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.462172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.462184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.462206] Call Trace: [ 25.462219] <TASK> [ 25.462233] dump_stack_lvl+0x73/0xb0 [ 25.462275] print_report+0xd1/0x640 [ 25.462300] ? __virt_addr_valid+0x1db/0x2d0 [ 25.462323] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.462346] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.462372] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.462418] kasan_report+0x141/0x180 [ 25.462441] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.462467] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.462490] __kasan_check_byte+0x3d/0x50 [ 25.462512] kfree_sensitive+0x22/0x90 [ 25.462551] kmalloc_double_kzfree+0x19c/0x350 [ 25.462575] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.462599] ? __schedule+0x10da/0x2b60 [ 25.462625] ? __pfx_read_tsc+0x10/0x10 [ 25.462647] ? ktime_get_ts64+0x86/0x230 [ 25.462671] kunit_try_run_case+0x1a5/0x480 [ 25.462696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.462718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.462743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.462769] ? __kthread_parkme+0x82/0x180 [ 25.462789] ? preempt_count_sub+0x50/0x80 [ 25.462812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.462846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.462871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.462894] kthread+0x337/0x6f0 [ 25.462914] ? trace_preempt_on+0x20/0xc0 [ 25.462937] ? __pfx_kthread+0x10/0x10 [ 25.462958] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.462981] ? calculate_sigpending+0x7b/0xa0 [ 25.463005] ? __pfx_kthread+0x10/0x10 [ 25.463026] ret_from_fork+0x116/0x1d0 [ 25.463046] ? __pfx_kthread+0x10/0x10 [ 25.463066] ret_from_fork_asm+0x1a/0x30 [ 25.463097] </TASK> [ 25.463109] [ 25.472013] Allocated by task 240: [ 25.472149] kasan_save_stack+0x45/0x70 [ 25.472354] kasan_save_track+0x18/0x40 [ 25.472725] kasan_save_alloc_info+0x3b/0x50 [ 25.472939] __kasan_kmalloc+0xb7/0xc0 [ 25.473075] __kmalloc_cache_noprof+0x189/0x420 [ 25.473273] kmalloc_double_kzfree+0xa9/0x350 [ 25.473484] kunit_try_run_case+0x1a5/0x480 [ 25.473897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.474116] kthread+0x337/0x6f0 [ 25.474240] ret_from_fork+0x116/0x1d0 [ 25.474375] ret_from_fork_asm+0x1a/0x30 [ 25.474687] [ 25.474825] Freed by task 240: [ 25.475025] kasan_save_stack+0x45/0x70 [ 25.475280] kasan_save_track+0x18/0x40 [ 25.475561] kasan_save_free_info+0x3f/0x60 [ 25.475797] __kasan_slab_free+0x56/0x70 [ 25.475949] kfree+0x222/0x3f0 [ 25.476074] kfree_sensitive+0x67/0x90 [ 25.476390] kmalloc_double_kzfree+0x12b/0x350 [ 25.476984] kunit_try_run_case+0x1a5/0x480 [ 25.477273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.477645] kthread+0x337/0x6f0 [ 25.477775] ret_from_fork+0x116/0x1d0 [ 25.477924] ret_from_fork_asm+0x1a/0x30 [ 25.478065] [ 25.478154] The buggy address belongs to the object at ffff888104919c60 [ 25.478154] which belongs to the cache kmalloc-16 of size 16 [ 25.479102] The buggy address is located 0 bytes inside of [ 25.479102] freed 16-byte region [ffff888104919c60, ffff888104919c70) [ 25.479677] [ 25.479752] The buggy address belongs to the physical page: [ 25.480160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 25.480670] flags: 0x200000000000000(node=0|zone=2) [ 25.480936] page_type: f5(slab) [ 25.481102] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.481659] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.481970] page dumped because: kasan: bad access detected [ 25.482157] [ 25.482259] Memory state around the buggy address: [ 25.482546] ffff888104919b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.482883] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.483136] >ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.483369] ^ [ 25.483772] ffff888104919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.484017] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.484505] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.431136] ================================================================== [ 25.431672] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.432028] Read of size 1 at addr ffff88810496fb28 by task kunit_try_catch/236 [ 25.432371] [ 25.432553] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.432606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.432620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.432641] Call Trace: [ 25.432656] <TASK> [ 25.432673] dump_stack_lvl+0x73/0xb0 [ 25.432703] print_report+0xd1/0x640 [ 25.432749] ? __virt_addr_valid+0x1db/0x2d0 [ 25.432775] ? kmalloc_uaf2+0x4a8/0x520 [ 25.432795] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.432821] ? kmalloc_uaf2+0x4a8/0x520 [ 25.432853] kasan_report+0x141/0x180 [ 25.432883] ? kmalloc_uaf2+0x4a8/0x520 [ 25.432908] __asan_report_load1_noabort+0x18/0x20 [ 25.432932] kmalloc_uaf2+0x4a8/0x520 [ 25.432953] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.432973] ? __schedule+0x2070/0x2b60 [ 25.432996] ? schedule+0x7c/0x2e0 [ 25.433018] ? trace_hardirqs_on+0x37/0xe0 [ 25.433042] ? __schedule+0x2070/0x2b60 [ 25.433066] ? __pfx_read_tsc+0x10/0x10 [ 25.433088] ? ktime_get_ts64+0x86/0x230 [ 25.433135] kunit_try_run_case+0x1a5/0x480 [ 25.433161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.433184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.433209] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.433234] ? __kthread_parkme+0x82/0x180 [ 25.433263] ? preempt_count_sub+0x50/0x80 [ 25.433286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.433310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.433334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.433357] kthread+0x337/0x6f0 [ 25.433378] ? trace_preempt_on+0x20/0xc0 [ 25.433400] ? __pfx_kthread+0x10/0x10 [ 25.433421] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.433444] ? calculate_sigpending+0x7b/0xa0 [ 25.433517] ? __pfx_kthread+0x10/0x10 [ 25.433539] ret_from_fork+0x116/0x1d0 [ 25.433559] ? __pfx_kthread+0x10/0x10 [ 25.433579] ret_from_fork_asm+0x1a/0x30 [ 25.433610] </TASK> [ 25.433622] [ 25.441683] Allocated by task 236: [ 25.441887] kasan_save_stack+0x45/0x70 [ 25.442086] kasan_save_track+0x18/0x40 [ 25.442440] kasan_save_alloc_info+0x3b/0x50 [ 25.442653] __kasan_kmalloc+0xb7/0xc0 [ 25.442873] __kmalloc_cache_noprof+0x189/0x420 [ 25.443075] kmalloc_uaf2+0xc6/0x520 [ 25.443269] kunit_try_run_case+0x1a5/0x480 [ 25.443524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.443774] kthread+0x337/0x6f0 [ 25.443942] ret_from_fork+0x116/0x1d0 [ 25.444072] ret_from_fork_asm+0x1a/0x30 [ 25.444275] [ 25.444365] Freed by task 236: [ 25.444630] kasan_save_stack+0x45/0x70 [ 25.444783] kasan_save_track+0x18/0x40 [ 25.444930] kasan_save_free_info+0x3f/0x60 [ 25.445153] __kasan_slab_free+0x56/0x70 [ 25.445362] kfree+0x222/0x3f0 [ 25.445627] kmalloc_uaf2+0x14c/0x520 [ 25.445765] kunit_try_run_case+0x1a5/0x480 [ 25.445919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.446089] kthread+0x337/0x6f0 [ 25.446203] ret_from_fork+0x116/0x1d0 [ 25.446330] ret_from_fork_asm+0x1a/0x30 [ 25.446484] [ 25.446575] The buggy address belongs to the object at ffff88810496fb00 [ 25.446575] which belongs to the cache kmalloc-64 of size 64 [ 25.447168] The buggy address is located 40 bytes inside of [ 25.447168] freed 64-byte region [ffff88810496fb00, ffff88810496fb40) [ 25.447674] [ 25.447746] The buggy address belongs to the physical page: [ 25.448271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10496f [ 25.448666] flags: 0x200000000000000(node=0|zone=2) [ 25.448963] page_type: f5(slab) [ 25.449114] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.449606] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.449899] page dumped because: kasan: bad access detected [ 25.450155] [ 25.450246] Memory state around the buggy address: [ 25.450434] ffff88810496fa00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.450779] ffff88810496fa80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.451049] >ffff88810496fb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.451602] ^ [ 25.451841] ffff88810496fb80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.452155] ffff88810496fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452423] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.397318] ================================================================== [ 25.398027] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.398510] Write of size 33 at addr ffff8881055f0200 by task kunit_try_catch/234 [ 25.399251] [ 25.399398] CPU: 1 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.399579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.399594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.399617] Call Trace: [ 25.399632] <TASK> [ 25.399650] dump_stack_lvl+0x73/0xb0 [ 25.399683] print_report+0xd1/0x640 [ 25.399706] ? __virt_addr_valid+0x1db/0x2d0 [ 25.399731] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.399752] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.399777] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.399801] kasan_report+0x141/0x180 [ 25.399824] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.399865] kasan_check_range+0x10c/0x1c0 [ 25.399888] __asan_memset+0x27/0x50 [ 25.399912] kmalloc_uaf_memset+0x1a3/0x360 [ 25.399933] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.399956] ? __schedule+0x10da/0x2b60 [ 25.399981] ? __pfx_read_tsc+0x10/0x10 [ 25.400003] ? ktime_get_ts64+0x86/0x230 [ 25.400029] kunit_try_run_case+0x1a5/0x480 [ 25.400055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.400077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.400102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.400127] ? __kthread_parkme+0x82/0x180 [ 25.400147] ? preempt_count_sub+0x50/0x80 [ 25.400181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.400205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.400229] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.400253] kthread+0x337/0x6f0 [ 25.400273] ? trace_preempt_on+0x20/0xc0 [ 25.400297] ? __pfx_kthread+0x10/0x10 [ 25.400317] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.400340] ? calculate_sigpending+0x7b/0xa0 [ 25.400364] ? __pfx_kthread+0x10/0x10 [ 25.400387] ret_from_fork+0x116/0x1d0 [ 25.400406] ? __pfx_kthread+0x10/0x10 [ 25.400427] ret_from_fork_asm+0x1a/0x30 [ 25.400459] </TASK> [ 25.400472] [ 25.411102] Allocated by task 234: [ 25.411325] kasan_save_stack+0x45/0x70 [ 25.411679] kasan_save_track+0x18/0x40 [ 25.411960] kasan_save_alloc_info+0x3b/0x50 [ 25.412325] __kasan_kmalloc+0xb7/0xc0 [ 25.412611] __kmalloc_cache_noprof+0x189/0x420 [ 25.412784] kmalloc_uaf_memset+0xa9/0x360 [ 25.413010] kunit_try_run_case+0x1a5/0x480 [ 25.413664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.413927] kthread+0x337/0x6f0 [ 25.414103] ret_from_fork+0x116/0x1d0 [ 25.414616] ret_from_fork_asm+0x1a/0x30 [ 25.414786] [ 25.415069] Freed by task 234: [ 25.415265] kasan_save_stack+0x45/0x70 [ 25.415655] kasan_save_track+0x18/0x40 [ 25.415840] kasan_save_free_info+0x3f/0x60 [ 25.416046] __kasan_slab_free+0x56/0x70 [ 25.416231] kfree+0x222/0x3f0 [ 25.416691] kmalloc_uaf_memset+0x12b/0x360 [ 25.416860] kunit_try_run_case+0x1a5/0x480 [ 25.417264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.417710] kthread+0x337/0x6f0 [ 25.418012] ret_from_fork+0x116/0x1d0 [ 25.418354] ret_from_fork_asm+0x1a/0x30 [ 25.418714] [ 25.418802] The buggy address belongs to the object at ffff8881055f0200 [ 25.418802] which belongs to the cache kmalloc-64 of size 64 [ 25.419396] The buggy address is located 0 bytes inside of [ 25.419396] freed 64-byte region [ffff8881055f0200, ffff8881055f0240) [ 25.420039] [ 25.420123] The buggy address belongs to the physical page: [ 25.420490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055f0 [ 25.420949] flags: 0x200000000000000(node=0|zone=2) [ 25.421225] page_type: f5(slab) [ 25.421403] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.421927] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.422330] page dumped because: kasan: bad access detected [ 25.422724] [ 25.422795] Memory state around the buggy address: [ 25.423031] ffff8881055f0100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.423378] ffff8881055f0180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.423736] >ffff8881055f0200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.423960] ^ [ 25.424140] ffff8881055f0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.424572] ffff8881055f0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.425048] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.352050] ================================================================== [ 25.353488] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.353814] Read of size 1 at addr ffff888104919c48 by task kunit_try_catch/232 [ 25.355739] [ 25.355853] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.355905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355940] Call Trace: [ 25.355954] <TASK> [ 25.355972] dump_stack_lvl+0x73/0xb0 [ 25.356006] print_report+0xd1/0x640 [ 25.356031] ? __virt_addr_valid+0x1db/0x2d0 [ 25.356056] ? kmalloc_uaf+0x320/0x380 [ 25.356077] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.356103] ? kmalloc_uaf+0x320/0x380 [ 25.356123] kasan_report+0x141/0x180 [ 25.356146] ? kmalloc_uaf+0x320/0x380 [ 25.356170] __asan_report_load1_noabort+0x18/0x20 [ 25.356195] kmalloc_uaf+0x320/0x380 [ 25.356234] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.356255] ? __schedule+0x10da/0x2b60 [ 25.356282] ? __pfx_read_tsc+0x10/0x10 [ 25.356305] ? ktime_get_ts64+0x86/0x230 [ 25.356331] kunit_try_run_case+0x1a5/0x480 [ 25.356357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356380] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356430] ? __kthread_parkme+0x82/0x180 [ 25.356451] ? preempt_count_sub+0x50/0x80 [ 25.356475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356522] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356546] kthread+0x337/0x6f0 [ 25.356566] ? trace_preempt_on+0x20/0xc0 [ 25.356590] ? __pfx_kthread+0x10/0x10 [ 25.356611] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356636] ? calculate_sigpending+0x7b/0xa0 [ 25.356660] ? __pfx_kthread+0x10/0x10 [ 25.356682] ret_from_fork+0x116/0x1d0 [ 25.356701] ? __pfx_kthread+0x10/0x10 [ 25.356722] ret_from_fork_asm+0x1a/0x30 [ 25.356754] </TASK> [ 25.356766] [ 25.367360] Allocated by task 232: [ 25.367505] kasan_save_stack+0x45/0x70 [ 25.367713] kasan_save_track+0x18/0x40 [ 25.367922] kasan_save_alloc_info+0x3b/0x50 [ 25.368098] __kasan_kmalloc+0xb7/0xc0 [ 25.369508] __kmalloc_cache_noprof+0x189/0x420 [ 25.369724] kmalloc_uaf+0xaa/0x380 [ 25.369888] kunit_try_run_case+0x1a5/0x480 [ 25.370095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.371330] kthread+0x337/0x6f0 [ 25.371470] ret_from_fork+0x116/0x1d0 [ 25.371846] ret_from_fork_asm+0x1a/0x30 [ 25.372181] [ 25.372299] Freed by task 232: [ 25.372436] kasan_save_stack+0x45/0x70 [ 25.373526] kasan_save_track+0x18/0x40 [ 25.373733] kasan_save_free_info+0x3f/0x60 [ 25.373932] __kasan_slab_free+0x56/0x70 [ 25.374112] kfree+0x222/0x3f0 [ 25.374259] kmalloc_uaf+0x12c/0x380 [ 25.374419] kunit_try_run_case+0x1a5/0x480 [ 25.374604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.375357] kthread+0x337/0x6f0 [ 25.375916] ret_from_fork+0x116/0x1d0 [ 25.376665] ret_from_fork_asm+0x1a/0x30 [ 25.377328] [ 25.377810] The buggy address belongs to the object at ffff888104919c40 [ 25.377810] which belongs to the cache kmalloc-16 of size 16 [ 25.379810] The buggy address is located 8 bytes inside of [ 25.379810] freed 16-byte region [ffff888104919c40, ffff888104919c50) [ 25.380917] [ 25.381034] The buggy address belongs to the physical page: [ 25.382043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 25.383011] flags: 0x200000000000000(node=0|zone=2) [ 25.384049] page_type: f5(slab) [ 25.384679] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.385849] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.386720] page dumped because: kasan: bad access detected [ 25.387397] [ 25.387497] Memory state around the buggy address: [ 25.388010] ffff888104919b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.389004] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.390138] >ffff888104919c00: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 25.390775] ^ [ 25.391261] ffff888104919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.392380] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.393522] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.330613] ================================================================== [ 25.331114] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.331740] Read of size 64 at addr ffff8881055f0104 by task kunit_try_catch/230 [ 25.332070] [ 25.332177] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.332225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.332238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.332258] Call Trace: [ 25.332283] <TASK> [ 25.332299] dump_stack_lvl+0x73/0xb0 [ 25.332328] print_report+0xd1/0x640 [ 25.332351] ? __virt_addr_valid+0x1db/0x2d0 [ 25.332374] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.332399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.332425] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.332449] kasan_report+0x141/0x180 [ 25.332471] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.332499] kasan_check_range+0x10c/0x1c0 [ 25.332523] __asan_memmove+0x27/0x70 [ 25.332546] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.332570] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.332595] ? __schedule+0x10da/0x2b60 [ 25.332620] ? __pfx_read_tsc+0x10/0x10 [ 25.332803] ? ktime_get_ts64+0x86/0x230 [ 25.332848] kunit_try_run_case+0x1a5/0x480 [ 25.332885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.332909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.332934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.332959] ? __kthread_parkme+0x82/0x180 [ 25.332979] ? preempt_count_sub+0x50/0x80 [ 25.333001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.333025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.333048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.333072] kthread+0x337/0x6f0 [ 25.333091] ? trace_preempt_on+0x20/0xc0 [ 25.333114] ? __pfx_kthread+0x10/0x10 [ 25.333134] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.333158] ? calculate_sigpending+0x7b/0xa0 [ 25.333192] ? __pfx_kthread+0x10/0x10 [ 25.333213] ret_from_fork+0x116/0x1d0 [ 25.333233] ? __pfx_kthread+0x10/0x10 [ 25.333253] ret_from_fork_asm+0x1a/0x30 [ 25.333284] </TASK> [ 25.333295] [ 25.340694] Allocated by task 230: [ 25.340852] kasan_save_stack+0x45/0x70 [ 25.341049] kasan_save_track+0x18/0x40 [ 25.341247] kasan_save_alloc_info+0x3b/0x50 [ 25.341405] __kasan_kmalloc+0xb7/0xc0 [ 25.341539] __kmalloc_cache_noprof+0x189/0x420 [ 25.341698] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.341901] kunit_try_run_case+0x1a5/0x480 [ 25.342161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.342417] kthread+0x337/0x6f0 [ 25.342583] ret_from_fork+0x116/0x1d0 [ 25.342770] ret_from_fork_asm+0x1a/0x30 [ 25.342974] [ 25.343065] The buggy address belongs to the object at ffff8881055f0100 [ 25.343065] which belongs to the cache kmalloc-64 of size 64 [ 25.343824] The buggy address is located 4 bytes inside of [ 25.343824] allocated 64-byte region [ffff8881055f0100, ffff8881055f0140) [ 25.344405] [ 25.344573] The buggy address belongs to the physical page: [ 25.344767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055f0 [ 25.345130] flags: 0x200000000000000(node=0|zone=2) [ 25.345465] page_type: f5(slab) [ 25.345584] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.345815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.346050] page dumped because: kasan: bad access detected [ 25.346218] [ 25.346431] Memory state around the buggy address: [ 25.346695] ffff8881055f0000: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 25.347042] ffff8881055f0080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.347749] >ffff8881055f0100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.348091] ^ [ 25.348449] ffff8881055f0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.348720] ffff8881055f0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.348981] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.300667] ================================================================== [ 25.301324] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.301871] Read of size 18446744073709551614 at addr ffff88810496f784 by task kunit_try_catch/228 [ 25.302738] [ 25.302999] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.303053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.303066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.303086] Call Trace: [ 25.303101] <TASK> [ 25.303116] dump_stack_lvl+0x73/0xb0 [ 25.303147] print_report+0xd1/0x640 [ 25.303338] ? __virt_addr_valid+0x1db/0x2d0 [ 25.303372] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.303399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.303426] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.303474] kasan_report+0x141/0x180 [ 25.303498] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.303527] kasan_check_range+0x10c/0x1c0 [ 25.303551] __asan_memmove+0x27/0x70 [ 25.303575] kmalloc_memmove_negative_size+0x171/0x330 [ 25.303600] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.303627] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.303656] kunit_try_run_case+0x1a5/0x480 [ 25.303681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.303729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.303754] ? __kthread_parkme+0x82/0x180 [ 25.303773] ? preempt_count_sub+0x50/0x80 [ 25.303796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.303820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.303855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.303879] kthread+0x337/0x6f0 [ 25.303898] ? trace_preempt_on+0x20/0xc0 [ 25.303921] ? __pfx_kthread+0x10/0x10 [ 25.303942] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.303966] ? calculate_sigpending+0x7b/0xa0 [ 25.303989] ? __pfx_kthread+0x10/0x10 [ 25.304010] ret_from_fork+0x116/0x1d0 [ 25.304029] ? __pfx_kthread+0x10/0x10 [ 25.304050] ret_from_fork_asm+0x1a/0x30 [ 25.304080] </TASK> [ 25.304092] [ 25.315887] Allocated by task 228: [ 25.316100] kasan_save_stack+0x45/0x70 [ 25.316399] kasan_save_track+0x18/0x40 [ 25.316839] kasan_save_alloc_info+0x3b/0x50 [ 25.317365] __kasan_kmalloc+0xb7/0xc0 [ 25.317771] __kmalloc_cache_noprof+0x189/0x420 [ 25.318034] kmalloc_memmove_negative_size+0xac/0x330 [ 25.318391] kunit_try_run_case+0x1a5/0x480 [ 25.318777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.319122] kthread+0x337/0x6f0 [ 25.319380] ret_from_fork+0x116/0x1d0 [ 25.319767] ret_from_fork_asm+0x1a/0x30 [ 25.320018] [ 25.320301] The buggy address belongs to the object at ffff88810496f780 [ 25.320301] which belongs to the cache kmalloc-64 of size 64 [ 25.321004] The buggy address is located 4 bytes inside of [ 25.321004] 64-byte region [ffff88810496f780, ffff88810496f7c0) [ 25.321493] [ 25.321604] The buggy address belongs to the physical page: [ 25.321913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10496f [ 25.322352] flags: 0x200000000000000(node=0|zone=2) [ 25.322724] page_type: f5(slab) [ 25.322909] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.323256] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.323666] page dumped because: kasan: bad access detected [ 25.323930] [ 25.324062] Memory state around the buggy address: [ 25.324330] ffff88810496f680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.324763] ffff88810496f700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.325105] >ffff88810496f780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.325432] ^ [ 25.325554] ffff88810496f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.326046] ffff88810496f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.326420] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.276899] ================================================================== [ 25.277388] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.277955] Write of size 16 at addr ffff888104975069 by task kunit_try_catch/226 [ 25.278691] [ 25.278808] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.278868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.278882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.278938] Call Trace: [ 25.278951] <TASK> [ 25.278966] dump_stack_lvl+0x73/0xb0 [ 25.279010] print_report+0xd1/0x640 [ 25.279033] ? __virt_addr_valid+0x1db/0x2d0 [ 25.279058] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.279080] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.279132] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.279156] kasan_report+0x141/0x180 [ 25.279200] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.279227] kasan_check_range+0x10c/0x1c0 [ 25.279251] __asan_memset+0x27/0x50 [ 25.279275] kmalloc_oob_memset_16+0x166/0x330 [ 25.279298] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.279322] ? __schedule+0x2070/0x2b60 [ 25.279348] ? __pfx_read_tsc+0x10/0x10 [ 25.279369] ? ktime_get_ts64+0x86/0x230 [ 25.279393] kunit_try_run_case+0x1a5/0x480 [ 25.279420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.279442] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.279467] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.279493] ? __kthread_parkme+0x82/0x180 [ 25.279514] ? preempt_count_sub+0x50/0x80 [ 25.279538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.279562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.279585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.279609] kthread+0x337/0x6f0 [ 25.279629] ? trace_preempt_on+0x20/0xc0 [ 25.279652] ? __pfx_kthread+0x10/0x10 [ 25.279673] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.279696] ? calculate_sigpending+0x7b/0xa0 [ 25.279719] ? __pfx_kthread+0x10/0x10 [ 25.279741] ret_from_fork+0x116/0x1d0 [ 25.279760] ? __pfx_kthread+0x10/0x10 [ 25.279781] ret_from_fork_asm+0x1a/0x30 [ 25.279812] </TASK> [ 25.279823] [ 25.287548] Allocated by task 226: [ 25.287755] kasan_save_stack+0x45/0x70 [ 25.287961] kasan_save_track+0x18/0x40 [ 25.288149] kasan_save_alloc_info+0x3b/0x50 [ 25.288309] __kasan_kmalloc+0xb7/0xc0 [ 25.288439] __kmalloc_cache_noprof+0x189/0x420 [ 25.288847] kmalloc_oob_memset_16+0xac/0x330 [ 25.289044] kunit_try_run_case+0x1a5/0x480 [ 25.289254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.289568] kthread+0x337/0x6f0 [ 25.289687] ret_from_fork+0x116/0x1d0 [ 25.289814] ret_from_fork_asm+0x1a/0x30 [ 25.289958] [ 25.290061] The buggy address belongs to the object at ffff888104975000 [ 25.290061] which belongs to the cache kmalloc-128 of size 128 [ 25.290981] The buggy address is located 105 bytes inside of [ 25.290981] allocated 120-byte region [ffff888104975000, ffff888104975078) [ 25.291572] [ 25.291717] The buggy address belongs to the physical page: [ 25.291957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 25.292317] flags: 0x200000000000000(node=0|zone=2) [ 25.292604] page_type: f5(slab) [ 25.292741] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.293122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.293495] page dumped because: kasan: bad access detected [ 25.293807] [ 25.293907] Memory state around the buggy address: [ 25.294136] ffff888104974f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.294528] ffff888104974f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.294825] >ffff888104975000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.295136] ^ [ 25.295452] ffff888104975080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.295774] ffff888104975100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.296075] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.247183] ================================================================== [ 25.248042] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.248654] Write of size 8 at addr ffff8881058a9471 by task kunit_try_catch/224 [ 25.249384] [ 25.249481] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.249531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.249544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.249572] Call Trace: [ 25.249586] <TASK> [ 25.249603] dump_stack_lvl+0x73/0xb0 [ 25.249635] print_report+0xd1/0x640 [ 25.249658] ? __virt_addr_valid+0x1db/0x2d0 [ 25.249682] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.249704] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.249730] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.249752] kasan_report+0x141/0x180 [ 25.249774] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.249800] kasan_check_range+0x10c/0x1c0 [ 25.249823] __asan_memset+0x27/0x50 [ 25.249858] kmalloc_oob_memset_8+0x166/0x330 [ 25.249881] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.249904] ? __schedule+0x10da/0x2b60 [ 25.249929] ? __pfx_read_tsc+0x10/0x10 [ 25.249951] ? ktime_get_ts64+0x86/0x230 [ 25.249975] kunit_try_run_case+0x1a5/0x480 [ 25.250023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.250059] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.250084] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.250109] ? __kthread_parkme+0x82/0x180 [ 25.250140] ? preempt_count_sub+0x50/0x80 [ 25.250163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.250188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.250211] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.250235] kthread+0x337/0x6f0 [ 25.250254] ? trace_preempt_on+0x20/0xc0 [ 25.250287] ? __pfx_kthread+0x10/0x10 [ 25.250308] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.250330] ? calculate_sigpending+0x7b/0xa0 [ 25.250353] ? __pfx_kthread+0x10/0x10 [ 25.250375] ret_from_fork+0x116/0x1d0 [ 25.250394] ? __pfx_kthread+0x10/0x10 [ 25.250415] ret_from_fork_asm+0x1a/0x30 [ 25.250446] </TASK> [ 25.250471] [ 25.261923] Allocated by task 224: [ 25.262081] kasan_save_stack+0x45/0x70 [ 25.262379] kasan_save_track+0x18/0x40 [ 25.262694] kasan_save_alloc_info+0x3b/0x50 [ 25.262952] __kasan_kmalloc+0xb7/0xc0 [ 25.263119] __kmalloc_cache_noprof+0x189/0x420 [ 25.263313] kmalloc_oob_memset_8+0xac/0x330 [ 25.263626] kunit_try_run_case+0x1a5/0x480 [ 25.263940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.264215] kthread+0x337/0x6f0 [ 25.264441] ret_from_fork+0x116/0x1d0 [ 25.264653] ret_from_fork_asm+0x1a/0x30 [ 25.264790] [ 25.264878] The buggy address belongs to the object at ffff8881058a9400 [ 25.264878] which belongs to the cache kmalloc-128 of size 128 [ 25.265312] The buggy address is located 113 bytes inside of [ 25.265312] allocated 120-byte region [ffff8881058a9400, ffff8881058a9478) [ 25.266203] [ 25.266290] The buggy address belongs to the physical page: [ 25.266591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.267076] flags: 0x200000000000000(node=0|zone=2) [ 25.267511] page_type: f5(slab) [ 25.267794] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.268056] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.268577] page dumped because: kasan: bad access detected [ 25.268788] [ 25.268964] Memory state around the buggy address: [ 25.269224] ffff8881058a9300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.269580] ffff8881058a9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.269963] >ffff8881058a9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.270318] ^ [ 25.270755] ffff8881058a9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271048] ffff8881058a9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.271445] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.217585] ================================================================== [ 25.218170] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.218406] Write of size 4 at addr ffff888104962f75 by task kunit_try_catch/222 [ 25.219114] [ 25.219313] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.219364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.219606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.219660] Call Trace: [ 25.219675] <TASK> [ 25.219690] dump_stack_lvl+0x73/0xb0 [ 25.219865] print_report+0xd1/0x640 [ 25.219889] ? __virt_addr_valid+0x1db/0x2d0 [ 25.219914] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.219935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.219962] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.219984] kasan_report+0x141/0x180 [ 25.220007] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.220033] kasan_check_range+0x10c/0x1c0 [ 25.220059] __asan_memset+0x27/0x50 [ 25.220083] kmalloc_oob_memset_4+0x166/0x330 [ 25.220107] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.220130] ? __schedule+0x10da/0x2b60 [ 25.220155] ? __pfx_read_tsc+0x10/0x10 [ 25.220244] ? ktime_get_ts64+0x86/0x230 [ 25.220268] kunit_try_run_case+0x1a5/0x480 [ 25.220294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.220317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.220342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.220367] ? __kthread_parkme+0x82/0x180 [ 25.220388] ? preempt_count_sub+0x50/0x80 [ 25.220411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.220434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.220526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.220554] kthread+0x337/0x6f0 [ 25.220574] ? trace_preempt_on+0x20/0xc0 [ 25.220597] ? __pfx_kthread+0x10/0x10 [ 25.220618] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.220641] ? calculate_sigpending+0x7b/0xa0 [ 25.220664] ? __pfx_kthread+0x10/0x10 [ 25.220686] ret_from_fork+0x116/0x1d0 [ 25.220706] ? __pfx_kthread+0x10/0x10 [ 25.220727] ret_from_fork_asm+0x1a/0x30 [ 25.220757] </TASK> [ 25.220769] [ 25.232329] Allocated by task 222: [ 25.232701] kasan_save_stack+0x45/0x70 [ 25.232962] kasan_save_track+0x18/0x40 [ 25.233151] kasan_save_alloc_info+0x3b/0x50 [ 25.233710] __kasan_kmalloc+0xb7/0xc0 [ 25.234049] __kmalloc_cache_noprof+0x189/0x420 [ 25.234407] kmalloc_oob_memset_4+0xac/0x330 [ 25.234878] kunit_try_run_case+0x1a5/0x480 [ 25.235098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.235525] kthread+0x337/0x6f0 [ 25.235845] ret_from_fork+0x116/0x1d0 [ 25.236028] ret_from_fork_asm+0x1a/0x30 [ 25.236362] [ 25.236456] The buggy address belongs to the object at ffff888104962f00 [ 25.236456] which belongs to the cache kmalloc-128 of size 128 [ 25.237021] The buggy address is located 117 bytes inside of [ 25.237021] allocated 120-byte region [ffff888104962f00, ffff888104962f78) [ 25.237973] [ 25.238070] The buggy address belongs to the physical page: [ 25.238342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104962 [ 25.238893] flags: 0x200000000000000(node=0|zone=2) [ 25.239124] page_type: f5(slab) [ 25.239596] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.240024] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.240444] page dumped because: kasan: bad access detected [ 25.240694] [ 25.240790] Memory state around the buggy address: [ 25.241279] ffff888104962e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.241734] ffff888104962e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.242065] >ffff888104962f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.242681] ^ [ 25.242962] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.243558] ffff888104963000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.243963] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.182873] ================================================================== [ 25.183491] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 25.184151] Write of size 2 at addr ffff8881058a9377 by task kunit_try_catch/220 [ 25.185093] [ 25.185284] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.185333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.185346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.185369] Call Trace: [ 25.185382] <TASK> [ 25.185399] dump_stack_lvl+0x73/0xb0 [ 25.185505] print_report+0xd1/0x640 [ 25.185530] ? __virt_addr_valid+0x1db/0x2d0 [ 25.185556] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.185577] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.185603] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.185626] kasan_report+0x141/0x180 [ 25.185648] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.185674] kasan_check_range+0x10c/0x1c0 [ 25.185698] __asan_memset+0x27/0x50 [ 25.185722] kmalloc_oob_memset_2+0x166/0x330 [ 25.185745] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.185768] ? __schedule+0x10da/0x2b60 [ 25.185793] ? __pfx_read_tsc+0x10/0x10 [ 25.185817] ? ktime_get_ts64+0x86/0x230 [ 25.185853] kunit_try_run_case+0x1a5/0x480 [ 25.185879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.185901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.185926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.185951] ? __kthread_parkme+0x82/0x180 [ 25.185973] ? preempt_count_sub+0x50/0x80 [ 25.185998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.186022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.186045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.186068] kthread+0x337/0x6f0 [ 25.186088] ? trace_preempt_on+0x20/0xc0 [ 25.186113] ? __pfx_kthread+0x10/0x10 [ 25.186134] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.186157] ? calculate_sigpending+0x7b/0xa0 [ 25.186193] ? __pfx_kthread+0x10/0x10 [ 25.186215] ret_from_fork+0x116/0x1d0 [ 25.186234] ? __pfx_kthread+0x10/0x10 [ 25.186255] ret_from_fork_asm+0x1a/0x30 [ 25.186286] </TASK> [ 25.186298] [ 25.200030] Allocated by task 220: [ 25.200398] kasan_save_stack+0x45/0x70 [ 25.200792] kasan_save_track+0x18/0x40 [ 25.200979] kasan_save_alloc_info+0x3b/0x50 [ 25.201408] __kasan_kmalloc+0xb7/0xc0 [ 25.201824] __kmalloc_cache_noprof+0x189/0x420 [ 25.202279] kmalloc_oob_memset_2+0xac/0x330 [ 25.202719] kunit_try_run_case+0x1a5/0x480 [ 25.202875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.203052] kthread+0x337/0x6f0 [ 25.203187] ret_from_fork+0x116/0x1d0 [ 25.203588] ret_from_fork_asm+0x1a/0x30 [ 25.203968] [ 25.204144] The buggy address belongs to the object at ffff8881058a9300 [ 25.204144] which belongs to the cache kmalloc-128 of size 128 [ 25.205436] The buggy address is located 119 bytes inside of [ 25.205436] allocated 120-byte region [ffff8881058a9300, ffff8881058a9378) [ 25.206723] [ 25.206892] The buggy address belongs to the physical page: [ 25.207192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.207979] flags: 0x200000000000000(node=0|zone=2) [ 25.208145] page_type: f5(slab) [ 25.208260] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.208534] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.209353] page dumped because: kasan: bad access detected [ 25.209894] [ 25.210094] Memory state around the buggy address: [ 25.210639] ffff8881058a9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.211415] ffff8881058a9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.212129] >ffff8881058a9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.212684] ^ [ 25.212953] ffff8881058a9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.213598] ffff8881058a9400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.214310] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.150925] ================================================================== [ 25.151411] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.151756] Write of size 128 at addr ffff8881058a9200 by task kunit_try_catch/218 [ 25.152104] [ 25.152226] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.152274] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.152287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.152307] Call Trace: [ 25.152320] <TASK> [ 25.152335] dump_stack_lvl+0x73/0xb0 [ 25.152364] print_report+0xd1/0x640 [ 25.152407] ? __virt_addr_valid+0x1db/0x2d0 [ 25.152430] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.152466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.152493] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.152515] kasan_report+0x141/0x180 [ 25.152551] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.152592] kasan_check_range+0x10c/0x1c0 [ 25.152669] __asan_memset+0x27/0x50 [ 25.152697] kmalloc_oob_in_memset+0x15f/0x320 [ 25.152720] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.152743] ? __schedule+0x10da/0x2b60 [ 25.152768] ? __pfx_read_tsc+0x10/0x10 [ 25.152790] ? ktime_get_ts64+0x86/0x230 [ 25.152815] kunit_try_run_case+0x1a5/0x480 [ 25.152852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.152881] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.152906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.152930] ? __kthread_parkme+0x82/0x180 [ 25.152950] ? preempt_count_sub+0x50/0x80 [ 25.152973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.152997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.153021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.153044] kthread+0x337/0x6f0 [ 25.153064] ? trace_preempt_on+0x20/0xc0 [ 25.153087] ? __pfx_kthread+0x10/0x10 [ 25.153107] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.153132] ? calculate_sigpending+0x7b/0xa0 [ 25.153155] ? __pfx_kthread+0x10/0x10 [ 25.153190] ret_from_fork+0x116/0x1d0 [ 25.153211] ? __pfx_kthread+0x10/0x10 [ 25.153232] ret_from_fork_asm+0x1a/0x30 [ 25.153263] </TASK> [ 25.153274] [ 25.165135] Allocated by task 218: [ 25.165458] kasan_save_stack+0x45/0x70 [ 25.165822] kasan_save_track+0x18/0x40 [ 25.166253] kasan_save_alloc_info+0x3b/0x50 [ 25.166868] __kasan_kmalloc+0xb7/0xc0 [ 25.167265] __kmalloc_cache_noprof+0x189/0x420 [ 25.167745] kmalloc_oob_in_memset+0xac/0x320 [ 25.168151] kunit_try_run_case+0x1a5/0x480 [ 25.168585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.169113] kthread+0x337/0x6f0 [ 25.169418] ret_from_fork+0x116/0x1d0 [ 25.169564] ret_from_fork_asm+0x1a/0x30 [ 25.169930] [ 25.170102] The buggy address belongs to the object at ffff8881058a9200 [ 25.170102] which belongs to the cache kmalloc-128 of size 128 [ 25.170900] The buggy address is located 0 bytes inside of [ 25.170900] allocated 120-byte region [ffff8881058a9200, ffff8881058a9278) [ 25.171489] [ 25.171648] The buggy address belongs to the physical page: [ 25.172243] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.173152] flags: 0x200000000000000(node=0|zone=2) [ 25.173800] page_type: f5(slab) [ 25.174138] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.174638] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.175303] page dumped because: kasan: bad access detected [ 25.175627] [ 25.175697] Memory state around the buggy address: [ 25.175859] ffff8881058a9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.176071] ffff8881058a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.176725] >ffff8881058a9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.177396] ^ [ 25.178174] ffff8881058a9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.178962] ffff8881058a9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.179685] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.118223] ================================================================== [ 25.118782] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.119021] Read of size 16 at addr ffff888104919c20 by task kunit_try_catch/216 [ 25.119522] [ 25.119767] CPU: 0 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.119816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.119838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.119860] Call Trace: [ 25.119873] <TASK> [ 25.119888] dump_stack_lvl+0x73/0xb0 [ 25.119917] print_report+0xd1/0x640 [ 25.119940] ? __virt_addr_valid+0x1db/0x2d0 [ 25.119963] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.119984] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.120010] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.120031] kasan_report+0x141/0x180 [ 25.120053] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.120079] __asan_report_load16_noabort+0x18/0x20 [ 25.120103] kmalloc_uaf_16+0x47b/0x4c0 [ 25.120124] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.120173] ? __schedule+0x10da/0x2b60 [ 25.120200] ? __pfx_read_tsc+0x10/0x10 [ 25.120222] ? ktime_get_ts64+0x86/0x230 [ 25.120256] kunit_try_run_case+0x1a5/0x480 [ 25.120282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.120306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.120331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.120356] ? __kthread_parkme+0x82/0x180 [ 25.120384] ? preempt_count_sub+0x50/0x80 [ 25.120407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.120432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.120478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.120501] kthread+0x337/0x6f0 [ 25.120521] ? trace_preempt_on+0x20/0xc0 [ 25.120543] ? __pfx_kthread+0x10/0x10 [ 25.120564] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.120599] ? calculate_sigpending+0x7b/0xa0 [ 25.120622] ? __pfx_kthread+0x10/0x10 [ 25.120644] ret_from_fork+0x116/0x1d0 [ 25.120674] ? __pfx_kthread+0x10/0x10 [ 25.120696] ret_from_fork_asm+0x1a/0x30 [ 25.120728] </TASK> [ 25.120739] [ 25.133170] Allocated by task 216: [ 25.133584] kasan_save_stack+0x45/0x70 [ 25.134023] kasan_save_track+0x18/0x40 [ 25.134410] kasan_save_alloc_info+0x3b/0x50 [ 25.134880] __kasan_kmalloc+0xb7/0xc0 [ 25.135221] __kmalloc_cache_noprof+0x189/0x420 [ 25.135610] kmalloc_uaf_16+0x15b/0x4c0 [ 25.135750] kunit_try_run_case+0x1a5/0x480 [ 25.135906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.136082] kthread+0x337/0x6f0 [ 25.136340] ret_from_fork+0x116/0x1d0 [ 25.136737] ret_from_fork_asm+0x1a/0x30 [ 25.137247] [ 25.137406] Freed by task 216: [ 25.137777] kasan_save_stack+0x45/0x70 [ 25.138166] kasan_save_track+0x18/0x40 [ 25.138603] kasan_save_free_info+0x3f/0x60 [ 25.139008] __kasan_slab_free+0x56/0x70 [ 25.139390] kfree+0x222/0x3f0 [ 25.139751] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.140050] kunit_try_run_case+0x1a5/0x480 [ 25.140505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.140927] kthread+0x337/0x6f0 [ 25.141135] ret_from_fork+0x116/0x1d0 [ 25.141391] ret_from_fork_asm+0x1a/0x30 [ 25.141809] [ 25.141978] The buggy address belongs to the object at ffff888104919c20 [ 25.141978] which belongs to the cache kmalloc-16 of size 16 [ 25.142727] The buggy address is located 0 bytes inside of [ 25.142727] freed 16-byte region [ffff888104919c20, ffff888104919c30) [ 25.143699] [ 25.143872] The buggy address belongs to the physical page: [ 25.144280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104919 [ 25.144783] flags: 0x200000000000000(node=0|zone=2) [ 25.145274] page_type: f5(slab) [ 25.145615] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.145862] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.146090] page dumped because: kasan: bad access detected [ 25.146260] [ 25.146327] Memory state around the buggy address: [ 25.146484] ffff888104919b00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.146702] ffff888104919b80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.146934] >ffff888104919c00: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.147247] ^ [ 25.147392] ffff888104919c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.147660] ffff888104919d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.148115] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.091632] ================================================================== [ 25.092085] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.092403] Write of size 16 at addr ffff88810585ea80 by task kunit_try_catch/214 [ 25.092748] [ 25.092895] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.092943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.092956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.092978] Call Trace: [ 25.092991] <TASK> [ 25.093007] dump_stack_lvl+0x73/0xb0 [ 25.093036] print_report+0xd1/0x640 [ 25.093058] ? __virt_addr_valid+0x1db/0x2d0 [ 25.093083] ? kmalloc_oob_16+0x452/0x4a0 [ 25.093122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.093150] ? kmalloc_oob_16+0x452/0x4a0 [ 25.093182] kasan_report+0x141/0x180 [ 25.093318] ? kmalloc_oob_16+0x452/0x4a0 [ 25.093343] __asan_report_store16_noabort+0x1b/0x30 [ 25.093367] kmalloc_oob_16+0x452/0x4a0 [ 25.093389] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.093410] ? __schedule+0x10da/0x2b60 [ 25.093436] ? __pfx_read_tsc+0x10/0x10 [ 25.093470] ? ktime_get_ts64+0x86/0x230 [ 25.093496] kunit_try_run_case+0x1a5/0x480 [ 25.093521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.093544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.093568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.093593] ? __kthread_parkme+0x82/0x180 [ 25.093615] ? preempt_count_sub+0x50/0x80 [ 25.093638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.093663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.093687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.093711] kthread+0x337/0x6f0 [ 25.093731] ? trace_preempt_on+0x20/0xc0 [ 25.093756] ? __pfx_kthread+0x10/0x10 [ 25.093777] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.093800] ? calculate_sigpending+0x7b/0xa0 [ 25.093824] ? __pfx_kthread+0x10/0x10 [ 25.093858] ret_from_fork+0x116/0x1d0 [ 25.093878] ? __pfx_kthread+0x10/0x10 [ 25.093900] ret_from_fork_asm+0x1a/0x30 [ 25.093931] </TASK> [ 25.093942] [ 25.104061] Allocated by task 214: [ 25.104254] kasan_save_stack+0x45/0x70 [ 25.104601] kasan_save_track+0x18/0x40 [ 25.104917] kasan_save_alloc_info+0x3b/0x50 [ 25.105137] __kasan_kmalloc+0xb7/0xc0 [ 25.105499] __kmalloc_cache_noprof+0x189/0x420 [ 25.105803] kmalloc_oob_16+0xa8/0x4a0 [ 25.106013] kunit_try_run_case+0x1a5/0x480 [ 25.106216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.106787] kthread+0x337/0x6f0 [ 25.106978] ret_from_fork+0x116/0x1d0 [ 25.107337] ret_from_fork_asm+0x1a/0x30 [ 25.107549] [ 25.107805] The buggy address belongs to the object at ffff88810585ea80 [ 25.107805] which belongs to the cache kmalloc-16 of size 16 [ 25.108427] The buggy address is located 0 bytes inside of [ 25.108427] allocated 13-byte region [ffff88810585ea80, ffff88810585ea8d) [ 25.108925] [ 25.109021] The buggy address belongs to the physical page: [ 25.109639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10585e [ 25.110057] flags: 0x200000000000000(node=0|zone=2) [ 25.110404] page_type: f5(slab) [ 25.110648] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.111223] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.111732] page dumped because: kasan: bad access detected [ 25.112096] [ 25.112244] Memory state around the buggy address: [ 25.112661] ffff88810585e980: 00 06 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 25.113103] ffff88810585ea00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.113537] >ffff88810585ea80: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.113976] ^ [ 25.114157] ffff88810585eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.114663] ffff88810585eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115043] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.039373] ================================================================== [ 25.040299] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 25.040631] Read of size 1 at addr ffff888104a0fc00 by task kunit_try_catch/212 [ 25.041073] [ 25.041215] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.041264] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.041277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.041298] Call Trace: [ 25.041311] <TASK> [ 25.041326] dump_stack_lvl+0x73/0xb0 [ 25.041356] print_report+0xd1/0x640 [ 25.041379] ? __virt_addr_valid+0x1db/0x2d0 [ 25.041402] ? krealloc_uaf+0x1b8/0x5e0 [ 25.041423] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.041449] ? krealloc_uaf+0x1b8/0x5e0 [ 25.041471] kasan_report+0x141/0x180 [ 25.041493] ? krealloc_uaf+0x1b8/0x5e0 [ 25.041517] ? krealloc_uaf+0x1b8/0x5e0 [ 25.041539] __kasan_check_byte+0x3d/0x50 [ 25.041561] krealloc_noprof+0x3f/0x340 [ 25.041588] krealloc_uaf+0x1b8/0x5e0 [ 25.041610] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.041631] ? finish_task_switch.isra.0+0x153/0x700 [ 25.041652] ? __switch_to+0x47/0xf80 [ 25.041679] ? __schedule+0x10da/0x2b60 [ 25.041704] ? __pfx_read_tsc+0x10/0x10 [ 25.041725] ? ktime_get_ts64+0x86/0x230 [ 25.041751] kunit_try_run_case+0x1a5/0x480 [ 25.041776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.041799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.041824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.041861] ? __kthread_parkme+0x82/0x180 [ 25.041881] ? preempt_count_sub+0x50/0x80 [ 25.041904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.041928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.041951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.041975] kthread+0x337/0x6f0 [ 25.041995] ? trace_preempt_on+0x20/0xc0 [ 25.042018] ? __pfx_kthread+0x10/0x10 [ 25.042039] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.042063] ? calculate_sigpending+0x7b/0xa0 [ 25.042086] ? __pfx_kthread+0x10/0x10 [ 25.042108] ret_from_fork+0x116/0x1d0 [ 25.042127] ? __pfx_kthread+0x10/0x10 [ 25.042148] ret_from_fork_asm+0x1a/0x30 [ 25.042192] </TASK> [ 25.042203] [ 25.050098] Allocated by task 212: [ 25.050281] kasan_save_stack+0x45/0x70 [ 25.050448] kasan_save_track+0x18/0x40 [ 25.050646] kasan_save_alloc_info+0x3b/0x50 [ 25.050818] __kasan_kmalloc+0xb7/0xc0 [ 25.051016] __kmalloc_cache_noprof+0x189/0x420 [ 25.051403] krealloc_uaf+0xbb/0x5e0 [ 25.051619] kunit_try_run_case+0x1a5/0x480 [ 25.051773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.051966] kthread+0x337/0x6f0 [ 25.052129] ret_from_fork+0x116/0x1d0 [ 25.052321] ret_from_fork_asm+0x1a/0x30 [ 25.052516] [ 25.052615] Freed by task 212: [ 25.052816] kasan_save_stack+0x45/0x70 [ 25.053280] kasan_save_track+0x18/0x40 [ 25.053438] kasan_save_free_info+0x3f/0x60 [ 25.053656] __kasan_slab_free+0x56/0x70 [ 25.053804] kfree+0x222/0x3f0 [ 25.053977] krealloc_uaf+0x13d/0x5e0 [ 25.054164] kunit_try_run_case+0x1a5/0x480 [ 25.054411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.054784] kthread+0x337/0x6f0 [ 25.054945] ret_from_fork+0x116/0x1d0 [ 25.055307] ret_from_fork_asm+0x1a/0x30 [ 25.055485] [ 25.055595] The buggy address belongs to the object at ffff888104a0fc00 [ 25.055595] which belongs to the cache kmalloc-256 of size 256 [ 25.056120] The buggy address is located 0 bytes inside of [ 25.056120] freed 256-byte region [ffff888104a0fc00, ffff888104a0fd00) [ 25.056486] [ 25.056559] The buggy address belongs to the physical page: [ 25.056743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e [ 25.057164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.057960] flags: 0x200000000000040(head|node=0|zone=2) [ 25.058219] page_type: f5(slab) [ 25.058344] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.058578] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.058813] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.059064] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.059905] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff [ 25.060415] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.060849] page dumped because: kasan: bad access detected [ 25.061262] [ 25.061360] Memory state around the buggy address: [ 25.061640] ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.061890] ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.062146] >ffff888104a0fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.062542] ^ [ 25.062713] ffff888104a0fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.063026] ffff888104a0fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.063303] ================================================================== [ 25.063921] ================================================================== [ 25.064560] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 25.064792] Read of size 1 at addr ffff888104a0fc00 by task kunit_try_catch/212 [ 25.065138] [ 25.065252] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.065298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.065310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.065330] Call Trace: [ 25.065346] <TASK> [ 25.065362] dump_stack_lvl+0x73/0xb0 [ 25.065389] print_report+0xd1/0x640 [ 25.065412] ? __virt_addr_valid+0x1db/0x2d0 [ 25.065436] ? krealloc_uaf+0x53c/0x5e0 [ 25.065457] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.065565] ? krealloc_uaf+0x53c/0x5e0 [ 25.065593] kasan_report+0x141/0x180 [ 25.065616] ? krealloc_uaf+0x53c/0x5e0 [ 25.065642] __asan_report_load1_noabort+0x18/0x20 [ 25.065667] krealloc_uaf+0x53c/0x5e0 [ 25.065689] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.065709] ? finish_task_switch.isra.0+0x153/0x700 [ 25.065731] ? __switch_to+0x47/0xf80 [ 25.065757] ? __schedule+0x10da/0x2b60 [ 25.065782] ? __pfx_read_tsc+0x10/0x10 [ 25.065804] ? ktime_get_ts64+0x86/0x230 [ 25.065841] kunit_try_run_case+0x1a5/0x480 [ 25.065866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.065889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.065913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.065938] ? __kthread_parkme+0x82/0x180 [ 25.065958] ? preempt_count_sub+0x50/0x80 [ 25.065980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.066004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.066027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.066051] kthread+0x337/0x6f0 [ 25.066071] ? trace_preempt_on+0x20/0xc0 [ 25.066093] ? __pfx_kthread+0x10/0x10 [ 25.066114] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.066137] ? calculate_sigpending+0x7b/0xa0 [ 25.066160] ? __pfx_kthread+0x10/0x10 [ 25.066192] ret_from_fork+0x116/0x1d0 [ 25.066212] ? __pfx_kthread+0x10/0x10 [ 25.066232] ret_from_fork_asm+0x1a/0x30 [ 25.066263] </TASK> [ 25.066274] [ 25.073974] Allocated by task 212: [ 25.074135] kasan_save_stack+0x45/0x70 [ 25.074362] kasan_save_track+0x18/0x40 [ 25.074644] kasan_save_alloc_info+0x3b/0x50 [ 25.074801] __kasan_kmalloc+0xb7/0xc0 [ 25.074949] __kmalloc_cache_noprof+0x189/0x420 [ 25.075106] krealloc_uaf+0xbb/0x5e0 [ 25.075285] kunit_try_run_case+0x1a5/0x480 [ 25.075502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.075776] kthread+0x337/0x6f0 [ 25.076151] ret_from_fork+0x116/0x1d0 [ 25.076363] ret_from_fork_asm+0x1a/0x30 [ 25.076558] [ 25.076647] Freed by task 212: [ 25.076801] kasan_save_stack+0x45/0x70 [ 25.077005] kasan_save_track+0x18/0x40 [ 25.077155] kasan_save_free_info+0x3f/0x60 [ 25.077636] __kasan_slab_free+0x56/0x70 [ 25.077789] kfree+0x222/0x3f0 [ 25.077920] krealloc_uaf+0x13d/0x5e0 [ 25.078084] kunit_try_run_case+0x1a5/0x480 [ 25.078284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.078646] kthread+0x337/0x6f0 [ 25.078810] ret_from_fork+0x116/0x1d0 [ 25.078955] ret_from_fork_asm+0x1a/0x30 [ 25.079094] [ 25.079162] The buggy address belongs to the object at ffff888104a0fc00 [ 25.079162] which belongs to the cache kmalloc-256 of size 256 [ 25.079684] The buggy address is located 0 bytes inside of [ 25.079684] freed 256-byte region [ffff888104a0fc00, ffff888104a0fd00) [ 25.080208] [ 25.080432] The buggy address belongs to the physical page: [ 25.080648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e [ 25.080941] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.081548] flags: 0x200000000000040(head|node=0|zone=2) [ 25.081812] page_type: f5(slab) [ 25.081989] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.082313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.082694] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.082950] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.083187] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff [ 25.083421] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.083651] page dumped because: kasan: bad access detected [ 25.083890] [ 25.083980] Memory state around the buggy address: [ 25.084198] ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.084582] ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.084920] >ffff888104a0fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.085317] ^ [ 25.085439] ffff888104a0fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.085734] ffff888104a0fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.085961] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.796932] ================================================================== [ 24.797212] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.797543] Write of size 1 at addr ffff888104a83cd0 by task kunit_try_catch/206 [ 24.798053] [ 24.798211] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.798272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.798298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.798318] Call Trace: [ 24.798330] <TASK> [ 24.798343] dump_stack_lvl+0x73/0xb0 [ 24.798385] print_report+0xd1/0x640 [ 24.798420] ? __virt_addr_valid+0x1db/0x2d0 [ 24.798502] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.798557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798580] kasan_report+0x141/0x180 [ 24.798603] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798630] __asan_report_store1_noabort+0x1b/0x30 [ 24.798654] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.798680] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.798703] ? irqentry_exit+0x2a/0x60 [ 24.798723] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.798753] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.798779] krealloc_less_oob+0x1c/0x30 [ 24.798800] kunit_try_run_case+0x1a5/0x480 [ 24.798824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.798882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.798907] ? __kthread_parkme+0x82/0x180 [ 24.798926] ? preempt_count_sub+0x50/0x80 [ 24.798949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.798972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.798995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.799019] kthread+0x337/0x6f0 [ 24.799038] ? trace_preempt_on+0x20/0xc0 [ 24.799060] ? __pfx_kthread+0x10/0x10 [ 24.799081] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.799104] ? calculate_sigpending+0x7b/0xa0 [ 24.799127] ? __pfx_kthread+0x10/0x10 [ 24.799167] ret_from_fork+0x116/0x1d0 [ 24.799188] ? __pfx_kthread+0x10/0x10 [ 24.799208] ret_from_fork_asm+0x1a/0x30 [ 24.799239] </TASK> [ 24.799250] [ 24.807236] Allocated by task 206: [ 24.807433] kasan_save_stack+0x45/0x70 [ 24.807840] kasan_save_track+0x18/0x40 [ 24.808029] kasan_save_alloc_info+0x3b/0x50 [ 24.808213] __kasan_krealloc+0x190/0x1f0 [ 24.808429] krealloc_noprof+0xf3/0x340 [ 24.808619] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.808839] krealloc_less_oob+0x1c/0x30 [ 24.809143] kunit_try_run_case+0x1a5/0x480 [ 24.809377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.809668] kthread+0x337/0x6f0 [ 24.809879] ret_from_fork+0x116/0x1d0 [ 24.810069] ret_from_fork_asm+0x1a/0x30 [ 24.810287] [ 24.810354] The buggy address belongs to the object at ffff888104a83c00 [ 24.810354] which belongs to the cache kmalloc-256 of size 256 [ 24.810954] The buggy address is located 7 bytes to the right of [ 24.810954] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.811552] [ 24.811665] The buggy address belongs to the physical page: [ 24.811904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.812274] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.812870] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.813179] page_type: f5(slab) [ 24.813376] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.813747] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.814097] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.814443] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.814750] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.815057] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.815338] page dumped because: kasan: bad access detected [ 24.815661] [ 24.815754] Memory state around the buggy address: [ 24.815987] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816344] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.816734] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.817067] ^ [ 24.817369] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.817697] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.818032] ================================================================== [ 24.951955] ================================================================== [ 24.952190] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.952432] Write of size 1 at addr ffff888104aba0d0 by task kunit_try_catch/210 [ 24.953116] [ 24.953292] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.953338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.953350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.953371] Call Trace: [ 24.953382] <TASK> [ 24.953396] dump_stack_lvl+0x73/0xb0 [ 24.953422] print_report+0xd1/0x640 [ 24.953445] ? __virt_addr_valid+0x1db/0x2d0 [ 24.953468] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953491] ? kasan_addr_to_slab+0x11/0xa0 [ 24.953511] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953535] kasan_report+0x141/0x180 [ 24.953557] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953584] __asan_report_store1_noabort+0x1b/0x30 [ 24.953609] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.953634] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.953658] ? finish_task_switch.isra.0+0x153/0x700 [ 24.953679] ? __switch_to+0x47/0xf80 [ 24.953704] ? __schedule+0x10da/0x2b60 [ 24.953778] ? __pfx_read_tsc+0x10/0x10 [ 24.953803] krealloc_large_less_oob+0x1c/0x30 [ 24.953826] kunit_try_run_case+0x1a5/0x480 [ 24.953863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.953885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.953909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.953934] ? __kthread_parkme+0x82/0x180 [ 24.953954] ? preempt_count_sub+0x50/0x80 [ 24.953976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.954000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.954023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.954047] kthread+0x337/0x6f0 [ 24.954066] ? trace_preempt_on+0x20/0xc0 [ 24.954088] ? __pfx_kthread+0x10/0x10 [ 24.954109] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.954132] ? calculate_sigpending+0x7b/0xa0 [ 24.954154] ? __pfx_kthread+0x10/0x10 [ 24.954176] ret_from_fork+0x116/0x1d0 [ 24.954208] ? __pfx_kthread+0x10/0x10 [ 24.954228] ret_from_fork_asm+0x1a/0x30 [ 24.954258] </TASK> [ 24.954269] [ 24.964373] The buggy address belongs to the physical page: [ 24.964563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.965301] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.965920] flags: 0x200000000000040(head|node=0|zone=2) [ 24.966158] page_type: f8(unknown) [ 24.966314] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.967188] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.967942] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.968359] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.968846] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.969151] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.969433] page dumped because: kasan: bad access detected [ 24.970131] [ 24.970447] Memory state around the buggy address: [ 24.970726] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.971021] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.971803] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.972274] ^ [ 24.972699] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.973040] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.973586] ================================================================== [ 24.819909] ================================================================== [ 24.820244] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820663] Write of size 1 at addr ffff888104a83cda by task kunit_try_catch/206 [ 24.821009] [ 24.821121] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.821206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.821220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.821240] Call Trace: [ 24.821253] <TASK> [ 24.821267] dump_stack_lvl+0x73/0xb0 [ 24.821294] print_report+0xd1/0x640 [ 24.821316] ? __virt_addr_valid+0x1db/0x2d0 [ 24.821339] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.821405] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821514] kasan_report+0x141/0x180 [ 24.821543] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821572] __asan_report_store1_noabort+0x1b/0x30 [ 24.821596] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.821621] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.821644] ? irqentry_exit+0x2a/0x60 [ 24.821665] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.821696] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.821721] krealloc_less_oob+0x1c/0x30 [ 24.821743] kunit_try_run_case+0x1a5/0x480 [ 24.821767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.821789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.821813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.821849] ? __kthread_parkme+0x82/0x180 [ 24.821887] ? preempt_count_sub+0x50/0x80 [ 24.821910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.821934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.821957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.821997] kthread+0x337/0x6f0 [ 24.822017] ? trace_preempt_on+0x20/0xc0 [ 24.822039] ? __pfx_kthread+0x10/0x10 [ 24.822060] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.822083] ? calculate_sigpending+0x7b/0xa0 [ 24.822105] ? __pfx_kthread+0x10/0x10 [ 24.822127] ret_from_fork+0x116/0x1d0 [ 24.822165] ? __pfx_kthread+0x10/0x10 [ 24.822186] ret_from_fork_asm+0x1a/0x30 [ 24.822217] </TASK> [ 24.822228] [ 24.830232] Allocated by task 206: [ 24.830434] kasan_save_stack+0x45/0x70 [ 24.830845] kasan_save_track+0x18/0x40 [ 24.831065] kasan_save_alloc_info+0x3b/0x50 [ 24.831276] __kasan_krealloc+0x190/0x1f0 [ 24.831568] krealloc_noprof+0xf3/0x340 [ 24.831729] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.831994] krealloc_less_oob+0x1c/0x30 [ 24.832214] kunit_try_run_case+0x1a5/0x480 [ 24.832430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.832744] kthread+0x337/0x6f0 [ 24.832926] ret_from_fork+0x116/0x1d0 [ 24.833128] ret_from_fork_asm+0x1a/0x30 [ 24.833336] [ 24.833437] The buggy address belongs to the object at ffff888104a83c00 [ 24.833437] which belongs to the cache kmalloc-256 of size 256 [ 24.834090] The buggy address is located 17 bytes to the right of [ 24.834090] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.834729] [ 24.834825] The buggy address belongs to the physical page: [ 24.835081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.835400] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.835918] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.836251] page_type: f5(slab) [ 24.836456] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.836855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.837206] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.837648] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.838013] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.838382] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.838797] page dumped because: kasan: bad access detected [ 24.839069] [ 24.839183] Memory state around the buggy address: [ 24.839406] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.839782] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.840015] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.840378] ^ [ 24.840874] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.841109] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.841477] ================================================================== [ 24.842246] ================================================================== [ 24.842683] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843030] Write of size 1 at addr ffff888104a83cea by task kunit_try_catch/206 [ 24.843386] [ 24.843576] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.843642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.843655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.843675] Call Trace: [ 24.843689] <TASK> [ 24.843704] dump_stack_lvl+0x73/0xb0 [ 24.843731] print_report+0xd1/0x640 [ 24.843754] ? __virt_addr_valid+0x1db/0x2d0 [ 24.843777] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843800] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.843825] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843879] kasan_report+0x141/0x180 [ 24.843901] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843929] __asan_report_store1_noabort+0x1b/0x30 [ 24.843971] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.843997] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.844020] ? irqentry_exit+0x2a/0x60 [ 24.844040] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.844070] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.844096] krealloc_less_oob+0x1c/0x30 [ 24.844117] kunit_try_run_case+0x1a5/0x480 [ 24.844141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.844164] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.844188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.844232] ? __kthread_parkme+0x82/0x180 [ 24.844252] ? preempt_count_sub+0x50/0x80 [ 24.844275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.844299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.844322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.844345] kthread+0x337/0x6f0 [ 24.844365] ? trace_preempt_on+0x20/0xc0 [ 24.844406] ? __pfx_kthread+0x10/0x10 [ 24.844448] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.844551] ? calculate_sigpending+0x7b/0xa0 [ 24.844581] ? __pfx_kthread+0x10/0x10 [ 24.844618] ret_from_fork+0x116/0x1d0 [ 24.844638] ? __pfx_kthread+0x10/0x10 [ 24.844672] ret_from_fork_asm+0x1a/0x30 [ 24.844704] </TASK> [ 24.844715] [ 24.852614] Allocated by task 206: [ 24.852745] kasan_save_stack+0x45/0x70 [ 24.853227] kasan_save_track+0x18/0x40 [ 24.853436] kasan_save_alloc_info+0x3b/0x50 [ 24.853739] __kasan_krealloc+0x190/0x1f0 [ 24.853937] krealloc_noprof+0xf3/0x340 [ 24.854120] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.854396] krealloc_less_oob+0x1c/0x30 [ 24.854656] kunit_try_run_case+0x1a5/0x480 [ 24.854877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.855128] kthread+0x337/0x6f0 [ 24.855310] ret_from_fork+0x116/0x1d0 [ 24.855553] ret_from_fork_asm+0x1a/0x30 [ 24.855767] [ 24.855877] The buggy address belongs to the object at ffff888104a83c00 [ 24.855877] which belongs to the cache kmalloc-256 of size 256 [ 24.856413] The buggy address is located 33 bytes to the right of [ 24.856413] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.857056] [ 24.857148] The buggy address belongs to the physical page: [ 24.857419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.857975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.858260] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.858538] page_type: f5(slab) [ 24.858713] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.859066] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.859536] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.859881] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.860239] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.860654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.861013] page dumped because: kasan: bad access detected [ 24.861248] [ 24.861341] Memory state around the buggy address: [ 24.861643] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861992] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.862304] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.862806] ^ [ 24.863110] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863536] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863872] ================================================================== [ 25.017155] ================================================================== [ 25.017416] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.017768] Write of size 1 at addr ffff888104aba0eb by task kunit_try_catch/210 [ 25.018006] [ 25.018086] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.018130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.018142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.018162] Call Trace: [ 25.018175] <TASK> [ 25.018189] dump_stack_lvl+0x73/0xb0 [ 25.018217] print_report+0xd1/0x640 [ 25.018240] ? __virt_addr_valid+0x1db/0x2d0 [ 25.018263] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018286] ? kasan_addr_to_slab+0x11/0xa0 [ 25.018307] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018330] kasan_report+0x141/0x180 [ 25.018353] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018425] __asan_report_store1_noabort+0x1b/0x30 [ 25.018451] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.018506] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.018530] ? finish_task_switch.isra.0+0x153/0x700 [ 25.018551] ? __switch_to+0x47/0xf80 [ 25.018576] ? __schedule+0x10da/0x2b60 [ 25.018601] ? __pfx_read_tsc+0x10/0x10 [ 25.018626] krealloc_large_less_oob+0x1c/0x30 [ 25.018648] kunit_try_run_case+0x1a5/0x480 [ 25.018672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.018695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.018719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.018744] ? __kthread_parkme+0x82/0x180 [ 25.018766] ? preempt_count_sub+0x50/0x80 [ 25.018790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.018816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.018853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.018877] kthread+0x337/0x6f0 [ 25.018897] ? trace_preempt_on+0x20/0xc0 [ 25.018920] ? __pfx_kthread+0x10/0x10 [ 25.018940] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.018963] ? calculate_sigpending+0x7b/0xa0 [ 25.018986] ? __pfx_kthread+0x10/0x10 [ 25.019007] ret_from_fork+0x116/0x1d0 [ 25.019027] ? __pfx_kthread+0x10/0x10 [ 25.019047] ret_from_fork_asm+0x1a/0x30 [ 25.019077] </TASK> [ 25.019088] [ 25.027394] The buggy address belongs to the physical page: [ 25.027698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 25.028026] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.028401] flags: 0x200000000000040(head|node=0|zone=2) [ 25.028672] page_type: f8(unknown) [ 25.028800] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.029485] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.029791] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.030041] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.030571] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 25.030806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.031156] page dumped because: kasan: bad access detected [ 25.031404] [ 25.031494] Memory state around the buggy address: [ 25.031687] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.031915] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.032511] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.032874] ^ [ 25.033182] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033504] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.033738] ================================================================== [ 24.999822] ================================================================== [ 25.000683] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.001355] Write of size 1 at addr ffff888104aba0ea by task kunit_try_catch/210 [ 25.001713] [ 25.001821] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.001880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.001893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.001913] Call Trace: [ 25.001929] <TASK> [ 25.001944] dump_stack_lvl+0x73/0xb0 [ 25.001974] print_report+0xd1/0x640 [ 25.001997] ? __virt_addr_valid+0x1db/0x2d0 [ 25.002021] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002045] ? kasan_addr_to_slab+0x11/0xa0 [ 25.002066] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002090] kasan_report+0x141/0x180 [ 25.002112] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002139] __asan_report_store1_noabort+0x1b/0x30 [ 25.002164] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.002200] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.002224] ? finish_task_switch.isra.0+0x153/0x700 [ 25.002246] ? __switch_to+0x47/0xf80 [ 25.002271] ? __schedule+0x10da/0x2b60 [ 25.002297] ? __pfx_read_tsc+0x10/0x10 [ 25.002322] krealloc_large_less_oob+0x1c/0x30 [ 25.002345] kunit_try_run_case+0x1a5/0x480 [ 25.002370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.002392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.002416] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.002441] ? __kthread_parkme+0x82/0x180 [ 25.002504] ? preempt_count_sub+0x50/0x80 [ 25.002530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.002554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.002578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.002601] kthread+0x337/0x6f0 [ 25.002621] ? trace_preempt_on+0x20/0xc0 [ 25.002644] ? __pfx_kthread+0x10/0x10 [ 25.002664] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.002688] ? calculate_sigpending+0x7b/0xa0 [ 25.002711] ? __pfx_kthread+0x10/0x10 [ 25.002733] ret_from_fork+0x116/0x1d0 [ 25.002753] ? __pfx_kthread+0x10/0x10 [ 25.002773] ret_from_fork_asm+0x1a/0x30 [ 25.002804] </TASK> [ 25.002814] [ 25.010600] The buggy address belongs to the physical page: [ 25.011065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 25.011357] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.011583] flags: 0x200000000000040(head|node=0|zone=2) [ 25.011756] page_type: f8(unknown) [ 25.012173] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.012527] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.012883] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.013284] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.013692] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 25.014004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.014305] page dumped because: kasan: bad access detected [ 25.014591] [ 25.014682] Memory state around the buggy address: [ 25.014873] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.015161] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.015451] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.015918] ^ [ 25.016209] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.016438] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.016807] ================================================================== [ 24.931784] ================================================================== [ 24.932234] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.932719] Write of size 1 at addr ffff888104aba0c9 by task kunit_try_catch/210 [ 24.933027] [ 24.933134] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.933180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.933193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.933213] Call Trace: [ 24.933225] <TASK> [ 24.933240] dump_stack_lvl+0x73/0xb0 [ 24.933269] print_report+0xd1/0x640 [ 24.933292] ? __virt_addr_valid+0x1db/0x2d0 [ 24.933316] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933339] ? kasan_addr_to_slab+0x11/0xa0 [ 24.933360] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933383] kasan_report+0x141/0x180 [ 24.933406] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933435] __asan_report_store1_noabort+0x1b/0x30 [ 24.933503] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.933533] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.933557] ? finish_task_switch.isra.0+0x153/0x700 [ 24.933579] ? __switch_to+0x47/0xf80 [ 24.933606] ? __schedule+0x10da/0x2b60 [ 24.933632] ? __pfx_read_tsc+0x10/0x10 [ 24.933656] krealloc_large_less_oob+0x1c/0x30 [ 24.933679] kunit_try_run_case+0x1a5/0x480 [ 24.933704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.933727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.933753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.933778] ? __kthread_parkme+0x82/0x180 [ 24.933798] ? preempt_count_sub+0x50/0x80 [ 24.933821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.933858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.933881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.933905] kthread+0x337/0x6f0 [ 24.933925] ? trace_preempt_on+0x20/0xc0 [ 24.933948] ? __pfx_kthread+0x10/0x10 [ 24.933968] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.933992] ? calculate_sigpending+0x7b/0xa0 [ 24.934016] ? __pfx_kthread+0x10/0x10 [ 24.934037] ret_from_fork+0x116/0x1d0 [ 24.934057] ? __pfx_kthread+0x10/0x10 [ 24.934077] ret_from_fork_asm+0x1a/0x30 [ 24.934110] </TASK> [ 24.934121] [ 24.942154] The buggy address belongs to the physical page: [ 24.942401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.942788] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.943105] flags: 0x200000000000040(head|node=0|zone=2) [ 24.943366] page_type: f8(unknown) [ 24.943699] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.944038] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.944275] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.944593] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.945059] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.945303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.945947] page dumped because: kasan: bad access detected [ 24.946218] [ 24.946305] Memory state around the buggy address: [ 24.946467] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.946686] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.948072] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.949062] ^ [ 24.949790] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.950627] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.951315] ================================================================== [ 24.864342] ================================================================== [ 24.864759] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865097] Write of size 1 at addr ffff888104a83ceb by task kunit_try_catch/206 [ 24.865521] [ 24.865626] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.865693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.865706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.865726] Call Trace: [ 24.865739] <TASK> [ 24.865753] dump_stack_lvl+0x73/0xb0 [ 24.865796] print_report+0xd1/0x640 [ 24.865818] ? __virt_addr_valid+0x1db/0x2d0 [ 24.865851] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865874] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.865900] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865923] kasan_report+0x141/0x180 [ 24.865946] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.865975] __asan_report_store1_noabort+0x1b/0x30 [ 24.865999] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.866042] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.866065] ? irqentry_exit+0x2a/0x60 [ 24.866086] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.866117] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.866143] krealloc_less_oob+0x1c/0x30 [ 24.866164] kunit_try_run_case+0x1a5/0x480 [ 24.866207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.866230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.866255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.866280] ? __kthread_parkme+0x82/0x180 [ 24.866300] ? preempt_count_sub+0x50/0x80 [ 24.866341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.866366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.866390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.866413] kthread+0x337/0x6f0 [ 24.866433] ? trace_preempt_on+0x20/0xc0 [ 24.866539] ? __pfx_kthread+0x10/0x10 [ 24.866576] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.866600] ? calculate_sigpending+0x7b/0xa0 [ 24.866636] ? __pfx_kthread+0x10/0x10 [ 24.866657] ret_from_fork+0x116/0x1d0 [ 24.866677] ? __pfx_kthread+0x10/0x10 [ 24.866711] ret_from_fork_asm+0x1a/0x30 [ 24.866755] </TASK> [ 24.866766] [ 24.874550] Allocated by task 206: [ 24.874743] kasan_save_stack+0x45/0x70 [ 24.874961] kasan_save_track+0x18/0x40 [ 24.875126] kasan_save_alloc_info+0x3b/0x50 [ 24.875350] __kasan_krealloc+0x190/0x1f0 [ 24.875761] krealloc_noprof+0xf3/0x340 [ 24.876017] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.876275] krealloc_less_oob+0x1c/0x30 [ 24.876557] kunit_try_run_case+0x1a5/0x480 [ 24.876768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.877041] kthread+0x337/0x6f0 [ 24.877234] ret_from_fork+0x116/0x1d0 [ 24.877418] ret_from_fork_asm+0x1a/0x30 [ 24.877671] [ 24.877759] The buggy address belongs to the object at ffff888104a83c00 [ 24.877759] which belongs to the cache kmalloc-256 of size 256 [ 24.878309] The buggy address is located 34 bytes to the right of [ 24.878309] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.878914] [ 24.879010] The buggy address belongs to the physical page: [ 24.879287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.879683] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.880008] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.880295] page_type: f5(slab) [ 24.880483] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.880771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.881307] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.881759] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.882115] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.882531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.882874] page dumped because: kasan: bad access detected [ 24.883046] [ 24.883112] Memory state around the buggy address: [ 24.883353] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.883745] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.884076] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.884397] ^ [ 24.884748] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885540] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885817] ================================================================== [ 24.974412] ================================================================== [ 24.975405] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.975933] Write of size 1 at addr ffff888104aba0da by task kunit_try_catch/210 [ 24.976484] [ 24.976749] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.976809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.976822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.976852] Call Trace: [ 24.976873] <TASK> [ 24.976887] dump_stack_lvl+0x73/0xb0 [ 24.976917] print_report+0xd1/0x640 [ 24.976939] ? __virt_addr_valid+0x1db/0x2d0 [ 24.976963] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.976987] ? kasan_addr_to_slab+0x11/0xa0 [ 24.977007] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977031] kasan_report+0x141/0x180 [ 24.977053] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977082] __asan_report_store1_noabort+0x1b/0x30 [ 24.977109] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.977136] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.977283] ? finish_task_switch.isra.0+0x153/0x700 [ 24.977316] ? __switch_to+0x47/0xf80 [ 24.977343] ? __schedule+0x10da/0x2b60 [ 24.977371] ? __pfx_read_tsc+0x10/0x10 [ 24.977398] krealloc_large_less_oob+0x1c/0x30 [ 24.977520] kunit_try_run_case+0x1a5/0x480 [ 24.977553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.977577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.977603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.977629] ? __kthread_parkme+0x82/0x180 [ 24.977648] ? preempt_count_sub+0x50/0x80 [ 24.977671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.977694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.977718] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.977741] kthread+0x337/0x6f0 [ 24.977761] ? trace_preempt_on+0x20/0xc0 [ 24.977783] ? __pfx_kthread+0x10/0x10 [ 24.977804] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.977841] ? calculate_sigpending+0x7b/0xa0 [ 24.977864] ? __pfx_kthread+0x10/0x10 [ 24.977886] ret_from_fork+0x116/0x1d0 [ 24.977905] ? __pfx_kthread+0x10/0x10 [ 24.977925] ret_from_fork_asm+0x1a/0x30 [ 24.977956] </TASK> [ 24.977967] [ 24.989926] The buggy address belongs to the physical page: [ 24.990157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.990856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.991613] flags: 0x200000000000040(head|node=0|zone=2) [ 24.991863] page_type: f8(unknown) [ 24.992029] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.992696] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.993347] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.993878] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.994375] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.995111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.995438] page dumped because: kasan: bad access detected [ 24.995877] [ 24.995969] Memory state around the buggy address: [ 24.996159] ffff888104ab9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.996422] ffff888104aba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.996679] >ffff888104aba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.996967] ^ [ 24.997727] ffff888104aba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.998189] ffff888104aba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.998767] ================================================================== [ 24.775797] ================================================================== [ 24.776394] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.776922] Write of size 1 at addr ffff888104a83cc9 by task kunit_try_catch/206 [ 24.777285] [ 24.777388] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.777437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.777449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.777470] Call Trace: [ 24.777483] <TASK> [ 24.777497] dump_stack_lvl+0x73/0xb0 [ 24.777526] print_report+0xd1/0x640 [ 24.777549] ? __virt_addr_valid+0x1db/0x2d0 [ 24.777571] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.777620] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777644] kasan_report+0x141/0x180 [ 24.777665] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777693] __asan_report_store1_noabort+0x1b/0x30 [ 24.777717] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.777743] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.777766] ? irqentry_exit+0x2a/0x60 [ 24.777786] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.777817] ? __pfx_krealloc_less_oob+0x10/0x10 [ 24.777856] krealloc_less_oob+0x1c/0x30 [ 24.777878] kunit_try_run_case+0x1a5/0x480 [ 24.777917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.777949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.777975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.778000] ? __kthread_parkme+0x82/0x180 [ 24.778020] ? preempt_count_sub+0x50/0x80 [ 24.778043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.778067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.778091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.778114] kthread+0x337/0x6f0 [ 24.778133] ? trace_preempt_on+0x20/0xc0 [ 24.778156] ? __pfx_kthread+0x10/0x10 [ 24.778176] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.778199] ? calculate_sigpending+0x7b/0xa0 [ 24.778222] ? __pfx_kthread+0x10/0x10 [ 24.778243] ret_from_fork+0x116/0x1d0 [ 24.778263] ? __pfx_kthread+0x10/0x10 [ 24.778293] ret_from_fork_asm+0x1a/0x30 [ 24.778324] </TASK> [ 24.778336] [ 24.786059] Allocated by task 206: [ 24.786331] kasan_save_stack+0x45/0x70 [ 24.786655] kasan_save_track+0x18/0x40 [ 24.786826] kasan_save_alloc_info+0x3b/0x50 [ 24.787026] __kasan_krealloc+0x190/0x1f0 [ 24.787238] krealloc_noprof+0xf3/0x340 [ 24.787400] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.787661] krealloc_less_oob+0x1c/0x30 [ 24.787805] kunit_try_run_case+0x1a5/0x480 [ 24.787968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.788214] kthread+0x337/0x6f0 [ 24.788426] ret_from_fork+0x116/0x1d0 [ 24.788709] ret_from_fork_asm+0x1a/0x30 [ 24.788915] [ 24.788982] The buggy address belongs to the object at ffff888104a83c00 [ 24.788982] which belongs to the cache kmalloc-256 of size 256 [ 24.789670] The buggy address is located 0 bytes to the right of [ 24.789670] allocated 201-byte region [ffff888104a83c00, ffff888104a83cc9) [ 24.790223] [ 24.790318] The buggy address belongs to the physical page: [ 24.790608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a82 [ 24.790903] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.791136] ksm flags: 0x200000000000040(head|node=0|zone=2) [ 24.791320] page_type: f5(slab) [ 24.791439] raw: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.791753] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.792335] head: 0200000000000040 ffff888100041b40 ffffea000402a880 dead000000000003 [ 24.792757] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.793132] head: 0200000000000001 ffffea000412a081 00000000ffffffff 00000000ffffffff [ 24.793493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.793763] page dumped because: kasan: bad access detected [ 24.794023] [ 24.794139] Memory state around the buggy address: [ 24.794405] ffff888104a83b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.794783] ffff888104a83c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.795102] >ffff888104a83c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.795408] ^ [ 24.795755] ffff888104a83d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796082] ffff888104a83d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.796386] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.721318] ================================================================== [ 24.721991] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.722301] Write of size 1 at addr ffff888104a0faeb by task kunit_try_catch/204 [ 24.722818] [ 24.722932] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.722980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.722993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.723014] Call Trace: [ 24.723027] <TASK> [ 24.723042] dump_stack_lvl+0x73/0xb0 [ 24.723075] print_report+0xd1/0x640 [ 24.723099] ? __virt_addr_valid+0x1db/0x2d0 [ 24.723124] ? krealloc_more_oob_helper+0x821/0x930 [ 24.723147] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.723188] ? krealloc_more_oob_helper+0x821/0x930 [ 24.723212] kasan_report+0x141/0x180 [ 24.723235] ? krealloc_more_oob_helper+0x821/0x930 [ 24.723263] __asan_report_store1_noabort+0x1b/0x30 [ 24.723287] krealloc_more_oob_helper+0x821/0x930 [ 24.723310] ? __schedule+0x10da/0x2b60 [ 24.723335] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.723359] ? finish_task_switch.isra.0+0x153/0x700 [ 24.723381] ? __switch_to+0x47/0xf80 [ 24.723412] ? __schedule+0x10da/0x2b60 [ 24.723437] ? __pfx_read_tsc+0x10/0x10 [ 24.723513] krealloc_more_oob+0x1c/0x30 [ 24.723539] kunit_try_run_case+0x1a5/0x480 [ 24.723565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.723588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.723613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.723637] ? __kthread_parkme+0x82/0x180 [ 24.723658] ? preempt_count_sub+0x50/0x80 [ 24.723680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.723704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.723727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.723752] kthread+0x337/0x6f0 [ 24.723772] ? trace_preempt_on+0x20/0xc0 [ 24.723797] ? __pfx_kthread+0x10/0x10 [ 24.723817] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.723854] ? calculate_sigpending+0x7b/0xa0 [ 24.723878] ? __pfx_kthread+0x10/0x10 [ 24.723899] ret_from_fork+0x116/0x1d0 [ 24.723919] ? __pfx_kthread+0x10/0x10 [ 24.723940] ret_from_fork_asm+0x1a/0x30 [ 24.723971] </TASK> [ 24.723982] [ 24.733129] Allocated by task 204: [ 24.733306] kasan_save_stack+0x45/0x70 [ 24.734018] kasan_save_track+0x18/0x40 [ 24.734414] kasan_save_alloc_info+0x3b/0x50 [ 24.734686] __kasan_krealloc+0x190/0x1f0 [ 24.734882] krealloc_noprof+0xf3/0x340 [ 24.735061] krealloc_more_oob_helper+0x1a9/0x930 [ 24.735662] krealloc_more_oob+0x1c/0x30 [ 24.736191] kunit_try_run_case+0x1a5/0x480 [ 24.736408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.736820] kthread+0x337/0x6f0 [ 24.737012] ret_from_fork+0x116/0x1d0 [ 24.737432] ret_from_fork_asm+0x1a/0x30 [ 24.737922] [ 24.738029] The buggy address belongs to the object at ffff888104a0fa00 [ 24.738029] which belongs to the cache kmalloc-256 of size 256 [ 24.739124] The buggy address is located 0 bytes to the right of [ 24.739124] allocated 235-byte region [ffff888104a0fa00, ffff888104a0faeb) [ 24.739999] [ 24.740100] The buggy address belongs to the physical page: [ 24.740641] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e [ 24.741137] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.741452] flags: 0x200000000000040(head|node=0|zone=2) [ 24.741989] page_type: f5(slab) [ 24.742343] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.742891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.743447] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.743964] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.744709] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff [ 24.745134] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.745619] page dumped because: kasan: bad access detected [ 24.745841] [ 24.745913] Memory state around the buggy address: [ 24.746098] ffff888104a0f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.747054] ffff888104a0fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.747547] >ffff888104a0fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.748046] ^ [ 24.748722] ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.749333] ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.749778] ================================================================== [ 24.889952] ================================================================== [ 24.890388] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.890718] Write of size 1 at addr ffff88810618e0eb by task kunit_try_catch/208 [ 24.891114] [ 24.891378] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.891430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.891443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.891464] Call Trace: [ 24.891477] <TASK> [ 24.891493] dump_stack_lvl+0x73/0xb0 [ 24.891525] print_report+0xd1/0x640 [ 24.891549] ? __virt_addr_valid+0x1db/0x2d0 [ 24.891574] ? krealloc_more_oob_helper+0x821/0x930 [ 24.891598] ? kasan_addr_to_slab+0x11/0xa0 [ 24.891673] ? krealloc_more_oob_helper+0x821/0x930 [ 24.891698] kasan_report+0x141/0x180 [ 24.891721] ? krealloc_more_oob_helper+0x821/0x930 [ 24.891749] __asan_report_store1_noabort+0x1b/0x30 [ 24.891774] krealloc_more_oob_helper+0x821/0x930 [ 24.891796] ? __schedule+0x10da/0x2b60 [ 24.891822] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.891860] ? finish_task_switch.isra.0+0x153/0x700 [ 24.891882] ? __switch_to+0x47/0xf80 [ 24.891910] ? __schedule+0x10da/0x2b60 [ 24.891935] ? __pfx_read_tsc+0x10/0x10 [ 24.891960] krealloc_large_more_oob+0x1c/0x30 [ 24.891984] kunit_try_run_case+0x1a5/0x480 [ 24.892009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.892032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.892057] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.892082] ? __kthread_parkme+0x82/0x180 [ 24.892102] ? preempt_count_sub+0x50/0x80 [ 24.892126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.892151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.892185] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.892210] kthread+0x337/0x6f0 [ 24.892231] ? trace_preempt_on+0x20/0xc0 [ 24.892255] ? __pfx_kthread+0x10/0x10 [ 24.892276] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.892299] ? calculate_sigpending+0x7b/0xa0 [ 24.892324] ? __pfx_kthread+0x10/0x10 [ 24.892345] ret_from_fork+0x116/0x1d0 [ 24.892365] ? __pfx_kthread+0x10/0x10 [ 24.892385] ret_from_fork_asm+0x1a/0x30 [ 24.892417] </TASK> [ 24.892428] [ 24.900174] The buggy address belongs to the physical page: [ 24.900417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 24.901622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.901901] flags: 0x200000000000040(head|node=0|zone=2) [ 24.902150] page_type: f8(unknown) [ 24.902280] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.902869] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.903228] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.903537] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.903874] head: 0200000000000002 ffffea0004186301 00000000ffffffff 00000000ffffffff [ 24.904614] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.904970] page dumped because: kasan: bad access detected [ 24.905461] [ 24.905557] Memory state around the buggy address: [ 24.905982] ffff88810618df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.906679] ffff88810618e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.907155] >ffff88810618e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.907635] ^ [ 24.908140] ffff88810618e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.908573] ffff88810618e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.908877] ================================================================== [ 24.910674] ================================================================== [ 24.911283] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.912129] Write of size 1 at addr ffff88810618e0f0 by task kunit_try_catch/208 [ 24.912432] [ 24.912904] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.912958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.912972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.912993] Call Trace: [ 24.913006] <TASK> [ 24.913021] dump_stack_lvl+0x73/0xb0 [ 24.913051] print_report+0xd1/0x640 [ 24.913075] ? __virt_addr_valid+0x1db/0x2d0 [ 24.913098] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.913122] ? kasan_addr_to_slab+0x11/0xa0 [ 24.913144] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.913292] kasan_report+0x141/0x180 [ 24.913322] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.913352] __asan_report_store1_noabort+0x1b/0x30 [ 24.913377] krealloc_more_oob_helper+0x7eb/0x930 [ 24.913401] ? __schedule+0x10da/0x2b60 [ 24.913478] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.913504] ? finish_task_switch.isra.0+0x153/0x700 [ 24.913526] ? __switch_to+0x47/0xf80 [ 24.913553] ? __schedule+0x10da/0x2b60 [ 24.913577] ? __pfx_read_tsc+0x10/0x10 [ 24.913602] krealloc_large_more_oob+0x1c/0x30 [ 24.913625] kunit_try_run_case+0x1a5/0x480 [ 24.913650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.913673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.913697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.913722] ? __kthread_parkme+0x82/0x180 [ 24.913743] ? preempt_count_sub+0x50/0x80 [ 24.913765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.913789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.913813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.913846] kthread+0x337/0x6f0 [ 24.913867] ? trace_preempt_on+0x20/0xc0 [ 24.913889] ? __pfx_kthread+0x10/0x10 [ 24.913910] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.913934] ? calculate_sigpending+0x7b/0xa0 [ 24.913958] ? __pfx_kthread+0x10/0x10 [ 24.913979] ret_from_fork+0x116/0x1d0 [ 24.913999] ? __pfx_kthread+0x10/0x10 [ 24.914020] ret_from_fork_asm+0x1a/0x30 [ 24.914051] </TASK> [ 24.914062] [ 24.922566] The buggy address belongs to the physical page: [ 24.922788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10618c [ 24.923140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.923625] flags: 0x200000000000040(head|node=0|zone=2) [ 24.923903] page_type: f8(unknown) [ 24.924061] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.924298] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.924690] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.925166] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.925426] head: 0200000000000002 ffffea0004186301 00000000ffffffff 00000000ffffffff [ 24.925973] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.926361] page dumped because: kasan: bad access detected [ 24.926585] [ 24.926657] Memory state around the buggy address: [ 24.926873] ffff88810618df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.927092] ffff88810618e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.927312] >ffff88810618e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.927527] ^ [ 24.927843] ffff88810618e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.928351] ffff88810618e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.928798] ================================================================== [ 24.750308] ================================================================== [ 24.750678] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.751022] Write of size 1 at addr ffff888104a0faf0 by task kunit_try_catch/204 [ 24.751326] [ 24.751476] CPU: 0 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.751523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.751535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.751555] Call Trace: [ 24.751572] <TASK> [ 24.751588] dump_stack_lvl+0x73/0xb0 [ 24.751614] print_report+0xd1/0x640 [ 24.751637] ? __virt_addr_valid+0x1db/0x2d0 [ 24.751662] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.751685] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.751712] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.751736] kasan_report+0x141/0x180 [ 24.751758] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.751786] __asan_report_store1_noabort+0x1b/0x30 [ 24.751811] krealloc_more_oob_helper+0x7eb/0x930 [ 24.751845] ? __schedule+0x10da/0x2b60 [ 24.751870] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.751895] ? finish_task_switch.isra.0+0x153/0x700 [ 24.751917] ? __switch_to+0x47/0xf80 [ 24.751944] ? __schedule+0x10da/0x2b60 [ 24.751969] ? __pfx_read_tsc+0x10/0x10 [ 24.751994] krealloc_more_oob+0x1c/0x30 [ 24.752016] kunit_try_run_case+0x1a5/0x480 [ 24.752041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.752088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.752113] ? __kthread_parkme+0x82/0x180 [ 24.752133] ? preempt_count_sub+0x50/0x80 [ 24.752155] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.752179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.752203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.752226] kthread+0x337/0x6f0 [ 24.752246] ? trace_preempt_on+0x20/0xc0 [ 24.752269] ? __pfx_kthread+0x10/0x10 [ 24.752290] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.752313] ? calculate_sigpending+0x7b/0xa0 [ 24.752337] ? __pfx_kthread+0x10/0x10 [ 24.752359] ret_from_fork+0x116/0x1d0 [ 24.752379] ? __pfx_kthread+0x10/0x10 [ 24.752399] ret_from_fork_asm+0x1a/0x30 [ 24.752430] </TASK> [ 24.752441] [ 24.760981] Allocated by task 204: [ 24.761136] kasan_save_stack+0x45/0x70 [ 24.761340] kasan_save_track+0x18/0x40 [ 24.761658] kasan_save_alloc_info+0x3b/0x50 [ 24.761892] __kasan_krealloc+0x190/0x1f0 [ 24.762042] krealloc_noprof+0xf3/0x340 [ 24.762181] krealloc_more_oob_helper+0x1a9/0x930 [ 24.762340] krealloc_more_oob+0x1c/0x30 [ 24.762476] kunit_try_run_case+0x1a5/0x480 [ 24.762675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.763225] kthread+0x337/0x6f0 [ 24.763396] ret_from_fork+0x116/0x1d0 [ 24.763580] ret_from_fork_asm+0x1a/0x30 [ 24.763936] [ 24.764011] The buggy address belongs to the object at ffff888104a0fa00 [ 24.764011] which belongs to the cache kmalloc-256 of size 256 [ 24.764789] The buggy address is located 5 bytes to the right of [ 24.764789] allocated 235-byte region [ffff888104a0fa00, ffff888104a0faeb) [ 24.765263] [ 24.765366] The buggy address belongs to the physical page: [ 24.765893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a0e [ 24.766228] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.766587] flags: 0x200000000000040(head|node=0|zone=2) [ 24.766803] page_type: f5(slab) [ 24.766983] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.767231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.767475] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.767710] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.768055] head: 0200000000000001 ffffea0004128381 00000000ffffffff 00000000ffffffff [ 24.768760] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.769121] page dumped because: kasan: bad access detected [ 24.769409] [ 24.769650] Memory state around the buggy address: [ 24.769818] ffff888104a0f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.770054] ffff888104a0fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.770617] >ffff888104a0fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.770961] ^ [ 24.771337] ffff888104a0fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.771606] ffff888104a0fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.771997] ==================================================================
Failure - kunit/test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 253.335956] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 253.230787] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 253.127926] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/_test_mark_diskspace_used
<8>[ 253.021662] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_test_mark_diskspace_used RESULT=fail> _test_mark_diskspace_used fail
Failure - kunit/_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 252.924720] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 252.805723] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 252.699429] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.212363] ================================================================== [ 63.212732] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 63.212732] [ 63.213111] Use-after-free read at 0x(____ptrval____) (in kfence-#171): [ 63.213431] test_krealloc+0x6fc/0xbe0 [ 63.213633] kunit_try_run_case+0x1a5/0x480 [ 63.213864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.214113] kthread+0x337/0x6f0 [ 63.214242] ret_from_fork+0x116/0x1d0 [ 63.214405] ret_from_fork_asm+0x1a/0x30 [ 63.215076] [ 63.215184] kfence-#171: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 63.215184] [ 63.215604] allocated by task 385 on cpu 0 at 63.211757s (0.003845s ago): [ 63.216256] test_alloc+0x364/0x10f0 [ 63.216428] test_krealloc+0xad/0xbe0 [ 63.216593] kunit_try_run_case+0x1a5/0x480 [ 63.216808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.217056] kthread+0x337/0x6f0 [ 63.217276] ret_from_fork+0x116/0x1d0 [ 63.217444] ret_from_fork_asm+0x1a/0x30 [ 63.217627] [ 63.217698] freed by task 385 on cpu 0 at 63.211988s (0.005707s ago): [ 63.218006] krealloc_noprof+0x108/0x340 [ 63.218187] test_krealloc+0x226/0xbe0 [ 63.218391] kunit_try_run_case+0x1a5/0x480 [ 63.218572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.218784] kthread+0x337/0x6f0 [ 63.218947] ret_from_fork+0x116/0x1d0 [ 63.219140] ret_from_fork_asm+0x1a/0x30 [ 63.219382] [ 63.219494] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 63.219953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.220156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.220708] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.119408] ================================================================== [ 63.119829] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.119829] [ 63.120224] Use-after-free read at 0x(____ptrval____) (in kfence-#170): [ 63.120601] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.120825] kunit_try_run_case+0x1a5/0x480 [ 63.121045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.121276] kthread+0x337/0x6f0 [ 63.121403] ret_from_fork+0x116/0x1d0 [ 63.121625] ret_from_fork_asm+0x1a/0x30 [ 63.121830] [ 63.121916] kfence-#170: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 63.121916] [ 63.122330] allocated by task 383 on cpu 0 at 63.107706s (0.014622s ago): [ 63.122690] test_alloc+0x2a6/0x10f0 [ 63.122868] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 63.123039] kunit_try_run_case+0x1a5/0x480 [ 63.123238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.123494] kthread+0x337/0x6f0 [ 63.123918] ret_from_fork+0x116/0x1d0 [ 63.124124] ret_from_fork_asm+0x1a/0x30 [ 63.124918] [ 63.125323] freed by task 383 on cpu 0 at 63.107827s (0.017493s ago): [ 63.125613] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 63.125879] kunit_try_run_case+0x1a5/0x480 [ 63.126042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.126304] kthread+0x337/0x6f0 [ 63.126468] ret_from_fork+0x116/0x1d0 [ 63.126621] ret_from_fork_asm+0x1a/0x30 [ 63.126825] [ 63.126959] CPU: 0 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 63.127432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 63.127660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.128028] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 38.367300] ================================================================== [ 38.367793] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 38.367793] [ 38.368114] Invalid read at 0x(____ptrval____): [ 38.368311] test_invalid_access+0xf0/0x210 [ 38.368471] kunit_try_run_case+0x1a5/0x480 [ 38.368929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.369894] kthread+0x337/0x6f0 [ 38.370042] ret_from_fork+0x116/0x1d0 [ 38.370462] ret_from_fork_asm+0x1a/0x30 [ 38.370679] [ 38.370804] CPU: 1 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 38.371533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.371775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.372331] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 38.148025] ================================================================== [ 38.148454] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 38.148454] [ 38.148846] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#166): [ 38.149480] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 38.149731] kunit_try_run_case+0x1a5/0x480 [ 38.149962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.150222] kthread+0x337/0x6f0 [ 38.150562] ret_from_fork+0x116/0x1d0 [ 38.150720] ret_from_fork_asm+0x1a/0x30 [ 38.150943] [ 38.151043] kfence-#166: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 38.151043] [ 38.151875] allocated by task 373 on cpu 0 at 38.147747s (0.004124s ago): [ 38.152201] test_alloc+0x364/0x10f0 [ 38.152598] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 38.152803] kunit_try_run_case+0x1a5/0x480 [ 38.153105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.153472] kthread+0x337/0x6f0 [ 38.153618] ret_from_fork+0x116/0x1d0 [ 38.153818] ret_from_fork_asm+0x1a/0x30 [ 38.154203] [ 38.154302] freed by task 373 on cpu 0 at 38.147905s (0.006395s ago): [ 38.154596] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 38.154828] kunit_try_run_case+0x1a5/0x480 [ 38.155038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.155516] kthread+0x337/0x6f0 [ 38.155742] ret_from_fork+0x116/0x1d0 [ 38.155930] ret_from_fork_asm+0x1a/0x30 [ 38.156290] [ 38.156407] CPU: 0 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 38.157049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.157334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.157707] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 38.043964] ================================================================== [ 38.044469] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 38.044469] [ 38.044897] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#165): [ 38.045580] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 38.045813] kunit_try_run_case+0x1a5/0x480 [ 38.046052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.046278] kthread+0x337/0x6f0 [ 38.046759] ret_from_fork+0x116/0x1d0 [ 38.047100] ret_from_fork_asm+0x1a/0x30 [ 38.047328] [ 38.047553] kfence-#165: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 38.047553] [ 38.047944] allocated by task 371 on cpu 0 at 38.043709s (0.004233s ago): [ 38.048268] test_alloc+0x364/0x10f0 [ 38.048655] test_kmalloc_aligned_oob_read+0x105/0x560 [ 38.048981] kunit_try_run_case+0x1a5/0x480 [ 38.049158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.049422] kthread+0x337/0x6f0 [ 38.049763] ret_from_fork+0x116/0x1d0 [ 38.049956] ret_from_fork_asm+0x1a/0x30 [ 38.050143] [ 38.050445] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 38.051018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 38.051307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.051670] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 32.531878] ================================================================== [ 32.532387] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 32.532387] [ 32.532715] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#112): [ 32.533878] test_corruption+0x131/0x3e0 [ 32.534175] kunit_try_run_case+0x1a5/0x480 [ 32.534401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.534642] kthread+0x337/0x6f0 [ 32.534794] ret_from_fork+0x116/0x1d0 [ 32.534993] ret_from_fork_asm+0x1a/0x30 [ 32.535457] [ 32.535561] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.535561] [ 32.535950] allocated by task 361 on cpu 1 at 32.531729s (0.004218s ago): [ 32.536488] test_alloc+0x2a6/0x10f0 [ 32.536660] test_corruption+0xe6/0x3e0 [ 32.537004] kunit_try_run_case+0x1a5/0x480 [ 32.537364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.537618] kthread+0x337/0x6f0 [ 32.537900] ret_from_fork+0x116/0x1d0 [ 32.538067] ret_from_fork_asm+0x1a/0x30 [ 32.538495] [ 32.538595] freed by task 361 on cpu 1 at 32.531783s (0.006810s ago): [ 32.538984] test_corruption+0x131/0x3e0 [ 32.539275] kunit_try_run_case+0x1a5/0x480 [ 32.539542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.539848] kthread+0x337/0x6f0 [ 32.540009] ret_from_fork+0x116/0x1d0 [ 32.540345] ret_from_fork_asm+0x1a/0x30 [ 32.540603] [ 32.540727] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 32.541356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.541522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.542055] ================================================================== [ 32.635925] ================================================================== [ 32.636383] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 32.636383] [ 32.636759] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#113): [ 32.637151] test_corruption+0x216/0x3e0 [ 32.637391] kunit_try_run_case+0x1a5/0x480 [ 32.637582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.637762] kthread+0x337/0x6f0 [ 32.637944] ret_from_fork+0x116/0x1d0 [ 32.638147] ret_from_fork_asm+0x1a/0x30 [ 32.638395] [ 32.638472] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.638472] [ 32.638845] allocated by task 361 on cpu 1 at 32.635796s (0.003047s ago): [ 32.639165] test_alloc+0x2a6/0x10f0 [ 32.639319] test_corruption+0x1cb/0x3e0 [ 32.639550] kunit_try_run_case+0x1a5/0x480 [ 32.639746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.639990] kthread+0x337/0x6f0 [ 32.640163] ret_from_fork+0x116/0x1d0 [ 32.640332] ret_from_fork_asm+0x1a/0x30 [ 32.640503] [ 32.640572] freed by task 361 on cpu 1 at 32.635850s (0.004719s ago): [ 32.640790] test_corruption+0x216/0x3e0 [ 32.640965] kunit_try_run_case+0x1a5/0x480 [ 32.641169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.641425] kthread+0x337/0x6f0 [ 32.641573] ret_from_fork+0x116/0x1d0 [ 32.641707] ret_from_fork_asm+0x1a/0x30 [ 32.641857] [ 32.641970] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 32.642976] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.643174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.643449] ================================================================== [ 32.220051] ================================================================== [ 32.220452] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 32.220452] [ 32.220878] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#109): [ 32.221737] test_corruption+0x2df/0x3e0 [ 32.221960] kunit_try_run_case+0x1a5/0x480 [ 32.222163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.222417] kthread+0x337/0x6f0 [ 32.222584] ret_from_fork+0x116/0x1d0 [ 32.222771] ret_from_fork_asm+0x1a/0x30 [ 32.222986] [ 32.223087] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.223087] [ 32.223968] allocated by task 359 on cpu 0 at 32.219765s (0.004201s ago): [ 32.224486] test_alloc+0x364/0x10f0 [ 32.224784] test_corruption+0x1cb/0x3e0 [ 32.224981] kunit_try_run_case+0x1a5/0x480 [ 32.225324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.225592] kthread+0x337/0x6f0 [ 32.225887] ret_from_fork+0x116/0x1d0 [ 32.226150] ret_from_fork_asm+0x1a/0x30 [ 32.226318] [ 32.226423] freed by task 359 on cpu 0 at 32.219877s (0.006543s ago): [ 32.226866] test_corruption+0x2df/0x3e0 [ 32.227067] kunit_try_run_case+0x1a5/0x480 [ 32.227257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.227726] kthread+0x337/0x6f0 [ 32.227911] ret_from_fork+0x116/0x1d0 [ 32.228220] ret_from_fork_asm+0x1a/0x30 [ 32.228482] [ 32.228669] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 32.229296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.229495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.229886] ================================================================== [ 31.907990] ================================================================== [ 31.908669] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 31.908669] [ 31.908999] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#106): [ 31.909810] test_corruption+0x2d2/0x3e0 [ 31.910013] kunit_try_run_case+0x1a5/0x480 [ 31.910208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.910428] kthread+0x337/0x6f0 [ 31.910612] ret_from_fork+0x116/0x1d0 [ 31.910794] ret_from_fork_asm+0x1a/0x30 [ 31.911008] [ 31.911097] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.911097] [ 31.911403] allocated by task 359 on cpu 0 at 31.907705s (0.003696s ago): [ 31.912182] test_alloc+0x364/0x10f0 [ 31.912377] test_corruption+0xe6/0x3e0 [ 31.912571] kunit_try_run_case+0x1a5/0x480 [ 31.912780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.913026] kthread+0x337/0x6f0 [ 31.913546] ret_from_fork+0x116/0x1d0 [ 31.913738] ret_from_fork_asm+0x1a/0x30 [ 31.914045] [ 31.914135] freed by task 359 on cpu 0 at 31.907804s (0.006328s ago): [ 31.914569] test_corruption+0x2d2/0x3e0 [ 31.914750] kunit_try_run_case+0x1a5/0x480 [ 31.915021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.915402] kthread+0x337/0x6f0 [ 31.915542] ret_from_fork+0x116/0x1d0 [ 31.915853] ret_from_fork_asm+0x1a/0x30 [ 31.916013] [ 31.916139] CPU: 0 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.916805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.916995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.917576] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 31.595903] ================================================================== [ 31.596323] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 31.596323] [ 31.596634] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 31.597391] test_invalid_addr_free+0x1e1/0x260 [ 31.597789] kunit_try_run_case+0x1a5/0x480 [ 31.598008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.598542] kthread+0x337/0x6f0 [ 31.598703] ret_from_fork+0x116/0x1d0 [ 31.598915] ret_from_fork_asm+0x1a/0x30 [ 31.599192] [ 31.599294] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.599294] [ 31.599681] allocated by task 355 on cpu 0 at 31.595749s (0.003929s ago): [ 31.599998] test_alloc+0x364/0x10f0 [ 31.600161] test_invalid_addr_free+0xdb/0x260 [ 31.600401] kunit_try_run_case+0x1a5/0x480 [ 31.600994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.601252] kthread+0x337/0x6f0 [ 31.601579] ret_from_fork+0x116/0x1d0 [ 31.601743] ret_from_fork_asm+0x1a/0x30 [ 31.601964] [ 31.602266] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.602868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.603065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.603590] ================================================================== [ 31.699906] ================================================================== [ 31.700290] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 31.700290] [ 31.700591] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 31.701116] test_invalid_addr_free+0xfb/0x260 [ 31.701399] kunit_try_run_case+0x1a5/0x480 [ 31.701632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.701882] kthread+0x337/0x6f0 [ 31.702060] ret_from_fork+0x116/0x1d0 [ 31.702305] ret_from_fork_asm+0x1a/0x30 [ 31.702475] [ 31.702580] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.702580] [ 31.703021] allocated by task 357 on cpu 1 at 31.699784s (0.003234s ago): [ 31.703382] test_alloc+0x2a6/0x10f0 [ 31.703529] test_invalid_addr_free+0xdb/0x260 [ 31.703723] kunit_try_run_case+0x1a5/0x480 [ 31.703941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.704262] kthread+0x337/0x6f0 [ 31.704402] ret_from_fork+0x116/0x1d0 [ 31.704615] ret_from_fork_asm+0x1a/0x30 [ 31.704801] [ 31.704954] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.705458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.705676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.706057] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 31.491977] ================================================================== [ 31.492392] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 31.492392] [ 31.492841] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 31.493428] test_double_free+0x112/0x260 [ 31.493654] kunit_try_run_case+0x1a5/0x480 [ 31.493805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.493988] kthread+0x337/0x6f0 [ 31.494111] ret_from_fork+0x116/0x1d0 [ 31.494259] ret_from_fork_asm+0x1a/0x30 [ 31.494504] [ 31.494599] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.494599] [ 31.495019] allocated by task 353 on cpu 1 at 31.491773s (0.003244s ago): [ 31.495454] test_alloc+0x2a6/0x10f0 [ 31.495598] test_double_free+0xdb/0x260 [ 31.495818] kunit_try_run_case+0x1a5/0x480 [ 31.496054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.496332] kthread+0x337/0x6f0 [ 31.496502] ret_from_fork+0x116/0x1d0 [ 31.496703] ret_from_fork_asm+0x1a/0x30 [ 31.496901] [ 31.497028] freed by task 353 on cpu 1 at 31.491857s (0.005169s ago): [ 31.497348] test_double_free+0xfa/0x260 [ 31.497584] kunit_try_run_case+0x1a5/0x480 [ 31.497793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.498065] kthread+0x337/0x6f0 [ 31.498259] ret_from_fork+0x116/0x1d0 [ 31.498392] ret_from_fork_asm+0x1a/0x30 [ 31.498558] [ 31.498678] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.499337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.499508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.499859] ================================================================== [ 31.387989] ================================================================== [ 31.388574] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 31.388574] [ 31.388933] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 31.389259] test_double_free+0x1d3/0x260 [ 31.389417] kunit_try_run_case+0x1a5/0x480 [ 31.389650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.389924] kthread+0x337/0x6f0 [ 31.390074] ret_from_fork+0x116/0x1d0 [ 31.390307] ret_from_fork_asm+0x1a/0x30 [ 31.390490] [ 31.390586] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.390586] [ 31.390987] allocated by task 351 on cpu 0 at 31.387706s (0.003278s ago): [ 31.391308] test_alloc+0x364/0x10f0 [ 31.391474] test_double_free+0xdb/0x260 [ 31.391653] kunit_try_run_case+0x1a5/0x480 [ 31.391826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.392083] kthread+0x337/0x6f0 [ 31.392249] ret_from_fork+0x116/0x1d0 [ 31.392410] ret_from_fork_asm+0x1a/0x30 [ 31.392676] [ 31.392748] freed by task 351 on cpu 0 at 31.387780s (0.004965s ago): [ 31.393144] test_double_free+0x1e0/0x260 [ 31.393328] kunit_try_run_case+0x1a5/0x480 [ 31.393536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.393732] kthread+0x337/0x6f0 [ 31.393878] ret_from_fork+0x116/0x1d0 [ 31.394066] ret_from_fork_asm+0x1a/0x30 [ 31.395218] [ 31.395514] CPU: 0 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.396197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.396534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.397007] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 31.075917] ================================================================== [ 31.076393] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.076393] [ 31.076789] Use-after-free read at 0x(____ptrval____) (in kfence-#98): [ 31.077105] test_use_after_free_read+0x129/0x270 [ 31.077275] kunit_try_run_case+0x1a5/0x480 [ 31.077574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.077850] kthread+0x337/0x6f0 [ 31.077977] ret_from_fork+0x116/0x1d0 [ 31.078161] ret_from_fork_asm+0x1a/0x30 [ 31.078367] [ 31.078464] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.078464] [ 31.078785] allocated by task 345 on cpu 1 at 31.075775s (0.003008s ago): [ 31.079134] test_alloc+0x2a6/0x10f0 [ 31.079335] test_use_after_free_read+0xdc/0x270 [ 31.079557] kunit_try_run_case+0x1a5/0x480 [ 31.079717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.079971] kthread+0x337/0x6f0 [ 31.080092] ret_from_fork+0x116/0x1d0 [ 31.080225] ret_from_fork_asm+0x1a/0x30 [ 31.080370] [ 31.080462] freed by task 345 on cpu 1 at 31.075820s (0.004640s ago): [ 31.080935] test_use_after_free_read+0xfb/0x270 [ 31.081093] kunit_try_run_case+0x1a5/0x480 [ 31.081242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.082283] kthread+0x337/0x6f0 [ 31.082509] ret_from_fork+0x116/0x1d0 [ 31.082701] ret_from_fork_asm+0x1a/0x30 [ 31.082911] [ 31.083037] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 31.083504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.083714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.084068] ================================================================== [ 30.971966] ================================================================== [ 30.972820] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.972820] [ 30.973197] Use-after-free read at 0x(____ptrval____) (in kfence-#97): [ 30.973667] test_use_after_free_read+0x129/0x270 [ 30.973905] kunit_try_run_case+0x1a5/0x480 [ 30.974116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.974728] kthread+0x337/0x6f0 [ 30.974933] ret_from_fork+0x116/0x1d0 [ 30.975524] ret_from_fork_asm+0x1a/0x30 [ 30.975726] [ 30.975814] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.975814] [ 30.976449] allocated by task 343 on cpu 0 at 30.971747s (0.004699s ago): [ 30.976893] test_alloc+0x364/0x10f0 [ 30.977233] test_use_after_free_read+0xdc/0x270 [ 30.977548] kunit_try_run_case+0x1a5/0x480 [ 30.977861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.978213] kthread+0x337/0x6f0 [ 30.978406] ret_from_fork+0x116/0x1d0 [ 30.978721] ret_from_fork_asm+0x1a/0x30 [ 30.978970] [ 30.979424] freed by task 343 on cpu 0 at 30.971804s (0.007442s ago): [ 30.979789] test_use_after_free_read+0x1e7/0x270 [ 30.980016] kunit_try_run_case+0x1a5/0x480 [ 30.980422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.980764] kthread+0x337/0x6f0 [ 30.980951] ret_from_fork+0x116/0x1d0 [ 30.981302] ret_from_fork_asm+0x1a/0x30 [ 30.981536] [ 30.981809] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 30.982457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.982664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.983025] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 30.867721] ================================================================== [ 30.868146] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.868146] [ 30.868684] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#96): [ 30.869039] test_out_of_bounds_write+0x10d/0x260 [ 30.869242] kunit_try_run_case+0x1a5/0x480 [ 30.869475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.869664] kthread+0x337/0x6f0 [ 30.869844] ret_from_fork+0x116/0x1d0 [ 30.870039] ret_from_fork_asm+0x1a/0x30 [ 30.870233] [ 30.870358] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.870358] [ 30.870679] allocated by task 341 on cpu 0 at 30.867663s (0.003014s ago): [ 30.871025] test_alloc+0x2a6/0x10f0 [ 30.871191] test_out_of_bounds_write+0xd4/0x260 [ 30.871390] kunit_try_run_case+0x1a5/0x480 [ 30.871584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.871763] kthread+0x337/0x6f0 [ 30.871927] ret_from_fork+0x116/0x1d0 [ 30.872116] ret_from_fork_asm+0x1a/0x30 [ 30.872389] [ 30.872509] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 30.872954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.873100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.873498] ================================================================== [ 30.451896] ================================================================== [ 30.452335] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.452335] [ 30.452857] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#92): [ 30.453115] test_out_of_bounds_write+0x10d/0x260 [ 30.453477] kunit_try_run_case+0x1a5/0x480 [ 30.453705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.453909] kthread+0x337/0x6f0 [ 30.454037] ret_from_fork+0x116/0x1d0 [ 30.454223] ret_from_fork_asm+0x1a/0x30 [ 30.454438] [ 30.454538] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.454538] [ 30.454884] allocated by task 339 on cpu 0 at 30.451761s (0.003120s ago): [ 30.455265] test_alloc+0x364/0x10f0 [ 30.455450] test_out_of_bounds_write+0xd4/0x260 [ 30.455677] kunit_try_run_case+0x1a5/0x480 [ 30.455916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.456144] kthread+0x337/0x6f0 [ 30.456264] ret_from_fork+0x116/0x1d0 [ 30.456393] ret_from_fork_asm+0x1a/0x30 [ 30.457020] [ 30.457158] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 30.458139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.458517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.459056] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 29.517002] ================================================================== [ 29.517736] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.517736] [ 29.518131] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#83): [ 29.519024] test_out_of_bounds_read+0x126/0x4e0 [ 29.519403] kunit_try_run_case+0x1a5/0x480 [ 29.519576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.519760] kthread+0x337/0x6f0 [ 29.519903] ret_from_fork+0x116/0x1d0 [ 29.520096] ret_from_fork_asm+0x1a/0x30 [ 29.520282] [ 29.520973] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.520973] [ 29.521761] allocated by task 335 on cpu 1 at 29.515764s (0.005932s ago): [ 29.522497] test_alloc+0x364/0x10f0 [ 29.522723] test_out_of_bounds_read+0xed/0x4e0 [ 29.523071] kunit_try_run_case+0x1a5/0x480 [ 29.523317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.523779] kthread+0x337/0x6f0 [ 29.524050] ret_from_fork+0x116/0x1d0 [ 29.524326] ret_from_fork_asm+0x1a/0x30 [ 29.524566] [ 29.524722] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.525571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.525773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.526307] ================================================================== [ 29.619974] ================================================================== [ 29.620557] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.620557] [ 29.621290] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#84): [ 29.621562] test_out_of_bounds_read+0x216/0x4e0 [ 29.621802] kunit_try_run_case+0x1a5/0x480 [ 29.622034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.622234] kthread+0x337/0x6f0 [ 29.622763] ret_from_fork+0x116/0x1d0 [ 29.622938] ret_from_fork_asm+0x1a/0x30 [ 29.623270] [ 29.623494] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.623494] [ 29.623957] allocated by task 335 on cpu 1 at 29.619779s (0.004175s ago): [ 29.624399] test_alloc+0x364/0x10f0 [ 29.624643] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.624946] kunit_try_run_case+0x1a5/0x480 [ 29.625222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.625583] kthread+0x337/0x6f0 [ 29.625748] ret_from_fork+0x116/0x1d0 [ 29.625934] ret_from_fork_asm+0x1a/0x30 [ 29.626118] [ 29.626436] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.627013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.627224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.627741] ================================================================== [ 29.827821] ================================================================== [ 29.828247] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.828247] [ 29.828732] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 29.829483] test_out_of_bounds_read+0x126/0x4e0 [ 29.829969] kunit_try_run_case+0x1a5/0x480 [ 29.830353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.830718] kthread+0x337/0x6f0 [ 29.831004] ret_from_fork+0x116/0x1d0 [ 29.831205] ret_from_fork_asm+0x1a/0x30 [ 29.831369] [ 29.831655] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.831655] [ 29.832075] allocated by task 337 on cpu 1 at 29.827763s (0.004309s ago): [ 29.832670] test_alloc+0x2a6/0x10f0 [ 29.832876] test_out_of_bounds_read+0xed/0x4e0 [ 29.833238] kunit_try_run_case+0x1a5/0x480 [ 29.833552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.833895] kthread+0x337/0x6f0 [ 29.834172] ret_from_fork+0x116/0x1d0 [ 29.834346] ret_from_fork_asm+0x1a/0x30 [ 29.834562] [ 29.834669] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.835112] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.835397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.835779] ================================================================== [ 30.347827] ================================================================== [ 30.348277] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.348277] [ 30.348721] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#91): [ 30.349111] test_out_of_bounds_read+0x216/0x4e0 [ 30.349352] kunit_try_run_case+0x1a5/0x480 [ 30.349587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.349825] kthread+0x337/0x6f0 [ 30.349966] ret_from_fork+0x116/0x1d0 [ 30.350154] ret_from_fork_asm+0x1a/0x30 [ 30.350364] [ 30.350482] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.350482] [ 30.350865] allocated by task 337 on cpu 1 at 30.347772s (0.003090s ago): [ 30.351205] test_alloc+0x2a6/0x10f0 [ 30.351451] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.351624] kunit_try_run_case+0x1a5/0x480 [ 30.351870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.352137] kthread+0x337/0x6f0 [ 30.352302] ret_from_fork+0x116/0x1d0 [ 30.352494] ret_from_fork_asm+0x1a/0x30 [ 30.352717] [ 30.352851] CPU: 1 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 30.353376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.353514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.354174] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 29.349669] ================================================================== [ 29.349955] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.350201] Read of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.350530] [ 29.350648] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.350698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.350712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.350734] Call Trace: [ 29.350751] <TASK> [ 29.350768] dump_stack_lvl+0x73/0xb0 [ 29.350813] print_report+0xd1/0x640 [ 29.350850] ? __virt_addr_valid+0x1db/0x2d0 [ 29.350876] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.350903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.350932] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.350967] kasan_report+0x141/0x180 [ 29.350993] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.351022] kasan_check_range+0x10c/0x1c0 [ 29.351049] __kasan_check_read+0x15/0x20 [ 29.351074] copy_user_test_oob+0x4aa/0x10f0 [ 29.351102] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.351127] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.351162] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.351192] kunit_try_run_case+0x1a5/0x480 [ 29.351218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.351244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.351271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.351298] ? __kthread_parkme+0x82/0x180 [ 29.351320] ? preempt_count_sub+0x50/0x80 [ 29.351344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.351370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.351395] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.351421] kthread+0x337/0x6f0 [ 29.351443] ? trace_preempt_on+0x20/0xc0 [ 29.351467] ? __pfx_kthread+0x10/0x10 [ 29.351490] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.351515] ? calculate_sigpending+0x7b/0xa0 [ 29.351541] ? __pfx_kthread+0x10/0x10 [ 29.351564] ret_from_fork+0x116/0x1d0 [ 29.351586] ? __pfx_kthread+0x10/0x10 [ 29.351608] ret_from_fork_asm+0x1a/0x30 [ 29.351641] </TASK> [ 29.351654] [ 29.358366] Allocated by task 333: [ 29.358534] kasan_save_stack+0x45/0x70 [ 29.358761] kasan_save_track+0x18/0x40 [ 29.358931] kasan_save_alloc_info+0x3b/0x50 [ 29.359143] __kasan_kmalloc+0xb7/0xc0 [ 29.359329] __kmalloc_noprof+0x1ca/0x510 [ 29.359492] kunit_kmalloc_array+0x25/0x60 [ 29.359679] copy_user_test_oob+0xab/0x10f0 [ 29.359884] kunit_try_run_case+0x1a5/0x480 [ 29.360053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.360234] kthread+0x337/0x6f0 [ 29.360439] ret_from_fork+0x116/0x1d0 [ 29.360658] ret_from_fork_asm+0x1a/0x30 [ 29.360851] [ 29.360925] The buggy address belongs to the object at ffff888104975500 [ 29.360925] which belongs to the cache kmalloc-128 of size 128 [ 29.361512] The buggy address is located 0 bytes inside of [ 29.361512] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.362020] [ 29.362115] The buggy address belongs to the physical page: [ 29.362345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.362589] flags: 0x200000000000000(node=0|zone=2) [ 29.362755] page_type: f5(slab) [ 29.362907] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.363326] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.363665] page dumped because: kasan: bad access detected [ 29.363924] [ 29.364016] Memory state around the buggy address: [ 29.364306] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.364583] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.364871] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.365196] ^ [ 29.365464] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.365757] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366027] ================================================================== [ 29.385852] ================================================================== [ 29.386167] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.386742] Read of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.387605] [ 29.387810] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.387877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.387892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.387923] Call Trace: [ 29.387940] <TASK> [ 29.387955] dump_stack_lvl+0x73/0xb0 [ 29.387986] print_report+0xd1/0x640 [ 29.388011] ? __virt_addr_valid+0x1db/0x2d0 [ 29.388036] ? copy_user_test_oob+0x604/0x10f0 [ 29.388061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.388091] ? copy_user_test_oob+0x604/0x10f0 [ 29.388117] kasan_report+0x141/0x180 [ 29.388142] ? copy_user_test_oob+0x604/0x10f0 [ 29.388288] kasan_check_range+0x10c/0x1c0 [ 29.388322] __kasan_check_read+0x15/0x20 [ 29.388350] copy_user_test_oob+0x604/0x10f0 [ 29.388379] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.388405] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.388483] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.388515] kunit_try_run_case+0x1a5/0x480 [ 29.388542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388567] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.388594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.388622] ? __kthread_parkme+0x82/0x180 [ 29.388645] ? preempt_count_sub+0x50/0x80 [ 29.388671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.388722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.388748] kthread+0x337/0x6f0 [ 29.388769] ? trace_preempt_on+0x20/0xc0 [ 29.388793] ? __pfx_kthread+0x10/0x10 [ 29.388817] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.388852] ? calculate_sigpending+0x7b/0xa0 [ 29.388883] ? __pfx_kthread+0x10/0x10 [ 29.388906] ret_from_fork+0x116/0x1d0 [ 29.388928] ? __pfx_kthread+0x10/0x10 [ 29.388951] ret_from_fork_asm+0x1a/0x30 [ 29.388984] </TASK> [ 29.388997] [ 29.398262] Allocated by task 333: [ 29.398619] kasan_save_stack+0x45/0x70 [ 29.398799] kasan_save_track+0x18/0x40 [ 29.399132] kasan_save_alloc_info+0x3b/0x50 [ 29.399325] __kasan_kmalloc+0xb7/0xc0 [ 29.399524] __kmalloc_noprof+0x1ca/0x510 [ 29.399698] kunit_kmalloc_array+0x25/0x60 [ 29.399917] copy_user_test_oob+0xab/0x10f0 [ 29.400095] kunit_try_run_case+0x1a5/0x480 [ 29.400329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.400952] kthread+0x337/0x6f0 [ 29.401116] ret_from_fork+0x116/0x1d0 [ 29.401336] ret_from_fork_asm+0x1a/0x30 [ 29.401601] [ 29.401928] The buggy address belongs to the object at ffff888104975500 [ 29.401928] which belongs to the cache kmalloc-128 of size 128 [ 29.402481] The buggy address is located 0 bytes inside of [ 29.402481] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.403102] [ 29.403265] The buggy address belongs to the physical page: [ 29.403582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.404034] flags: 0x200000000000000(node=0|zone=2) [ 29.404399] page_type: f5(slab) [ 29.404631] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.405080] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.405636] page dumped because: kasan: bad access detected [ 29.405942] [ 29.406030] Memory state around the buggy address: [ 29.406213] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.406766] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.407051] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.407597] ^ [ 29.407985] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.408321] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.408733] ================================================================== [ 29.366541] ================================================================== [ 29.366859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.367149] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.367445] [ 29.367559] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.367605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.367619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.367641] Call Trace: [ 29.367657] <TASK> [ 29.367672] dump_stack_lvl+0x73/0xb0 [ 29.367700] print_report+0xd1/0x640 [ 29.367724] ? __virt_addr_valid+0x1db/0x2d0 [ 29.367750] ? copy_user_test_oob+0x557/0x10f0 [ 29.367775] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.367803] ? copy_user_test_oob+0x557/0x10f0 [ 29.367840] kasan_report+0x141/0x180 [ 29.367865] ? copy_user_test_oob+0x557/0x10f0 [ 29.367895] kasan_check_range+0x10c/0x1c0 [ 29.367922] __kasan_check_write+0x18/0x20 [ 29.367948] copy_user_test_oob+0x557/0x10f0 [ 29.367975] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.367999] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.368035] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.368066] kunit_try_run_case+0x1a5/0x480 [ 29.368095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.368121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.368149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.368187] ? __kthread_parkme+0x82/0x180 [ 29.368209] ? preempt_count_sub+0x50/0x80 [ 29.368235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.368261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.368287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.368311] kthread+0x337/0x6f0 [ 29.368334] ? trace_preempt_on+0x20/0xc0 [ 29.368359] ? __pfx_kthread+0x10/0x10 [ 29.368382] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.368407] ? calculate_sigpending+0x7b/0xa0 [ 29.368435] ? __pfx_kthread+0x10/0x10 [ 29.368458] ret_from_fork+0x116/0x1d0 [ 29.368481] ? __pfx_kthread+0x10/0x10 [ 29.368503] ret_from_fork_asm+0x1a/0x30 [ 29.368536] </TASK> [ 29.368548] [ 29.375117] Allocated by task 333: [ 29.375464] kasan_save_stack+0x45/0x70 [ 29.375653] kasan_save_track+0x18/0x40 [ 29.375820] kasan_save_alloc_info+0x3b/0x50 [ 29.376025] __kasan_kmalloc+0xb7/0xc0 [ 29.376209] __kmalloc_noprof+0x1ca/0x510 [ 29.376352] kunit_kmalloc_array+0x25/0x60 [ 29.376498] copy_user_test_oob+0xab/0x10f0 [ 29.376646] kunit_try_run_case+0x1a5/0x480 [ 29.376799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.377072] kthread+0x337/0x6f0 [ 29.377312] ret_from_fork+0x116/0x1d0 [ 29.377507] ret_from_fork_asm+0x1a/0x30 [ 29.377716] [ 29.377800] The buggy address belongs to the object at ffff888104975500 [ 29.377800] which belongs to the cache kmalloc-128 of size 128 [ 29.378354] The buggy address is located 0 bytes inside of [ 29.378354] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.378720] [ 29.378790] The buggy address belongs to the physical page: [ 29.378977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.379259] flags: 0x200000000000000(node=0|zone=2) [ 29.379489] page_type: f5(slab) [ 29.379654] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.380248] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.380592] page dumped because: kasan: bad access detected [ 29.380851] [ 29.380950] Memory state around the buggy address: [ 29.381876] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.383168] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.383458] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.383672] ^ [ 29.383923] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.384646] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.385129] ================================================================== [ 29.332530] ================================================================== [ 29.332820] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.333078] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.333331] [ 29.333518] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.333569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.333584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.333608] Call Trace: [ 29.333623] <TASK> [ 29.333640] dump_stack_lvl+0x73/0xb0 [ 29.333669] print_report+0xd1/0x640 [ 29.333693] ? __virt_addr_valid+0x1db/0x2d0 [ 29.333719] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.333772] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333798] kasan_report+0x141/0x180 [ 29.333823] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.333865] kasan_check_range+0x10c/0x1c0 [ 29.333890] __kasan_check_write+0x18/0x20 [ 29.333916] copy_user_test_oob+0x3fd/0x10f0 [ 29.333944] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.333969] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.334005] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.334035] kunit_try_run_case+0x1a5/0x480 [ 29.334062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.334114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.334140] ? __kthread_parkme+0x82/0x180 [ 29.334162] ? preempt_count_sub+0x50/0x80 [ 29.334186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.334212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.334238] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.334264] kthread+0x337/0x6f0 [ 29.334287] ? trace_preempt_on+0x20/0xc0 [ 29.334311] ? __pfx_kthread+0x10/0x10 [ 29.334335] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.334369] ? calculate_sigpending+0x7b/0xa0 [ 29.334395] ? __pfx_kthread+0x10/0x10 [ 29.334418] ret_from_fork+0x116/0x1d0 [ 29.334440] ? __pfx_kthread+0x10/0x10 [ 29.334462] ret_from_fork_asm+0x1a/0x30 [ 29.334495] </TASK> [ 29.334508] [ 29.341351] Allocated by task 333: [ 29.341500] kasan_save_stack+0x45/0x70 [ 29.341700] kasan_save_track+0x18/0x40 [ 29.341860] kasan_save_alloc_info+0x3b/0x50 [ 29.342073] __kasan_kmalloc+0xb7/0xc0 [ 29.342273] __kmalloc_noprof+0x1ca/0x510 [ 29.342462] kunit_kmalloc_array+0x25/0x60 [ 29.342633] copy_user_test_oob+0xab/0x10f0 [ 29.342843] kunit_try_run_case+0x1a5/0x480 [ 29.343023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.343264] kthread+0x337/0x6f0 [ 29.343402] ret_from_fork+0x116/0x1d0 [ 29.343536] ret_from_fork_asm+0x1a/0x30 [ 29.343683] [ 29.343779] The buggy address belongs to the object at ffff888104975500 [ 29.343779] which belongs to the cache kmalloc-128 of size 128 [ 29.344329] The buggy address is located 0 bytes inside of [ 29.344329] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.344935] [ 29.345027] The buggy address belongs to the physical page: [ 29.345299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.345606] flags: 0x200000000000000(node=0|zone=2) [ 29.345816] page_type: f5(slab) [ 29.345960] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.346417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.346648] page dumped because: kasan: bad access detected [ 29.346821] [ 29.346927] Memory state around the buggy address: [ 29.347153] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.347578] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.347800] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.348032] ^ [ 29.348453] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.348775] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.349107] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 29.300434] ================================================================== [ 29.301223] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 29.301817] Read of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.302568] [ 29.302780] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.302841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.302856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.302880] Call Trace: [ 29.302894] <TASK> [ 29.302913] dump_stack_lvl+0x73/0xb0 [ 29.302942] print_report+0xd1/0x640 [ 29.302966] ? __virt_addr_valid+0x1db/0x2d0 [ 29.302992] ? _copy_to_user+0x3c/0x70 [ 29.303013] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.303041] ? _copy_to_user+0x3c/0x70 [ 29.303063] kasan_report+0x141/0x180 [ 29.303087] ? _copy_to_user+0x3c/0x70 [ 29.303113] kasan_check_range+0x10c/0x1c0 [ 29.303139] __kasan_check_read+0x15/0x20 [ 29.303166] _copy_to_user+0x3c/0x70 [ 29.303188] copy_user_test_oob+0x364/0x10f0 [ 29.303216] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.303240] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.303275] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.303304] kunit_try_run_case+0x1a5/0x480 [ 29.303331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.303355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.303383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.303410] ? __kthread_parkme+0x82/0x180 [ 29.303432] ? preempt_count_sub+0x50/0x80 [ 29.303458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.303485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.303510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.303536] kthread+0x337/0x6f0 [ 29.303559] ? trace_preempt_on+0x20/0xc0 [ 29.303584] ? __pfx_kthread+0x10/0x10 [ 29.303606] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.303645] ? calculate_sigpending+0x7b/0xa0 [ 29.303671] ? __pfx_kthread+0x10/0x10 [ 29.303694] ret_from_fork+0x116/0x1d0 [ 29.303716] ? __pfx_kthread+0x10/0x10 [ 29.303739] ret_from_fork_asm+0x1a/0x30 [ 29.303771] </TASK> [ 29.303784] [ 29.314887] Allocated by task 333: [ 29.315171] kasan_save_stack+0x45/0x70 [ 29.315454] kasan_save_track+0x18/0x40 [ 29.315788] kasan_save_alloc_info+0x3b/0x50 [ 29.316070] __kasan_kmalloc+0xb7/0xc0 [ 29.316420] __kmalloc_noprof+0x1ca/0x510 [ 29.316878] kunit_kmalloc_array+0x25/0x60 [ 29.317316] copy_user_test_oob+0xab/0x10f0 [ 29.317675] kunit_try_run_case+0x1a5/0x480 [ 29.317828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.318018] kthread+0x337/0x6f0 [ 29.318348] ret_from_fork+0x116/0x1d0 [ 29.318759] ret_from_fork_asm+0x1a/0x30 [ 29.319185] [ 29.319355] The buggy address belongs to the object at ffff888104975500 [ 29.319355] which belongs to the cache kmalloc-128 of size 128 [ 29.320575] The buggy address is located 0 bytes inside of [ 29.320575] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.321593] [ 29.321668] The buggy address belongs to the physical page: [ 29.321859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.322106] flags: 0x200000000000000(node=0|zone=2) [ 29.322287] page_type: f5(slab) [ 29.322410] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.322739] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.323286] page dumped because: kasan: bad access detected [ 29.323849] [ 29.324020] Memory state around the buggy address: [ 29.324472] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.324939] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.325171] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.325890] ^ [ 29.326601] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327274] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.327932] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 29.432001] ================================================================== [ 29.432344] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.432636] Write of size 1 at addr ffff888104975578 by task kunit_try_catch/333 [ 29.432963] [ 29.433055] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.433102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.433116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.433139] Call Trace: [ 29.433156] <TASK> [ 29.433183] dump_stack_lvl+0x73/0xb0 [ 29.433211] print_report+0xd1/0x640 [ 29.433236] ? __virt_addr_valid+0x1db/0x2d0 [ 29.433260] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.433312] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433337] kasan_report+0x141/0x180 [ 29.433361] ? strncpy_from_user+0x1a5/0x1d0 [ 29.433391] __asan_report_store1_noabort+0x1b/0x30 [ 29.433417] strncpy_from_user+0x1a5/0x1d0 [ 29.433444] copy_user_test_oob+0x760/0x10f0 [ 29.433471] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.433497] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.433532] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.433562] kunit_try_run_case+0x1a5/0x480 [ 29.433588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.433612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.433639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.433666] ? __kthread_parkme+0x82/0x180 [ 29.433688] ? preempt_count_sub+0x50/0x80 [ 29.433712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.433738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.433764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.433789] kthread+0x337/0x6f0 [ 29.433811] ? trace_preempt_on+0x20/0xc0 [ 29.433847] ? __pfx_kthread+0x10/0x10 [ 29.433869] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.433894] ? calculate_sigpending+0x7b/0xa0 [ 29.433920] ? __pfx_kthread+0x10/0x10 [ 29.433943] ret_from_fork+0x116/0x1d0 [ 29.433965] ? __pfx_kthread+0x10/0x10 [ 29.433988] ret_from_fork_asm+0x1a/0x30 [ 29.434021] </TASK> [ 29.434033] [ 29.440702] Allocated by task 333: [ 29.440880] kasan_save_stack+0x45/0x70 [ 29.441069] kasan_save_track+0x18/0x40 [ 29.441319] kasan_save_alloc_info+0x3b/0x50 [ 29.441511] __kasan_kmalloc+0xb7/0xc0 [ 29.441678] __kmalloc_noprof+0x1ca/0x510 [ 29.441862] kunit_kmalloc_array+0x25/0x60 [ 29.442035] copy_user_test_oob+0xab/0x10f0 [ 29.442270] kunit_try_run_case+0x1a5/0x480 [ 29.442449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.442686] kthread+0x337/0x6f0 [ 29.442843] ret_from_fork+0x116/0x1d0 [ 29.442980] ret_from_fork_asm+0x1a/0x30 [ 29.443120] [ 29.443205] The buggy address belongs to the object at ffff888104975500 [ 29.443205] which belongs to the cache kmalloc-128 of size 128 [ 29.443913] The buggy address is located 0 bytes to the right of [ 29.443913] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.444413] [ 29.444509] The buggy address belongs to the physical page: [ 29.444760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.445021] flags: 0x200000000000000(node=0|zone=2) [ 29.445316] page_type: f5(slab) [ 29.445483] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.445823] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.446144] page dumped because: kasan: bad access detected [ 29.446331] [ 29.446399] Memory state around the buggy address: [ 29.446555] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.446778] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.447091] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.447404] ^ [ 29.447716] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.448096] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.448546] ================================================================== [ 29.409613] ================================================================== [ 29.410029] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.410410] Write of size 121 at addr ffff888104975500 by task kunit_try_catch/333 [ 29.411032] [ 29.411235] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 29.411288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.411303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.411327] Call Trace: [ 29.411343] <TASK> [ 29.411359] dump_stack_lvl+0x73/0xb0 [ 29.411390] print_report+0xd1/0x640 [ 29.411414] ? __virt_addr_valid+0x1db/0x2d0 [ 29.411440] ? strncpy_from_user+0x2e/0x1d0 [ 29.411466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.411495] ? strncpy_from_user+0x2e/0x1d0 [ 29.411521] kasan_report+0x141/0x180 [ 29.411545] ? strncpy_from_user+0x2e/0x1d0 [ 29.411574] kasan_check_range+0x10c/0x1c0 [ 29.411601] __kasan_check_write+0x18/0x20 [ 29.411627] strncpy_from_user+0x2e/0x1d0 [ 29.411653] ? __kasan_check_read+0x15/0x20 [ 29.411680] copy_user_test_oob+0x760/0x10f0 [ 29.411708] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.411734] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.411767] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.411796] kunit_try_run_case+0x1a5/0x480 [ 29.411822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.411887] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.411914] ? __kthread_parkme+0x82/0x180 [ 29.411936] ? preempt_count_sub+0x50/0x80 [ 29.411960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.411987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.412012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.412037] kthread+0x337/0x6f0 [ 29.412058] ? trace_preempt_on+0x20/0xc0 [ 29.412083] ? __pfx_kthread+0x10/0x10 [ 29.412106] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.412131] ? calculate_sigpending+0x7b/0xa0 [ 29.412156] ? __pfx_kthread+0x10/0x10 [ 29.412190] ret_from_fork+0x116/0x1d0 [ 29.412211] ? __pfx_kthread+0x10/0x10 [ 29.412233] ret_from_fork_asm+0x1a/0x30 [ 29.412265] </TASK> [ 29.412278] [ 29.423523] Allocated by task 333: [ 29.423780] kasan_save_stack+0x45/0x70 [ 29.423990] kasan_save_track+0x18/0x40 [ 29.424129] kasan_save_alloc_info+0x3b/0x50 [ 29.424352] __kasan_kmalloc+0xb7/0xc0 [ 29.424545] __kmalloc_noprof+0x1ca/0x510 [ 29.424726] kunit_kmalloc_array+0x25/0x60 [ 29.424927] copy_user_test_oob+0xab/0x10f0 [ 29.425120] kunit_try_run_case+0x1a5/0x480 [ 29.425370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.425626] kthread+0x337/0x6f0 [ 29.425762] ret_from_fork+0x116/0x1d0 [ 29.425911] ret_from_fork_asm+0x1a/0x30 [ 29.426054] [ 29.426123] The buggy address belongs to the object at ffff888104975500 [ 29.426123] which belongs to the cache kmalloc-128 of size 128 [ 29.426714] The buggy address is located 0 bytes inside of [ 29.426714] allocated 120-byte region [ffff888104975500, ffff888104975578) [ 29.427258] [ 29.427330] The buggy address belongs to the physical page: [ 29.427508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 29.427847] flags: 0x200000000000000(node=0|zone=2) [ 29.428088] page_type: f5(slab) [ 29.428347] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.428657] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.428914] page dumped because: kasan: bad access detected [ 29.429091] [ 29.429159] Memory state around the buggy address: [ 29.429339] ffff888104975400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.429860] ffff888104975480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.430175] >ffff888104975500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.430454] ^ [ 29.430671] ffff888104975580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.431276] ffff888104975600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.431531] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 26.941381] ================================================================== [ 26.941885] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 26.942418] Read of size 1 at addr ffff8881062d7c4a by task kunit_try_catch/301 [ 26.942947] [ 26.943063] CPU: 0 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.943113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.943125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.943147] Call Trace: [ 26.943170] <TASK> [ 26.943185] dump_stack_lvl+0x73/0xb0 [ 26.943216] print_report+0xd1/0x640 [ 26.943240] ? __virt_addr_valid+0x1db/0x2d0 [ 26.943265] ? kasan_alloca_oob_right+0x329/0x390 [ 26.943288] ? kasan_addr_to_slab+0x11/0xa0 [ 26.943310] ? kasan_alloca_oob_right+0x329/0x390 [ 26.943333] kasan_report+0x141/0x180 [ 26.943356] ? kasan_alloca_oob_right+0x329/0x390 [ 26.943385] __asan_report_load1_noabort+0x18/0x20 [ 26.943409] kasan_alloca_oob_right+0x329/0x390 [ 26.943434] ? finish_task_switch.isra.0+0x153/0x700 [ 26.943457] ? __mutex_lock.constprop.0+0x94e/0x1770 [ 26.943533] ? trace_hardirqs_on+0x37/0xe0 [ 26.943560] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 26.943586] ? __schedule+0x10da/0x2b60 [ 26.943611] ? __pfx_read_tsc+0x10/0x10 [ 26.943634] ? ktime_get_ts64+0x86/0x230 [ 26.943658] kunit_try_run_case+0x1a5/0x480 [ 26.943686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.943710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.943735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.943760] ? __kthread_parkme+0x82/0x180 [ 26.943781] ? preempt_count_sub+0x50/0x80 [ 26.943804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.943842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.943868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.943893] kthread+0x337/0x6f0 [ 26.943913] ? trace_preempt_on+0x20/0xc0 [ 26.943937] ? __pfx_kthread+0x10/0x10 [ 26.943958] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.943982] ? calculate_sigpending+0x7b/0xa0 [ 26.944007] ? __pfx_kthread+0x10/0x10 [ 26.944029] ret_from_fork+0x116/0x1d0 [ 26.944049] ? __pfx_kthread+0x10/0x10 [ 26.944070] ret_from_fork_asm+0x1a/0x30 [ 26.944102] </TASK> [ 26.944113] [ 26.951910] The buggy address belongs to stack of task kunit_try_catch/301 [ 26.952207] [ 26.952300] The buggy address belongs to the physical page: [ 26.952585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d7 [ 26.952872] flags: 0x200000000000000(node=0|zone=2) [ 26.953065] raw: 0200000000000000 ffffea000418b5c8 ffffea000418b5c8 0000000000000000 [ 26.953644] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.953899] page dumped because: kasan: bad access detected [ 26.954098] [ 26.954188] Memory state around the buggy address: [ 26.954532] ffff8881062d7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.955048] ffff8881062d7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.955288] >ffff8881062d7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.955505] ^ [ 26.955682] ffff8881062d7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.956001] ffff8881062d7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.956543] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 26.920412] ================================================================== [ 26.921034] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 26.921360] Read of size 1 at addr ffff8881062dfc3f by task kunit_try_catch/299 [ 26.921718] [ 26.921856] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.921909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.921923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.921943] Call Trace: [ 26.921958] <TASK> [ 26.921974] dump_stack_lvl+0x73/0xb0 [ 26.922003] print_report+0xd1/0x640 [ 26.922026] ? __virt_addr_valid+0x1db/0x2d0 [ 26.922049] ? kasan_alloca_oob_left+0x320/0x380 [ 26.922073] ? kasan_addr_to_slab+0x11/0xa0 [ 26.922094] ? kasan_alloca_oob_left+0x320/0x380 [ 26.922118] kasan_report+0x141/0x180 [ 26.922140] ? kasan_alloca_oob_left+0x320/0x380 [ 26.922168] __asan_report_load1_noabort+0x18/0x20 [ 26.922202] kasan_alloca_oob_left+0x320/0x380 [ 26.922228] ? pick_task_fair+0xce/0x340 [ 26.922256] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 26.922279] ? trace_hardirqs_on+0x37/0xe0 [ 26.922302] ? __schedule+0x2070/0x2b60 [ 26.922329] ? __pfx_read_tsc+0x10/0x10 [ 26.922351] ? ktime_get_ts64+0x86/0x230 [ 26.922376] kunit_try_run_case+0x1a5/0x480 [ 26.922402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.922426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.922451] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.922535] ? __kthread_parkme+0x82/0x180 [ 26.922557] ? preempt_count_sub+0x50/0x80 [ 26.922581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.922606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.922631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.922656] kthread+0x337/0x6f0 [ 26.922676] ? trace_preempt_on+0x20/0xc0 [ 26.922699] ? __pfx_kthread+0x10/0x10 [ 26.922721] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.922746] ? calculate_sigpending+0x7b/0xa0 [ 26.922770] ? __pfx_kthread+0x10/0x10 [ 26.922792] ret_from_fork+0x116/0x1d0 [ 26.922812] ? __pfx_kthread+0x10/0x10 [ 26.922846] ret_from_fork_asm+0x1a/0x30 [ 26.922878] </TASK> [ 26.922890] [ 26.930551] The buggy address belongs to stack of task kunit_try_catch/299 [ 26.930890] [ 26.930982] The buggy address belongs to the physical page: [ 26.931325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062df [ 26.931813] flags: 0x200000000000000(node=0|zone=2) [ 26.932066] raw: 0200000000000000 ffffea000418b7c8 ffffea000418b7c8 0000000000000000 [ 26.932519] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.932815] page dumped because: kasan: bad access detected [ 26.933062] [ 26.933130] Memory state around the buggy address: [ 26.933432] ffff8881062dfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.933725] ffff8881062dfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.934041] >ffff8881062dfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 26.934365] ^ [ 26.934598] ffff8881062dfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 26.934882] ffff8881062dfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.935189] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 26.896660] ================================================================== [ 26.897296] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 26.897564] Read of size 1 at addr ffff8881062d7d02 by task kunit_try_catch/297 [ 26.898051] [ 26.898159] CPU: 1 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.898208] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.898223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.898243] Call Trace: [ 26.898257] <TASK> [ 26.898270] dump_stack_lvl+0x73/0xb0 [ 26.898300] print_report+0xd1/0x640 [ 26.898322] ? __virt_addr_valid+0x1db/0x2d0 [ 26.898346] ? kasan_stack_oob+0x2b5/0x300 [ 26.898367] ? kasan_addr_to_slab+0x11/0xa0 [ 26.898388] ? kasan_stack_oob+0x2b5/0x300 [ 26.898409] kasan_report+0x141/0x180 [ 26.898432] ? kasan_stack_oob+0x2b5/0x300 [ 26.898635] __asan_report_load1_noabort+0x18/0x20 [ 26.898671] kasan_stack_oob+0x2b5/0x300 [ 26.898693] ? __pfx_kasan_stack_oob+0x10/0x10 [ 26.898715] ? __kasan_check_write+0x18/0x20 [ 26.898739] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.898766] ? irqentry_exit+0x2a/0x60 [ 26.898787] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.898816] ? __pfx_read_tsc+0x10/0x10 [ 26.898854] ? ktime_get_ts64+0x86/0x230 [ 26.898879] kunit_try_run_case+0x1a5/0x480 [ 26.898905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.898930] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.898956] ? __kthread_parkme+0x82/0x180 [ 26.898977] ? preempt_count_sub+0x50/0x80 [ 26.899001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.899025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.899050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.899074] kthread+0x337/0x6f0 [ 26.899094] ? trace_preempt_on+0x20/0xc0 [ 26.899117] ? __pfx_kthread+0x10/0x10 [ 26.899139] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.899174] ? calculate_sigpending+0x7b/0xa0 [ 26.899198] ? __pfx_kthread+0x10/0x10 [ 26.899221] ret_from_fork+0x116/0x1d0 [ 26.899240] ? __pfx_kthread+0x10/0x10 [ 26.899261] ret_from_fork_asm+0x1a/0x30 [ 26.899292] </TASK> [ 26.899303] [ 26.911069] The buggy address belongs to stack of task kunit_try_catch/297 [ 26.911381] and is located at offset 138 in frame: [ 26.911746] kasan_stack_oob+0x0/0x300 [ 26.912080] [ 26.912200] This frame has 4 objects: [ 26.912449] [48, 49) '__assertion' [ 26.912665] [64, 72) 'array' [ 26.912818] [96, 112) '__assertion' [ 26.913013] [128, 138) 'stack_array' [ 26.913179] [ 26.913428] The buggy address belongs to the physical page: [ 26.913753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062d7 [ 26.914115] flags: 0x200000000000000(node=0|zone=2) [ 26.914382] raw: 0200000000000000 ffffea000418b5c8 ffffea000418b5c8 0000000000000000 [ 26.914693] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.915051] page dumped because: kasan: bad access detected [ 26.915265] [ 26.915332] Memory state around the buggy address: [ 26.915536] ffff8881062d7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.915881] ffff8881062d7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 26.916122] >ffff8881062d7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 26.916616] ^ [ 26.916758] ffff8881062d7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 26.917091] ffff8881062d7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.917412] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 26.865960] ================================================================== [ 26.866727] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 26.867155] Read of size 1 at addr ffffffffad4ca00d by task kunit_try_catch/293 [ 26.867551] [ 26.868038] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.868096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.868111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.868135] Call Trace: [ 26.868150] <TASK> [ 26.868184] dump_stack_lvl+0x73/0xb0 [ 26.868218] print_report+0xd1/0x640 [ 26.868242] ? __virt_addr_valid+0x1db/0x2d0 [ 26.868268] ? kasan_global_oob_right+0x286/0x2d0 [ 26.868290] ? kasan_addr_to_slab+0x11/0xa0 [ 26.868311] ? kasan_global_oob_right+0x286/0x2d0 [ 26.868334] kasan_report+0x141/0x180 [ 26.868357] ? kasan_global_oob_right+0x286/0x2d0 [ 26.868383] __asan_report_load1_noabort+0x18/0x20 [ 26.868408] kasan_global_oob_right+0x286/0x2d0 [ 26.868430] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 26.868456] ? __schedule+0x10da/0x2b60 [ 26.868494] ? __pfx_read_tsc+0x10/0x10 [ 26.868517] ? ktime_get_ts64+0x86/0x230 [ 26.868543] kunit_try_run_case+0x1a5/0x480 [ 26.868570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.868593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.868619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.868645] ? __kthread_parkme+0x82/0x180 [ 26.868667] ? preempt_count_sub+0x50/0x80 [ 26.868691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.868716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.868740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.868764] kthread+0x337/0x6f0 [ 26.868785] ? trace_preempt_on+0x20/0xc0 [ 26.868809] ? __pfx_kthread+0x10/0x10 [ 26.868842] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.868873] ? calculate_sigpending+0x7b/0xa0 [ 26.868897] ? __pfx_kthread+0x10/0x10 [ 26.868918] ret_from_fork+0x116/0x1d0 [ 26.868939] ? __pfx_kthread+0x10/0x10 [ 26.868960] ret_from_fork_asm+0x1a/0x30 [ 26.868991] </TASK> [ 26.869003] [ 26.880219] The buggy address belongs to the variable: [ 26.880841] global_array+0xd/0x40 [ 26.881185] [ 26.881337] The buggy address belongs to the physical page: [ 26.881914] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c0ca [ 26.882296] flags: 0x100000000002000(reserved|node=0|zone=1) [ 26.882843] raw: 0100000000002000 ffffea0000703288 ffffea0000703288 0000000000000000 [ 26.883311] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.883770] page dumped because: kasan: bad access detected [ 26.884005] [ 26.884101] Memory state around the buggy address: [ 26.884559] ffffffffad4c9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.884863] ffffffffad4c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.885336] >ffffffffad4ca000: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 26.885814] ^ [ 26.886011] ffffffffad4ca080: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 26.886547] ffffffffad4ca100: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 26.886975] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 26.837416] ================================================================== [ 26.837922] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.838294] Free of addr ffff888105890001 by task kunit_try_catch/291 [ 26.838586] [ 26.838692] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.838743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.838756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.838778] Call Trace: [ 26.838792] <TASK> [ 26.838809] dump_stack_lvl+0x73/0xb0 [ 26.838984] print_report+0xd1/0x640 [ 26.839017] ? __virt_addr_valid+0x1db/0x2d0 [ 26.839043] ? kasan_addr_to_slab+0x11/0xa0 [ 26.839063] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839090] kasan_report_invalid_free+0x10a/0x130 [ 26.839115] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839401] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839438] __kasan_mempool_poison_object+0x102/0x1d0 [ 26.839494] mempool_free+0x490/0x640 [ 26.839522] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.839548] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.839578] ? finish_task_switch.isra.0+0x153/0x700 [ 26.839603] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 26.839629] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 26.839657] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.839680] ? __pfx_mempool_kfree+0x10/0x10 [ 26.839705] ? __pfx_read_tsc+0x10/0x10 [ 26.839727] ? ktime_get_ts64+0x86/0x230 [ 26.839752] kunit_try_run_case+0x1a5/0x480 [ 26.839777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.839800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.839827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.839861] ? __kthread_parkme+0x82/0x180 [ 26.839881] ? preempt_count_sub+0x50/0x80 [ 26.839904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.839928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.839952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.839976] kthread+0x337/0x6f0 [ 26.839996] ? trace_preempt_on+0x20/0xc0 [ 26.840020] ? __pfx_kthread+0x10/0x10 [ 26.840041] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.840065] ? calculate_sigpending+0x7b/0xa0 [ 26.840089] ? __pfx_kthread+0x10/0x10 [ 26.840111] ret_from_fork+0x116/0x1d0 [ 26.840132] ? __pfx_kthread+0x10/0x10 [ 26.840291] ret_from_fork_asm+0x1a/0x30 [ 26.840326] </TASK> [ 26.840338] [ 26.853361] The buggy address belongs to the physical page: [ 26.853769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890 [ 26.854251] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.854748] flags: 0x200000000000040(head|node=0|zone=2) [ 26.855101] page_type: f8(unknown) [ 26.855366] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.855923] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.856271] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.857053] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.857606] head: 0200000000000002 ffffea0004162401 00000000ffffffff 00000000ffffffff [ 26.858075] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.858717] page dumped because: kasan: bad access detected [ 26.859121] [ 26.859244] Memory state around the buggy address: [ 26.859687] ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.860366] ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.860952] >ffff888105890000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.861515] ^ [ 26.861861] ffff888105890080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.862194] ffff888105890100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.862798] ================================================================== [ 26.804631] ================================================================== [ 26.805135] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.805718] Free of addr ffff888106002101 by task kunit_try_catch/289 [ 26.806356] [ 26.806471] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.806522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.806536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.806672] Call Trace: [ 26.806688] <TASK> [ 26.806704] dump_stack_lvl+0x73/0xb0 [ 26.806735] print_report+0xd1/0x640 [ 26.806757] ? __virt_addr_valid+0x1db/0x2d0 [ 26.806783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.806810] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.806851] kasan_report_invalid_free+0x10a/0x130 [ 26.807098] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807128] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807155] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807193] check_slab_allocation+0x11f/0x130 [ 26.807216] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.807241] mempool_free+0x490/0x640 [ 26.807268] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.807293] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.807320] ? kasan_save_track+0x18/0x40 [ 26.807341] ? kasan_save_alloc_info+0x3b/0x50 [ 26.807365] ? kasan_save_stack+0x45/0x70 [ 26.807389] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.807413] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.807441] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.807510] ? __pfx_mempool_kfree+0x10/0x10 [ 26.807538] ? __pfx_read_tsc+0x10/0x10 [ 26.807560] ? ktime_get_ts64+0x86/0x230 [ 26.807585] kunit_try_run_case+0x1a5/0x480 [ 26.807610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.807633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.807659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.807686] ? __kthread_parkme+0x82/0x180 [ 26.807706] ? preempt_count_sub+0x50/0x80 [ 26.807729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.807753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.807778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.807802] kthread+0x337/0x6f0 [ 26.807823] ? trace_preempt_on+0x20/0xc0 [ 26.807858] ? __pfx_kthread+0x10/0x10 [ 26.807878] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.807902] ? calculate_sigpending+0x7b/0xa0 [ 26.807925] ? __pfx_kthread+0x10/0x10 [ 26.807947] ret_from_fork+0x116/0x1d0 [ 26.807967] ? __pfx_kthread+0x10/0x10 [ 26.807988] ret_from_fork_asm+0x1a/0x30 [ 26.808019] </TASK> [ 26.808030] [ 26.820514] Allocated by task 289: [ 26.820709] kasan_save_stack+0x45/0x70 [ 26.820915] kasan_save_track+0x18/0x40 [ 26.821075] kasan_save_alloc_info+0x3b/0x50 [ 26.821613] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.821949] remove_element+0x11e/0x190 [ 26.822136] mempool_alloc_preallocated+0x4d/0x90 [ 26.822375] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 26.822923] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.823254] kunit_try_run_case+0x1a5/0x480 [ 26.823455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.823923] kthread+0x337/0x6f0 [ 26.824066] ret_from_fork+0x116/0x1d0 [ 26.824453] ret_from_fork_asm+0x1a/0x30 [ 26.824642] [ 26.824931] The buggy address belongs to the object at ffff888106002100 [ 26.824931] which belongs to the cache kmalloc-128 of size 128 [ 26.825666] The buggy address is located 1 bytes inside of [ 26.825666] 128-byte region [ffff888106002100, ffff888106002180) [ 26.826150] [ 26.826363] The buggy address belongs to the physical page: [ 26.826628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 26.827356] flags: 0x200000000000000(node=0|zone=2) [ 26.827954] page_type: f5(slab) [ 26.828384] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.829311] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.830176] page dumped because: kasan: bad access detected [ 26.830362] [ 26.830429] Memory state around the buggy address: [ 26.830882] ffff888106002000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.831558] ffff888106002080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.832132] >ffff888106002100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.832361] ^ [ 26.832638] ffff888106002180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.833325] ffff888106002200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.834077] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 26.781086] ================================================================== [ 26.781505] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.781742] Free of addr ffff888105890000 by task kunit_try_catch/287 [ 26.782001] [ 26.782087] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.782185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.782201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.782231] Call Trace: [ 26.782245] <TASK> [ 26.782259] dump_stack_lvl+0x73/0xb0 [ 26.782291] print_report+0xd1/0x640 [ 26.782316] ? __virt_addr_valid+0x1db/0x2d0 [ 26.782343] ? kasan_addr_to_slab+0x11/0xa0 [ 26.782366] ? mempool_double_free_helper+0x184/0x370 [ 26.782392] kasan_report_invalid_free+0x10a/0x130 [ 26.782420] ? mempool_double_free_helper+0x184/0x370 [ 26.782449] ? mempool_double_free_helper+0x184/0x370 [ 26.782475] __kasan_mempool_poison_pages+0x115/0x130 [ 26.782502] mempool_free+0x430/0x640 [ 26.782530] mempool_double_free_helper+0x184/0x370 [ 26.782556] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.782584] ? dequeue_entities+0x23f/0x1630 [ 26.782610] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.782633] ? finish_task_switch.isra.0+0x153/0x700 [ 26.783058] mempool_page_alloc_double_free+0xe8/0x140 [ 26.783102] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.783135] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.783170] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.783198] ? __pfx_read_tsc+0x10/0x10 [ 26.783221] ? ktime_get_ts64+0x86/0x230 [ 26.783247] kunit_try_run_case+0x1a5/0x480 [ 26.783273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.783298] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.783326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.783353] ? __kthread_parkme+0x82/0x180 [ 26.783375] ? preempt_count_sub+0x50/0x80 [ 26.783400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.783425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.783520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.783552] kthread+0x337/0x6f0 [ 26.783574] ? trace_preempt_on+0x20/0xc0 [ 26.783598] ? __pfx_kthread+0x10/0x10 [ 26.783620] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.783644] ? calculate_sigpending+0x7b/0xa0 [ 26.783669] ? __pfx_kthread+0x10/0x10 [ 26.783691] ret_from_fork+0x116/0x1d0 [ 26.783711] ? __pfx_kthread+0x10/0x10 [ 26.783731] ret_from_fork_asm+0x1a/0x30 [ 26.783763] </TASK> [ 26.783774] [ 26.796177] The buggy address belongs to the physical page: [ 26.796441] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890 [ 26.797525] flags: 0x200000000000000(node=0|zone=2) [ 26.797849] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.798324] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.798803] page dumped because: kasan: bad access detected [ 26.799032] [ 26.799128] Memory state around the buggy address: [ 26.799542] ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.799861] ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.800157] >ffff888105890000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.800728] ^ [ 26.800887] ffff888105890080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.801362] ffff888105890100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.801732] ================================================================== [ 26.752042] ================================================================== [ 26.752734] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.753731] Free of addr ffff888105890000 by task kunit_try_catch/285 [ 26.754666] [ 26.754807] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.754871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.754886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.754908] Call Trace: [ 26.754922] <TASK> [ 26.754938] dump_stack_lvl+0x73/0xb0 [ 26.754968] print_report+0xd1/0x640 [ 26.754992] ? __virt_addr_valid+0x1db/0x2d0 [ 26.755018] ? kasan_addr_to_slab+0x11/0xa0 [ 26.755040] ? mempool_double_free_helper+0x184/0x370 [ 26.755065] kasan_report_invalid_free+0x10a/0x130 [ 26.755090] ? mempool_double_free_helper+0x184/0x370 [ 26.755119] ? mempool_double_free_helper+0x184/0x370 [ 26.755142] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.755336] mempool_free+0x490/0x640 [ 26.755369] mempool_double_free_helper+0x184/0x370 [ 26.755396] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.755421] ? dequeue_entities+0x23f/0x1630 [ 26.755446] ? __kasan_check_write+0x18/0x20 [ 26.755510] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.755535] ? finish_task_switch.isra.0+0x153/0x700 [ 26.755561] mempool_kmalloc_large_double_free+0xed/0x140 [ 26.755588] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.755615] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.755638] ? __pfx_mempool_kfree+0x10/0x10 [ 26.755663] ? __pfx_read_tsc+0x10/0x10 [ 26.755684] ? ktime_get_ts64+0x86/0x230 [ 26.755712] kunit_try_run_case+0x1a5/0x480 [ 26.755737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.755760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.755786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.755812] ? __kthread_parkme+0x82/0x180 [ 26.755842] ? preempt_count_sub+0x50/0x80 [ 26.755865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.755889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.755913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.755938] kthread+0x337/0x6f0 [ 26.755958] ? trace_preempt_on+0x20/0xc0 [ 26.755981] ? __pfx_kthread+0x10/0x10 [ 26.756002] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.756026] ? calculate_sigpending+0x7b/0xa0 [ 26.756050] ? __pfx_kthread+0x10/0x10 [ 26.756072] ret_from_fork+0x116/0x1d0 [ 26.756092] ? __pfx_kthread+0x10/0x10 [ 26.756113] ret_from_fork_asm+0x1a/0x30 [ 26.756144] </TASK> [ 26.756156] [ 26.769147] The buggy address belongs to the physical page: [ 26.769384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105890 [ 26.770111] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.770538] flags: 0x200000000000040(head|node=0|zone=2) [ 26.770763] page_type: f8(unknown) [ 26.770927] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.771281] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.772005] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.772772] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.773256] head: 0200000000000002 ffffea0004162401 00000000ffffffff 00000000ffffffff [ 26.773801] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.774141] page dumped because: kasan: bad access detected [ 26.774375] [ 26.774759] Memory state around the buggy address: [ 26.775287] ffff88810588ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.775959] ffff88810588ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.776664] >ffff888105890000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.776980] ^ [ 26.777134] ffff888105890080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.778018] ffff888105890100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.778467] ================================================================== [ 26.724308] ================================================================== [ 26.725026] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.725372] Free of addr ffff8881058a9d00 by task kunit_try_catch/283 [ 26.725660] [ 26.725767] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.725816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.725842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.725866] Call Trace: [ 26.725879] <TASK> [ 26.725894] dump_stack_lvl+0x73/0xb0 [ 26.725925] print_report+0xd1/0x640 [ 26.725949] ? __virt_addr_valid+0x1db/0x2d0 [ 26.725975] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.726001] ? mempool_double_free_helper+0x184/0x370 [ 26.726026] kasan_report_invalid_free+0x10a/0x130 [ 26.726051] ? mempool_double_free_helper+0x184/0x370 [ 26.726077] ? mempool_double_free_helper+0x184/0x370 [ 26.726101] ? mempool_double_free_helper+0x184/0x370 [ 26.726125] check_slab_allocation+0x101/0x130 [ 26.726147] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.726186] mempool_free+0x490/0x640 [ 26.726214] mempool_double_free_helper+0x184/0x370 [ 26.726239] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.726267] ? finish_task_switch.isra.0+0x153/0x700 [ 26.726293] mempool_kmalloc_double_free+0xed/0x140 [ 26.726317] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.726345] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.726368] ? __pfx_mempool_kfree+0x10/0x10 [ 26.726395] ? __pfx_read_tsc+0x10/0x10 [ 26.726417] ? ktime_get_ts64+0x86/0x230 [ 26.726443] kunit_try_run_case+0x1a5/0x480 [ 26.726469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.726517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.726543] ? __kthread_parkme+0x82/0x180 [ 26.726563] ? preempt_count_sub+0x50/0x80 [ 26.726586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.726636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.726659] kthread+0x337/0x6f0 [ 26.726680] ? trace_preempt_on+0x20/0xc0 [ 26.726703] ? __pfx_kthread+0x10/0x10 [ 26.726724] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.726748] ? calculate_sigpending+0x7b/0xa0 [ 26.726772] ? __pfx_kthread+0x10/0x10 [ 26.726794] ret_from_fork+0x116/0x1d0 [ 26.726813] ? __pfx_kthread+0x10/0x10 [ 26.726843] ret_from_fork_asm+0x1a/0x30 [ 26.726875] </TASK> [ 26.726887] [ 26.735076] Allocated by task 283: [ 26.735206] kasan_save_stack+0x45/0x70 [ 26.735352] kasan_save_track+0x18/0x40 [ 26.735543] kasan_save_alloc_info+0x3b/0x50 [ 26.735752] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.736020] remove_element+0x11e/0x190 [ 26.736240] mempool_alloc_preallocated+0x4d/0x90 [ 26.736401] mempool_double_free_helper+0x8a/0x370 [ 26.736560] mempool_kmalloc_double_free+0xed/0x140 [ 26.736760] kunit_try_run_case+0x1a5/0x480 [ 26.736983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.737343] kthread+0x337/0x6f0 [ 26.737512] ret_from_fork+0x116/0x1d0 [ 26.737696] ret_from_fork_asm+0x1a/0x30 [ 26.737896] [ 26.737969] Freed by task 283: [ 26.738119] kasan_save_stack+0x45/0x70 [ 26.738305] kasan_save_track+0x18/0x40 [ 26.738470] kasan_save_free_info+0x3f/0x60 [ 26.738664] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.738903] mempool_free+0x490/0x640 [ 26.739102] mempool_double_free_helper+0x109/0x370 [ 26.739339] mempool_kmalloc_double_free+0xed/0x140 [ 26.739530] kunit_try_run_case+0x1a5/0x480 [ 26.739675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.739861] kthread+0x337/0x6f0 [ 26.739982] ret_from_fork+0x116/0x1d0 [ 26.740114] ret_from_fork_asm+0x1a/0x30 [ 26.740256] [ 26.740326] The buggy address belongs to the object at ffff8881058a9d00 [ 26.740326] which belongs to the cache kmalloc-128 of size 128 [ 26.740767] The buggy address is located 0 bytes inside of [ 26.740767] 128-byte region [ffff8881058a9d00, ffff8881058a9d80) [ 26.741480] [ 26.741580] The buggy address belongs to the physical page: [ 26.741850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 26.742257] flags: 0x200000000000000(node=0|zone=2) [ 26.742482] page_type: f5(slab) [ 26.742602] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.742846] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.743078] page dumped because: kasan: bad access detected [ 26.743249] [ 26.743315] Memory state around the buggy address: [ 26.743547] ffff8881058a9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.743877] ffff8881058a9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.744194] >ffff8881058a9d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.744519] ^ [ 26.744680] ffff8881058a9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.745018] ffff8881058a9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.745434] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 26.705081] ================================================================== [ 26.705508] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.706150] Read of size 1 at addr ffff88810588c000 by task kunit_try_catch/281 [ 26.706813] [ 26.707056] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.707110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.707125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.707149] Call Trace: [ 26.707163] <TASK> [ 26.707190] dump_stack_lvl+0x73/0xb0 [ 26.707222] print_report+0xd1/0x640 [ 26.707246] ? __virt_addr_valid+0x1db/0x2d0 [ 26.707271] ? mempool_uaf_helper+0x392/0x400 [ 26.707294] ? kasan_addr_to_slab+0x11/0xa0 [ 26.707315] ? mempool_uaf_helper+0x392/0x400 [ 26.707339] kasan_report+0x141/0x180 [ 26.707363] ? mempool_uaf_helper+0x392/0x400 [ 26.707390] __asan_report_load1_noabort+0x18/0x20 [ 26.707415] mempool_uaf_helper+0x392/0x400 [ 26.707438] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.707508] ? finish_task_switch.isra.0+0x153/0x700 [ 26.707537] mempool_page_alloc_uaf+0xed/0x140 [ 26.707563] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.707590] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.707616] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.707643] ? __pfx_read_tsc+0x10/0x10 [ 26.707666] ? ktime_get_ts64+0x86/0x230 [ 26.707692] kunit_try_run_case+0x1a5/0x480 [ 26.707719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.707742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.707768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.707794] ? __kthread_parkme+0x82/0x180 [ 26.707815] ? preempt_count_sub+0x50/0x80 [ 26.707850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.707875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.707900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.707924] kthread+0x337/0x6f0 [ 26.707945] ? trace_preempt_on+0x20/0xc0 [ 26.707970] ? __pfx_kthread+0x10/0x10 [ 26.707991] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.708015] ? calculate_sigpending+0x7b/0xa0 [ 26.708039] ? __pfx_kthread+0x10/0x10 [ 26.708061] ret_from_fork+0x116/0x1d0 [ 26.708081] ? __pfx_kthread+0x10/0x10 [ 26.708102] ret_from_fork_asm+0x1a/0x30 [ 26.708133] </TASK> [ 26.708145] [ 26.716028] The buggy address belongs to the physical page: [ 26.716217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10588c [ 26.716552] flags: 0x200000000000000(node=0|zone=2) [ 26.716977] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.717320] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.717653] page dumped because: kasan: bad access detected [ 26.718015] [ 26.718125] Memory state around the buggy address: [ 26.718384] ffff88810588bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.718883] ffff88810588bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.719224] >ffff88810588c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.719513] ^ [ 26.719689] ffff88810588c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.720025] ffff88810588c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.720328] ================================================================== [ 26.641536] ================================================================== [ 26.642102] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.642469] Read of size 1 at addr ffff8881061a8000 by task kunit_try_catch/277 [ 26.642779] [ 26.642877] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.642928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.642942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.642964] Call Trace: [ 26.642978] <TASK> [ 26.642993] dump_stack_lvl+0x73/0xb0 [ 26.643021] print_report+0xd1/0x640 [ 26.643045] ? __virt_addr_valid+0x1db/0x2d0 [ 26.643068] ? mempool_uaf_helper+0x392/0x400 [ 26.643091] ? kasan_addr_to_slab+0x11/0xa0 [ 26.643112] ? mempool_uaf_helper+0x392/0x400 [ 26.643135] kasan_report+0x141/0x180 [ 26.643158] ? mempool_uaf_helper+0x392/0x400 [ 26.643617] __asan_report_load1_noabort+0x18/0x20 [ 26.643645] mempool_uaf_helper+0x392/0x400 [ 26.643670] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.643697] ? finish_task_switch.isra.0+0x153/0x700 [ 26.643723] mempool_kmalloc_large_uaf+0xef/0x140 [ 26.643747] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 26.643774] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.643798] ? __pfx_mempool_kfree+0x10/0x10 [ 26.643824] ? __pfx_read_tsc+0x10/0x10 [ 26.643860] ? ktime_get_ts64+0x86/0x230 [ 26.643884] kunit_try_run_case+0x1a5/0x480 [ 26.643910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.643933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.643961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.643987] ? __kthread_parkme+0x82/0x180 [ 26.644008] ? preempt_count_sub+0x50/0x80 [ 26.644031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.644056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.644080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.644104] kthread+0x337/0x6f0 [ 26.644125] ? trace_preempt_on+0x20/0xc0 [ 26.644149] ? __pfx_kthread+0x10/0x10 [ 26.644179] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.644204] ? calculate_sigpending+0x7b/0xa0 [ 26.644228] ? __pfx_kthread+0x10/0x10 [ 26.644251] ret_from_fork+0x116/0x1d0 [ 26.644270] ? __pfx_kthread+0x10/0x10 [ 26.644292] ret_from_fork_asm+0x1a/0x30 [ 26.644323] </TASK> [ 26.644334] [ 26.654571] The buggy address belongs to the physical page: [ 26.654804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a8 [ 26.655134] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.655813] flags: 0x200000000000040(head|node=0|zone=2) [ 26.656162] page_type: f8(unknown) [ 26.656483] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.656843] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.657322] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.657768] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.658361] head: 0200000000000002 ffffea0004186a01 00000000ffffffff 00000000ffffffff [ 26.658933] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.659420] page dumped because: kasan: bad access detected [ 26.659754] [ 26.659993] Memory state around the buggy address: [ 26.660278] ffff8881061a7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.660700] ffff8881061a7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.661130] >ffff8881061a8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.661417] ^ [ 26.661580] ffff8881061a8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.662295] ffff8881061a8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.662776] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 26.670795] ================================================================== [ 26.671366] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.671843] Read of size 1 at addr ffff888106002240 by task kunit_try_catch/279 [ 26.672188] [ 26.672285] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.672337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.672351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.672374] Call Trace: [ 26.672388] <TASK> [ 26.672404] dump_stack_lvl+0x73/0xb0 [ 26.672436] print_report+0xd1/0x640 [ 26.672460] ? __virt_addr_valid+0x1db/0x2d0 [ 26.672484] ? mempool_uaf_helper+0x392/0x400 [ 26.672508] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.672534] ? mempool_uaf_helper+0x392/0x400 [ 26.672557] kasan_report+0x141/0x180 [ 26.672580] ? mempool_uaf_helper+0x392/0x400 [ 26.672607] __asan_report_load1_noabort+0x18/0x20 [ 26.672633] mempool_uaf_helper+0x392/0x400 [ 26.672920] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.672949] ? finish_task_switch.isra.0+0x153/0x700 [ 26.672976] mempool_slab_uaf+0xea/0x140 [ 26.673000] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 26.673024] ? __kasan_check_write+0x18/0x20 [ 26.673051] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.673078] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.673104] ? __pfx_read_tsc+0x10/0x10 [ 26.673128] ? ktime_get_ts64+0x86/0x230 [ 26.673151] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.673191] kunit_try_run_case+0x1a5/0x480 [ 26.673218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.673244] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.673270] ? __kthread_parkme+0x82/0x180 [ 26.673291] ? preempt_count_sub+0x50/0x80 [ 26.673316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.673343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.673366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.673391] kthread+0x337/0x6f0 [ 26.673411] ? trace_preempt_on+0x20/0xc0 [ 26.673434] ? __pfx_kthread+0x10/0x10 [ 26.673468] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.673493] ? calculate_sigpending+0x7b/0xa0 [ 26.673518] ? __pfx_kthread+0x10/0x10 [ 26.673540] ret_from_fork+0x116/0x1d0 [ 26.673561] ? __pfx_kthread+0x10/0x10 [ 26.673582] ret_from_fork_asm+0x1a/0x30 [ 26.673615] </TASK> [ 26.673626] [ 26.682162] Allocated by task 279: [ 26.682368] kasan_save_stack+0x45/0x70 [ 26.682904] kasan_save_track+0x18/0x40 [ 26.683118] kasan_save_alloc_info+0x3b/0x50 [ 26.683437] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.683700] remove_element+0x11e/0x190 [ 26.683861] mempool_alloc_preallocated+0x4d/0x90 [ 26.684093] mempool_uaf_helper+0x96/0x400 [ 26.684382] mempool_slab_uaf+0xea/0x140 [ 26.684672] kunit_try_run_case+0x1a5/0x480 [ 26.684885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.685148] kthread+0x337/0x6f0 [ 26.685319] ret_from_fork+0x116/0x1d0 [ 26.685505] ret_from_fork_asm+0x1a/0x30 [ 26.685745] [ 26.685851] Freed by task 279: [ 26.685967] kasan_save_stack+0x45/0x70 [ 26.686103] kasan_save_track+0x18/0x40 [ 26.686236] kasan_save_free_info+0x3f/0x60 [ 26.686382] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.686551] mempool_free+0x490/0x640 [ 26.686682] mempool_uaf_helper+0x11a/0x400 [ 26.686894] mempool_slab_uaf+0xea/0x140 [ 26.687276] kunit_try_run_case+0x1a5/0x480 [ 26.687534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.687791] kthread+0x337/0x6f0 [ 26.687970] ret_from_fork+0x116/0x1d0 [ 26.688146] ret_from_fork_asm+0x1a/0x30 [ 26.688450] [ 26.688589] The buggy address belongs to the object at ffff888106002240 [ 26.688589] which belongs to the cache test_cache of size 123 [ 26.689095] The buggy address is located 0 bytes inside of [ 26.689095] freed 123-byte region [ffff888106002240, ffff8881060022bb) [ 26.689604] [ 26.689705] The buggy address belongs to the physical page: [ 26.689983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106002 [ 26.690327] flags: 0x200000000000000(node=0|zone=2) [ 26.690595] page_type: f5(slab) [ 26.690759] raw: 0200000000000000 ffff888101d72b40 dead000000000122 0000000000000000 [ 26.691010] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.691636] page dumped because: kasan: bad access detected [ 26.691867] [ 26.691961] Memory state around the buggy address: [ 26.692180] ffff888106002100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.692614] ffff888106002180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.692932] >ffff888106002200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 26.693222] ^ [ 26.693551] ffff888106002280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.693857] ffff888106002300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.694126] ================================================================== [ 26.606575] ================================================================== [ 26.607107] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.607472] Read of size 1 at addr ffff8881058a9900 by task kunit_try_catch/275 [ 26.607906] [ 26.608095] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.608161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.608188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.608239] Call Trace: [ 26.608253] <TASK> [ 26.608270] dump_stack_lvl+0x73/0xb0 [ 26.608315] print_report+0xd1/0x640 [ 26.608339] ? __virt_addr_valid+0x1db/0x2d0 [ 26.608366] ? mempool_uaf_helper+0x392/0x400 [ 26.608388] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.608442] ? mempool_uaf_helper+0x392/0x400 [ 26.608465] kasan_report+0x141/0x180 [ 26.608498] ? mempool_uaf_helper+0x392/0x400 [ 26.608573] __asan_report_load1_noabort+0x18/0x20 [ 26.608635] mempool_uaf_helper+0x392/0x400 [ 26.608660] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.608695] ? dequeue_entities+0x23f/0x1630 [ 26.608724] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.608747] ? finish_task_switch.isra.0+0x153/0x700 [ 26.608774] mempool_kmalloc_uaf+0xef/0x140 [ 26.608798] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.608823] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.608859] ? __pfx_mempool_kfree+0x10/0x10 [ 26.608891] ? __pfx_read_tsc+0x10/0x10 [ 26.608914] ? ktime_get_ts64+0x86/0x230 [ 26.608942] kunit_try_run_case+0x1a5/0x480 [ 26.608970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.608993] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.609019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.609045] ? __kthread_parkme+0x82/0x180 [ 26.609067] ? preempt_count_sub+0x50/0x80 [ 26.609090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.609115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.609139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.609165] kthread+0x337/0x6f0 [ 26.609187] ? trace_preempt_on+0x20/0xc0 [ 26.609212] ? __pfx_kthread+0x10/0x10 [ 26.609233] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.609259] ? calculate_sigpending+0x7b/0xa0 [ 26.609285] ? __pfx_kthread+0x10/0x10 [ 26.609306] ret_from_fork+0x116/0x1d0 [ 26.609327] ? __pfx_kthread+0x10/0x10 [ 26.609349] ret_from_fork_asm+0x1a/0x30 [ 26.609380] </TASK> [ 26.609392] [ 26.622147] Allocated by task 275: [ 26.622329] kasan_save_stack+0x45/0x70 [ 26.622930] kasan_save_track+0x18/0x40 [ 26.623228] kasan_save_alloc_info+0x3b/0x50 [ 26.623429] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.623965] remove_element+0x11e/0x190 [ 26.624260] mempool_alloc_preallocated+0x4d/0x90 [ 26.624640] mempool_uaf_helper+0x96/0x400 [ 26.624983] mempool_kmalloc_uaf+0xef/0x140 [ 26.625349] kunit_try_run_case+0x1a5/0x480 [ 26.625772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.626149] kthread+0x337/0x6f0 [ 26.626613] ret_from_fork+0x116/0x1d0 [ 26.626930] ret_from_fork_asm+0x1a/0x30 [ 26.627236] [ 26.627339] Freed by task 275: [ 26.627657] kasan_save_stack+0x45/0x70 [ 26.627958] kasan_save_track+0x18/0x40 [ 26.628137] kasan_save_free_info+0x3f/0x60 [ 26.628371] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.628731] mempool_free+0x490/0x640 [ 26.629100] mempool_uaf_helper+0x11a/0x400 [ 26.629635] mempool_kmalloc_uaf+0xef/0x140 [ 26.629865] kunit_try_run_case+0x1a5/0x480 [ 26.630235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.630731] kthread+0x337/0x6f0 [ 26.631040] ret_from_fork+0x116/0x1d0 [ 26.631264] ret_from_fork_asm+0x1a/0x30 [ 26.631688] [ 26.631789] The buggy address belongs to the object at ffff8881058a9900 [ 26.631789] which belongs to the cache kmalloc-128 of size 128 [ 26.632599] The buggy address is located 0 bytes inside of [ 26.632599] freed 128-byte region [ffff8881058a9900, ffff8881058a9980) [ 26.633117] [ 26.633414] The buggy address belongs to the physical page: [ 26.633619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 26.634024] flags: 0x200000000000000(node=0|zone=2) [ 26.634264] page_type: f5(slab) [ 26.634390] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.634982] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.635289] page dumped because: kasan: bad access detected [ 26.635547] [ 26.635644] Memory state around the buggy address: [ 26.635852] ffff8881058a9800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.636123] ffff8881058a9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.636549] >ffff8881058a9900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.636849] ^ [ 26.636973] ffff8881058a9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.637259] ffff8881058a9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.637635] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 26.572819] ================================================================== [ 26.573387] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.573881] Read of size 1 at addr ffff8881058a62bb by task kunit_try_catch/273 [ 26.574297] [ 26.574405] CPU: 1 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.574488] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.574502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.574525] Call Trace: [ 26.574550] <TASK> [ 26.574584] dump_stack_lvl+0x73/0xb0 [ 26.574619] print_report+0xd1/0x640 [ 26.574657] ? __virt_addr_valid+0x1db/0x2d0 [ 26.574698] ? mempool_oob_right_helper+0x318/0x380 [ 26.574723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.574751] ? mempool_oob_right_helper+0x318/0x380 [ 26.574824] kasan_report+0x141/0x180 [ 26.574872] ? mempool_oob_right_helper+0x318/0x380 [ 26.574903] __asan_report_load1_noabort+0x18/0x20 [ 26.574929] mempool_oob_right_helper+0x318/0x380 [ 26.574955] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.574983] ? finish_task_switch.isra.0+0x153/0x700 [ 26.575011] mempool_slab_oob_right+0xed/0x140 [ 26.575035] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 26.575063] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.575089] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.575116] ? __pfx_read_tsc+0x10/0x10 [ 26.575139] ? ktime_get_ts64+0x86/0x230 [ 26.575180] kunit_try_run_case+0x1a5/0x480 [ 26.575208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.575232] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.575260] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.575286] ? __kthread_parkme+0x82/0x180 [ 26.575308] ? preempt_count_sub+0x50/0x80 [ 26.575331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.575356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.575382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.575407] kthread+0x337/0x6f0 [ 26.575428] ? trace_preempt_on+0x20/0xc0 [ 26.575453] ? __pfx_kthread+0x10/0x10 [ 26.575514] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.575539] ? calculate_sigpending+0x7b/0xa0 [ 26.575563] ? __pfx_kthread+0x10/0x10 [ 26.575586] ret_from_fork+0x116/0x1d0 [ 26.575607] ? __pfx_kthread+0x10/0x10 [ 26.575628] ret_from_fork_asm+0x1a/0x30 [ 26.575662] </TASK> [ 26.575692] [ 26.585184] Allocated by task 273: [ 26.585370] kasan_save_stack+0x45/0x70 [ 26.585731] kasan_save_track+0x18/0x40 [ 26.585957] kasan_save_alloc_info+0x3b/0x50 [ 26.586186] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.586553] remove_element+0x11e/0x190 [ 26.586763] mempool_alloc_preallocated+0x4d/0x90 [ 26.586953] mempool_oob_right_helper+0x8a/0x380 [ 26.587189] mempool_slab_oob_right+0xed/0x140 [ 26.587448] kunit_try_run_case+0x1a5/0x480 [ 26.587714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.587972] kthread+0x337/0x6f0 [ 26.588138] ret_from_fork+0x116/0x1d0 [ 26.588329] ret_from_fork_asm+0x1a/0x30 [ 26.588699] [ 26.588802] The buggy address belongs to the object at ffff8881058a6240 [ 26.588802] which belongs to the cache test_cache of size 123 [ 26.589603] The buggy address is located 0 bytes to the right of [ 26.589603] allocated 123-byte region [ffff8881058a6240, ffff8881058a62bb) [ 26.590074] [ 26.590203] The buggy address belongs to the physical page: [ 26.590694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a6 [ 26.591096] flags: 0x200000000000000(node=0|zone=2) [ 26.591380] page_type: f5(slab) [ 26.591557] raw: 0200000000000000 ffff888101d72a00 dead000000000122 0000000000000000 [ 26.591990] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.592361] page dumped because: kasan: bad access detected [ 26.592668] [ 26.592769] Memory state around the buggy address: [ 26.593024] ffff8881058a6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.593406] ffff8881058a6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 26.594018] >ffff8881058a6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 26.594318] ^ [ 26.594483] ffff8881058a6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.595031] ffff8881058a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.595542] ================================================================== [ 26.520324] ================================================================== [ 26.521010] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.521590] Read of size 1 at addr ffff888104975373 by task kunit_try_catch/269 [ 26.521840] [ 26.521936] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.521992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.522005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.522029] Call Trace: [ 26.522044] <TASK> [ 26.522061] dump_stack_lvl+0x73/0xb0 [ 26.522093] print_report+0xd1/0x640 [ 26.522117] ? __virt_addr_valid+0x1db/0x2d0 [ 26.522143] ? mempool_oob_right_helper+0x318/0x380 [ 26.522171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.522199] ? mempool_oob_right_helper+0x318/0x380 [ 26.522224] kasan_report+0x141/0x180 [ 26.522248] ? mempool_oob_right_helper+0x318/0x380 [ 26.522277] __asan_report_load1_noabort+0x18/0x20 [ 26.522302] mempool_oob_right_helper+0x318/0x380 [ 26.522327] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.522352] ? dequeue_entities+0x23f/0x1630 [ 26.522415] ? __kasan_check_write+0x18/0x20 [ 26.522442] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.522466] ? finish_task_switch.isra.0+0x153/0x700 [ 26.522493] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.522518] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 26.522545] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.522571] ? __pfx_mempool_kfree+0x10/0x10 [ 26.522596] ? __pfx_read_tsc+0x10/0x10 [ 26.522620] ? ktime_get_ts64+0x86/0x230 [ 26.522645] kunit_try_run_case+0x1a5/0x480 [ 26.522672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.522706] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.522733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.522768] ? __kthread_parkme+0x82/0x180 [ 26.522789] ? preempt_count_sub+0x50/0x80 [ 26.522813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.522848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.522873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.522896] kthread+0x337/0x6f0 [ 26.522917] ? trace_preempt_on+0x20/0xc0 [ 26.522941] ? __pfx_kthread+0x10/0x10 [ 26.522962] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.522987] ? calculate_sigpending+0x7b/0xa0 [ 26.523011] ? __pfx_kthread+0x10/0x10 [ 26.523033] ret_from_fork+0x116/0x1d0 [ 26.523054] ? __pfx_kthread+0x10/0x10 [ 26.523076] ret_from_fork_asm+0x1a/0x30 [ 26.523109] </TASK> [ 26.523121] [ 26.533753] Allocated by task 269: [ 26.533967] kasan_save_stack+0x45/0x70 [ 26.534175] kasan_save_track+0x18/0x40 [ 26.534375] kasan_save_alloc_info+0x3b/0x50 [ 26.534678] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.535024] remove_element+0x11e/0x190 [ 26.535253] mempool_alloc_preallocated+0x4d/0x90 [ 26.535461] mempool_oob_right_helper+0x8a/0x380 [ 26.535621] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.535878] kunit_try_run_case+0x1a5/0x480 [ 26.536152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.536398] kthread+0x337/0x6f0 [ 26.536666] ret_from_fork+0x116/0x1d0 [ 26.537192] ret_from_fork_asm+0x1a/0x30 [ 26.537418] [ 26.537512] The buggy address belongs to the object at ffff888104975300 [ 26.537512] which belongs to the cache kmalloc-128 of size 128 [ 26.538055] The buggy address is located 0 bytes to the right of [ 26.538055] allocated 115-byte region [ffff888104975300, ffff888104975373) [ 26.538959] [ 26.539075] The buggy address belongs to the physical page: [ 26.539306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104975 [ 26.539919] flags: 0x200000000000000(node=0|zone=2) [ 26.540139] page_type: f5(slab) [ 26.540516] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.540861] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.541258] page dumped because: kasan: bad access detected [ 26.541491] [ 26.541849] Memory state around the buggy address: [ 26.542033] ffff888104975200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.542461] ffff888104975280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.542858] >ffff888104975300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.543144] ^ [ 26.543524] ffff888104975380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.543934] ffff888104975400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.544273] ================================================================== [ 26.547314] ================================================================== [ 26.547932] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.548469] Read of size 1 at addr ffff8881061aa001 by task kunit_try_catch/271 [ 26.548910] [ 26.549007] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 26.549057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.549070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.549092] Call Trace: [ 26.549105] <TASK> [ 26.549120] dump_stack_lvl+0x73/0xb0 [ 26.549149] print_report+0xd1/0x640 [ 26.549173] ? __virt_addr_valid+0x1db/0x2d0 [ 26.549196] ? mempool_oob_right_helper+0x318/0x380 [ 26.549219] ? kasan_addr_to_slab+0x11/0xa0 [ 26.549241] ? mempool_oob_right_helper+0x318/0x380 [ 26.549264] kasan_report+0x141/0x180 [ 26.549287] ? mempool_oob_right_helper+0x318/0x380 [ 26.549315] __asan_report_load1_noabort+0x18/0x20 [ 26.549339] mempool_oob_right_helper+0x318/0x380 [ 26.549365] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.549393] ? dequeue_entities+0x23f/0x1630 [ 26.549419] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.549455] ? finish_task_switch.isra.0+0x153/0x700 [ 26.549481] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 26.549568] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 26.549596] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.549621] ? __pfx_mempool_kfree+0x10/0x10 [ 26.549646] ? __pfx_read_tsc+0x10/0x10 [ 26.549668] ? ktime_get_ts64+0x86/0x230 [ 26.549692] kunit_try_run_case+0x1a5/0x480 [ 26.549717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.549740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.549765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.549791] ? __kthread_parkme+0x82/0x180 [ 26.549811] ? preempt_count_sub+0x50/0x80 [ 26.549848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.549873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.549898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.549923] kthread+0x337/0x6f0 [ 26.549943] ? trace_preempt_on+0x20/0xc0 [ 26.549966] ? __pfx_kthread+0x10/0x10 [ 26.549986] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.550010] ? calculate_sigpending+0x7b/0xa0 [ 26.550034] ? __pfx_kthread+0x10/0x10 [ 26.550056] ret_from_fork+0x116/0x1d0 [ 26.550075] ? __pfx_kthread+0x10/0x10 [ 26.550097] ret_from_fork_asm+0x1a/0x30 [ 26.550127] </TASK> [ 26.550139] [ 26.561121] The buggy address belongs to the physical page: [ 26.561318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061a8 [ 26.561652] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.562051] flags: 0x200000000000040(head|node=0|zone=2) [ 26.562502] page_type: f8(unknown) [ 26.562685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.563006] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.563907] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.564217] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.564678] head: 0200000000000002 ffffea0004186a01 00000000ffffffff 00000000ffffffff [ 26.565011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.565394] page dumped because: kasan: bad access detected [ 26.565655] [ 26.565735] Memory state around the buggy address: [ 26.565998] ffff8881061a9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.566311] ffff8881061a9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.566657] >ffff8881061aa000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.567130] ^ [ 26.567350] ffff8881061aa080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.567676] ffff8881061aa100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.568010] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 25.947209] ================================================================== [ 25.947885] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 25.948160] Read of size 1 at addr ffff8881016538c0 by task kunit_try_catch/263 [ 25.948391] [ 25.948480] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.948532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.948546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.948570] Call Trace: [ 25.948583] <TASK> [ 25.948601] dump_stack_lvl+0x73/0xb0 [ 25.948633] print_report+0xd1/0x640 [ 25.948657] ? __virt_addr_valid+0x1db/0x2d0 [ 25.948684] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.948708] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.948734] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.948760] kasan_report+0x141/0x180 [ 25.948782] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.948810] ? kmem_cache_double_destroy+0x1bf/0x380 [ 25.949216] __kasan_check_byte+0x3d/0x50 [ 25.949253] kmem_cache_destroy+0x25/0x1d0 [ 25.949286] kmem_cache_double_destroy+0x1bf/0x380 [ 25.949312] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 25.949338] ? finish_task_switch.isra.0+0x153/0x700 [ 25.949362] ? __switch_to+0x47/0xf80 [ 25.949393] ? __pfx_read_tsc+0x10/0x10 [ 25.949416] ? ktime_get_ts64+0x86/0x230 [ 25.949737] kunit_try_run_case+0x1a5/0x480 [ 25.949781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.949807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.949849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.949875] ? __kthread_parkme+0x82/0x180 [ 25.949897] ? preempt_count_sub+0x50/0x80 [ 25.949920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.949944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.949969] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.949994] kthread+0x337/0x6f0 [ 25.950014] ? trace_preempt_on+0x20/0xc0 [ 25.950039] ? __pfx_kthread+0x10/0x10 [ 25.950061] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.950084] ? calculate_sigpending+0x7b/0xa0 [ 25.950109] ? __pfx_kthread+0x10/0x10 [ 25.950130] ret_from_fork+0x116/0x1d0 [ 25.950173] ? __pfx_kthread+0x10/0x10 [ 25.950195] ret_from_fork_asm+0x1a/0x30 [ 25.950227] </TASK> [ 25.950239] [ 25.961301] Allocated by task 263: [ 25.961606] kasan_save_stack+0x45/0x70 [ 25.961827] kasan_save_track+0x18/0x40 [ 25.961991] kasan_save_alloc_info+0x3b/0x50 [ 25.962266] __kasan_slab_alloc+0x91/0xa0 [ 25.962587] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.962814] __kmem_cache_create_args+0x169/0x240 [ 25.963057] kmem_cache_double_destroy+0xd5/0x380 [ 25.963321] kunit_try_run_case+0x1a5/0x480 [ 25.963641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.963937] kthread+0x337/0x6f0 [ 25.964139] ret_from_fork+0x116/0x1d0 [ 25.964362] ret_from_fork_asm+0x1a/0x30 [ 25.964711] [ 25.964859] Freed by task 263: [ 25.965040] kasan_save_stack+0x45/0x70 [ 25.965197] kasan_save_track+0x18/0x40 [ 25.965386] kasan_save_free_info+0x3f/0x60 [ 25.965549] __kasan_slab_free+0x56/0x70 [ 25.965724] kmem_cache_free+0x249/0x420 [ 25.966055] slab_kmem_cache_release+0x2e/0x40 [ 25.966309] kmem_cache_release+0x16/0x20 [ 25.966519] kobject_put+0x181/0x450 [ 25.966663] sysfs_slab_release+0x16/0x20 [ 25.966910] kmem_cache_destroy+0xf0/0x1d0 [ 25.967194] kmem_cache_double_destroy+0x14e/0x380 [ 25.967437] kunit_try_run_case+0x1a5/0x480 [ 25.967770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.968060] kthread+0x337/0x6f0 [ 25.968237] ret_from_fork+0x116/0x1d0 [ 25.968644] ret_from_fork_asm+0x1a/0x30 [ 25.968848] [ 25.968984] The buggy address belongs to the object at ffff8881016538c0 [ 25.968984] which belongs to the cache kmem_cache of size 208 [ 25.969506] The buggy address is located 0 bytes inside of [ 25.969506] freed 208-byte region [ffff8881016538c0, ffff888101653990) [ 25.970075] [ 25.970238] The buggy address belongs to the physical page: [ 25.970508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101653 [ 25.970948] flags: 0x200000000000000(node=0|zone=2) [ 25.971219] page_type: f5(slab) [ 25.971346] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 25.971843] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 25.972196] page dumped because: kasan: bad access detected [ 25.972647] [ 25.972747] Memory state around the buggy address: [ 25.972943] ffff888101653780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.973326] ffff888101653800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 25.973624] >ffff888101653880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 25.974016] ^ [ 25.974310] ffff888101653900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.974734] ffff888101653980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.975029] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 25.891809] ================================================================== [ 25.892313] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.892661] Read of size 1 at addr ffff8881058a0000 by task kunit_try_catch/261 [ 25.892964] [ 25.893057] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.893109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.893122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.893146] Call Trace: [ 25.893160] <TASK> [ 25.893177] dump_stack_lvl+0x73/0xb0 [ 25.893209] print_report+0xd1/0x640 [ 25.893232] ? __virt_addr_valid+0x1db/0x2d0 [ 25.893258] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.893281] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.893307] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.893331] kasan_report+0x141/0x180 [ 25.893353] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.893381] __asan_report_load1_noabort+0x18/0x20 [ 25.893406] kmem_cache_rcu_uaf+0x3e3/0x510 [ 25.893429] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 25.893452] ? finish_task_switch.isra.0+0x153/0x700 [ 25.893475] ? __switch_to+0x47/0xf80 [ 25.893505] ? __pfx_read_tsc+0x10/0x10 [ 25.893527] ? ktime_get_ts64+0x86/0x230 [ 25.893554] kunit_try_run_case+0x1a5/0x480 [ 25.893580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.893603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.893630] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.893655] ? __kthread_parkme+0x82/0x180 [ 25.893676] ? preempt_count_sub+0x50/0x80 [ 25.893699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.893723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.893747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.893771] kthread+0x337/0x6f0 [ 25.893791] ? trace_preempt_on+0x20/0xc0 [ 25.893817] ? __pfx_kthread+0x10/0x10 [ 25.893880] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.893906] ? calculate_sigpending+0x7b/0xa0 [ 25.893931] ? __pfx_kthread+0x10/0x10 [ 25.893978] ret_from_fork+0x116/0x1d0 [ 25.893999] ? __pfx_kthread+0x10/0x10 [ 25.894020] ret_from_fork_asm+0x1a/0x30 [ 25.894052] </TASK> [ 25.894064] [ 25.902925] Allocated by task 261: [ 25.903328] kasan_save_stack+0x45/0x70 [ 25.903606] kasan_save_track+0x18/0x40 [ 25.903753] kasan_save_alloc_info+0x3b/0x50 [ 25.903969] __kasan_slab_alloc+0x91/0xa0 [ 25.904170] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.904548] kmem_cache_rcu_uaf+0x155/0x510 [ 25.904755] kunit_try_run_case+0x1a5/0x480 [ 25.904989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.905219] kthread+0x337/0x6f0 [ 25.905388] ret_from_fork+0x116/0x1d0 [ 25.905599] ret_from_fork_asm+0x1a/0x30 [ 25.905742] [ 25.905810] Freed by task 0: [ 25.905954] kasan_save_stack+0x45/0x70 [ 25.906146] kasan_save_track+0x18/0x40 [ 25.906490] kasan_save_free_info+0x3f/0x60 [ 25.906673] __kasan_slab_free+0x56/0x70 [ 25.906813] slab_free_after_rcu_debug+0xe4/0x310 [ 25.907048] rcu_core+0x66f/0x1c40 [ 25.907435] rcu_core_si+0x12/0x20 [ 25.907723] handle_softirqs+0x209/0x730 [ 25.907895] __irq_exit_rcu+0xc9/0x110 [ 25.908106] irq_exit_rcu+0x12/0x20 [ 25.908341] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.908599] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.908915] [ 25.909013] Last potentially related work creation: [ 25.909260] kasan_save_stack+0x45/0x70 [ 25.909447] kasan_record_aux_stack+0xb2/0xc0 [ 25.909647] kmem_cache_free+0x131/0x420 [ 25.909787] kmem_cache_rcu_uaf+0x194/0x510 [ 25.910024] kunit_try_run_case+0x1a5/0x480 [ 25.910229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.910562] kthread+0x337/0x6f0 [ 25.910824] ret_from_fork+0x116/0x1d0 [ 25.911027] ret_from_fork_asm+0x1a/0x30 [ 25.911723] [ 25.911827] The buggy address belongs to the object at ffff8881058a0000 [ 25.911827] which belongs to the cache test_cache of size 200 [ 25.912808] The buggy address is located 0 bytes inside of [ 25.912808] freed 200-byte region [ffff8881058a0000, ffff8881058a00c8) [ 25.913689] [ 25.913814] The buggy address belongs to the physical page: [ 25.914057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a0 [ 25.915158] flags: 0x200000000000000(node=0|zone=2) [ 25.915560] page_type: f5(slab) [ 25.915734] raw: 0200000000000000 ffff888101d72640 dead000000000122 0000000000000000 [ 25.916058] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.916857] page dumped because: kasan: bad access detected [ 25.917320] [ 25.917413] Memory state around the buggy address: [ 25.917905] ffff88810589ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.918454] ffff88810589ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.919156] >ffff8881058a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.919725] ^ [ 25.919998] ffff8881058a0080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.920687] ffff8881058a0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.921004] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 25.833044] ================================================================== [ 25.833885] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.834146] Free of addr ffff88810497d001 by task kunit_try_catch/259 [ 25.834682] [ 25.834783] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.835090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.835108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.835131] Call Trace: [ 25.835145] <TASK> [ 25.835162] dump_stack_lvl+0x73/0xb0 [ 25.835320] print_report+0xd1/0x640 [ 25.835345] ? __virt_addr_valid+0x1db/0x2d0 [ 25.835372] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.835398] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835423] kasan_report_invalid_free+0x10a/0x130 [ 25.835447] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835520] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835545] check_slab_allocation+0x11f/0x130 [ 25.835567] __kasan_slab_pre_free+0x28/0x40 [ 25.835589] kmem_cache_free+0xed/0x420 [ 25.835609] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.835634] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.835660] kmem_cache_invalid_free+0x1d8/0x460 [ 25.835685] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.835708] ? finish_task_switch.isra.0+0x153/0x700 [ 25.835730] ? __switch_to+0x47/0xf80 [ 25.835760] ? __pfx_read_tsc+0x10/0x10 [ 25.835782] ? ktime_get_ts64+0x86/0x230 [ 25.835808] kunit_try_run_case+0x1a5/0x480 [ 25.835846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.835896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.835926] ? __kthread_parkme+0x82/0x180 [ 25.835946] ? preempt_count_sub+0x50/0x80 [ 25.835969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.835994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.836018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.836042] kthread+0x337/0x6f0 [ 25.836062] ? trace_preempt_on+0x20/0xc0 [ 25.836087] ? __pfx_kthread+0x10/0x10 [ 25.836108] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.836131] ? calculate_sigpending+0x7b/0xa0 [ 25.836156] ? __pfx_kthread+0x10/0x10 [ 25.836186] ret_from_fork+0x116/0x1d0 [ 25.836207] ? __pfx_kthread+0x10/0x10 [ 25.836228] ret_from_fork_asm+0x1a/0x30 [ 25.836261] </TASK> [ 25.836272] [ 25.848558] Allocated by task 259: [ 25.848735] kasan_save_stack+0x45/0x70 [ 25.848961] kasan_save_track+0x18/0x40 [ 25.849142] kasan_save_alloc_info+0x3b/0x50 [ 25.849409] __kasan_slab_alloc+0x91/0xa0 [ 25.849558] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.849936] kmem_cache_invalid_free+0x157/0x460 [ 25.850235] kunit_try_run_case+0x1a5/0x480 [ 25.850808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.851182] kthread+0x337/0x6f0 [ 25.851478] ret_from_fork+0x116/0x1d0 [ 25.851819] ret_from_fork_asm+0x1a/0x30 [ 25.852117] [ 25.852217] The buggy address belongs to the object at ffff88810497d000 [ 25.852217] which belongs to the cache test_cache of size 200 [ 25.853094] The buggy address is located 1 bytes inside of [ 25.853094] 200-byte region [ffff88810497d000, ffff88810497d0c8) [ 25.854103] [ 25.854220] The buggy address belongs to the physical page: [ 25.854427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10497d [ 25.855044] flags: 0x200000000000000(node=0|zone=2) [ 25.855281] page_type: f5(slab) [ 25.855496] raw: 0200000000000000 ffff888101653780 dead000000000122 0000000000000000 [ 25.855902] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.856184] page dumped because: kasan: bad access detected [ 25.856633] [ 25.856894] Memory state around the buggy address: [ 25.857123] ffff88810497cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.857688] ffff88810497cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.858149] >ffff88810497d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.858511] ^ [ 25.858849] ffff88810497d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.859253] ffff88810497d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.859712] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 25.787414] ================================================================== [ 25.787785] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 25.788033] Free of addr ffff8881055f5000 by task kunit_try_catch/257 [ 25.788231] [ 25.788317] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.788367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.788379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.788402] Call Trace: [ 25.788414] <TASK> [ 25.788431] dump_stack_lvl+0x73/0xb0 [ 25.788462] print_report+0xd1/0x640 [ 25.788484] ? __virt_addr_valid+0x1db/0x2d0 [ 25.788509] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.788534] ? kmem_cache_double_free+0x1e5/0x480 [ 25.788558] kasan_report_invalid_free+0x10a/0x130 [ 25.788582] ? kmem_cache_double_free+0x1e5/0x480 [ 25.788607] ? kmem_cache_double_free+0x1e5/0x480 [ 25.788631] check_slab_allocation+0x101/0x130 [ 25.788652] __kasan_slab_pre_free+0x28/0x40 [ 25.788672] kmem_cache_free+0xed/0x420 [ 25.788692] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.788716] ? kmem_cache_double_free+0x1e5/0x480 [ 25.788742] kmem_cache_double_free+0x1e5/0x480 [ 25.788766] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 25.788789] ? finish_task_switch.isra.0+0x153/0x700 [ 25.788811] ? __switch_to+0x47/0xf80 [ 25.788863] ? __pfx_read_tsc+0x10/0x10 [ 25.788918] ? ktime_get_ts64+0x86/0x230 [ 25.788945] kunit_try_run_case+0x1a5/0x480 [ 25.788972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.788994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.789020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.789045] ? __kthread_parkme+0x82/0x180 [ 25.789066] ? preempt_count_sub+0x50/0x80 [ 25.789089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.789113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.789137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.789160] kthread+0x337/0x6f0 [ 25.789194] ? trace_preempt_on+0x20/0xc0 [ 25.789220] ? __pfx_kthread+0x10/0x10 [ 25.789274] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.789297] ? calculate_sigpending+0x7b/0xa0 [ 25.789321] ? __pfx_kthread+0x10/0x10 [ 25.789343] ret_from_fork+0x116/0x1d0 [ 25.789362] ? __pfx_kthread+0x10/0x10 [ 25.789382] ret_from_fork_asm+0x1a/0x30 [ 25.789413] </TASK> [ 25.789425] [ 25.805075] Allocated by task 257: [ 25.805263] kasan_save_stack+0x45/0x70 [ 25.805637] kasan_save_track+0x18/0x40 [ 25.806115] kasan_save_alloc_info+0x3b/0x50 [ 25.806589] __kasan_slab_alloc+0x91/0xa0 [ 25.807023] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.807362] kmem_cache_double_free+0x14f/0x480 [ 25.807792] kunit_try_run_case+0x1a5/0x480 [ 25.807996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.808181] kthread+0x337/0x6f0 [ 25.808514] ret_from_fork+0x116/0x1d0 [ 25.808973] ret_from_fork_asm+0x1a/0x30 [ 25.809410] [ 25.809519] Freed by task 257: [ 25.809858] kasan_save_stack+0x45/0x70 [ 25.810177] kasan_save_track+0x18/0x40 [ 25.810398] kasan_save_free_info+0x3f/0x60 [ 25.810793] __kasan_slab_free+0x56/0x70 [ 25.811112] kmem_cache_free+0x249/0x420 [ 25.811265] kmem_cache_double_free+0x16a/0x480 [ 25.811792] kunit_try_run_case+0x1a5/0x480 [ 25.812120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.812562] kthread+0x337/0x6f0 [ 25.812879] ret_from_fork+0x116/0x1d0 [ 25.813009] ret_from_fork_asm+0x1a/0x30 [ 25.813142] [ 25.813233] The buggy address belongs to the object at ffff8881055f5000 [ 25.813233] which belongs to the cache test_cache of size 200 [ 25.814414] The buggy address is located 0 bytes inside of [ 25.814414] 200-byte region [ffff8881055f5000, ffff8881055f50c8) [ 25.815181] [ 25.815254] The buggy address belongs to the physical page: [ 25.815821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055f5 [ 25.816202] flags: 0x200000000000000(node=0|zone=2) [ 25.816733] page_type: f5(slab) [ 25.816970] raw: 0200000000000000 ffff888101d72500 dead000000000122 0000000000000000 [ 25.817477] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.818126] page dumped because: kasan: bad access detected [ 25.818333] [ 25.818471] Memory state around the buggy address: [ 25.818984] ffff8881055f4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.819446] ffff8881055f4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.820141] >ffff8881055f5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.820877] ^ [ 25.821156] ffff8881055f5080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.821574] ffff8881055f5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.822040] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 25.741070] ================================================================== [ 25.741797] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 25.742113] Read of size 1 at addr ffff88810497b0c8 by task kunit_try_catch/255 [ 25.742903] [ 25.743042] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.743096] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.743109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.743130] Call Trace: [ 25.743144] <TASK> [ 25.743161] dump_stack_lvl+0x73/0xb0 [ 25.743194] print_report+0xd1/0x640 [ 25.743217] ? __virt_addr_valid+0x1db/0x2d0 [ 25.743242] ? kmem_cache_oob+0x402/0x530 [ 25.743265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.743292] ? kmem_cache_oob+0x402/0x530 [ 25.743315] kasan_report+0x141/0x180 [ 25.743337] ? kmem_cache_oob+0x402/0x530 [ 25.743364] __asan_report_load1_noabort+0x18/0x20 [ 25.743390] kmem_cache_oob+0x402/0x530 [ 25.743412] ? trace_hardirqs_on+0x37/0xe0 [ 25.743436] ? __pfx_kmem_cache_oob+0x10/0x10 [ 25.743643] ? finish_task_switch.isra.0+0x153/0x700 [ 25.743673] ? __switch_to+0x47/0xf80 [ 25.743729] ? __pfx_read_tsc+0x10/0x10 [ 25.743787] ? ktime_get_ts64+0x86/0x230 [ 25.743816] kunit_try_run_case+0x1a5/0x480 [ 25.743852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.743875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.743902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.743927] ? __kthread_parkme+0x82/0x180 [ 25.743948] ? preempt_count_sub+0x50/0x80 [ 25.743972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.743997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.744021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.744045] kthread+0x337/0x6f0 [ 25.744066] ? trace_preempt_on+0x20/0xc0 [ 25.744088] ? __pfx_kthread+0x10/0x10 [ 25.744109] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.744133] ? calculate_sigpending+0x7b/0xa0 [ 25.744157] ? __pfx_kthread+0x10/0x10 [ 25.744189] ret_from_fork+0x116/0x1d0 [ 25.744209] ? __pfx_kthread+0x10/0x10 [ 25.744230] ret_from_fork_asm+0x1a/0x30 [ 25.744262] </TASK> [ 25.744273] [ 25.756372] Allocated by task 255: [ 25.757256] kasan_save_stack+0x45/0x70 [ 25.757503] kasan_save_track+0x18/0x40 [ 25.757680] kasan_save_alloc_info+0x3b/0x50 [ 25.757871] __kasan_slab_alloc+0x91/0xa0 [ 25.758037] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.758595] kmem_cache_oob+0x157/0x530 [ 25.758802] kunit_try_run_case+0x1a5/0x480 [ 25.758997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.759550] kthread+0x337/0x6f0 [ 25.759933] ret_from_fork+0x116/0x1d0 [ 25.760097] ret_from_fork_asm+0x1a/0x30 [ 25.760602] [ 25.760874] The buggy address belongs to the object at ffff88810497b000 [ 25.760874] which belongs to the cache test_cache of size 200 [ 25.761959] The buggy address is located 0 bytes to the right of [ 25.761959] allocated 200-byte region [ffff88810497b000, ffff88810497b0c8) [ 25.763304] [ 25.763412] The buggy address belongs to the physical page: [ 25.763895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10497b [ 25.764483] flags: 0x200000000000000(node=0|zone=2) [ 25.764967] page_type: f5(slab) [ 25.765295] raw: 0200000000000000 ffff888101653640 dead000000000122 0000000000000000 [ 25.765958] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.766580] page dumped because: kasan: bad access detected [ 25.766822] [ 25.766918] Memory state around the buggy address: [ 25.767107] ffff88810497af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.768155] ffff88810497b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.768692] >ffff88810497b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.769238] ^ [ 25.769696] ffff88810497b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.769989] ffff88810497b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.770745] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 25.695511] ================================================================== [ 25.696041] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 25.696803] Read of size 8 at addr ffff888104974840 by task kunit_try_catch/248 [ 25.697133] [ 25.697460] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.697861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.697879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.697902] Call Trace: [ 25.697916] <TASK> [ 25.697932] dump_stack_lvl+0x73/0xb0 [ 25.697972] print_report+0xd1/0x640 [ 25.697995] ? __virt_addr_valid+0x1db/0x2d0 [ 25.698019] ? workqueue_uaf+0x4d6/0x560 [ 25.698040] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.698066] ? workqueue_uaf+0x4d6/0x560 [ 25.698088] kasan_report+0x141/0x180 [ 25.698111] ? workqueue_uaf+0x4d6/0x560 [ 25.698137] __asan_report_load8_noabort+0x18/0x20 [ 25.698193] workqueue_uaf+0x4d6/0x560 [ 25.698218] ? __pfx_workqueue_uaf+0x10/0x10 [ 25.698242] ? __schedule+0x10da/0x2b60 [ 25.698268] ? __pfx_read_tsc+0x10/0x10 [ 25.698290] ? ktime_get_ts64+0x86/0x230 [ 25.698314] kunit_try_run_case+0x1a5/0x480 [ 25.698340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.698363] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.698389] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.698415] ? __kthread_parkme+0x82/0x180 [ 25.698436] ? preempt_count_sub+0x50/0x80 [ 25.698603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.698637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.698662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.698686] kthread+0x337/0x6f0 [ 25.698706] ? trace_preempt_on+0x20/0xc0 [ 25.698731] ? __pfx_kthread+0x10/0x10 [ 25.698752] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.698776] ? calculate_sigpending+0x7b/0xa0 [ 25.698800] ? __pfx_kthread+0x10/0x10 [ 25.698822] ret_from_fork+0x116/0x1d0 [ 25.698856] ? __pfx_kthread+0x10/0x10 [ 25.698877] ret_from_fork_asm+0x1a/0x30 [ 25.698909] </TASK> [ 25.698921] [ 25.711377] Allocated by task 248: [ 25.711790] kasan_save_stack+0x45/0x70 [ 25.712003] kasan_save_track+0x18/0x40 [ 25.712449] kasan_save_alloc_info+0x3b/0x50 [ 25.712838] __kasan_kmalloc+0xb7/0xc0 [ 25.713031] __kmalloc_cache_noprof+0x189/0x420 [ 25.713309] workqueue_uaf+0x152/0x560 [ 25.713777] kunit_try_run_case+0x1a5/0x480 [ 25.714269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.714659] kthread+0x337/0x6f0 [ 25.714840] ret_from_fork+0x116/0x1d0 [ 25.715002] ret_from_fork_asm+0x1a/0x30 [ 25.715204] [ 25.715290] Freed by task 9: [ 25.715421] kasan_save_stack+0x45/0x70 [ 25.716057] kasan_save_track+0x18/0x40 [ 25.716620] kasan_save_free_info+0x3f/0x60 [ 25.716992] __kasan_slab_free+0x56/0x70 [ 25.717377] kfree+0x222/0x3f0 [ 25.717749] workqueue_uaf_work+0x12/0x20 [ 25.717957] process_one_work+0x5ee/0xf60 [ 25.718132] worker_thread+0x758/0x1220 [ 25.718294] kthread+0x337/0x6f0 [ 25.718446] ret_from_fork+0x116/0x1d0 [ 25.718965] ret_from_fork_asm+0x1a/0x30 [ 25.719146] [ 25.719230] Last potentially related work creation: [ 25.719416] kasan_save_stack+0x45/0x70 [ 25.719958] kasan_record_aux_stack+0xb2/0xc0 [ 25.720452] __queue_work+0x61a/0xe70 [ 25.720744] queue_work_on+0xb6/0xc0 [ 25.720941] workqueue_uaf+0x26d/0x560 [ 25.721117] kunit_try_run_case+0x1a5/0x480 [ 25.721626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.721884] kthread+0x337/0x6f0 [ 25.722028] ret_from_fork+0x116/0x1d0 [ 25.722445] ret_from_fork_asm+0x1a/0x30 [ 25.722913] [ 25.723013] The buggy address belongs to the object at ffff888104974840 [ 25.723013] which belongs to the cache kmalloc-32 of size 32 [ 25.724227] The buggy address is located 0 bytes inside of [ 25.724227] freed 32-byte region [ffff888104974840, ffff888104974860) [ 25.724969] [ 25.725069] The buggy address belongs to the physical page: [ 25.725624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104974 [ 25.725969] flags: 0x200000000000000(node=0|zone=2) [ 25.726401] page_type: f5(slab) [ 25.726860] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.727427] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.727946] page dumped because: kasan: bad access detected [ 25.728423] [ 25.728806] Memory state around the buggy address: [ 25.729112] ffff888104974700: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 25.729902] ffff888104974780: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.730295] >ffff888104974800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 25.730732] ^ [ 25.730965] ffff888104974880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.731950] ffff888104974900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.732360] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 25.661609] ================================================================== [ 25.662078] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 25.662711] Read of size 4 at addr ffff888105ed5780 by task swapper/1/0 [ 25.663020] [ 25.663133] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.663222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.663238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.663284] Call Trace: [ 25.663313] <IRQ> [ 25.663331] dump_stack_lvl+0x73/0xb0 [ 25.663363] print_report+0xd1/0x640 [ 25.663387] ? __virt_addr_valid+0x1db/0x2d0 [ 25.663412] ? rcu_uaf_reclaim+0x50/0x60 [ 25.663432] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.663459] ? rcu_uaf_reclaim+0x50/0x60 [ 25.663479] kasan_report+0x141/0x180 [ 25.663540] ? rcu_uaf_reclaim+0x50/0x60 [ 25.663589] __asan_report_load4_noabort+0x18/0x20 [ 25.663614] rcu_uaf_reclaim+0x50/0x60 [ 25.663635] rcu_core+0x66f/0x1c40 [ 25.663664] ? __pfx_rcu_core+0x10/0x10 [ 25.663686] ? ktime_get+0x6b/0x150 [ 25.663710] ? handle_softirqs+0x18e/0x730 [ 25.663735] rcu_core_si+0x12/0x20 [ 25.663755] handle_softirqs+0x209/0x730 [ 25.663776] ? hrtimer_interrupt+0x2fe/0x780 [ 25.663803] ? __pfx_handle_softirqs+0x10/0x10 [ 25.663839] __irq_exit_rcu+0xc9/0x110 [ 25.663860] irq_exit_rcu+0x12/0x20 [ 25.663880] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.663908] </IRQ> [ 25.663939] <TASK> [ 25.663950] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.664041] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 25.664255] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 d3 15 00 fb f4 <e9> bc 2a 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 25.664336] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010202 [ 25.664426] RAX: ffff8881add0e000 RBX: ffff88810085b000 RCX: ffffffffaaf2e9a5 [ 25.664470] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001fde4 [ 25.664514] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 25.664555] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 25.664598] R13: ffffed102010b600 R14: ffffffffacbff0d0 R15: 0000000000000000 [ 25.664654] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 25.664705] ? default_idle+0xd/0x20 [ 25.664727] arch_cpu_idle+0xd/0x20 [ 25.664748] default_idle_call+0x48/0x80 [ 25.664770] do_idle+0x379/0x4f0 [ 25.664796] ? __pfx_do_idle+0x10/0x10 [ 25.664818] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 25.664856] ? complete+0x15b/0x1d0 [ 25.664891] cpu_startup_entry+0x5c/0x70 [ 25.664915] start_secondary+0x211/0x290 [ 25.664938] ? __pfx_start_secondary+0x10/0x10 [ 25.664965] common_startup_64+0x13e/0x148 [ 25.664998] </TASK> [ 25.665009] [ 25.675585] Allocated by task 246: [ 25.675806] kasan_save_stack+0x45/0x70 [ 25.676028] kasan_save_track+0x18/0x40 [ 25.676294] kasan_save_alloc_info+0x3b/0x50 [ 25.676576] __kasan_kmalloc+0xb7/0xc0 [ 25.676859] __kmalloc_cache_noprof+0x189/0x420 [ 25.677086] rcu_uaf+0xb0/0x330 [ 25.677541] kunit_try_run_case+0x1a5/0x480 [ 25.677765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.678014] kthread+0x337/0x6f0 [ 25.678198] ret_from_fork+0x116/0x1d0 [ 25.678439] ret_from_fork_asm+0x1a/0x30 [ 25.678742] [ 25.678812] Freed by task 0: [ 25.678967] kasan_save_stack+0x45/0x70 [ 25.679275] kasan_save_track+0x18/0x40 [ 25.679464] kasan_save_free_info+0x3f/0x60 [ 25.679811] __kasan_slab_free+0x56/0x70 [ 25.680073] kfree+0x222/0x3f0 [ 25.680188] rcu_uaf_reclaim+0x1f/0x60 [ 25.680351] rcu_core+0x66f/0x1c40 [ 25.680652] rcu_core_si+0x12/0x20 [ 25.680822] handle_softirqs+0x209/0x730 [ 25.680972] __irq_exit_rcu+0xc9/0x110 [ 25.681154] irq_exit_rcu+0x12/0x20 [ 25.681488] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.681802] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.682104] [ 25.682211] Last potentially related work creation: [ 25.682368] kasan_save_stack+0x45/0x70 [ 25.682503] kasan_record_aux_stack+0xb2/0xc0 [ 25.682846] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 25.683082] call_rcu+0x12/0x20 [ 25.683397] rcu_uaf+0x168/0x330 [ 25.684099] kunit_try_run_case+0x1a5/0x480 [ 25.684374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.684647] kthread+0x337/0x6f0 [ 25.684767] ret_from_fork+0x116/0x1d0 [ 25.684972] ret_from_fork_asm+0x1a/0x30 [ 25.685211] [ 25.685322] The buggy address belongs to the object at ffff888105ed5780 [ 25.685322] which belongs to the cache kmalloc-32 of size 32 [ 25.685849] The buggy address is located 0 bytes inside of [ 25.685849] freed 32-byte region [ffff888105ed5780, ffff888105ed57a0) [ 25.686351] [ 25.686446] The buggy address belongs to the physical page: [ 25.686700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ed5 [ 25.687047] flags: 0x200000000000000(node=0|zone=2) [ 25.687355] page_type: f5(slab) [ 25.687477] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.687794] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.688127] page dumped because: kasan: bad access detected [ 25.688406] [ 25.688518] Memory state around the buggy address: [ 25.688751] ffff888105ed5680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.689118] ffff888105ed5700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 25.689485] >ffff888105ed5780: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.689747] ^ [ 25.689880] ffff888105ed5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690229] ffff888105ed5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.690538] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 25.623602] ================================================================== [ 25.623951] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 25.624349] Read of size 1 at addr ffff8881058a9678 by task kunit_try_catch/244 [ 25.624820] [ 25.624952] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.624998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.625011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.625032] Call Trace: [ 25.625046] <TASK> [ 25.625059] dump_stack_lvl+0x73/0xb0 [ 25.625088] print_report+0xd1/0x640 [ 25.625111] ? __virt_addr_valid+0x1db/0x2d0 [ 25.625135] ? ksize_uaf+0x5e4/0x6c0 [ 25.625156] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.625182] ? ksize_uaf+0x5e4/0x6c0 [ 25.625204] kasan_report+0x141/0x180 [ 25.625227] ? ksize_uaf+0x5e4/0x6c0 [ 25.625252] __asan_report_load1_noabort+0x18/0x20 [ 25.625277] ksize_uaf+0x5e4/0x6c0 [ 25.625298] ? __pfx_ksize_uaf+0x10/0x10 [ 25.625321] ? __schedule+0x10da/0x2b60 [ 25.625347] ? __pfx_read_tsc+0x10/0x10 [ 25.625369] ? ktime_get_ts64+0x86/0x230 [ 25.625393] kunit_try_run_case+0x1a5/0x480 [ 25.625418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.625441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.625466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.625492] ? __kthread_parkme+0x82/0x180 [ 25.625512] ? preempt_count_sub+0x50/0x80 [ 25.625535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.625560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.625584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.625726] kthread+0x337/0x6f0 [ 25.625756] ? trace_preempt_on+0x20/0xc0 [ 25.625807] ? __pfx_kthread+0x10/0x10 [ 25.625865] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.625891] ? calculate_sigpending+0x7b/0xa0 [ 25.625914] ? __pfx_kthread+0x10/0x10 [ 25.625960] ret_from_fork+0x116/0x1d0 [ 25.626004] ? __pfx_kthread+0x10/0x10 [ 25.626049] ret_from_fork_asm+0x1a/0x30 [ 25.626080] </TASK> [ 25.626091] [ 25.634049] Allocated by task 244: [ 25.634277] kasan_save_stack+0x45/0x70 [ 25.634484] kasan_save_track+0x18/0x40 [ 25.634799] kasan_save_alloc_info+0x3b/0x50 [ 25.635306] __kasan_kmalloc+0xb7/0xc0 [ 25.635742] __kmalloc_cache_noprof+0x189/0x420 [ 25.636053] ksize_uaf+0xaa/0x6c0 [ 25.636275] kunit_try_run_case+0x1a5/0x480 [ 25.636498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.636737] kthread+0x337/0x6f0 [ 25.636894] ret_from_fork+0x116/0x1d0 [ 25.637030] ret_from_fork_asm+0x1a/0x30 [ 25.637168] [ 25.637235] Freed by task 244: [ 25.637345] kasan_save_stack+0x45/0x70 [ 25.637804] kasan_save_track+0x18/0x40 [ 25.638024] kasan_save_free_info+0x3f/0x60 [ 25.638307] __kasan_slab_free+0x56/0x70 [ 25.638591] kfree+0x222/0x3f0 [ 25.638764] ksize_uaf+0x12c/0x6c0 [ 25.638985] kunit_try_run_case+0x1a5/0x480 [ 25.639235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.639637] kthread+0x337/0x6f0 [ 25.639856] ret_from_fork+0x116/0x1d0 [ 25.640081] ret_from_fork_asm+0x1a/0x30 [ 25.640293] [ 25.640363] The buggy address belongs to the object at ffff8881058a9600 [ 25.640363] which belongs to the cache kmalloc-128 of size 128 [ 25.641176] The buggy address is located 120 bytes inside of [ 25.641176] freed 128-byte region [ffff8881058a9600, ffff8881058a9680) [ 25.641774] [ 25.641943] The buggy address belongs to the physical page: [ 25.642226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.642721] flags: 0x200000000000000(node=0|zone=2) [ 25.642978] page_type: f5(slab) [ 25.643147] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.643599] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.644051] page dumped because: kasan: bad access detected [ 25.644335] [ 25.644426] Memory state around the buggy address: [ 25.644749] ffff8881058a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.645065] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.645528] >ffff8881058a9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.645961] ^ [ 25.646272] ffff8881058a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.646590] ffff8881058a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.647046] ================================================================== [ 25.576364] ================================================================== [ 25.576906] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 25.577404] Read of size 1 at addr ffff8881058a9600 by task kunit_try_catch/244 [ 25.578008] [ 25.578115] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.578164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.578220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.578242] Call Trace: [ 25.578256] <TASK> [ 25.578271] dump_stack_lvl+0x73/0xb0 [ 25.578303] print_report+0xd1/0x640 [ 25.578327] ? __virt_addr_valid+0x1db/0x2d0 [ 25.578351] ? ksize_uaf+0x19d/0x6c0 [ 25.578372] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.578398] ? ksize_uaf+0x19d/0x6c0 [ 25.578420] kasan_report+0x141/0x180 [ 25.578442] ? ksize_uaf+0x19d/0x6c0 [ 25.578466] ? ksize_uaf+0x19d/0x6c0 [ 25.578487] __kasan_check_byte+0x3d/0x50 [ 25.578509] ksize+0x20/0x60 [ 25.578590] ksize_uaf+0x19d/0x6c0 [ 25.578612] ? __pfx_ksize_uaf+0x10/0x10 [ 25.578634] ? __schedule+0x10da/0x2b60 [ 25.578661] ? __pfx_read_tsc+0x10/0x10 [ 25.578683] ? ktime_get_ts64+0x86/0x230 [ 25.578707] kunit_try_run_case+0x1a5/0x480 [ 25.578732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.578755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.578780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.578807] ? __kthread_parkme+0x82/0x180 [ 25.578827] ? preempt_count_sub+0x50/0x80 [ 25.578862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.578886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.578911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.578935] kthread+0x337/0x6f0 [ 25.578955] ? trace_preempt_on+0x20/0xc0 [ 25.578978] ? __pfx_kthread+0x10/0x10 [ 25.578998] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.579022] ? calculate_sigpending+0x7b/0xa0 [ 25.579046] ? __pfx_kthread+0x10/0x10 [ 25.579068] ret_from_fork+0x116/0x1d0 [ 25.579088] ? __pfx_kthread+0x10/0x10 [ 25.579109] ret_from_fork_asm+0x1a/0x30 [ 25.579140] </TASK> [ 25.579150] [ 25.587401] Allocated by task 244: [ 25.587586] kasan_save_stack+0x45/0x70 [ 25.587760] kasan_save_track+0x18/0x40 [ 25.587914] kasan_save_alloc_info+0x3b/0x50 [ 25.588125] __kasan_kmalloc+0xb7/0xc0 [ 25.588526] __kmalloc_cache_noprof+0x189/0x420 [ 25.588745] ksize_uaf+0xaa/0x6c0 [ 25.589239] kunit_try_run_case+0x1a5/0x480 [ 25.589475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.589814] kthread+0x337/0x6f0 [ 25.590038] ret_from_fork+0x116/0x1d0 [ 25.590232] ret_from_fork_asm+0x1a/0x30 [ 25.590451] [ 25.590522] Freed by task 244: [ 25.590846] kasan_save_stack+0x45/0x70 [ 25.591041] kasan_save_track+0x18/0x40 [ 25.591223] kasan_save_free_info+0x3f/0x60 [ 25.591410] __kasan_slab_free+0x56/0x70 [ 25.591636] kfree+0x222/0x3f0 [ 25.591853] ksize_uaf+0x12c/0x6c0 [ 25.592051] kunit_try_run_case+0x1a5/0x480 [ 25.592276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592706] kthread+0x337/0x6f0 [ 25.592862] ret_from_fork+0x116/0x1d0 [ 25.593056] ret_from_fork_asm+0x1a/0x30 [ 25.593384] [ 25.593599] The buggy address belongs to the object at ffff8881058a9600 [ 25.593599] which belongs to the cache kmalloc-128 of size 128 [ 25.594094] The buggy address is located 0 bytes inside of [ 25.594094] freed 128-byte region [ffff8881058a9600, ffff8881058a9680) [ 25.594638] [ 25.594759] The buggy address belongs to the physical page: [ 25.595126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.595540] flags: 0x200000000000000(node=0|zone=2) [ 25.595845] page_type: f5(slab) [ 25.596011] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.596263] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.596492] page dumped because: kasan: bad access detected [ 25.596662] [ 25.596750] Memory state around the buggy address: [ 25.596985] ffff8881058a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.597884] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.598219] >ffff8881058a9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.598452] ^ [ 25.598710] ffff8881058a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.599088] ffff8881058a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.599351] ================================================================== [ 25.600102] ================================================================== [ 25.600712] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 25.601080] Read of size 1 at addr ffff8881058a9600 by task kunit_try_catch/244 [ 25.601449] [ 25.601742] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 25.601792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.601804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.601825] Call Trace: [ 25.601863] <TASK> [ 25.601915] dump_stack_lvl+0x73/0xb0 [ 25.601950] print_report+0xd1/0x640 [ 25.601975] ? __virt_addr_valid+0x1db/0x2d0 [ 25.602001] ? ksize_uaf+0x5fe/0x6c0 [ 25.602023] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.602050] ? ksize_uaf+0x5fe/0x6c0 [ 25.602105] kasan_report+0x141/0x180 [ 25.602128] ? ksize_uaf+0x5fe/0x6c0 [ 25.602154] __asan_report_load1_noabort+0x18/0x20 [ 25.602179] ksize_uaf+0x5fe/0x6c0 [ 25.602202] ? __pfx_ksize_uaf+0x10/0x10 [ 25.602224] ? __schedule+0x10da/0x2b60 [ 25.602282] ? __pfx_read_tsc+0x10/0x10 [ 25.602305] ? ktime_get_ts64+0x86/0x230 [ 25.602331] kunit_try_run_case+0x1a5/0x480 [ 25.602358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.602437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.602519] ? __kthread_parkme+0x82/0x180 [ 25.602543] ? preempt_count_sub+0x50/0x80 [ 25.602604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.602628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.602653] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.602677] kthread+0x337/0x6f0 [ 25.602697] ? trace_preempt_on+0x20/0xc0 [ 25.602722] ? __pfx_kthread+0x10/0x10 [ 25.602743] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.602767] ? calculate_sigpending+0x7b/0xa0 [ 25.602791] ? __pfx_kthread+0x10/0x10 [ 25.602813] ret_from_fork+0x116/0x1d0 [ 25.602845] ? __pfx_kthread+0x10/0x10 [ 25.602866] ret_from_fork_asm+0x1a/0x30 [ 25.602898] </TASK> [ 25.602909] [ 25.611041] Allocated by task 244: [ 25.611265] kasan_save_stack+0x45/0x70 [ 25.611485] kasan_save_track+0x18/0x40 [ 25.611795] kasan_save_alloc_info+0x3b/0x50 [ 25.612026] __kasan_kmalloc+0xb7/0xc0 [ 25.612213] __kmalloc_cache_noprof+0x189/0x420 [ 25.612454] ksize_uaf+0xaa/0x6c0 [ 25.612706] kunit_try_run_case+0x1a5/0x480 [ 25.612942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.613218] kthread+0x337/0x6f0 [ 25.613407] ret_from_fork+0x116/0x1d0 [ 25.613805] ret_from_fork_asm+0x1a/0x30 [ 25.614024] [ 25.614091] Freed by task 244: [ 25.614223] kasan_save_stack+0x45/0x70 [ 25.614419] kasan_save_track+0x18/0x40 [ 25.614773] kasan_save_free_info+0x3f/0x60 [ 25.615045] __kasan_slab_free+0x56/0x70 [ 25.615234] kfree+0x222/0x3f0 [ 25.615351] ksize_uaf+0x12c/0x6c0 [ 25.615474] kunit_try_run_case+0x1a5/0x480 [ 25.615668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.615931] kthread+0x337/0x6f0 [ 25.616102] ret_from_fork+0x116/0x1d0 [ 25.616295] ret_from_fork_asm+0x1a/0x30 [ 25.616488] [ 25.616578] The buggy address belongs to the object at ffff8881058a9600 [ 25.616578] which belongs to the cache kmalloc-128 of size 128 [ 25.617115] The buggy address is located 0 bytes inside of [ 25.617115] freed 128-byte region [ffff8881058a9600, ffff8881058a9680) [ 25.617962] [ 25.618041] The buggy address belongs to the physical page: [ 25.618386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 25.619079] flags: 0x200000000000000(node=0|zone=2) [ 25.619593] page_type: f5(slab) [ 25.619791] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.620134] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.620593] page dumped because: kasan: bad access detected [ 25.620806] [ 25.620890] Memory state around the buggy address: [ 25.621109] ffff8881058a9500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.621640] ffff8881058a9580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.622056] >ffff8881058a9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.622444] ^ [ 25.622711] ffff8881058a9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.622967] ffff8881058a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.623230] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 24.701904] ================================================================== [ 24.702545] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 24.702953] Read of size 1 at addr ffff888106270000 by task kunit_try_catch/202 [ 24.703297] [ 24.703381] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.703428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.703440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.703461] Call Trace: [ 24.703522] <TASK> [ 24.703536] dump_stack_lvl+0x73/0xb0 [ 24.703565] print_report+0xd1/0x640 [ 24.703587] ? __virt_addr_valid+0x1db/0x2d0 [ 24.703610] ? page_alloc_uaf+0x356/0x3d0 [ 24.703632] ? kasan_addr_to_slab+0x11/0xa0 [ 24.703652] ? page_alloc_uaf+0x356/0x3d0 [ 24.703674] kasan_report+0x141/0x180 [ 24.703696] ? page_alloc_uaf+0x356/0x3d0 [ 24.703722] __asan_report_load1_noabort+0x18/0x20 [ 24.703746] page_alloc_uaf+0x356/0x3d0 [ 24.703769] ? __pfx_page_alloc_uaf+0x10/0x10 [ 24.703792] ? __schedule+0x10da/0x2b60 [ 24.703817] ? __pfx_read_tsc+0x10/0x10 [ 24.703852] ? ktime_get_ts64+0x86/0x230 [ 24.703878] kunit_try_run_case+0x1a5/0x480 [ 24.703905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.703928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.703954] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.703979] ? __kthread_parkme+0x82/0x180 [ 24.704000] ? preempt_count_sub+0x50/0x80 [ 24.704023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.704046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.704070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.704093] kthread+0x337/0x6f0 [ 24.704113] ? trace_preempt_on+0x20/0xc0 [ 24.704137] ? __pfx_kthread+0x10/0x10 [ 24.704157] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.704192] ? calculate_sigpending+0x7b/0xa0 [ 24.704215] ? __pfx_kthread+0x10/0x10 [ 24.704236] ret_from_fork+0x116/0x1d0 [ 24.704256] ? __pfx_kthread+0x10/0x10 [ 24.704277] ret_from_fork_asm+0x1a/0x30 [ 24.704307] </TASK> [ 24.704318] [ 24.713485] The buggy address belongs to the physical page: [ 24.713751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106270 [ 24.714134] flags: 0x200000000000000(node=0|zone=2) [ 24.714359] page_type: f0(buddy) [ 24.714540] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 24.714885] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 24.715261] page dumped because: kasan: bad access detected [ 24.715538] [ 24.715622] Memory state around the buggy address: [ 24.715816] ffff88810626ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.716099] ffff88810626ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.716419] >ffff888106270000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.716808] ^ [ 24.716975] ffff888106270080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.717322] ffff888106270100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.717563] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 24.678536] ================================================================== [ 24.679162] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 24.679442] Free of addr ffff888104ab8001 by task kunit_try_catch/198 [ 24.679766] [ 24.679888] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.679935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.679948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.679968] Call Trace: [ 24.679980] <TASK> [ 24.679994] dump_stack_lvl+0x73/0xb0 [ 24.680023] print_report+0xd1/0x640 [ 24.680046] ? __virt_addr_valid+0x1db/0x2d0 [ 24.680070] ? kasan_addr_to_slab+0x11/0xa0 [ 24.680090] ? kfree+0x274/0x3f0 [ 24.680114] kasan_report_invalid_free+0x10a/0x130 [ 24.680138] ? kfree+0x274/0x3f0 [ 24.680162] ? kfree+0x274/0x3f0 [ 24.680183] __kasan_kfree_large+0x86/0xd0 [ 24.680205] free_large_kmalloc+0x52/0x110 [ 24.680229] kfree+0x274/0x3f0 [ 24.680254] kmalloc_large_invalid_free+0x120/0x2b0 [ 24.680277] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 24.680300] ? __schedule+0x10da/0x2b60 [ 24.680327] ? __pfx_read_tsc+0x10/0x10 [ 24.680348] ? ktime_get_ts64+0x86/0x230 [ 24.680372] kunit_try_run_case+0x1a5/0x480 [ 24.680397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.680419] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.680444] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.680483] ? __kthread_parkme+0x82/0x180 [ 24.680503] ? preempt_count_sub+0x50/0x80 [ 24.680526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.680550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.680574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.680597] kthread+0x337/0x6f0 [ 24.680617] ? trace_preempt_on+0x20/0xc0 [ 24.680641] ? __pfx_kthread+0x10/0x10 [ 24.680661] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.680685] ? calculate_sigpending+0x7b/0xa0 [ 24.680708] ? __pfx_kthread+0x10/0x10 [ 24.680730] ret_from_fork+0x116/0x1d0 [ 24.680750] ? __pfx_kthread+0x10/0x10 [ 24.680771] ret_from_fork_asm+0x1a/0x30 [ 24.680802] </TASK> [ 24.680814] [ 24.688633] The buggy address belongs to the physical page: [ 24.688908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.689284] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.689686] flags: 0x200000000000040(head|node=0|zone=2) [ 24.689907] page_type: f8(unknown) [ 24.690083] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.690507] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.690768] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.691155] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.691431] head: 0200000000000002 ffffea000412ae01 00000000ffffffff 00000000ffffffff [ 24.691665] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.691903] page dumped because: kasan: bad access detected [ 24.692073] [ 24.692138] Memory state around the buggy address: [ 24.692292] ffff888104ab7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.692507] ffff888104ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.692737] >ffff888104ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.693067] ^ [ 24.693277] ffff888104ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.693631] ffff888104ab8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.693947] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 24.658371] ================================================================== [ 24.659049] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 24.659583] Read of size 1 at addr ffff888104ab8000 by task kunit_try_catch/196 [ 24.660685] [ 24.660819] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.660885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.660898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.660919] Call Trace: [ 24.660931] <TASK> [ 24.660946] dump_stack_lvl+0x73/0xb0 [ 24.660977] print_report+0xd1/0x640 [ 24.661001] ? __virt_addr_valid+0x1db/0x2d0 [ 24.661023] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.661043] ? kasan_addr_to_slab+0x11/0xa0 [ 24.661064] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.661085] kasan_report+0x141/0x180 [ 24.661108] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.661133] __asan_report_load1_noabort+0x18/0x20 [ 24.661158] kmalloc_large_uaf+0x2f1/0x340 [ 24.661316] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 24.661341] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 24.661371] ? __pfx_read_tsc+0x10/0x10 [ 24.661393] ? ktime_get_ts64+0x86/0x230 [ 24.661418] kunit_try_run_case+0x1a5/0x480 [ 24.661530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.661554] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 24.661578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.661604] ? __kthread_parkme+0x82/0x180 [ 24.661624] ? preempt_count_sub+0x50/0x80 [ 24.661646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.661670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.661696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.661719] kthread+0x337/0x6f0 [ 24.661739] ? trace_preempt_on+0x20/0xc0 [ 24.661762] ? __pfx_kthread+0x10/0x10 [ 24.661782] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.661805] ? calculate_sigpending+0x7b/0xa0 [ 24.661840] ? __pfx_kthread+0x10/0x10 [ 24.661862] ret_from_fork+0x116/0x1d0 [ 24.661882] ? __pfx_kthread+0x10/0x10 [ 24.661902] ret_from_fork_asm+0x1a/0x30 [ 24.661933] </TASK> [ 24.661944] [ 24.671178] The buggy address belongs to the physical page: [ 24.671367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab8 [ 24.671727] flags: 0x200000000000000(node=0|zone=2) [ 24.672094] raw: 0200000000000000 ffffea000412af08 ffff88815b139fc0 0000000000000000 [ 24.672720] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.672965] page dumped because: kasan: bad access detected [ 24.673532] [ 24.673640] Memory state around the buggy address: [ 24.673893] ffff888104ab7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.674238] ffff888104ab7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.674578] >ffff888104ab8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.674859] ^ [ 24.675024] ffff888104ab8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.675333] ffff888104ab8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.675680] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 24.631119] ================================================================== [ 24.631913] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 24.632403] Write of size 1 at addr ffff888104ab600a by task kunit_try_catch/194 [ 24.633052] [ 24.633152] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.633202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.633215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.633237] Call Trace: [ 24.633250] <TASK> [ 24.633264] dump_stack_lvl+0x73/0xb0 [ 24.633293] print_report+0xd1/0x640 [ 24.633316] ? __virt_addr_valid+0x1db/0x2d0 [ 24.633340] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.633362] ? kasan_addr_to_slab+0x11/0xa0 [ 24.633383] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.633404] kasan_report+0x141/0x180 [ 24.633426] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.633453] __asan_report_store1_noabort+0x1b/0x30 [ 24.633710] kmalloc_large_oob_right+0x2e9/0x330 [ 24.633736] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 24.633759] ? __schedule+0x10da/0x2b60 [ 24.633824] ? __pfx_read_tsc+0x10/0x10 [ 24.633857] ? ktime_get_ts64+0x86/0x230 [ 24.633882] kunit_try_run_case+0x1a5/0x480 [ 24.633909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.633933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.633959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.633984] ? __kthread_parkme+0x82/0x180 [ 24.634004] ? preempt_count_sub+0x50/0x80 [ 24.634026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.634050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.634074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.634097] kthread+0x337/0x6f0 [ 24.634117] ? trace_preempt_on+0x20/0xc0 [ 24.634141] ? __pfx_kthread+0x10/0x10 [ 24.634161] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.634199] ? calculate_sigpending+0x7b/0xa0 [ 24.634222] ? __pfx_kthread+0x10/0x10 [ 24.634243] ret_from_fork+0x116/0x1d0 [ 24.634263] ? __pfx_kthread+0x10/0x10 [ 24.634283] ret_from_fork_asm+0x1a/0x30 [ 24.634313] </TASK> [ 24.634325] [ 24.646444] The buggy address belongs to the physical page: [ 24.646819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ab4 [ 24.647153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.647865] flags: 0x200000000000040(head|node=0|zone=2) [ 24.648415] page_type: f8(unknown) [ 24.648697] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.648991] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.649229] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.649464] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.649699] head: 0200000000000002 ffffea000412ad01 00000000ffffffff 00000000ffffffff [ 24.649944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.650752] page dumped because: kasan: bad access detected [ 24.651185] [ 24.651266] Memory state around the buggy address: [ 24.651424] ffff888104ab5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.651643] ffff888104ab5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.651872] >ffff888104ab6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.652085] ^ [ 24.652208] ffff888104ab6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.652425] ffff888104ab6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.652638] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 24.592856] ================================================================== [ 24.593843] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 24.594654] Write of size 1 at addr ffff8881061f9f00 by task kunit_try_catch/192 [ 24.595485] [ 24.595688] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.595738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.595752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.595772] Call Trace: [ 24.595785] <TASK> [ 24.595800] dump_stack_lvl+0x73/0xb0 [ 24.595844] print_report+0xd1/0x640 [ 24.595867] ? __virt_addr_valid+0x1db/0x2d0 [ 24.595891] ? kmalloc_big_oob_right+0x316/0x370 [ 24.595913] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.595939] ? kmalloc_big_oob_right+0x316/0x370 [ 24.595961] kasan_report+0x141/0x180 [ 24.595995] ? kmalloc_big_oob_right+0x316/0x370 [ 24.596022] __asan_report_store1_noabort+0x1b/0x30 [ 24.596047] kmalloc_big_oob_right+0x316/0x370 [ 24.596081] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 24.596104] ? __schedule+0x10da/0x2b60 [ 24.596129] ? __pfx_read_tsc+0x10/0x10 [ 24.596151] ? ktime_get_ts64+0x86/0x230 [ 24.596186] kunit_try_run_case+0x1a5/0x480 [ 24.596211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.596233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.596258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.596283] ? __kthread_parkme+0x82/0x180 [ 24.596303] ? preempt_count_sub+0x50/0x80 [ 24.596326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.596350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.596374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.596397] kthread+0x337/0x6f0 [ 24.596417] ? trace_preempt_on+0x20/0xc0 [ 24.596440] ? __pfx_kthread+0x10/0x10 [ 24.596488] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.596511] ? calculate_sigpending+0x7b/0xa0 [ 24.596535] ? __pfx_kthread+0x10/0x10 [ 24.596556] ret_from_fork+0x116/0x1d0 [ 24.596576] ? __pfx_kthread+0x10/0x10 [ 24.596596] ret_from_fork_asm+0x1a/0x30 [ 24.596627] </TASK> [ 24.596638] [ 24.610745] Allocated by task 192: [ 24.611229] kasan_save_stack+0x45/0x70 [ 24.611673] kasan_save_track+0x18/0x40 [ 24.612049] kasan_save_alloc_info+0x3b/0x50 [ 24.612256] __kasan_kmalloc+0xb7/0xc0 [ 24.612744] __kmalloc_cache_noprof+0x189/0x420 [ 24.613159] kmalloc_big_oob_right+0xa9/0x370 [ 24.613321] kunit_try_run_case+0x1a5/0x480 [ 24.613470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.613664] kthread+0x337/0x6f0 [ 24.614011] ret_from_fork+0x116/0x1d0 [ 24.614368] ret_from_fork_asm+0x1a/0x30 [ 24.614797] [ 24.614980] The buggy address belongs to the object at ffff8881061f8000 [ 24.614980] which belongs to the cache kmalloc-8k of size 8192 [ 24.616277] The buggy address is located 0 bytes to the right of [ 24.616277] allocated 7936-byte region [ffff8881061f8000, ffff8881061f9f00) [ 24.617541] [ 24.617663] The buggy address belongs to the physical page: [ 24.617860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f8 [ 24.618631] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.619431] flags: 0x200000000000040(head|node=0|zone=2) [ 24.620027] page_type: f5(slab) [ 24.620383] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 24.620717] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.621384] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 24.622195] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.622878] head: 0200000000000003 ffffea0004187e01 00000000ffffffff 00000000ffffffff [ 24.623401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.624171] page dumped because: kasan: bad access detected [ 24.624667] [ 24.624824] Memory state around the buggy address: [ 24.625217] ffff8881061f9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.625756] ffff8881061f9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.626016] >ffff8881061f9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.626536] ^ [ 24.626863] ffff8881061f9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.627616] ffff8881061fa000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.628176] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 24.563115] ================================================================== [ 24.563404] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.563770] Write of size 1 at addr ffff8881058a9178 by task kunit_try_catch/190 [ 24.564104] [ 24.564208] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.564254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.564266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.564286] Call Trace: [ 24.564298] <TASK> [ 24.564313] dump_stack_lvl+0x73/0xb0 [ 24.564339] print_report+0xd1/0x640 [ 24.564361] ? __virt_addr_valid+0x1db/0x2d0 [ 24.564384] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.564433] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564458] kasan_report+0x141/0x180 [ 24.564480] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564509] __asan_report_store1_noabort+0x1b/0x30 [ 24.564533] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 24.564583] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.564608] ? __schedule+0x10da/0x2b60 [ 24.564633] ? __pfx_read_tsc+0x10/0x10 [ 24.564654] ? ktime_get_ts64+0x86/0x230 [ 24.564678] kunit_try_run_case+0x1a5/0x480 [ 24.564702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.564749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.564774] ? __kthread_parkme+0x82/0x180 [ 24.564794] ? preempt_count_sub+0x50/0x80 [ 24.564817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.564852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.564879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.564903] kthread+0x337/0x6f0 [ 24.564922] ? trace_preempt_on+0x20/0xc0 [ 24.564945] ? __pfx_kthread+0x10/0x10 [ 24.564966] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.564988] ? calculate_sigpending+0x7b/0xa0 [ 24.565011] ? __pfx_kthread+0x10/0x10 [ 24.565033] ret_from_fork+0x116/0x1d0 [ 24.565052] ? __pfx_kthread+0x10/0x10 [ 24.565072] ret_from_fork_asm+0x1a/0x30 [ 24.565103] </TASK> [ 24.565113] [ 24.578111] Allocated by task 190: [ 24.578265] kasan_save_stack+0x45/0x70 [ 24.578425] kasan_save_track+0x18/0x40 [ 24.578560] kasan_save_alloc_info+0x3b/0x50 [ 24.578707] __kasan_kmalloc+0xb7/0xc0 [ 24.578848] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.579107] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.579588] kunit_try_run_case+0x1a5/0x480 [ 24.580053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.580576] kthread+0x337/0x6f0 [ 24.580939] ret_from_fork+0x116/0x1d0 [ 24.581323] ret_from_fork_asm+0x1a/0x30 [ 24.581509] [ 24.581609] The buggy address belongs to the object at ffff8881058a9100 [ 24.581609] which belongs to the cache kmalloc-128 of size 128 [ 24.582497] The buggy address is located 0 bytes to the right of [ 24.582497] allocated 120-byte region [ffff8881058a9100, ffff8881058a9178) [ 24.583714] [ 24.583888] The buggy address belongs to the physical page: [ 24.584294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 24.584550] flags: 0x200000000000000(node=0|zone=2) [ 24.584839] page_type: f5(slab) [ 24.585160] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.585993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.586688] page dumped because: kasan: bad access detected [ 24.587095] [ 24.587163] Memory state around the buggy address: [ 24.587605] ffff8881058a9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.588078] ffff8881058a9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.588309] >ffff8881058a9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.588605] ^ [ 24.588824] ffff8881058a9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.589059] ffff8881058a9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.589613] ================================================================== [ 24.530680] ================================================================== [ 24.531135] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.532407] Write of size 1 at addr ffff8881058a9078 by task kunit_try_catch/190 [ 24.533324] [ 24.533604] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.533665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.533678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.533701] Call Trace: [ 24.533714] <TASK> [ 24.533729] dump_stack_lvl+0x73/0xb0 [ 24.533762] print_report+0xd1/0x640 [ 24.533786] ? __virt_addr_valid+0x1db/0x2d0 [ 24.533810] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.533871] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533896] kasan_report+0x141/0x180 [ 24.533918] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533947] __asan_report_store1_noabort+0x1b/0x30 [ 24.533972] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.533996] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.534021] ? __schedule+0x10da/0x2b60 [ 24.534047] ? __pfx_read_tsc+0x10/0x10 [ 24.534069] ? ktime_get_ts64+0x86/0x230 [ 24.534094] kunit_try_run_case+0x1a5/0x480 [ 24.534120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.534142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.534210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.534237] ? __kthread_parkme+0x82/0x180 [ 24.534257] ? preempt_count_sub+0x50/0x80 [ 24.534292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.534316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.534339] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.534363] kthread+0x337/0x6f0 [ 24.534383] ? trace_preempt_on+0x20/0xc0 [ 24.534407] ? __pfx_kthread+0x10/0x10 [ 24.534428] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.534451] ? calculate_sigpending+0x7b/0xa0 [ 24.534491] ? __pfx_kthread+0x10/0x10 [ 24.534513] ret_from_fork+0x116/0x1d0 [ 24.534532] ? __pfx_kthread+0x10/0x10 [ 24.534552] ret_from_fork_asm+0x1a/0x30 [ 24.534583] </TASK> [ 24.534594] [ 24.548138] Allocated by task 190: [ 24.548551] kasan_save_stack+0x45/0x70 [ 24.549028] kasan_save_track+0x18/0x40 [ 24.549436] kasan_save_alloc_info+0x3b/0x50 [ 24.549935] __kasan_kmalloc+0xb7/0xc0 [ 24.550377] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.551000] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.551530] kunit_try_run_case+0x1a5/0x480 [ 24.551944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.552486] kthread+0x337/0x6f0 [ 24.552811] ret_from_fork+0x116/0x1d0 [ 24.553204] ret_from_fork_asm+0x1a/0x30 [ 24.553601] [ 24.553816] The buggy address belongs to the object at ffff8881058a9000 [ 24.553816] which belongs to the cache kmalloc-128 of size 128 [ 24.554863] The buggy address is located 0 bytes to the right of [ 24.554863] allocated 120-byte region [ffff8881058a9000, ffff8881058a9078) [ 24.555366] [ 24.555435] The buggy address belongs to the physical page: [ 24.555606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058a9 [ 24.555964] flags: 0x200000000000000(node=0|zone=2) [ 24.556407] page_type: f5(slab) [ 24.556717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.557530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.557755] page dumped because: kasan: bad access detected [ 24.558052] [ 24.558235] Memory state around the buggy address: [ 24.558810] ffff8881058a8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.559499] ffff8881058a8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.560219] >ffff8881058a9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.560977] ^ [ 24.561302] ffff8881058a9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.561542] ffff8881058a9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.562115] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 24.495916] ================================================================== [ 24.496956] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 24.498026] Read of size 1 at addr ffff888105fc7000 by task kunit_try_catch/188 [ 24.498488] [ 24.498605] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.498660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.498673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.498695] Call Trace: [ 24.498709] <TASK> [ 24.498728] dump_stack_lvl+0x73/0xb0 [ 24.498761] print_report+0xd1/0x640 [ 24.498785] ? __virt_addr_valid+0x1db/0x2d0 [ 24.498810] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.498874] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.498902] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.498926] kasan_report+0x141/0x180 [ 24.498949] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.498977] __asan_report_load1_noabort+0x18/0x20 [ 24.499001] kmalloc_node_oob_right+0x369/0x3c0 [ 24.499025] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 24.499049] ? __schedule+0x10da/0x2b60 [ 24.499076] ? __pfx_read_tsc+0x10/0x10 [ 24.499098] ? ktime_get_ts64+0x86/0x230 [ 24.499124] kunit_try_run_case+0x1a5/0x480 [ 24.499173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.499196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.499221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.499257] ? __kthread_parkme+0x82/0x180 [ 24.499279] ? preempt_count_sub+0x50/0x80 [ 24.499303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.499327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.499351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.499374] kthread+0x337/0x6f0 [ 24.499394] ? trace_preempt_on+0x20/0xc0 [ 24.499418] ? __pfx_kthread+0x10/0x10 [ 24.499439] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.499479] ? calculate_sigpending+0x7b/0xa0 [ 24.499504] ? __pfx_kthread+0x10/0x10 [ 24.499527] ret_from_fork+0x116/0x1d0 [ 24.499546] ? __pfx_kthread+0x10/0x10 [ 24.499567] ret_from_fork_asm+0x1a/0x30 [ 24.499598] </TASK> [ 24.499610] [ 24.510755] Allocated by task 188: [ 24.511093] kasan_save_stack+0x45/0x70 [ 24.511463] kasan_save_track+0x18/0x40 [ 24.512111] kasan_save_alloc_info+0x3b/0x50 [ 24.512560] __kasan_kmalloc+0xb7/0xc0 [ 24.512963] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.513679] kmalloc_node_oob_right+0xab/0x3c0 [ 24.513973] kunit_try_run_case+0x1a5/0x480 [ 24.514390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.514679] kthread+0x337/0x6f0 [ 24.514840] ret_from_fork+0x116/0x1d0 [ 24.515015] ret_from_fork_asm+0x1a/0x30 [ 24.515212] [ 24.515299] The buggy address belongs to the object at ffff888105fc6000 [ 24.515299] which belongs to the cache kmalloc-4k of size 4096 [ 24.516329] The buggy address is located 0 bytes to the right of [ 24.516329] allocated 4096-byte region [ffff888105fc6000, ffff888105fc7000) [ 24.516925] [ 24.517020] The buggy address belongs to the physical page: [ 24.518014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fc0 [ 24.518496] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.519063] flags: 0x200000000000040(head|node=0|zone=2) [ 24.519812] page_type: f5(slab) [ 24.519986] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.520492] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.521186] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.521596] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.522084] head: 0200000000000003 ffffea000417f001 00000000ffffffff 00000000ffffffff [ 24.522715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.523263] page dumped because: kasan: bad access detected [ 24.523803] [ 24.523918] Memory state around the buggy address: [ 24.524132] ffff888105fc6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.524426] ffff888105fc6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.525213] >ffff888105fc7000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.525985] ^ [ 24.526163] ffff888105fc7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.526451] ffff888105fc7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.526996] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 24.466104] ================================================================== [ 24.466868] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 24.467195] Read of size 1 at addr ffff88810585ea5f by task kunit_try_catch/186 [ 24.467578] [ 24.467709] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.467758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.467770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.467791] Call Trace: [ 24.467804] <TASK> [ 24.467818] dump_stack_lvl+0x73/0xb0 [ 24.467858] print_report+0xd1/0x640 [ 24.467881] ? __virt_addr_valid+0x1db/0x2d0 [ 24.467904] ? kmalloc_oob_left+0x361/0x3c0 [ 24.467926] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.467953] ? kmalloc_oob_left+0x361/0x3c0 [ 24.467975] kasan_report+0x141/0x180 [ 24.467999] ? kmalloc_oob_left+0x361/0x3c0 [ 24.468027] __asan_report_load1_noabort+0x18/0x20 [ 24.468054] kmalloc_oob_left+0x361/0x3c0 [ 24.468077] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 24.468100] ? __schedule+0x10da/0x2b60 [ 24.468126] ? __pfx_read_tsc+0x10/0x10 [ 24.468147] ? ktime_get_ts64+0x86/0x230 [ 24.468173] kunit_try_run_case+0x1a5/0x480 [ 24.468199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.468222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.468247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.468273] ? __kthread_parkme+0x82/0x180 [ 24.468294] ? preempt_count_sub+0x50/0x80 [ 24.468318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.468352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.468378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.468403] kthread+0x337/0x6f0 [ 24.468423] ? trace_preempt_on+0x20/0xc0 [ 24.468447] ? __pfx_kthread+0x10/0x10 [ 24.468469] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.468493] ? calculate_sigpending+0x7b/0xa0 [ 24.468517] ? __pfx_kthread+0x10/0x10 [ 24.468540] ret_from_fork+0x116/0x1d0 [ 24.468559] ? __pfx_kthread+0x10/0x10 [ 24.468581] ret_from_fork_asm+0x1a/0x30 [ 24.468616] </TASK> [ 24.468626] [ 24.477321] Allocated by task 21: [ 24.477637] kasan_save_stack+0x45/0x70 [ 24.477976] kasan_save_track+0x18/0x40 [ 24.478132] kasan_save_alloc_info+0x3b/0x50 [ 24.478462] __kasan_kmalloc+0xb7/0xc0 [ 24.478647] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.478880] build_sched_domains+0x38c/0x5d80 [ 24.479073] partition_sched_domains+0x471/0x9c0 [ 24.479534] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.479869] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.480101] sched_cpu_activate+0x2bf/0x330 [ 24.480464] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.480733] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.480991] smpboot_thread_fn+0x2bc/0x730 [ 24.481287] kthread+0x337/0x6f0 [ 24.481424] ret_from_fork+0x116/0x1d0 [ 24.481616] ret_from_fork_asm+0x1a/0x30 [ 24.481974] [ 24.482075] Freed by task 21: [ 24.482242] kasan_save_stack+0x45/0x70 [ 24.482734] kasan_save_track+0x18/0x40 [ 24.482930] kasan_save_free_info+0x3f/0x60 [ 24.483119] __kasan_slab_free+0x56/0x70 [ 24.483279] kfree+0x222/0x3f0 [ 24.483634] build_sched_domains+0x2072/0x5d80 [ 24.483844] partition_sched_domains+0x471/0x9c0 [ 24.484133] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.484471] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.484696] sched_cpu_activate+0x2bf/0x330 [ 24.484898] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.485087] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.485268] smpboot_thread_fn+0x2bc/0x730 [ 24.485674] kthread+0x337/0x6f0 [ 24.485843] ret_from_fork+0x116/0x1d0 [ 24.486114] ret_from_fork_asm+0x1a/0x30 [ 24.486296] [ 24.486533] The buggy address belongs to the object at ffff88810585ea40 [ 24.486533] which belongs to the cache kmalloc-16 of size 16 [ 24.487111] The buggy address is located 15 bytes to the right of [ 24.487111] allocated 16-byte region [ffff88810585ea40, ffff88810585ea50) [ 24.487731] [ 24.487842] The buggy address belongs to the physical page: [ 24.488075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10585e [ 24.488598] flags: 0x200000000000000(node=0|zone=2) [ 24.488901] page_type: f5(slab) [ 24.489043] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.489567] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.489988] page dumped because: kasan: bad access detected [ 24.490176] [ 24.490287] Memory state around the buggy address: [ 24.490577] ffff88810585e900: fa fb fc fc fa fb fc fc 00 06 fc fc 00 06 fc fc [ 24.490883] ffff88810585e980: 00 06 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 24.491191] >ffff88810585ea00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 24.491710] ^ [ 24.492050] ffff88810585ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.492337] ffff88810585eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.492758] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.418115] ================================================================== [ 24.418762] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.419069] Write of size 1 at addr ffff8881058adf78 by task kunit_try_catch/184 [ 24.419744] [ 24.419848] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.419896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.419909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.419929] Call Trace: [ 24.419943] <TASK> [ 24.419989] dump_stack_lvl+0x73/0xb0 [ 24.420045] print_report+0xd1/0x640 [ 24.420068] ? __virt_addr_valid+0x1db/0x2d0 [ 24.420092] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.420137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.420197] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.420220] kasan_report+0x141/0x180 [ 24.420242] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.420268] __asan_report_store1_noabort+0x1b/0x30 [ 24.420292] kmalloc_oob_right+0x6bd/0x7f0 [ 24.420314] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.420337] ? __schedule+0x10da/0x2b60 [ 24.420363] ? __pfx_read_tsc+0x10/0x10 [ 24.420385] ? ktime_get_ts64+0x86/0x230 [ 24.420409] kunit_try_run_case+0x1a5/0x480 [ 24.420433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420456] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.420480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.420505] ? __kthread_parkme+0x82/0x180 [ 24.420525] ? preempt_count_sub+0x50/0x80 [ 24.420549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.420574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.420597] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.420621] kthread+0x337/0x6f0 [ 24.420641] ? trace_preempt_on+0x20/0xc0 [ 24.420664] ? __pfx_kthread+0x10/0x10 [ 24.420684] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.420708] ? calculate_sigpending+0x7b/0xa0 [ 24.420731] ? __pfx_kthread+0x10/0x10 [ 24.420753] ret_from_fork+0x116/0x1d0 [ 24.420772] ? __pfx_kthread+0x10/0x10 [ 24.420793] ret_from_fork_asm+0x1a/0x30 [ 24.420823] </TASK> [ 24.420845] [ 24.430101] Allocated by task 184: [ 24.430398] kasan_save_stack+0x45/0x70 [ 24.430600] kasan_save_track+0x18/0x40 [ 24.430765] kasan_save_alloc_info+0x3b/0x50 [ 24.430955] __kasan_kmalloc+0xb7/0xc0 [ 24.431114] __kmalloc_cache_noprof+0x189/0x420 [ 24.431805] kmalloc_oob_right+0xa9/0x7f0 [ 24.432081] kunit_try_run_case+0x1a5/0x480 [ 24.432504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.432935] kthread+0x337/0x6f0 [ 24.433274] ret_from_fork+0x116/0x1d0 [ 24.433692] ret_from_fork_asm+0x1a/0x30 [ 24.433900] [ 24.433988] The buggy address belongs to the object at ffff8881058adf00 [ 24.433988] which belongs to the cache kmalloc-128 of size 128 [ 24.435061] The buggy address is located 5 bytes to the right of [ 24.435061] allocated 115-byte region [ffff8881058adf00, ffff8881058adf73) [ 24.436155] [ 24.436396] The buggy address belongs to the physical page: [ 24.436753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ad [ 24.437511] flags: 0x200000000000000(node=0|zone=2) [ 24.437807] page_type: f5(slab) [ 24.438088] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.438991] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.439494] page dumped because: kasan: bad access detected [ 24.439919] [ 24.440016] Memory state around the buggy address: [ 24.440475] ffff8881058ade00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.440776] ffff8881058ade80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.441067] >ffff8881058adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.441941] ^ [ 24.442446] ffff8881058adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.442941] ffff8881058ae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.443467] ================================================================== [ 24.444435] ================================================================== [ 24.444748] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 24.445042] Read of size 1 at addr ffff8881058adf80 by task kunit_try_catch/184 [ 24.446012] [ 24.446243] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.446297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.446310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.446331] Call Trace: [ 24.446347] <TASK> [ 24.446362] dump_stack_lvl+0x73/0xb0 [ 24.446429] print_report+0xd1/0x640 [ 24.446455] ? __virt_addr_valid+0x1db/0x2d0 [ 24.446478] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.446499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.446525] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.446547] kasan_report+0x141/0x180 [ 24.446569] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.446596] __asan_report_load1_noabort+0x18/0x20 [ 24.446620] kmalloc_oob_right+0x68a/0x7f0 [ 24.446642] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.446665] ? __schedule+0x10da/0x2b60 [ 24.446693] ? __pfx_read_tsc+0x10/0x10 [ 24.446715] ? ktime_get_ts64+0x86/0x230 [ 24.446738] kunit_try_run_case+0x1a5/0x480 [ 24.446763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.446785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.446810] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.446846] ? __kthread_parkme+0x82/0x180 [ 24.446866] ? preempt_count_sub+0x50/0x80 [ 24.446889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.446913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.446937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.446961] kthread+0x337/0x6f0 [ 24.446981] ? trace_preempt_on+0x20/0xc0 [ 24.447004] ? __pfx_kthread+0x10/0x10 [ 24.447025] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.447048] ? calculate_sigpending+0x7b/0xa0 [ 24.447071] ? __pfx_kthread+0x10/0x10 [ 24.447092] ret_from_fork+0x116/0x1d0 [ 24.447112] ? __pfx_kthread+0x10/0x10 [ 24.447132] ret_from_fork_asm+0x1a/0x30 [ 24.447162] </TASK> [ 24.447174] [ 24.454972] Allocated by task 184: [ 24.455157] kasan_save_stack+0x45/0x70 [ 24.455356] kasan_save_track+0x18/0x40 [ 24.455503] kasan_save_alloc_info+0x3b/0x50 [ 24.455653] __kasan_kmalloc+0xb7/0xc0 [ 24.455785] __kmalloc_cache_noprof+0x189/0x420 [ 24.456024] kmalloc_oob_right+0xa9/0x7f0 [ 24.456221] kunit_try_run_case+0x1a5/0x480 [ 24.456435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.456684] kthread+0x337/0x6f0 [ 24.456823] ret_from_fork+0x116/0x1d0 [ 24.456997] ret_from_fork_asm+0x1a/0x30 [ 24.457136] [ 24.457206] The buggy address belongs to the object at ffff8881058adf00 [ 24.457206] which belongs to the cache kmalloc-128 of size 128 [ 24.457679] The buggy address is located 13 bytes to the right of [ 24.457679] allocated 115-byte region [ffff8881058adf00, ffff8881058adf73) [ 24.458542] [ 24.458616] The buggy address belongs to the physical page: [ 24.458789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ad [ 24.459346] flags: 0x200000000000000(node=0|zone=2) [ 24.459570] page_type: f5(slab) [ 24.459711] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.460041] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.460383] page dumped because: kasan: bad access detected [ 24.460593] [ 24.460684] Memory state around the buggy address: [ 24.460897] ffff8881058ade80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.461205] ffff8881058adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.461474] >ffff8881058adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.461748] ^ [ 24.461900] ffff8881058ae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.462157] ffff8881058ae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.462448] ================================================================== [ 24.394402] ================================================================== [ 24.395015] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.395818] Write of size 1 at addr ffff8881058adf73 by task kunit_try_catch/184 [ 24.396251] [ 24.397192] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 24.397533] Tainted: [N]=TEST [ 24.397566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.397801] Call Trace: [ 24.397882] <TASK> [ 24.398024] dump_stack_lvl+0x73/0xb0 [ 24.398112] print_report+0xd1/0x640 [ 24.398141] ? __virt_addr_valid+0x1db/0x2d0 [ 24.398178] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.398200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.398226] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.398248] kasan_report+0x141/0x180 [ 24.398271] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.398297] __asan_report_store1_noabort+0x1b/0x30 [ 24.398321] kmalloc_oob_right+0x6f0/0x7f0 [ 24.398344] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.398367] ? __schedule+0x10da/0x2b60 [ 24.398394] ? __pfx_read_tsc+0x10/0x10 [ 24.398417] ? ktime_get_ts64+0x86/0x230 [ 24.398445] kunit_try_run_case+0x1a5/0x480 [ 24.398472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.398520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.398545] ? __kthread_parkme+0x82/0x180 [ 24.398567] ? preempt_count_sub+0x50/0x80 [ 24.398591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.398616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.398640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.398663] kthread+0x337/0x6f0 [ 24.398683] ? trace_preempt_on+0x20/0xc0 [ 24.398708] ? __pfx_kthread+0x10/0x10 [ 24.398729] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.398752] ? calculate_sigpending+0x7b/0xa0 [ 24.398777] ? __pfx_kthread+0x10/0x10 [ 24.398799] ret_from_fork+0x116/0x1d0 [ 24.398820] ? __pfx_kthread+0x10/0x10 [ 24.398853] ret_from_fork_asm+0x1a/0x30 [ 24.398908] </TASK> [ 24.398972] [ 24.405812] Allocated by task 184: [ 24.406163] kasan_save_stack+0x45/0x70 [ 24.406444] kasan_save_track+0x18/0x40 [ 24.406641] kasan_save_alloc_info+0x3b/0x50 [ 24.406866] __kasan_kmalloc+0xb7/0xc0 [ 24.407076] __kmalloc_cache_noprof+0x189/0x420 [ 24.407286] kmalloc_oob_right+0xa9/0x7f0 [ 24.407431] kunit_try_run_case+0x1a5/0x480 [ 24.407635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.407923] kthread+0x337/0x6f0 [ 24.408089] ret_from_fork+0x116/0x1d0 [ 24.408287] ret_from_fork_asm+0x1a/0x30 [ 24.408483] [ 24.408602] The buggy address belongs to the object at ffff8881058adf00 [ 24.408602] which belongs to the cache kmalloc-128 of size 128 [ 24.409443] The buggy address is located 0 bytes to the right of [ 24.409443] allocated 115-byte region [ffff8881058adf00, ffff8881058adf73) [ 24.409881] [ 24.410032] The buggy address belongs to the physical page: [ 24.410885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ad [ 24.411444] flags: 0x200000000000000(node=0|zone=2) [ 24.412057] page_type: f5(slab) [ 24.412694] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.413048] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.413476] page dumped because: kasan: bad access detected [ 24.413720] [ 24.413826] Memory state around the buggy address: [ 24.414365] ffff8881058ade00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.414731] ffff8881058ade80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.415132] >ffff8881058adf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.415512] ^ [ 24.415881] ffff8881058adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.416247] ffff8881058ae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.416570] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 199.443650] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2960 [ 199.444681] Modules linked in: [ 199.445031] CPU: 0 UID: 0 PID: 2960 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 199.445895] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.446481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.447198] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.447394] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.448349] RSP: 0000:ffff8881069a7c78 EFLAGS: 00010286 [ 199.448610] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.448973] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffab464cdc [ 199.449422] RBP: ffff8881069a7ca0 R08: 0000000000000000 R09: ffffed10201b3a60 [ 199.450066] R10: ffff888100d9d307 R11: 0000000000000000 R12: ffffffffab464cc8 [ 199.450304] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881069a7d38 [ 199.450777] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 199.451224] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.451492] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 199.452022] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 199.452272] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.452606] Call Trace: [ 199.452759] <TASK> [ 199.453026] drm_test_rect_calc_vscale+0x108/0x270 [ 199.453321] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.453548] ? __schedule+0x10da/0x2b60 [ 199.453697] ? __pfx_read_tsc+0x10/0x10 [ 199.453951] ? ktime_get_ts64+0x86/0x230 [ 199.454152] kunit_try_run_case+0x1a5/0x480 [ 199.454368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.454676] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.454935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.455110] ? __kthread_parkme+0x82/0x180 [ 199.455249] ? preempt_count_sub+0x50/0x80 [ 199.455466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.455688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.455891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.456432] kthread+0x337/0x6f0 [ 199.456726] ? trace_preempt_on+0x20/0xc0 [ 199.456909] ? __pfx_kthread+0x10/0x10 [ 199.457040] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.457246] ? calculate_sigpending+0x7b/0xa0 [ 199.457656] ? __pfx_kthread+0x10/0x10 [ 199.457855] ret_from_fork+0x116/0x1d0 [ 199.457998] ? __pfx_kthread+0x10/0x10 [ 199.458201] ret_from_fork_asm+0x1a/0x30 [ 199.458402] </TASK> [ 199.458612] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.463240] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2962 [ 199.464510] Modules linked in: [ 199.464702] CPU: 1 UID: 0 PID: 2962 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 199.465180] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.465762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.466253] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.466815] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.468162] RSP: 0000:ffff8881055a7c78 EFLAGS: 00010286 [ 199.468653] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.468871] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffab464d14 [ 199.469094] RBP: ffff8881055a7ca0 R08: 0000000000000000 R09: ffffed102044dbe0 [ 199.469847] R10: ffff88810226df07 R11: 0000000000000000 R12: ffffffffab464d00 [ 199.470666] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881055a7d38 [ 199.471406] FS: 0000000000000000(0000) GS:ffff8881add0e000(0000) knlGS:0000000000000000 [ 199.472337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.472895] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 199.473121] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8583 [ 199.473719] DR3: ffffffffad4b8585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.474361] Call Trace: [ 199.474723] <TASK> [ 199.474987] drm_test_rect_calc_vscale+0x108/0x270 [ 199.475613] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.475867] ? __schedule+0x10da/0x2b60 [ 199.476040] ? __pfx_read_tsc+0x10/0x10 [ 199.476181] ? ktime_get_ts64+0x86/0x230 [ 199.476325] kunit_try_run_case+0x1a5/0x480 [ 199.476678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.477150] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.477792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.478286] ? __kthread_parkme+0x82/0x180 [ 199.478764] ? preempt_count_sub+0x50/0x80 [ 199.479178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.479770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.480319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.480847] kthread+0x337/0x6f0 [ 199.481004] ? trace_preempt_on+0x20/0xc0 [ 199.481152] ? __pfx_kthread+0x10/0x10 [ 199.481406] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.481936] ? calculate_sigpending+0x7b/0xa0 [ 199.482535] ? __pfx_kthread+0x10/0x10 [ 199.482928] ret_from_fork+0x116/0x1d0 [ 199.483322] ? __pfx_kthread+0x10/0x10 [ 199.483848] ret_from_fork_asm+0x1a/0x30 [ 199.484219] </TASK> [ 199.484309] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 199.416316] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2950 [ 199.417153] Modules linked in: [ 199.417858] CPU: 1 UID: 0 PID: 2950 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 199.418427] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.418657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.419272] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.419547] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 cb cd 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.420376] RSP: 0000:ffff888105937c78 EFLAGS: 00010286 [ 199.420754] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.421045] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffab464d18 [ 199.421385] RBP: ffff888105937ca0 R08: 0000000000000000 R09: ffffed10203b35c0 [ 199.421695] R10: ffff888101d9ae07 R11: 0000000000000000 R12: ffffffffab464d00 [ 199.422173] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888105937d38 [ 199.422510] FS: 0000000000000000(0000) GS:ffff8881add0e000(0000) knlGS:0000000000000000 [ 199.422956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.423195] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 199.423462] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8583 [ 199.423841] DR3: ffffffffad4b8585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.424350] Call Trace: [ 199.424456] <TASK> [ 199.424605] drm_test_rect_calc_hscale+0x108/0x270 [ 199.425016] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.425243] ? __schedule+0x10da/0x2b60 [ 199.425553] ? __pfx_read_tsc+0x10/0x10 [ 199.425703] ? ktime_get_ts64+0x86/0x230 [ 199.426108] kunit_try_run_case+0x1a5/0x480 [ 199.426335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.426495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.426779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.427112] ? __kthread_parkme+0x82/0x180 [ 199.427521] ? preempt_count_sub+0x50/0x80 [ 199.427747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.427947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.428225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.428594] kthread+0x337/0x6f0 [ 199.428823] ? trace_preempt_on+0x20/0xc0 [ 199.429045] ? __pfx_kthread+0x10/0x10 [ 199.429181] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.429397] ? calculate_sigpending+0x7b/0xa0 [ 199.429754] ? __pfx_kthread+0x10/0x10 [ 199.429943] ret_from_fork+0x116/0x1d0 [ 199.430312] ? __pfx_kthread+0x10/0x10 [ 199.430474] ret_from_fork_asm+0x1a/0x30 [ 199.430780] </TASK> [ 199.430937] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.393281] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2948 [ 199.394417] Modules linked in: [ 199.394711] CPU: 0 UID: 0 PID: 2948 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 199.395654] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.395987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.396760] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.397434] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 cb cd 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.399857] RSP: 0000:ffff88810579fc78 EFLAGS: 00010286 [ 199.400664] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.401376] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffab464ce0 [ 199.402191] RBP: ffff88810579fca0 R08: 0000000000000000 R09: ffffed102044d6e0 [ 199.402779] R10: ffff88810226b707 R11: 0000000000000000 R12: ffffffffab464cc8 [ 199.403005] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810579fd38 [ 199.403212] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 199.403538] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.403828] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 199.404380] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 199.404753] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.405112] Call Trace: [ 199.405261] <TASK> [ 199.405369] drm_test_rect_calc_hscale+0x108/0x270 [ 199.405619] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.406035] ? __schedule+0x10da/0x2b60 [ 199.406254] ? __pfx_read_tsc+0x10/0x10 [ 199.406515] ? ktime_get_ts64+0x86/0x230 [ 199.406714] kunit_try_run_case+0x1a5/0x480 [ 199.406919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.407073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.407237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.407560] ? __kthread_parkme+0x82/0x180 [ 199.408007] ? preempt_count_sub+0x50/0x80 [ 199.408176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.408396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.408673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.409067] kthread+0x337/0x6f0 [ 199.409257] ? trace_preempt_on+0x20/0xc0 [ 199.409497] ? __pfx_kthread+0x10/0x10 [ 199.409935] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.410153] ? calculate_sigpending+0x7b/0xa0 [ 199.410700] ? __pfx_kthread+0x10/0x10 [ 199.410912] ret_from_fork+0x116/0x1d0 [ 199.411082] ? __pfx_kthread+0x10/0x10 [ 199.411322] ret_from_fork_asm+0x1a/0x30 [ 199.412169] </TASK> [ 199.412358] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 198.653287] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 198.653393] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2753 [ 198.655758] Modules linked in: [ 198.656168] CPU: 0 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 198.657309] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.657954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.658722] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 198.659327] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 2d c8 81 00 48 c7 c1 40 8c 41 ab 4c 89 f2 48 c7 c7 60 88 41 ab 48 89 c6 e8 c4 21 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 198.660857] RSP: 0000:ffff88810234fd18 EFLAGS: 00010286 [ 198.661076] RAX: 0000000000000000 RBX: ffff88810b33f000 RCX: 1ffffffff5824aac [ 198.661828] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.662826] RBP: ffff88810234fd48 R08: 0000000000000000 R09: fffffbfff5824aac [ 198.663756] R10: 0000000000000003 R11: 000000000004af30 R12: ffff88810565f800 [ 198.664367] R13: ffff88810b33f0f8 R14: ffff8881009de780 R15: ffff8881003c7b48 [ 198.665053] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 198.665791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.666571] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 198.667336] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 198.668100] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.668790] Call Trace: [ 198.669077] <TASK> [ 198.669438] ? trace_preempt_on+0x20/0xc0 [ 198.670001] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 198.670397] drm_gem_shmem_free_wrapper+0x12/0x20 [ 198.670989] __kunit_action_free+0x57/0x70 [ 198.671619] kunit_remove_resource+0x133/0x200 [ 198.671830] ? preempt_count_sub+0x50/0x80 [ 198.672000] kunit_cleanup+0x7a/0x120 [ 198.672143] kunit_try_run_case_cleanup+0xbd/0xf0 [ 198.672314] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 198.672494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.672673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.672865] kthread+0x337/0x6f0 [ 198.674029] ? trace_preempt_on+0x20/0xc0 [ 198.674714] ? __pfx_kthread+0x10/0x10 [ 198.675138] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.676022] ? calculate_sigpending+0x7b/0xa0 [ 198.676711] ? __pfx_kthread+0x10/0x10 [ 198.677310] ret_from_fork+0x116/0x1d0 [ 198.677859] ? __pfx_kthread+0x10/0x10 [ 198.678525] ret_from_fork_asm+0x1a/0x30 [ 198.679233] </TASK> [ 198.679612] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 198.512249] WARNING: drivers/gpu/drm/drm_framebuffer.c:870 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2734 [ 198.512754] Modules linked in: [ 198.512961] CPU: 0 UID: 0 PID: 2734 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 198.514001] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.514509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.515038] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 198.515742] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 198.516512] RSP: 0000:ffff88810234fb20 EFLAGS: 00010246 [ 198.517197] RAX: ffff88810234fba8 RBX: ffff88810234fc28 RCX: 1ffff11020469f8e [ 198.517703] RDX: dffffc0000000000 RSI: ffff888102af8000 RDI: ffff888102af8000 [ 198.518186] RBP: ffff88810234fb70 R08: ffff888102af8000 R09: ffffffffab408a60 [ 198.518693] R10: 0000000000000003 R11: 0000000033de06d3 R12: 1ffff11020469f71 [ 198.519160] R13: ffff88810234fc70 R14: ffff88810234fdb8 R15: 0000000000000000 [ 198.519955] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 198.520334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.520634] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 198.521249] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 198.521748] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.522084] Call Trace: [ 198.522195] <TASK> [ 198.522317] ? trace_preempt_on+0x20/0xc0 [ 198.522868] ? add_dr+0xc1/0x1d0 [ 198.523063] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 198.523368] ? add_dr+0x148/0x1d0 [ 198.523844] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 198.524386] ? __drmm_add_action+0x1a4/0x280 [ 198.524756] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.525305] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.525775] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.526172] ? __schedule+0x10da/0x2b60 [ 198.526585] ? __pfx_read_tsc+0x10/0x10 [ 198.526914] ? ktime_get_ts64+0x86/0x230 [ 198.527127] kunit_try_run_case+0x1a5/0x480 [ 198.527566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.528014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.528339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.528620] ? __kthread_parkme+0x82/0x180 [ 198.528952] ? preempt_count_sub+0x50/0x80 [ 198.529565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.530016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.530299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.530869] kthread+0x337/0x6f0 [ 198.531059] ? trace_preempt_on+0x20/0xc0 [ 198.531212] ? __pfx_kthread+0x10/0x10 [ 198.531774] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.532104] ? calculate_sigpending+0x7b/0xa0 [ 198.532558] ? __pfx_kthread+0x10/0x10 [ 198.532756] ret_from_fork+0x116/0x1d0 [ 198.532967] ? __pfx_kthread+0x10/0x10 [ 198.533120] ret_from_fork_asm+0x1a/0x30 [ 198.533317] </TASK> [ 198.533426] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 198.478253] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 198.478383] WARNING: drivers/gpu/drm/drm_framebuffer.c:833 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2730 [ 198.480153] Modules linked in: [ 198.480523] CPU: 0 UID: 0 PID: 2730 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 198.481413] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.482042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.482707] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 198.483031] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 1b 06 89 00 48 c7 c1 00 35 40 ab 4c 89 fa 48 c7 c7 60 35 40 ab 48 89 c6 e8 b2 5f 77 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 198.484151] RSP: 0000:ffff8881069efb68 EFLAGS: 00010282 [ 198.484520] RAX: 0000000000000000 RBX: ffff8881069efc40 RCX: 1ffffffff5824aac [ 198.484846] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.485162] RBP: ffff8881069efb90 R08: 0000000000000000 R09: fffffbfff5824aac [ 198.485530] R10: 0000000000000003 R11: 0000000000049550 R12: ffff8881069efc18 [ 198.485953] R13: ffff88810121d800 R14: ffff8881012be000 R15: ffff8881009c6880 [ 198.486385] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 198.486892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.487167] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 198.487558] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 198.487986] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.488314] Call Trace: [ 198.488523] <TASK> [ 198.488782] drm_test_framebuffer_free+0x1ab/0x610 [ 198.489103] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 198.489361] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.489726] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.490202] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.490639] ? __schedule+0x10da/0x2b60 [ 198.490952] ? __pfx_read_tsc+0x10/0x10 [ 198.491205] ? ktime_get_ts64+0x86/0x230 [ 198.491409] kunit_try_run_case+0x1a5/0x480 [ 198.491769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.492028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.492287] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.492645] ? __kthread_parkme+0x82/0x180 [ 198.492952] ? preempt_count_sub+0x50/0x80 [ 198.493184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.493457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.493772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.494254] kthread+0x337/0x6f0 [ 198.494448] ? trace_preempt_on+0x20/0xc0 [ 198.494740] ? __pfx_kthread+0x10/0x10 [ 198.494963] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.495134] ? calculate_sigpending+0x7b/0xa0 [ 198.495626] ? __pfx_kthread+0x10/0x10 [ 198.495845] ret_from_fork+0x116/0x1d0 [ 198.496037] ? __pfx_kthread+0x10/0x10 [ 198.496225] ret_from_fork_asm+0x1a/0x30 [ 198.496481] </TASK> [ 198.496607] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 197.183822] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2170 [ 197.184319] Modules linked in: [ 197.184645] CPU: 1 UID: 0 PID: 2170 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 197.185147] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.185436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.186028] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 197.187031] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 d2 26 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 c0 26 2b 02 48 89 df e8 68 [ 197.187960] RSP: 0000:ffff88810242fc90 EFLAGS: 00010246 [ 197.188202] RAX: dffffc0000000000 RBX: ffff888105b78000 RCX: 0000000000000000 [ 197.188515] RDX: 1ffff11020b6f034 RSI: ffffffffa860edd8 RDI: ffff888105b781a0 [ 197.188974] RBP: ffff88810242fca0 R08: 1ffff11020078f6a R09: ffffed1020485f65 [ 197.189445] R10: 0000000000000003 R11: ffffffffa7b865b8 R12: 0000000000000000 [ 197.189784] R13: ffff88810242fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 197.190252] FS: 0000000000000000(0000) GS:ffff8881add0e000(0000) knlGS:0000000000000000 [ 197.190660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.191074] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 197.191473] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8583 [ 197.191998] DR3: ffffffffad4b8585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.192378] Call Trace: [ 197.192543] <TASK> [ 197.192679] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 197.193115] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 197.193689] ? __schedule+0x10da/0x2b60 [ 197.193896] ? __pfx_read_tsc+0x10/0x10 [ 197.194100] ? ktime_get_ts64+0x86/0x230 [ 197.194309] kunit_try_run_case+0x1a5/0x480 [ 197.194680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.194924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.195096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.195283] ? __kthread_parkme+0x82/0x180 [ 197.195517] ? preempt_count_sub+0x50/0x80 [ 197.195740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.196501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.197096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.197623] kthread+0x337/0x6f0 [ 197.198031] ? trace_preempt_on+0x20/0xc0 [ 197.198580] ? __pfx_kthread+0x10/0x10 [ 197.198942] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.199133] ? calculate_sigpending+0x7b/0xa0 [ 197.199379] ? __pfx_kthread+0x10/0x10 [ 197.199624] ret_from_fork+0x116/0x1d0 [ 197.199926] ? __pfx_kthread+0x10/0x10 [ 197.200173] ret_from_fork_asm+0x1a/0x30 [ 197.200372] </TASK> [ 197.200539] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 197.257149] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2178 [ 197.257664] Modules linked in: [ 197.257850] CPU: 1 UID: 0 PID: 2178 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 197.258382] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.258629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.259095] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 197.259421] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 d2 26 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 c0 26 2b 02 48 89 df e8 68 [ 197.260131] RSP: 0000:ffff888102fe7c90 EFLAGS: 00010246 [ 197.260530] RAX: dffffc0000000000 RBX: ffff888103386000 RCX: 0000000000000000 [ 197.260854] RDX: 1ffff11020670c34 RSI: ffffffffa860edd8 RDI: ffff8881033861a0 [ 197.261116] RBP: ffff888102fe7ca0 R08: 1ffff11020078f6a R09: ffffed10205fcf65 [ 197.261424] R10: 0000000000000003 R11: ffffffffa7b865b8 R12: 0000000000000000 [ 197.261947] R13: ffff888102fe7d38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 197.262285] FS: 0000000000000000(0000) GS:ffff8881add0e000(0000) knlGS:0000000000000000 [ 197.262596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.262854] CR2: 00007ffff7ffe000 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 197.263350] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8583 [ 197.263824] DR3: ffffffffad4b8585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.264093] Call Trace: [ 197.264230] <TASK> [ 197.264411] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 197.264755] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 197.265071] ? __schedule+0x10da/0x2b60 [ 197.265248] ? __pfx_read_tsc+0x10/0x10 [ 197.265530] ? ktime_get_ts64+0x86/0x230 [ 197.265793] kunit_try_run_case+0x1a5/0x480 [ 197.266044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.266329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.266587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.266819] ? __kthread_parkme+0x82/0x180 [ 197.267037] ? preempt_count_sub+0x50/0x80 [ 197.267247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.267550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.267803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.268033] kthread+0x337/0x6f0 [ 197.268158] ? trace_preempt_on+0x20/0xc0 [ 197.268402] ? __pfx_kthread+0x10/0x10 [ 197.268648] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.269001] ? calculate_sigpending+0x7b/0xa0 [ 197.269238] ? __pfx_kthread+0x10/0x10 [ 197.269489] ret_from_fork+0x116/0x1d0 [ 197.269695] ? __pfx_kthread+0x10/0x10 [ 197.269899] ret_from_fork_asm+0x1a/0x30 [ 197.270071] </TASK> [ 197.270235] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 125.754166] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/706 [ 125.755308] Modules linked in: [ 125.755794] CPU: 0 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 125.756454] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 125.756645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.757709] RIP: 0010:intlog10+0x2a/0x40 [ 125.758202] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 57 bd 91 02 90 <0f> 0b 90 31 c0 e9 4c bd 91 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 125.760330] RSP: 0000:ffff888105a5fcb0 EFLAGS: 00010246 [ 125.761417] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020b4bfb4 [ 125.761932] RDX: 1ffffffff5653470 RSI: 1ffff11020b4bfb3 RDI: 0000000000000000 [ 125.762160] RBP: ffff888105a5fd60 R08: 0000000000000000 R09: ffffed10209230c0 [ 125.763316] R10: ffff888104918607 R11: 0000000000000000 R12: 1ffff11020b4bf97 [ 125.764207] R13: ffffffffab29a380 R14: 0000000000000000 R15: ffff888105a5fd38 [ 125.765066] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 125.765832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.766526] CR2: dffffc0000000002 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 125.767072] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 125.767742] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.768421] Call Trace: [ 125.768913] <TASK> [ 125.769232] ? intlog10_test+0xf2/0x220 [ 125.769567] ? __pfx_intlog10_test+0x10/0x10 [ 125.769729] ? __schedule+0x10da/0x2b60 [ 125.770075] ? __pfx_read_tsc+0x10/0x10 [ 125.770722] ? ktime_get_ts64+0x86/0x230 [ 125.771252] kunit_try_run_case+0x1a5/0x480 [ 125.771871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.772436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.772893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.773079] ? __kthread_parkme+0x82/0x180 [ 125.773345] ? preempt_count_sub+0x50/0x80 [ 125.773810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.774305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.774950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.775376] kthread+0x337/0x6f0 [ 125.775660] ? trace_preempt_on+0x20/0xc0 [ 125.776102] ? __pfx_kthread+0x10/0x10 [ 125.776563] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.776836] ? calculate_sigpending+0x7b/0xa0 [ 125.777114] ? __pfx_kthread+0x10/0x10 [ 125.777520] ret_from_fork+0x116/0x1d0 [ 125.777971] ? __pfx_kthread+0x10/0x10 [ 125.778399] ret_from_fork_asm+0x1a/0x30 [ 125.778869] </TASK> [ 125.778993] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 125.713416] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/688 [ 125.714133] Modules linked in: [ 125.714371] CPU: 0 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc7-next-20250722 #1 PREEMPT(voluntary) [ 125.714901] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 125.715141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 125.715685] RIP: 0010:intlog2+0xdf/0x110 [ 125.715920] Code: 29 ab c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 c2 bd 91 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 af 51 55 ff 8b 45 e4 eb [ 125.716940] RSP: 0000:ffff888101bc7cb0 EFLAGS: 00010246 [ 125.717222] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020378fb4 [ 125.717600] RDX: 1ffffffff56534c4 RSI: 1ffff11020378fb3 RDI: 0000000000000000 [ 125.717913] RBP: ffff888101bc7d60 R08: 0000000000000000 R09: ffffed1020923000 [ 125.718227] R10: ffff888104918007 R11: 0000000000000000 R12: 1ffff11020378f97 [ 125.718567] R13: ffffffffab29a620 R14: 0000000000000000 R15: ffff888101bc7d38 [ 125.718910] FS: 0000000000000000(0000) GS:ffff8881adc0e000(0000) knlGS:0000000000000000 [ 125.719297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.719667] CR2: dffffc0000000002 CR3: 000000001acbc000 CR4: 00000000000006f0 [ 125.719968] DR0: ffffffffad4b8580 DR1: ffffffffad4b8581 DR2: ffffffffad4b8582 [ 125.720307] DR3: ffffffffad4b8583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.720577] Call Trace: [ 125.720711] <TASK> [ 125.720827] ? intlog2_test+0xf2/0x220 [ 125.721207] ? __pfx_intlog2_test+0x10/0x10 [ 125.721678] ? __schedule+0x10da/0x2b60 [ 125.721898] ? __pfx_read_tsc+0x10/0x10 [ 125.722041] ? ktime_get_ts64+0x86/0x230 [ 125.722274] kunit_try_run_case+0x1a5/0x480 [ 125.722608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.722853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.723099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.723361] ? __kthread_parkme+0x82/0x180 [ 125.723650] ? preempt_count_sub+0x50/0x80 [ 125.723848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.724113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.724380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.724794] kthread+0x337/0x6f0 [ 125.725016] ? trace_preempt_on+0x20/0xc0 [ 125.725217] ? __pfx_kthread+0x10/0x10 [ 125.725432] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.725855] ? calculate_sigpending+0x7b/0xa0 [ 125.726093] ? __pfx_kthread+0x10/0x10 [ 125.726290] ret_from_fork+0x116/0x1d0 [ 125.726473] ? __pfx_kthread+0x10/0x10 [ 125.726648] ret_from_fork_asm+0x1a/0x30 [ 125.726843] </TASK> [ 125.727111] ---[ end trace 0000000000000000 ]---
Failure - kunit/test_mb_mark_used_cost_ext4_mballoc_test
<8>[ 253.532977] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_ext4_mballoc_test RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_test_mb_mark_used_cost
<8>[ 253.436586] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_test_mb_mark_used_cost RESULT=fail>
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 94.337107] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#19] SMP KASAN PTI [ 63.365666] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 63.449020] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#4] SMP KASAN PTI [ 63.475609] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#5] SMP KASAN PTI [ 63.803573] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#15] SMP KASAN PTI [ 63.895656] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#18] SMP KASAN PTI [ 63.500747] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#6] SMP KASAN PTI [ 63.864204] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#17] SMP KASAN PTI [ 124.789005] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#20] SMP KASAN PTI [ 63.695360] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#12] SMP KASAN PTI [ 63.836798] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#16] SMP KASAN PTI [ 63.770334] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#14] SMP KASAN PTI [ 63.598622] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#9] SMP KASAN PTI [ 63.417794] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#3] SMP KASAN PTI [ 125.078933] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#22] SMP KASAN PTI [ 63.667985] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#11] SMP KASAN PTI [ 63.735229] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#13] SMP KASAN PTI [ 63.564346] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#8] SMP KASAN PTI [ 63.638117] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#10] SMP KASAN PTI [ 63.533893] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#7] SMP KASAN PTI [ 63.392782] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#2] SMP KASAN PTI [ 124.813064] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#21] SMP KASAN PTI