Date
July 23, 2025, 3:10 a.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 61.765676] ================================================================== [ 61.766232] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 61.766232] [ 61.766773] Use-after-free read at 0x(____ptrval____) (in kfence-#158): [ 61.767111] test_krealloc+0x6fc/0xbe0 [ 61.767329] kunit_try_run_case+0x1a5/0x480 [ 61.767524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.767743] kthread+0x337/0x6f0 [ 61.767918] ret_from_fork+0x116/0x1d0 [ 61.768111] ret_from_fork_asm+0x1a/0x30 [ 61.768451] [ 61.768525] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 61.768525] [ 61.768838] allocated by task 386 on cpu 1 at 61.764807s (0.004028s ago): [ 61.769298] test_alloc+0x364/0x10f0 [ 61.769523] test_krealloc+0xad/0xbe0 [ 61.769699] kunit_try_run_case+0x1a5/0x480 [ 61.769841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.770021] kthread+0x337/0x6f0 [ 61.770197] ret_from_fork+0x116/0x1d0 [ 61.770380] ret_from_fork_asm+0x1a/0x30 [ 61.770610] [ 61.770703] freed by task 386 on cpu 1 at 61.765113s (0.005587s ago): [ 61.771022] krealloc_noprof+0x108/0x340 [ 61.771254] test_krealloc+0x226/0xbe0 [ 61.771466] kunit_try_run_case+0x1a5/0x480 [ 61.771766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.772011] kthread+0x337/0x6f0 [ 61.772194] ret_from_fork+0x116/0x1d0 [ 61.772408] ret_from_fork_asm+0x1a/0x30 [ 61.772545] [ 61.772650] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 61.773616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 61.773815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.774629] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 61.684380] ================================================================== [ 61.684809] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.684809] [ 61.685165] Use-after-free read at 0x(____ptrval____) (in kfence-#157): [ 61.685379] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 61.685561] kunit_try_run_case+0x1a5/0x480 [ 61.685711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.685883] kthread+0x337/0x6f0 [ 61.686207] ret_from_fork+0x116/0x1d0 [ 61.686548] ret_from_fork_asm+0x1a/0x30 [ 61.686953] [ 61.687076] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 61.687076] [ 61.687367] allocated by task 384 on cpu 0 at 61.660587s (0.026776s ago): [ 61.687609] test_alloc+0x2a6/0x10f0 [ 61.687740] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 61.687931] kunit_try_run_case+0x1a5/0x480 [ 61.688137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.688313] kthread+0x337/0x6f0 [ 61.688436] ret_from_fork+0x116/0x1d0 [ 61.688565] ret_from_fork_asm+0x1a/0x30 [ 61.688708] [ 61.688776] freed by task 384 on cpu 0 at 61.660700s (0.028074s ago): [ 61.689000] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 61.689176] kunit_try_run_case+0x1a5/0x480 [ 61.689602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 61.690086] kthread+0x337/0x6f0 [ 61.690407] ret_from_fork+0x116/0x1d0 [ 61.690572] ret_from_fork_asm+0x1a/0x30 [ 61.690741] [ 61.690866] CPU: 0 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 61.691259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 61.691396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 61.691670] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.506739] ================================================================== [ 36.507335] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.507335] [ 36.508133] Invalid read at 0x(____ptrval____): [ 36.508422] test_invalid_access+0xf0/0x210 [ 36.509043] kunit_try_run_case+0x1a5/0x480 [ 36.509228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.509764] kthread+0x337/0x6f0 [ 36.510055] ret_from_fork+0x116/0x1d0 [ 36.510391] ret_from_fork_asm+0x1a/0x30 [ 36.510620] [ 36.510777] CPU: 0 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 36.511240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.511385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.511821] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 36.285011] ================================================================== [ 36.285460] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.285460] [ 36.285852] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#153): [ 36.286853] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.287315] kunit_try_run_case+0x1a5/0x480 [ 36.287534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.287744] kthread+0x337/0x6f0 [ 36.287921] ret_from_fork+0x116/0x1d0 [ 36.288381] ret_from_fork_asm+0x1a/0x30 [ 36.288671] [ 36.288783] kfence-#153: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.288783] [ 36.289327] allocated by task 374 on cpu 1 at 36.284728s (0.004595s ago): [ 36.289736] test_alloc+0x364/0x10f0 [ 36.290079] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 36.290421] kunit_try_run_case+0x1a5/0x480 [ 36.290603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.291002] kthread+0x337/0x6f0 [ 36.291156] ret_from_fork+0x116/0x1d0 [ 36.291361] ret_from_fork_asm+0x1a/0x30 [ 36.291748] [ 36.291864] freed by task 374 on cpu 1 at 36.284882s (0.006978s ago): [ 36.292208] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 36.292439] kunit_try_run_case+0x1a5/0x480 [ 36.292624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.292860] kthread+0x337/0x6f0 [ 36.293019] ret_from_fork+0x116/0x1d0 [ 36.293581] ret_from_fork_asm+0x1a/0x30 [ 36.293755] [ 36.293967] CPU: 1 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 36.294711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.294999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.295466] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 36.180913] ================================================================== [ 36.181343] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.181343] [ 36.181882] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#152): [ 36.182304] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 36.182514] kunit_try_run_case+0x1a5/0x480 [ 36.182681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.182932] kthread+0x337/0x6f0 [ 36.183104] ret_from_fork+0x116/0x1d0 [ 36.183259] ret_from_fork_asm+0x1a/0x30 [ 36.183464] [ 36.183534] kfence-#152: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 36.183534] [ 36.183925] allocated by task 372 on cpu 0 at 36.180689s (0.003234s ago): [ 36.184250] test_alloc+0x364/0x10f0 [ 36.184411] test_kmalloc_aligned_oob_read+0x105/0x560 [ 36.184638] kunit_try_run_case+0x1a5/0x480 [ 36.184817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.184989] kthread+0x337/0x6f0 [ 36.185109] ret_from_fork+0x116/0x1d0 [ 36.185248] ret_from_fork_asm+0x1a/0x30 [ 36.185446] [ 36.185566] CPU: 0 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 36.186313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.186466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.186732] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 31.916835] ================================================================== [ 31.917241] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 31.917241] [ 31.917513] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#111): [ 31.918552] test_corruption+0x216/0x3e0 [ 31.918723] kunit_try_run_case+0x1a5/0x480 [ 31.919111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.919428] kthread+0x337/0x6f0 [ 31.919725] ret_from_fork+0x116/0x1d0 [ 31.919908] ret_from_fork_asm+0x1a/0x30 [ 31.920356] [ 31.920462] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.920462] [ 31.920823] allocated by task 362 on cpu 1 at 31.916689s (0.004132s ago): [ 31.921355] test_alloc+0x2a6/0x10f0 [ 31.921540] test_corruption+0x1cb/0x3e0 [ 31.921857] kunit_try_run_case+0x1a5/0x480 [ 31.922097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.922452] kthread+0x337/0x6f0 [ 31.922619] ret_from_fork+0x116/0x1d0 [ 31.922911] ret_from_fork_asm+0x1a/0x30 [ 31.923219] [ 31.923313] freed by task 362 on cpu 1 at 31.916749s (0.006561s ago): [ 31.923584] test_corruption+0x216/0x3e0 [ 31.923781] kunit_try_run_case+0x1a5/0x480 [ 31.924136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.924497] kthread+0x337/0x6f0 [ 31.924643] ret_from_fork+0x116/0x1d0 [ 31.924904] ret_from_fork_asm+0x1a/0x30 [ 31.925237] [ 31.925354] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.925847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.926021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.926603] ================================================================== [ 31.708836] ================================================================== [ 31.709299] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 31.709299] [ 31.709616] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#109): [ 31.710512] test_corruption+0x131/0x3e0 [ 31.710674] kunit_try_run_case+0x1a5/0x480 [ 31.710858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.711636] kthread+0x337/0x6f0 [ 31.711926] ret_from_fork+0x116/0x1d0 [ 31.712205] ret_from_fork_asm+0x1a/0x30 [ 31.712453] [ 31.712559] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.712559] [ 31.713058] allocated by task 362 on cpu 1 at 31.708697s (0.004357s ago): [ 31.713510] test_alloc+0x2a6/0x10f0 [ 31.713663] test_corruption+0xe6/0x3e0 [ 31.713856] kunit_try_run_case+0x1a5/0x480 [ 31.714230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.714600] kthread+0x337/0x6f0 [ 31.714733] ret_from_fork+0x116/0x1d0 [ 31.715057] ret_from_fork_asm+0x1a/0x30 [ 31.715235] [ 31.715335] freed by task 362 on cpu 1 at 31.708753s (0.006578s ago): [ 31.715711] test_corruption+0x131/0x3e0 [ 31.715898] kunit_try_run_case+0x1a5/0x480 [ 31.716353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.716582] kthread+0x337/0x6f0 [ 31.716756] ret_from_fork+0x116/0x1d0 [ 31.717164] ret_from_fork_asm+0x1a/0x30 [ 31.717340] [ 31.717464] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.718163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.718366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.718733] ================================================================== [ 31.396996] ================================================================== [ 31.397452] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 31.397452] [ 31.397757] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#106): [ 31.398202] test_corruption+0x2df/0x3e0 [ 31.398358] kunit_try_run_case+0x1a5/0x480 [ 31.398683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.398867] kthread+0x337/0x6f0 [ 31.398990] ret_from_fork+0x116/0x1d0 [ 31.399261] ret_from_fork_asm+0x1a/0x30 [ 31.399473] [ 31.399567] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.399567] [ 31.399987] allocated by task 360 on cpu 0 at 31.396728s (0.003257s ago): [ 31.400294] test_alloc+0x364/0x10f0 [ 31.400431] test_corruption+0x1cb/0x3e0 [ 31.400566] kunit_try_run_case+0x1a5/0x480 [ 31.400734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.400982] kthread+0x337/0x6f0 [ 31.401227] ret_from_fork+0x116/0x1d0 [ 31.401414] ret_from_fork_asm+0x1a/0x30 [ 31.401579] [ 31.401648] freed by task 360 on cpu 0 at 31.396828s (0.004817s ago): [ 31.401861] test_corruption+0x2df/0x3e0 [ 31.402171] kunit_try_run_case+0x1a5/0x480 [ 31.402382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.402638] kthread+0x337/0x6f0 [ 31.402805] ret_from_fork+0x116/0x1d0 [ 31.403021] ret_from_fork_asm+0x1a/0x30 [ 31.403213] [ 31.403308] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.403797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.403987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.404294] ================================================================== [ 31.292790] ================================================================== [ 31.293493] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 31.293493] [ 31.293802] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#105): [ 31.294671] test_corruption+0x2d2/0x3e0 [ 31.294867] kunit_try_run_case+0x1a5/0x480 [ 31.295488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.295713] kthread+0x337/0x6f0 [ 31.296066] ret_from_fork+0x116/0x1d0 [ 31.296337] ret_from_fork_asm+0x1a/0x30 [ 31.296504] [ 31.296673] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.296673] [ 31.297366] allocated by task 360 on cpu 0 at 31.292617s (0.004746s ago): [ 31.297766] test_alloc+0x364/0x10f0 [ 31.297939] test_corruption+0xe6/0x3e0 [ 31.298300] kunit_try_run_case+0x1a5/0x480 [ 31.298559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.298759] kthread+0x337/0x6f0 [ 31.298925] ret_from_fork+0x116/0x1d0 [ 31.299287] ret_from_fork_asm+0x1a/0x30 [ 31.299479] [ 31.299572] freed by task 360 on cpu 0 at 31.292707s (0.006862s ago): [ 31.299858] test_corruption+0x2d2/0x3e0 [ 31.300076] kunit_try_run_case+0x1a5/0x480 [ 31.300593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.300832] kthread+0x337/0x6f0 [ 31.301104] ret_from_fork+0x116/0x1d0 [ 31.301416] ret_from_fork_asm+0x1a/0x30 [ 31.301658] [ 31.301840] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.302469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.302739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.303221] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 31.084841] ================================================================== [ 31.085296] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 31.085296] [ 31.085666] Invalid free of 0x(____ptrval____) (in kfence-#103): [ 31.085962] test_invalid_addr_free+0x1e1/0x260 [ 31.086197] kunit_try_run_case+0x1a5/0x480 [ 31.086386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.086575] kthread+0x337/0x6f0 [ 31.086740] ret_from_fork+0x116/0x1d0 [ 31.086921] ret_from_fork_asm+0x1a/0x30 [ 31.087085] [ 31.087164] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.087164] [ 31.087589] allocated by task 356 on cpu 0 at 31.084710s (0.002876s ago): [ 31.087914] test_alloc+0x364/0x10f0 [ 31.088057] test_invalid_addr_free+0xdb/0x260 [ 31.088253] kunit_try_run_case+0x1a5/0x480 [ 31.088479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.088690] kthread+0x337/0x6f0 [ 31.088870] ret_from_fork+0x116/0x1d0 [ 31.089087] ret_from_fork_asm+0x1a/0x30 [ 31.089294] [ 31.089406] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.089896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.090175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.090539] ================================================================== [ 31.188875] ================================================================== [ 31.189280] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 31.189280] [ 31.189623] Invalid free of 0x(____ptrval____) (in kfence-#104): [ 31.190234] test_invalid_addr_free+0xfb/0x260 [ 31.190431] kunit_try_run_case+0x1a5/0x480 [ 31.190579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.190809] kthread+0x337/0x6f0 [ 31.191005] ret_from_fork+0x116/0x1d0 [ 31.191218] ret_from_fork_asm+0x1a/0x30 [ 31.191386] [ 31.191501] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.191501] [ 31.191866] allocated by task 358 on cpu 1 at 31.188727s (0.003136s ago): [ 31.192213] test_alloc+0x2a6/0x10f0 [ 31.192400] test_invalid_addr_free+0xdb/0x260 [ 31.192610] kunit_try_run_case+0x1a5/0x480 [ 31.192816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.193106] kthread+0x337/0x6f0 [ 31.193307] ret_from_fork+0x116/0x1d0 [ 31.193462] ret_from_fork_asm+0x1a/0x30 [ 31.193602] [ 31.193735] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 31.194362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.194534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.194875] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 30.876910] ================================================================== [ 30.877348] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 30.877348] [ 30.877758] Invalid free of 0x(____ptrval____) (in kfence-#101): [ 30.878098] test_double_free+0x1d3/0x260 [ 30.878648] kunit_try_run_case+0x1a5/0x480 [ 30.878830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.879078] kthread+0x337/0x6f0 [ 30.879329] ret_from_fork+0x116/0x1d0 [ 30.879462] ret_from_fork_asm+0x1a/0x30 [ 30.879673] [ 30.880332] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.880332] [ 30.880829] allocated by task 352 on cpu 0 at 30.876703s (0.004123s ago): [ 30.881388] test_alloc+0x364/0x10f0 [ 30.881640] test_double_free+0xdb/0x260 [ 30.881824] kunit_try_run_case+0x1a5/0x480 [ 30.882117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.882414] kthread+0x337/0x6f0 [ 30.882558] ret_from_fork+0x116/0x1d0 [ 30.882754] ret_from_fork_asm+0x1a/0x30 [ 30.882904] [ 30.883253] freed by task 352 on cpu 0 at 30.876760s (0.006299s ago): [ 30.883598] test_double_free+0x1e0/0x260 [ 30.883858] kunit_try_run_case+0x1a5/0x480 [ 30.884067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.884315] kthread+0x337/0x6f0 [ 30.884451] ret_from_fork+0x116/0x1d0 [ 30.884602] ret_from_fork_asm+0x1a/0x30 [ 30.884796] [ 30.884920] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.885791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.885982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.886495] ================================================================== [ 30.981044] ================================================================== [ 30.981515] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 30.981515] [ 30.981808] Invalid free of 0x(____ptrval____) (in kfence-#102): [ 30.982135] test_double_free+0x112/0x260 [ 30.982413] kunit_try_run_case+0x1a5/0x480 [ 30.982572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.982825] kthread+0x337/0x6f0 [ 30.983026] ret_from_fork+0x116/0x1d0 [ 30.983193] ret_from_fork_asm+0x1a/0x30 [ 30.983333] [ 30.983403] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.983403] [ 30.983796] allocated by task 354 on cpu 1 at 30.980726s (0.003067s ago): [ 30.984083] test_alloc+0x2a6/0x10f0 [ 30.984398] test_double_free+0xdb/0x260 [ 30.984581] kunit_try_run_case+0x1a5/0x480 [ 30.984784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.984960] kthread+0x337/0x6f0 [ 30.985084] ret_from_fork+0x116/0x1d0 [ 30.985281] ret_from_fork_asm+0x1a/0x30 [ 30.985475] [ 30.985570] freed by task 354 on cpu 1 at 30.980778s (0.004790s ago): [ 30.985953] test_double_free+0xfa/0x260 [ 30.986094] kunit_try_run_case+0x1a5/0x480 [ 30.986268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.986522] kthread+0x337/0x6f0 [ 30.986699] ret_from_fork+0x116/0x1d0 [ 30.986900] ret_from_fork_asm+0x1a/0x30 [ 30.987115] [ 30.987289] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.987744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.987989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.988327] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 30.460982] ================================================================== [ 30.461428] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.461428] [ 30.461885] Use-after-free read at 0x(____ptrval____) (in kfence-#97): [ 30.462191] test_use_after_free_read+0x129/0x270 [ 30.462404] kunit_try_run_case+0x1a5/0x480 [ 30.462596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.462808] kthread+0x337/0x6f0 [ 30.463569] ret_from_fork+0x116/0x1d0 [ 30.463760] ret_from_fork_asm+0x1a/0x30 [ 30.463908] [ 30.464080] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.464080] [ 30.464448] allocated by task 344 on cpu 0 at 30.460736s (0.003710s ago): [ 30.464764] test_alloc+0x364/0x10f0 [ 30.464926] test_use_after_free_read+0xdc/0x270 [ 30.465576] kunit_try_run_case+0x1a5/0x480 [ 30.465744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.466206] kthread+0x337/0x6f0 [ 30.466373] ret_from_fork+0x116/0x1d0 [ 30.466696] ret_from_fork_asm+0x1a/0x30 [ 30.466964] [ 30.467057] freed by task 344 on cpu 0 at 30.460812s (0.006242s ago): [ 30.467345] test_use_after_free_read+0x1e7/0x270 [ 30.467719] kunit_try_run_case+0x1a5/0x480 [ 30.467986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.468348] kthread+0x337/0x6f0 [ 30.468500] ret_from_fork+0x116/0x1d0 [ 30.468785] ret_from_fork_asm+0x1a/0x30 [ 30.468940] [ 30.469066] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.469564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.469744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.470373] ================================================================== [ 30.564973] ================================================================== [ 30.565404] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 30.565404] [ 30.566189] Use-after-free read at 0x(____ptrval____) (in kfence-#98): [ 30.566424] test_use_after_free_read+0x129/0x270 [ 30.566677] kunit_try_run_case+0x1a5/0x480 [ 30.567110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.567487] kthread+0x337/0x6f0 [ 30.567639] ret_from_fork+0x116/0x1d0 [ 30.568005] ret_from_fork_asm+0x1a/0x30 [ 30.568329] [ 30.568401] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.568401] [ 30.569175] allocated by task 346 on cpu 1 at 30.564699s (0.004465s ago): [ 30.569650] test_alloc+0x2a6/0x10f0 [ 30.569779] test_use_after_free_read+0xdc/0x270 [ 30.569932] kunit_try_run_case+0x1a5/0x480 [ 30.570383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.570776] kthread+0x337/0x6f0 [ 30.570931] ret_from_fork+0x116/0x1d0 [ 30.571158] ret_from_fork_asm+0x1a/0x30 [ 30.571339] [ 30.571430] freed by task 346 on cpu 1 at 30.564756s (0.006672s ago): [ 30.571723] test_use_after_free_read+0xfb/0x270 [ 30.571946] kunit_try_run_case+0x1a5/0x480 [ 30.572176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.572409] kthread+0x337/0x6f0 [ 30.572560] ret_from_fork+0x116/0x1d0 [ 30.572749] ret_from_fork_asm+0x1a/0x30 [ 30.572930] [ 30.573068] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.573528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.573924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.574313] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 30.252826] ================================================================== [ 30.253247] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.253247] [ 30.253718] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#95): [ 30.254170] test_out_of_bounds_write+0x10d/0x260 [ 30.254371] kunit_try_run_case+0x1a5/0x480 [ 30.254517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.254766] kthread+0x337/0x6f0 [ 30.254937] ret_from_fork+0x116/0x1d0 [ 30.255205] ret_from_fork_asm+0x1a/0x30 [ 30.255430] [ 30.255512] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.255512] [ 30.255845] allocated by task 340 on cpu 0 at 30.252687s (0.003156s ago): [ 30.256380] test_alloc+0x364/0x10f0 [ 30.256546] test_out_of_bounds_write+0xd4/0x260 [ 30.256730] kunit_try_run_case+0x1a5/0x480 [ 30.256935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.257187] kthread+0x337/0x6f0 [ 30.257354] ret_from_fork+0x116/0x1d0 [ 30.257509] ret_from_fork_asm+0x1a/0x30 [ 30.257676] [ 30.257802] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.258236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.258433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.258775] ================================================================== [ 30.356778] ================================================================== [ 30.357267] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.357267] [ 30.357734] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#96): [ 30.358092] test_out_of_bounds_write+0x10d/0x260 [ 30.358306] kunit_try_run_case+0x1a5/0x480 [ 30.358487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.358790] kthread+0x337/0x6f0 [ 30.358980] ret_from_fork+0x116/0x1d0 [ 30.359154] ret_from_fork_asm+0x1a/0x30 [ 30.359289] [ 30.359356] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.359356] [ 30.359750] allocated by task 342 on cpu 1 at 30.356715s (0.003032s ago): [ 30.360102] test_alloc+0x2a6/0x10f0 [ 30.360286] test_out_of_bounds_write+0xd4/0x260 [ 30.360451] kunit_try_run_case+0x1a5/0x480 [ 30.360594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.360866] kthread+0x337/0x6f0 [ 30.361056] ret_from_fork+0x116/0x1d0 [ 30.361327] ret_from_fork_asm+0x1a/0x30 [ 30.361508] [ 30.361620] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 30.362110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.362335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.362712] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 29.940742] ================================================================== [ 29.941327] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.941327] [ 29.941680] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#92): [ 29.942013] test_out_of_bounds_read+0x216/0x4e0 [ 29.942247] kunit_try_run_case+0x1a5/0x480 [ 29.942538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.942729] kthread+0x337/0x6f0 [ 29.942903] ret_from_fork+0x116/0x1d0 [ 29.943103] ret_from_fork_asm+0x1a/0x30 [ 29.943329] [ 29.943401] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.943401] [ 29.943677] allocated by task 338 on cpu 1 at 29.940681s (0.002993s ago): [ 29.944021] test_alloc+0x2a6/0x10f0 [ 29.944210] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.944409] kunit_try_run_case+0x1a5/0x480 [ 29.944553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.944807] kthread+0x337/0x6f0 [ 29.945024] ret_from_fork+0x116/0x1d0 [ 29.945208] ret_from_fork_asm+0x1a/0x30 [ 29.945396] [ 29.945512] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.945950] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.946161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.946517] ================================================================== [ 29.628940] ================================================================== [ 29.629355] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 29.629355] [ 29.629966] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#89): [ 29.630370] test_out_of_bounds_read+0x216/0x4e0 [ 29.630586] kunit_try_run_case+0x1a5/0x480 [ 29.630755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.631002] kthread+0x337/0x6f0 [ 29.631240] ret_from_fork+0x116/0x1d0 [ 29.631467] ret_from_fork_asm+0x1a/0x30 [ 29.631631] [ 29.631720] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.631720] [ 29.632133] allocated by task 336 on cpu 0 at 29.628735s (0.003396s ago): [ 29.632509] test_alloc+0x364/0x10f0 [ 29.632651] test_out_of_bounds_read+0x1e2/0x4e0 [ 29.632899] kunit_try_run_case+0x1a5/0x480 [ 29.633074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.633366] kthread+0x337/0x6f0 [ 29.633522] ret_from_fork+0x116/0x1d0 [ 29.633739] ret_from_fork_asm+0x1a/0x30 [ 29.633931] [ 29.634086] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.634598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.634809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.635070] ================================================================== [ 29.526027] ================================================================== [ 29.526477] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.526477] [ 29.526989] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#88): [ 29.527321] test_out_of_bounds_read+0x126/0x4e0 [ 29.527564] kunit_try_run_case+0x1a5/0x480 [ 29.527773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.528593] kthread+0x337/0x6f0 [ 29.528740] ret_from_fork+0x116/0x1d0 [ 29.528873] ret_from_fork_asm+0x1a/0x30 [ 29.529020] [ 29.529090] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 29.529090] [ 29.529378] allocated by task 336 on cpu 0 at 29.524700s (0.004675s ago): [ 29.529709] test_alloc+0x364/0x10f0 [ 29.530030] test_out_of_bounds_read+0xed/0x4e0 [ 29.530241] kunit_try_run_case+0x1a5/0x480 [ 29.530393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.530784] kthread+0x337/0x6f0 [ 29.531165] ret_from_fork+0x116/0x1d0 [ 29.531432] ret_from_fork_asm+0x1a/0x30 [ 29.531659] [ 29.531785] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.532362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.532541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.532932] ================================================================== [ 29.732812] ================================================================== [ 29.733218] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 29.733218] [ 29.733602] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#90): [ 29.733940] test_out_of_bounds_read+0x126/0x4e0 [ 29.734110] kunit_try_run_case+0x1a5/0x480 [ 29.734285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.734538] kthread+0x337/0x6f0 [ 29.734708] ret_from_fork+0x116/0x1d0 [ 29.734885] ret_from_fork_asm+0x1a/0x30 [ 29.735027] [ 29.735096] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 29.735096] [ 29.735690] allocated by task 338 on cpu 1 at 29.732746s (0.002941s ago): [ 29.735977] test_alloc+0x2a6/0x10f0 [ 29.736171] test_out_of_bounds_read+0xed/0x4e0 [ 29.736390] kunit_try_run_case+0x1a5/0x480 [ 29.736571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.736787] kthread+0x337/0x6f0 [ 29.736909] ret_from_fork+0x116/0x1d0 [ 29.737106] ret_from_fork_asm+0x1a/0x30 [ 29.737306] [ 29.737428] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.737891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.738066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.738453] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 24.658548] ================================================================== [ 24.659205] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 24.659640] Read of size 1 at addr ffff8881061f0000 by task kunit_try_catch/203 [ 24.659913] [ 24.660246] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.660307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.660321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.660343] Call Trace: [ 24.660357] <TASK> [ 24.660376] dump_stack_lvl+0x73/0xb0 [ 24.660409] print_report+0xd1/0x640 [ 24.660690] ? __virt_addr_valid+0x1db/0x2d0 [ 24.660804] ? page_alloc_uaf+0x356/0x3d0 [ 24.660827] ? kasan_addr_to_slab+0x11/0xa0 [ 24.660848] ? page_alloc_uaf+0x356/0x3d0 [ 24.660870] kasan_report+0x141/0x180 [ 24.660892] ? page_alloc_uaf+0x356/0x3d0 [ 24.660918] __asan_report_load1_noabort+0x18/0x20 [ 24.660956] page_alloc_uaf+0x356/0x3d0 [ 24.660978] ? __pfx_page_alloc_uaf+0x10/0x10 [ 24.661000] ? __schedule+0x10da/0x2b60 [ 24.661026] ? __pfx_read_tsc+0x10/0x10 [ 24.661048] ? ktime_get_ts64+0x86/0x230 [ 24.661073] kunit_try_run_case+0x1a5/0x480 [ 24.661100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.661122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.661158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.661183] ? __kthread_parkme+0x82/0x180 [ 24.661203] ? preempt_count_sub+0x50/0x80 [ 24.661226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.661249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.661273] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.661295] kthread+0x337/0x6f0 [ 24.661315] ? trace_preempt_on+0x20/0xc0 [ 24.661340] ? __pfx_kthread+0x10/0x10 [ 24.661360] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.661384] ? calculate_sigpending+0x7b/0xa0 [ 24.661407] ? __pfx_kthread+0x10/0x10 [ 24.661429] ret_from_fork+0x116/0x1d0 [ 24.661449] ? __pfx_kthread+0x10/0x10 [ 24.661469] ret_from_fork_asm+0x1a/0x30 [ 24.661501] </TASK> [ 24.661512] [ 24.674961] The buggy address belongs to the physical page: [ 24.675639] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f0 [ 24.675915] flags: 0x200000000000000(node=0|zone=2) [ 24.676084] page_type: f0(buddy) [ 24.676222] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 24.676708] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 24.677376] page dumped because: kasan: bad access detected [ 24.677874] [ 24.678064] Memory state around the buggy address: [ 24.678709] ffff8881061eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.679545] ffff8881061eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.680275] >ffff8881061f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.680695] ^ [ 24.681100] ffff8881061f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.681625] ffff8881061f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.682101] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 24.523928] ================================================================== [ 24.525436] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 24.525436] [ 24.525861] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#56): [ 24.526988] kmalloc_track_caller_oob_right+0x288/0x520 [ 24.527267] kunit_try_run_case+0x1a5/0x480 [ 24.527672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.527886] kthread+0x337/0x6f0 [ 24.528064] ret_from_fork+0x116/0x1d0 [ 24.528213] ret_from_fork_asm+0x1a/0x30 [ 24.528552] [ 24.528911] kfence-#56: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 24.528911] [ 24.529493] allocated by task 191 on cpu 1 at 24.521988s (0.007439s ago): [ 24.529896] kmalloc_track_caller_oob_right+0x19a/0x520 [ 24.530295] kunit_try_run_case+0x1a5/0x480 [ 24.530486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.530728] kthread+0x337/0x6f0 [ 24.530885] ret_from_fork+0x116/0x1d0 [ 24.531185] ret_from_fork_asm+0x1a/0x30 [ 24.531407] [ 24.531761] freed by task 191 on cpu 1 at 24.523381s (0.008134s ago): [ 24.532094] kmalloc_track_caller_oob_right+0x288/0x520 [ 24.532467] kunit_try_run_case+0x1a5/0x480 [ 24.532621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.532829] kthread+0x337/0x6f0 [ 24.532987] ret_from_fork+0x116/0x1d0 [ 24.533161] ret_from_fork_asm+0x1a/0x30 [ 24.533340] [ 24.533577] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.534160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.534348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.534678] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 29.423942] ================================================================== [ 29.424569] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 29.424902] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.425428] [ 29.425526] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.425674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.425693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.425868] Call Trace: [ 29.425895] <TASK> [ 29.425917] dump_stack_lvl+0x73/0xb0 [ 29.425966] print_report+0xd1/0x640 [ 29.425992] ? __virt_addr_valid+0x1db/0x2d0 [ 29.426019] ? strncpy_from_user+0x2e/0x1d0 [ 29.426044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.426238] ? strncpy_from_user+0x2e/0x1d0 [ 29.426265] kasan_report+0x141/0x180 [ 29.426289] ? strncpy_from_user+0x2e/0x1d0 [ 29.426318] kasan_check_range+0x10c/0x1c0 [ 29.426343] __kasan_check_write+0x18/0x20 [ 29.426368] strncpy_from_user+0x2e/0x1d0 [ 29.426392] ? __kasan_check_read+0x15/0x20 [ 29.426419] copy_user_test_oob+0x760/0x10f0 [ 29.426445] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.426470] ? finish_task_switch.isra.0+0x153/0x700 [ 29.426492] ? __switch_to+0x47/0xf80 [ 29.426520] ? __schedule+0x10da/0x2b60 [ 29.426547] ? __pfx_read_tsc+0x10/0x10 [ 29.426570] ? ktime_get_ts64+0x86/0x230 [ 29.426595] kunit_try_run_case+0x1a5/0x480 [ 29.426622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.426646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.426671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.426698] ? __kthread_parkme+0x82/0x180 [ 29.426719] ? preempt_count_sub+0x50/0x80 [ 29.426743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.426768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.426792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.426817] kthread+0x337/0x6f0 [ 29.426840] ? trace_preempt_on+0x20/0xc0 [ 29.426865] ? __pfx_kthread+0x10/0x10 [ 29.426887] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.426912] ? calculate_sigpending+0x7b/0xa0 [ 29.426945] ? __pfx_kthread+0x10/0x10 [ 29.426968] ret_from_fork+0x116/0x1d0 [ 29.426989] ? __pfx_kthread+0x10/0x10 [ 29.427011] ret_from_fork_asm+0x1a/0x30 [ 29.427043] </TASK> [ 29.427056] [ 29.437389] Allocated by task 334: [ 29.437597] kasan_save_stack+0x45/0x70 [ 29.437796] kasan_save_track+0x18/0x40 [ 29.438242] kasan_save_alloc_info+0x3b/0x50 [ 29.438463] __kasan_kmalloc+0xb7/0xc0 [ 29.438610] __kmalloc_noprof+0x1ca/0x510 [ 29.438946] kunit_kmalloc_array+0x25/0x60 [ 29.439221] copy_user_test_oob+0xab/0x10f0 [ 29.439571] kunit_try_run_case+0x1a5/0x480 [ 29.439852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.440073] kthread+0x337/0x6f0 [ 29.440414] ret_from_fork+0x116/0x1d0 [ 29.440595] ret_from_fork_asm+0x1a/0x30 [ 29.440772] [ 29.440869] The buggy address belongs to the object at ffff8881060a7500 [ 29.440869] which belongs to the cache kmalloc-128 of size 128 [ 29.441714] The buggy address is located 0 bytes inside of [ 29.441714] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.442466] [ 29.442574] The buggy address belongs to the physical page: [ 29.442940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.443336] flags: 0x200000000000000(node=0|zone=2) [ 29.443661] page_type: f5(slab) [ 29.443808] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.444312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.444704] page dumped because: kasan: bad access detected [ 29.444897] [ 29.445176] Memory state around the buggy address: [ 29.445411] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.445844] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.446256] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.446649] ^ [ 29.446906] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.447347] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.447656] ================================================================== [ 29.448733] ================================================================== [ 29.449090] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 29.449521] Write of size 1 at addr ffff8881060a7578 by task kunit_try_catch/334 [ 29.450028] [ 29.450248] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.450305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.450320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.450344] Call Trace: [ 29.450365] <TASK> [ 29.450385] dump_stack_lvl+0x73/0xb0 [ 29.450490] print_report+0xd1/0x640 [ 29.450535] ? __virt_addr_valid+0x1db/0x2d0 [ 29.450561] ? strncpy_from_user+0x1a5/0x1d0 [ 29.450587] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.450614] ? strncpy_from_user+0x1a5/0x1d0 [ 29.450638] kasan_report+0x141/0x180 [ 29.450663] ? strncpy_from_user+0x1a5/0x1d0 [ 29.450692] __asan_report_store1_noabort+0x1b/0x30 [ 29.450718] strncpy_from_user+0x1a5/0x1d0 [ 29.450745] copy_user_test_oob+0x760/0x10f0 [ 29.450772] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.450796] ? finish_task_switch.isra.0+0x153/0x700 [ 29.450819] ? __switch_to+0x47/0xf80 [ 29.450847] ? __schedule+0x10da/0x2b60 [ 29.450874] ? __pfx_read_tsc+0x10/0x10 [ 29.450896] ? ktime_get_ts64+0x86/0x230 [ 29.450923] kunit_try_run_case+0x1a5/0x480 [ 29.450958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.450982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.451008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.451034] ? __kthread_parkme+0x82/0x180 [ 29.451057] ? preempt_count_sub+0x50/0x80 [ 29.451080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.451106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.451131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.451166] kthread+0x337/0x6f0 [ 29.451188] ? trace_preempt_on+0x20/0xc0 [ 29.451214] ? __pfx_kthread+0x10/0x10 [ 29.451236] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.451261] ? calculate_sigpending+0x7b/0xa0 [ 29.451286] ? __pfx_kthread+0x10/0x10 [ 29.451309] ret_from_fork+0x116/0x1d0 [ 29.451330] ? __pfx_kthread+0x10/0x10 [ 29.451353] ret_from_fork_asm+0x1a/0x30 [ 29.451386] </TASK> [ 29.451398] [ 29.461511] Allocated by task 334: [ 29.461891] kasan_save_stack+0x45/0x70 [ 29.462165] kasan_save_track+0x18/0x40 [ 29.462512] kasan_save_alloc_info+0x3b/0x50 [ 29.462727] __kasan_kmalloc+0xb7/0xc0 [ 29.463073] __kmalloc_noprof+0x1ca/0x510 [ 29.463281] kunit_kmalloc_array+0x25/0x60 [ 29.463569] copy_user_test_oob+0xab/0x10f0 [ 29.463758] kunit_try_run_case+0x1a5/0x480 [ 29.464124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.464408] kthread+0x337/0x6f0 [ 29.464529] ret_from_fork+0x116/0x1d0 [ 29.464834] ret_from_fork_asm+0x1a/0x30 [ 29.465029] [ 29.465161] The buggy address belongs to the object at ffff8881060a7500 [ 29.465161] which belongs to the cache kmalloc-128 of size 128 [ 29.465678] The buggy address is located 0 bytes to the right of [ 29.465678] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.466216] [ 29.466295] The buggy address belongs to the physical page: [ 29.466551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.466873] flags: 0x200000000000000(node=0|zone=2) [ 29.467127] page_type: f5(slab) [ 29.467315] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.467587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.467913] page dumped because: kasan: bad access detected [ 29.468185] [ 29.468269] Memory state around the buggy address: [ 29.468437] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.468754] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.469123] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.469429] ^ [ 29.469731] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.469949] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.470233] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 29.360486] ================================================================== [ 29.360889] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 29.361116] Read of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.361471] [ 29.361580] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.361631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.361645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.361669] Call Trace: [ 29.361689] <TASK> [ 29.361709] dump_stack_lvl+0x73/0xb0 [ 29.361750] print_report+0xd1/0x640 [ 29.361774] ? __virt_addr_valid+0x1db/0x2d0 [ 29.361812] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361838] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.361866] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361891] kasan_report+0x141/0x180 [ 29.361915] ? copy_user_test_oob+0x4aa/0x10f0 [ 29.361943] kasan_check_range+0x10c/0x1c0 [ 29.361968] __kasan_check_read+0x15/0x20 [ 29.361994] copy_user_test_oob+0x4aa/0x10f0 [ 29.362022] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.362046] ? finish_task_switch.isra.0+0x153/0x700 [ 29.362070] ? __switch_to+0x47/0xf80 [ 29.362098] ? __schedule+0x10da/0x2b60 [ 29.362125] ? __pfx_read_tsc+0x10/0x10 [ 29.362157] ? ktime_get_ts64+0x86/0x230 [ 29.362199] kunit_try_run_case+0x1a5/0x480 [ 29.362225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.362259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.362285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.362312] ? __kthread_parkme+0x82/0x180 [ 29.362333] ? preempt_count_sub+0x50/0x80 [ 29.362357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.362384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.362411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.362437] kthread+0x337/0x6f0 [ 29.362458] ? trace_preempt_on+0x20/0xc0 [ 29.362483] ? __pfx_kthread+0x10/0x10 [ 29.362506] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.362530] ? calculate_sigpending+0x7b/0xa0 [ 29.362555] ? __pfx_kthread+0x10/0x10 [ 29.362578] ret_from_fork+0x116/0x1d0 [ 29.362598] ? __pfx_kthread+0x10/0x10 [ 29.362620] ret_from_fork_asm+0x1a/0x30 [ 29.362652] </TASK> [ 29.362664] [ 29.369826] Allocated by task 334: [ 29.369976] kasan_save_stack+0x45/0x70 [ 29.370222] kasan_save_track+0x18/0x40 [ 29.370411] kasan_save_alloc_info+0x3b/0x50 [ 29.370616] __kasan_kmalloc+0xb7/0xc0 [ 29.370798] __kmalloc_noprof+0x1ca/0x510 [ 29.371047] kunit_kmalloc_array+0x25/0x60 [ 29.371274] copy_user_test_oob+0xab/0x10f0 [ 29.371433] kunit_try_run_case+0x1a5/0x480 [ 29.371575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.371749] kthread+0x337/0x6f0 [ 29.371887] ret_from_fork+0x116/0x1d0 [ 29.372237] ret_from_fork_asm+0x1a/0x30 [ 29.372458] [ 29.372554] The buggy address belongs to the object at ffff8881060a7500 [ 29.372554] which belongs to the cache kmalloc-128 of size 128 [ 29.373139] The buggy address is located 0 bytes inside of [ 29.373139] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.373500] [ 29.373568] The buggy address belongs to the physical page: [ 29.373742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.373990] flags: 0x200000000000000(node=0|zone=2) [ 29.374230] page_type: f5(slab) [ 29.374396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.374730] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.375056] page dumped because: kasan: bad access detected [ 29.375333] [ 29.375421] Memory state around the buggy address: [ 29.375645] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.375988] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.376208] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.376416] ^ [ 29.376742] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.377215] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.377530] ================================================================== [ 29.335664] ================================================================== [ 29.336516] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 29.336780] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.337677] [ 29.337993] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.338075] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.338090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.338114] Call Trace: [ 29.338129] <TASK> [ 29.338159] dump_stack_lvl+0x73/0xb0 [ 29.338193] print_report+0xd1/0x640 [ 29.338218] ? __virt_addr_valid+0x1db/0x2d0 [ 29.338245] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.338298] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338323] kasan_report+0x141/0x180 [ 29.338347] ? copy_user_test_oob+0x3fd/0x10f0 [ 29.338376] kasan_check_range+0x10c/0x1c0 [ 29.338401] __kasan_check_write+0x18/0x20 [ 29.338427] copy_user_test_oob+0x3fd/0x10f0 [ 29.338454] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.338478] ? finish_task_switch.isra.0+0x153/0x700 [ 29.338503] ? __switch_to+0x47/0xf80 [ 29.338531] ? __schedule+0x10da/0x2b60 [ 29.338558] ? __pfx_read_tsc+0x10/0x10 [ 29.338582] ? ktime_get_ts64+0x86/0x230 [ 29.338608] kunit_try_run_case+0x1a5/0x480 [ 29.338633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.338657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.338682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.338709] ? __kthread_parkme+0x82/0x180 [ 29.338731] ? preempt_count_sub+0x50/0x80 [ 29.338755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.338779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.338805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.338830] kthread+0x337/0x6f0 [ 29.338852] ? trace_preempt_on+0x20/0xc0 [ 29.338878] ? __pfx_kthread+0x10/0x10 [ 29.338899] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.338924] ? calculate_sigpending+0x7b/0xa0 [ 29.338950] ? __pfx_kthread+0x10/0x10 [ 29.338972] ret_from_fork+0x116/0x1d0 [ 29.338995] ? __pfx_kthread+0x10/0x10 [ 29.339016] ret_from_fork_asm+0x1a/0x30 [ 29.339049] </TASK> [ 29.339061] [ 29.351461] Allocated by task 334: [ 29.351605] kasan_save_stack+0x45/0x70 [ 29.351758] kasan_save_track+0x18/0x40 [ 29.351890] kasan_save_alloc_info+0x3b/0x50 [ 29.352072] __kasan_kmalloc+0xb7/0xc0 [ 29.352235] __kmalloc_noprof+0x1ca/0x510 [ 29.352456] kunit_kmalloc_array+0x25/0x60 [ 29.352656] copy_user_test_oob+0xab/0x10f0 [ 29.352830] kunit_try_run_case+0x1a5/0x480 [ 29.353187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.353661] kthread+0x337/0x6f0 [ 29.353816] ret_from_fork+0x116/0x1d0 [ 29.354280] ret_from_fork_asm+0x1a/0x30 [ 29.354627] [ 29.354698] The buggy address belongs to the object at ffff8881060a7500 [ 29.354698] which belongs to the cache kmalloc-128 of size 128 [ 29.355088] The buggy address is located 0 bytes inside of [ 29.355088] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.355550] [ 29.355626] The buggy address belongs to the physical page: [ 29.355879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.356209] flags: 0x200000000000000(node=0|zone=2) [ 29.356670] page_type: f5(slab) [ 29.356805] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.357199] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.357514] page dumped because: kasan: bad access detected [ 29.357749] [ 29.357843] Memory state around the buggy address: [ 29.358063] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.358377] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.358610] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.358844] ^ [ 29.359194] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.359463] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.359869] ================================================================== [ 29.378120] ================================================================== [ 29.378503] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 29.378823] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.379175] [ 29.379290] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.379351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.379365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.379389] Call Trace: [ 29.379422] <TASK> [ 29.379442] dump_stack_lvl+0x73/0xb0 [ 29.379474] print_report+0xd1/0x640 [ 29.379498] ? __virt_addr_valid+0x1db/0x2d0 [ 29.379525] ? copy_user_test_oob+0x557/0x10f0 [ 29.379550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.379577] ? copy_user_test_oob+0x557/0x10f0 [ 29.379603] kasan_report+0x141/0x180 [ 29.379632] ? copy_user_test_oob+0x557/0x10f0 [ 29.379663] kasan_check_range+0x10c/0x1c0 [ 29.379692] __kasan_check_write+0x18/0x20 [ 29.379716] copy_user_test_oob+0x557/0x10f0 [ 29.379743] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.379766] ? finish_task_switch.isra.0+0x153/0x700 [ 29.379800] ? __switch_to+0x47/0xf80 [ 29.379828] ? __schedule+0x10da/0x2b60 [ 29.379866] ? __pfx_read_tsc+0x10/0x10 [ 29.379890] ? ktime_get_ts64+0x86/0x230 [ 29.379916] kunit_try_run_case+0x1a5/0x480 [ 29.379942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.379966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.379991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.380018] ? __kthread_parkme+0x82/0x180 [ 29.380040] ? preempt_count_sub+0x50/0x80 [ 29.380063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.380088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.380113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.380137] kthread+0x337/0x6f0 [ 29.380167] ? trace_preempt_on+0x20/0xc0 [ 29.380201] ? __pfx_kthread+0x10/0x10 [ 29.380223] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.380248] ? calculate_sigpending+0x7b/0xa0 [ 29.380274] ? __pfx_kthread+0x10/0x10 [ 29.380296] ret_from_fork+0x116/0x1d0 [ 29.380317] ? __pfx_kthread+0x10/0x10 [ 29.380339] ret_from_fork_asm+0x1a/0x30 [ 29.380372] </TASK> [ 29.380384] [ 29.387837] Allocated by task 334: [ 29.388028] kasan_save_stack+0x45/0x70 [ 29.388251] kasan_save_track+0x18/0x40 [ 29.388444] kasan_save_alloc_info+0x3b/0x50 [ 29.388653] __kasan_kmalloc+0xb7/0xc0 [ 29.388834] __kmalloc_noprof+0x1ca/0x510 [ 29.389047] kunit_kmalloc_array+0x25/0x60 [ 29.389237] copy_user_test_oob+0xab/0x10f0 [ 29.389432] kunit_try_run_case+0x1a5/0x480 [ 29.389635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.389819] kthread+0x337/0x6f0 [ 29.390021] ret_from_fork+0x116/0x1d0 [ 29.390213] ret_from_fork_asm+0x1a/0x30 [ 29.390390] [ 29.390459] The buggy address belongs to the object at ffff8881060a7500 [ 29.390459] which belongs to the cache kmalloc-128 of size 128 [ 29.390998] The buggy address is located 0 bytes inside of [ 29.390998] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.391424] [ 29.391494] The buggy address belongs to the physical page: [ 29.391675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.391918] flags: 0x200000000000000(node=0|zone=2) [ 29.392369] page_type: f5(slab) [ 29.393832] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.394498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.394845] page dumped because: kasan: bad access detected [ 29.396045] [ 29.396310] Memory state around the buggy address: [ 29.396486] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.397068] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.397466] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.397861] ^ [ 29.398188] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.398639] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.399009] ================================================================== [ 29.399850] ================================================================== [ 29.400223] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 29.400656] Read of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.401233] [ 29.401365] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.401554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.401625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.401710] Call Trace: [ 29.401732] <TASK> [ 29.401756] dump_stack_lvl+0x73/0xb0 [ 29.401789] print_report+0xd1/0x640 [ 29.401814] ? __virt_addr_valid+0x1db/0x2d0 [ 29.401843] ? copy_user_test_oob+0x604/0x10f0 [ 29.401868] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.401896] ? copy_user_test_oob+0x604/0x10f0 [ 29.401920] kasan_report+0x141/0x180 [ 29.401953] ? copy_user_test_oob+0x604/0x10f0 [ 29.401982] kasan_check_range+0x10c/0x1c0 [ 29.402008] __kasan_check_read+0x15/0x20 [ 29.402033] copy_user_test_oob+0x604/0x10f0 [ 29.402060] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.402085] ? finish_task_switch.isra.0+0x153/0x700 [ 29.402109] ? __switch_to+0x47/0xf80 [ 29.402137] ? __schedule+0x10da/0x2b60 [ 29.402177] ? __pfx_read_tsc+0x10/0x10 [ 29.402200] ? ktime_get_ts64+0x86/0x230 [ 29.402225] kunit_try_run_case+0x1a5/0x480 [ 29.402252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.402276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.402303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.402329] ? __kthread_parkme+0x82/0x180 [ 29.402350] ? preempt_count_sub+0x50/0x80 [ 29.402374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.402400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.402424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.402449] kthread+0x337/0x6f0 [ 29.402470] ? trace_preempt_on+0x20/0xc0 [ 29.402497] ? __pfx_kthread+0x10/0x10 [ 29.402519] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.402544] ? calculate_sigpending+0x7b/0xa0 [ 29.402569] ? __pfx_kthread+0x10/0x10 [ 29.402591] ret_from_fork+0x116/0x1d0 [ 29.402613] ? __pfx_kthread+0x10/0x10 [ 29.402634] ret_from_fork_asm+0x1a/0x30 [ 29.402667] </TASK> [ 29.402680] [ 29.412656] Allocated by task 334: [ 29.412811] kasan_save_stack+0x45/0x70 [ 29.413190] kasan_save_track+0x18/0x40 [ 29.413370] kasan_save_alloc_info+0x3b/0x50 [ 29.413658] __kasan_kmalloc+0xb7/0xc0 [ 29.413802] __kmalloc_noprof+0x1ca/0x510 [ 29.414104] kunit_kmalloc_array+0x25/0x60 [ 29.414345] copy_user_test_oob+0xab/0x10f0 [ 29.414676] kunit_try_run_case+0x1a5/0x480 [ 29.414998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.415240] kthread+0x337/0x6f0 [ 29.415557] ret_from_fork+0x116/0x1d0 [ 29.415739] ret_from_fork_asm+0x1a/0x30 [ 29.416154] [ 29.416232] The buggy address belongs to the object at ffff8881060a7500 [ 29.416232] which belongs to the cache kmalloc-128 of size 128 [ 29.416868] The buggy address is located 0 bytes inside of [ 29.416868] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.417465] [ 29.417572] The buggy address belongs to the physical page: [ 29.418015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.418471] flags: 0x200000000000000(node=0|zone=2) [ 29.418675] page_type: f5(slab) [ 29.418982] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.419426] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.419822] page dumped because: kasan: bad access detected [ 29.420091] [ 29.420308] Memory state around the buggy address: [ 29.420504] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.420821] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.421336] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.421643] ^ [ 29.422069] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422476] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.422836] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 29.305919] ================================================================== [ 29.306294] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 29.306800] Read of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.307384] [ 29.307598] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.307658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.307672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.307696] Call Trace: [ 29.307715] <TASK> [ 29.307940] dump_stack_lvl+0x73/0xb0 [ 29.307984] print_report+0xd1/0x640 [ 29.308012] ? __virt_addr_valid+0x1db/0x2d0 [ 29.308042] ? _copy_to_user+0x3c/0x70 [ 29.308067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.308095] ? _copy_to_user+0x3c/0x70 [ 29.308117] kasan_report+0x141/0x180 [ 29.308140] ? _copy_to_user+0x3c/0x70 [ 29.308178] kasan_check_range+0x10c/0x1c0 [ 29.308203] __kasan_check_read+0x15/0x20 [ 29.308228] _copy_to_user+0x3c/0x70 [ 29.308249] copy_user_test_oob+0x364/0x10f0 [ 29.308277] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.308301] ? finish_task_switch.isra.0+0x153/0x700 [ 29.308324] ? __switch_to+0x47/0xf80 [ 29.308353] ? __schedule+0x10da/0x2b60 [ 29.308380] ? __pfx_read_tsc+0x10/0x10 [ 29.308406] ? ktime_get_ts64+0x86/0x230 [ 29.308457] kunit_try_run_case+0x1a5/0x480 [ 29.308483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.308507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.308545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.308570] ? __kthread_parkme+0x82/0x180 [ 29.308593] ? preempt_count_sub+0x50/0x80 [ 29.308616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.308641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.308666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.308691] kthread+0x337/0x6f0 [ 29.308712] ? trace_preempt_on+0x20/0xc0 [ 29.308738] ? __pfx_kthread+0x10/0x10 [ 29.308761] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.308786] ? calculate_sigpending+0x7b/0xa0 [ 29.308811] ? __pfx_kthread+0x10/0x10 [ 29.308834] ret_from_fork+0x116/0x1d0 [ 29.308855] ? __pfx_kthread+0x10/0x10 [ 29.308877] ret_from_fork_asm+0x1a/0x30 [ 29.308909] </TASK> [ 29.308923] [ 29.319777] Allocated by task 334: [ 29.320006] kasan_save_stack+0x45/0x70 [ 29.320206] kasan_save_track+0x18/0x40 [ 29.320343] kasan_save_alloc_info+0x3b/0x50 [ 29.320647] __kasan_kmalloc+0xb7/0xc0 [ 29.321012] __kmalloc_noprof+0x1ca/0x510 [ 29.321283] kunit_kmalloc_array+0x25/0x60 [ 29.321536] copy_user_test_oob+0xab/0x10f0 [ 29.321749] kunit_try_run_case+0x1a5/0x480 [ 29.321909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.322168] kthread+0x337/0x6f0 [ 29.322506] ret_from_fork+0x116/0x1d0 [ 29.322773] ret_from_fork_asm+0x1a/0x30 [ 29.322916] [ 29.322985] The buggy address belongs to the object at ffff8881060a7500 [ 29.322985] which belongs to the cache kmalloc-128 of size 128 [ 29.323740] The buggy address is located 0 bytes inside of [ 29.323740] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.325017] [ 29.325114] The buggy address belongs to the physical page: [ 29.325595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.325935] flags: 0x200000000000000(node=0|zone=2) [ 29.326238] page_type: f5(slab) [ 29.326423] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.326909] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.327442] page dumped because: kasan: bad access detected [ 29.327674] [ 29.327765] Memory state around the buggy address: [ 29.327925] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.328252] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.328549] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.328838] ^ [ 29.329357] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.329576] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.329926] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 29.275257] ================================================================== [ 29.275973] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 29.276407] Write of size 121 at addr ffff8881060a7500 by task kunit_try_catch/334 [ 29.276719] [ 29.276814] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.276872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.276886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.276913] Call Trace: [ 29.276929] <TASK> [ 29.276952] dump_stack_lvl+0x73/0xb0 [ 29.276985] print_report+0xd1/0x640 [ 29.277012] ? __virt_addr_valid+0x1db/0x2d0 [ 29.277040] ? _copy_from_user+0x32/0x90 [ 29.277062] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.277089] ? _copy_from_user+0x32/0x90 [ 29.277110] kasan_report+0x141/0x180 [ 29.277135] ? _copy_from_user+0x32/0x90 [ 29.277172] kasan_check_range+0x10c/0x1c0 [ 29.277197] __kasan_check_write+0x18/0x20 [ 29.277222] _copy_from_user+0x32/0x90 [ 29.277245] copy_user_test_oob+0x2be/0x10f0 [ 29.277273] ? __pfx_copy_user_test_oob+0x10/0x10 [ 29.277298] ? finish_task_switch.isra.0+0x153/0x700 [ 29.277323] ? __switch_to+0x47/0xf80 [ 29.277352] ? __schedule+0x10da/0x2b60 [ 29.277399] ? __pfx_read_tsc+0x10/0x10 [ 29.277424] ? ktime_get_ts64+0x86/0x230 [ 29.277453] kunit_try_run_case+0x1a5/0x480 [ 29.277479] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.277502] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.277530] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.277555] ? __kthread_parkme+0x82/0x180 [ 29.277577] ? preempt_count_sub+0x50/0x80 [ 29.277602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.277627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.277651] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.277676] kthread+0x337/0x6f0 [ 29.277698] ? trace_preempt_on+0x20/0xc0 [ 29.277725] ? __pfx_kthread+0x10/0x10 [ 29.277746] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.277771] ? calculate_sigpending+0x7b/0xa0 [ 29.277797] ? __pfx_kthread+0x10/0x10 [ 29.277819] ret_from_fork+0x116/0x1d0 [ 29.277841] ? __pfx_kthread+0x10/0x10 [ 29.277862] ret_from_fork_asm+0x1a/0x30 [ 29.277923] </TASK> [ 29.277936] [ 29.289801] Allocated by task 334: [ 29.290287] kasan_save_stack+0x45/0x70 [ 29.290583] kasan_save_track+0x18/0x40 [ 29.290775] kasan_save_alloc_info+0x3b/0x50 [ 29.290972] __kasan_kmalloc+0xb7/0xc0 [ 29.291377] __kmalloc_noprof+0x1ca/0x510 [ 29.291767] kunit_kmalloc_array+0x25/0x60 [ 29.291970] copy_user_test_oob+0xab/0x10f0 [ 29.292334] kunit_try_run_case+0x1a5/0x480 [ 29.292711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.292926] kthread+0x337/0x6f0 [ 29.293088] ret_from_fork+0x116/0x1d0 [ 29.293274] ret_from_fork_asm+0x1a/0x30 [ 29.293884] [ 29.293982] The buggy address belongs to the object at ffff8881060a7500 [ 29.293982] which belongs to the cache kmalloc-128 of size 128 [ 29.294949] The buggy address is located 0 bytes inside of [ 29.294949] allocated 120-byte region [ffff8881060a7500, ffff8881060a7578) [ 29.295841] [ 29.295960] The buggy address belongs to the physical page: [ 29.296411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.296775] flags: 0x200000000000000(node=0|zone=2) [ 29.297010] page_type: f5(slab) [ 29.297196] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.297819] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.298377] page dumped because: kasan: bad access detected [ 29.298730] [ 29.298807] Memory state around the buggy address: [ 29.299195] ffff8881060a7400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.299753] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.300202] >ffff8881060a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.300629] ^ [ 29.301161] ffff8881060a7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.301449] ffff8881060a7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.301736] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.211633] ================================================================== [ 29.212470] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.213540] Read of size 8 at addr ffff8881060a7478 by task kunit_try_catch/330 [ 29.214360] [ 29.214468] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.214528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.214543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.214568] Call Trace: [ 29.214583] <TASK> [ 29.214603] dump_stack_lvl+0x73/0xb0 [ 29.214638] print_report+0xd1/0x640 [ 29.214665] ? __virt_addr_valid+0x1db/0x2d0 [ 29.214692] ? copy_to_kernel_nofault+0x225/0x260 [ 29.214720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.214748] ? copy_to_kernel_nofault+0x225/0x260 [ 29.214773] kasan_report+0x141/0x180 [ 29.214797] ? copy_to_kernel_nofault+0x225/0x260 [ 29.214827] __asan_report_load8_noabort+0x18/0x20 [ 29.214853] copy_to_kernel_nofault+0x225/0x260 [ 29.214880] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.214906] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.214930] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.214956] ? trace_hardirqs_on+0x37/0xe0 [ 29.214991] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.215019] kunit_try_run_case+0x1a5/0x480 [ 29.215084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.215108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.215137] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.215176] ? __kthread_parkme+0x82/0x180 [ 29.215198] ? preempt_count_sub+0x50/0x80 [ 29.215223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.215248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.215275] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.215301] kthread+0x337/0x6f0 [ 29.215323] ? trace_preempt_on+0x20/0xc0 [ 29.215348] ? __pfx_kthread+0x10/0x10 [ 29.215370] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.215427] ? calculate_sigpending+0x7b/0xa0 [ 29.215455] ? __pfx_kthread+0x10/0x10 [ 29.215477] ret_from_fork+0x116/0x1d0 [ 29.215500] ? __pfx_kthread+0x10/0x10 [ 29.215522] ret_from_fork_asm+0x1a/0x30 [ 29.215555] </TASK> [ 29.215567] [ 29.224552] Allocated by task 330: [ 29.224753] kasan_save_stack+0x45/0x70 [ 29.224940] kasan_save_track+0x18/0x40 [ 29.225254] kasan_save_alloc_info+0x3b/0x50 [ 29.225505] __kasan_kmalloc+0xb7/0xc0 [ 29.225819] __kmalloc_cache_noprof+0x189/0x420 [ 29.226052] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.226333] kunit_try_run_case+0x1a5/0x480 [ 29.226584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.226791] kthread+0x337/0x6f0 [ 29.226951] ret_from_fork+0x116/0x1d0 [ 29.227197] ret_from_fork_asm+0x1a/0x30 [ 29.227446] [ 29.227782] The buggy address belongs to the object at ffff8881060a7400 [ 29.227782] which belongs to the cache kmalloc-128 of size 128 [ 29.228414] The buggy address is located 0 bytes to the right of [ 29.228414] allocated 120-byte region [ffff8881060a7400, ffff8881060a7478) [ 29.228831] [ 29.228904] The buggy address belongs to the physical page: [ 29.229368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.229724] flags: 0x200000000000000(node=0|zone=2) [ 29.229937] page_type: f5(slab) [ 29.230060] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.230782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.231265] page dumped because: kasan: bad access detected [ 29.231522] [ 29.231801] Memory state around the buggy address: [ 29.232119] ffff8881060a7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.232475] ffff8881060a7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.232923] >ffff8881060a7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.233197] ^ [ 29.233418] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.233634] ffff8881060a7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.233873] ================================================================== [ 29.234668] ================================================================== [ 29.235102] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.235829] Write of size 8 at addr ffff8881060a7478 by task kunit_try_catch/330 [ 29.236182] [ 29.236278] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.236331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.236345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.236724] Call Trace: [ 29.236740] <TASK> [ 29.236760] dump_stack_lvl+0x73/0xb0 [ 29.236795] print_report+0xd1/0x640 [ 29.236819] ? __virt_addr_valid+0x1db/0x2d0 [ 29.236846] ? copy_to_kernel_nofault+0x99/0x260 [ 29.236872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.236900] ? copy_to_kernel_nofault+0x99/0x260 [ 29.236925] kasan_report+0x141/0x180 [ 29.236964] ? copy_to_kernel_nofault+0x99/0x260 [ 29.237031] kasan_check_range+0x10c/0x1c0 [ 29.237059] __kasan_check_write+0x18/0x20 [ 29.237083] copy_to_kernel_nofault+0x99/0x260 [ 29.237110] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.237136] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.237173] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 29.237227] ? trace_hardirqs_on+0x37/0xe0 [ 29.237285] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.237338] kunit_try_run_case+0x1a5/0x480 [ 29.237366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.237457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.237489] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.237516] ? __kthread_parkme+0x82/0x180 [ 29.237538] ? preempt_count_sub+0x50/0x80 [ 29.237595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.237621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.237650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.237675] kthread+0x337/0x6f0 [ 29.237696] ? trace_preempt_on+0x20/0xc0 [ 29.237720] ? __pfx_kthread+0x10/0x10 [ 29.237741] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.237767] ? calculate_sigpending+0x7b/0xa0 [ 29.237792] ? __pfx_kthread+0x10/0x10 [ 29.237815] ret_from_fork+0x116/0x1d0 [ 29.237836] ? __pfx_kthread+0x10/0x10 [ 29.237858] ret_from_fork_asm+0x1a/0x30 [ 29.237890] </TASK> [ 29.237904] [ 29.250663] Allocated by task 330: [ 29.250873] kasan_save_stack+0x45/0x70 [ 29.251354] kasan_save_track+0x18/0x40 [ 29.251833] kasan_save_alloc_info+0x3b/0x50 [ 29.252011] __kasan_kmalloc+0xb7/0xc0 [ 29.252499] __kmalloc_cache_noprof+0x189/0x420 [ 29.252815] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.253090] kunit_try_run_case+0x1a5/0x480 [ 29.253258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.253575] kthread+0x337/0x6f0 [ 29.253749] ret_from_fork+0x116/0x1d0 [ 29.253913] ret_from_fork_asm+0x1a/0x30 [ 29.254536] [ 29.254640] The buggy address belongs to the object at ffff8881060a7400 [ 29.254640] which belongs to the cache kmalloc-128 of size 128 [ 29.255322] The buggy address is located 0 bytes to the right of [ 29.255322] allocated 120-byte region [ffff8881060a7400, ffff8881060a7478) [ 29.256132] [ 29.256589] The buggy address belongs to the physical page: [ 29.256797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 29.257295] flags: 0x200000000000000(node=0|zone=2) [ 29.257750] page_type: f5(slab) [ 29.257896] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.258485] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.258817] page dumped because: kasan: bad access detected [ 29.259288] [ 29.259502] Memory state around the buggy address: [ 29.259891] ffff8881060a7300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.260375] ffff8881060a7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.260660] >ffff8881060a7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.261432] ^ [ 29.261953] ffff8881060a7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.262341] ffff8881060a7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.262709] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 28.887329] ================================================================== [ 28.887758] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 28.888155] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.888536] [ 28.888662] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.888726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.888740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.888775] Call Trace: [ 28.888797] <TASK> [ 28.888820] dump_stack_lvl+0x73/0xb0 [ 28.888852] print_report+0xd1/0x640 [ 28.888885] ? __virt_addr_valid+0x1db/0x2d0 [ 28.888912] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.888958] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.888986] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.889008] kasan_report+0x141/0x180 [ 28.889033] ? kasan_atomics_helper+0x4f30/0x5450 [ 28.889061] __asan_report_load8_noabort+0x18/0x20 [ 28.889094] kasan_atomics_helper+0x4f30/0x5450 [ 28.889118] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.889141] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.889183] ? kasan_atomics+0x152/0x310 [ 28.889210] kasan_atomics+0x1dc/0x310 [ 28.889234] ? __pfx_kasan_atomics+0x10/0x10 [ 28.889268] ? __pfx_read_tsc+0x10/0x10 [ 28.889293] ? ktime_get_ts64+0x86/0x230 [ 28.889320] kunit_try_run_case+0x1a5/0x480 [ 28.889414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.889444] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.889472] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.889499] ? __kthread_parkme+0x82/0x180 [ 28.889521] ? preempt_count_sub+0x50/0x80 [ 28.889547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.889572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.889598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.889623] kthread+0x337/0x6f0 [ 28.889656] ? trace_preempt_on+0x20/0xc0 [ 28.889682] ? __pfx_kthread+0x10/0x10 [ 28.889705] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.889741] ? calculate_sigpending+0x7b/0xa0 [ 28.889767] ? __pfx_kthread+0x10/0x10 [ 28.889791] ret_from_fork+0x116/0x1d0 [ 28.889812] ? __pfx_kthread+0x10/0x10 [ 28.889834] ret_from_fork_asm+0x1a/0x30 [ 28.889867] </TASK> [ 28.889880] [ 28.898193] Allocated by task 314: [ 28.898454] kasan_save_stack+0x45/0x70 [ 28.898684] kasan_save_track+0x18/0x40 [ 28.898878] kasan_save_alloc_info+0x3b/0x50 [ 28.899085] __kasan_kmalloc+0xb7/0xc0 [ 28.899283] __kmalloc_cache_noprof+0x189/0x420 [ 28.899564] kasan_atomics+0x95/0x310 [ 28.899746] kunit_try_run_case+0x1a5/0x480 [ 28.899982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.900227] kthread+0x337/0x6f0 [ 28.900491] ret_from_fork+0x116/0x1d0 [ 28.900654] ret_from_fork_asm+0x1a/0x30 [ 28.900845] [ 28.900952] The buggy address belongs to the object at ffff888106118e00 [ 28.900952] which belongs to the cache kmalloc-64 of size 64 [ 28.901661] The buggy address is located 0 bytes to the right of [ 28.901661] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.902226] [ 28.902325] The buggy address belongs to the physical page: [ 28.902657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.903049] flags: 0x200000000000000(node=0|zone=2) [ 28.903324] page_type: f5(slab) [ 28.903565] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.903900] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.904152] page dumped because: kasan: bad access detected [ 28.904411] [ 28.904502] Memory state around the buggy address: [ 28.904723] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.905130] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.905496] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.905797] ^ [ 28.905978] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.906229] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.906889] ================================================================== [ 29.008464] ================================================================== [ 29.008856] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 29.009115] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.009600] [ 29.009698] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.009751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.009766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.009790] Call Trace: [ 29.009810] <TASK> [ 29.009831] dump_stack_lvl+0x73/0xb0 [ 29.009862] print_report+0xd1/0x640 [ 29.009887] ? __virt_addr_valid+0x1db/0x2d0 [ 29.009913] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.009936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.009963] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.009987] kasan_report+0x141/0x180 [ 29.010011] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.010039] __asan_report_load8_noabort+0x18/0x20 [ 29.010065] kasan_atomics_helper+0x4f71/0x5450 [ 29.010089] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.010113] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.010163] ? kasan_atomics+0x152/0x310 [ 29.010191] kasan_atomics+0x1dc/0x310 [ 29.010215] ? __pfx_kasan_atomics+0x10/0x10 [ 29.010241] ? __pfx_read_tsc+0x10/0x10 [ 29.010265] ? ktime_get_ts64+0x86/0x230 [ 29.010292] kunit_try_run_case+0x1a5/0x480 [ 29.010318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.010342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.010369] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.010396] ? __kthread_parkme+0x82/0x180 [ 29.010418] ? preempt_count_sub+0x50/0x80 [ 29.010443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.010468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.010493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.010517] kthread+0x337/0x6f0 [ 29.010540] ? trace_preempt_on+0x20/0xc0 [ 29.010566] ? __pfx_kthread+0x10/0x10 [ 29.010588] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.010613] ? calculate_sigpending+0x7b/0xa0 [ 29.010639] ? __pfx_kthread+0x10/0x10 [ 29.010662] ret_from_fork+0x116/0x1d0 [ 29.010684] ? __pfx_kthread+0x10/0x10 [ 29.010706] ret_from_fork_asm+0x1a/0x30 [ 29.010740] </TASK> [ 29.010753] [ 29.018116] Allocated by task 314: [ 29.018338] kasan_save_stack+0x45/0x70 [ 29.018515] kasan_save_track+0x18/0x40 [ 29.018691] kasan_save_alloc_info+0x3b/0x50 [ 29.018880] __kasan_kmalloc+0xb7/0xc0 [ 29.019023] __kmalloc_cache_noprof+0x189/0x420 [ 29.019186] kasan_atomics+0x95/0x310 [ 29.019317] kunit_try_run_case+0x1a5/0x480 [ 29.019460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.019634] kthread+0x337/0x6f0 [ 29.019753] ret_from_fork+0x116/0x1d0 [ 29.019883] ret_from_fork_asm+0x1a/0x30 [ 29.020050] [ 29.020140] The buggy address belongs to the object at ffff888106118e00 [ 29.020140] which belongs to the cache kmalloc-64 of size 64 [ 29.020678] The buggy address is located 0 bytes to the right of [ 29.020678] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.021467] [ 29.021537] The buggy address belongs to the physical page: [ 29.021712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.021951] flags: 0x200000000000000(node=0|zone=2) [ 29.022118] page_type: f5(slab) [ 29.022247] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.022711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.023177] page dumped because: kasan: bad access detected [ 29.023427] [ 29.023516] Memory state around the buggy address: [ 29.023747] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.024062] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.024388] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.024715] ^ [ 29.024912] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.025228] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.025473] ================================================================== [ 27.973174] ================================================================== [ 27.973751] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 27.974270] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.974701] [ 27.974798] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.974851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.974864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.974889] Call Trace: [ 27.974906] <TASK> [ 27.974930] dump_stack_lvl+0x73/0xb0 [ 27.975201] print_report+0xd1/0x640 [ 27.975227] ? __virt_addr_valid+0x1db/0x2d0 [ 27.975253] ? kasan_atomics_helper+0x72f/0x5450 [ 27.975276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.975304] ? kasan_atomics_helper+0x72f/0x5450 [ 27.975327] kasan_report+0x141/0x180 [ 27.975351] ? kasan_atomics_helper+0x72f/0x5450 [ 27.975378] kasan_check_range+0x10c/0x1c0 [ 27.975403] __kasan_check_write+0x18/0x20 [ 27.975428] kasan_atomics_helper+0x72f/0x5450 [ 27.975452] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.975489] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.975516] ? kasan_atomics+0x152/0x310 [ 27.975542] kasan_atomics+0x1dc/0x310 [ 27.975567] ? __pfx_kasan_atomics+0x10/0x10 [ 27.975592] ? __pfx_read_tsc+0x10/0x10 [ 27.975616] ? ktime_get_ts64+0x86/0x230 [ 27.975647] kunit_try_run_case+0x1a5/0x480 [ 27.975673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.975697] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.975723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.975749] ? __kthread_parkme+0x82/0x180 [ 27.975771] ? preempt_count_sub+0x50/0x80 [ 27.975795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.975821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.975846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.975871] kthread+0x337/0x6f0 [ 27.975892] ? trace_preempt_on+0x20/0xc0 [ 27.975918] ? __pfx_kthread+0x10/0x10 [ 27.975941] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.975966] ? calculate_sigpending+0x7b/0xa0 [ 27.975992] ? __pfx_kthread+0x10/0x10 [ 27.976016] ret_from_fork+0x116/0x1d0 [ 27.976037] ? __pfx_kthread+0x10/0x10 [ 27.976060] ret_from_fork_asm+0x1a/0x30 [ 27.976092] </TASK> [ 27.976105] [ 27.986521] Allocated by task 314: [ 27.986945] kasan_save_stack+0x45/0x70 [ 27.987286] kasan_save_track+0x18/0x40 [ 27.987501] kasan_save_alloc_info+0x3b/0x50 [ 27.987807] __kasan_kmalloc+0xb7/0xc0 [ 27.987956] __kmalloc_cache_noprof+0x189/0x420 [ 27.988176] kasan_atomics+0x95/0x310 [ 27.988379] kunit_try_run_case+0x1a5/0x480 [ 27.988824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.989135] kthread+0x337/0x6f0 [ 27.989421] ret_from_fork+0x116/0x1d0 [ 27.989793] ret_from_fork_asm+0x1a/0x30 [ 27.990069] [ 27.990179] The buggy address belongs to the object at ffff888106118e00 [ 27.990179] which belongs to the cache kmalloc-64 of size 64 [ 27.990950] The buggy address is located 0 bytes to the right of [ 27.990950] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.991602] [ 27.991784] The buggy address belongs to the physical page: [ 27.992122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.992857] flags: 0x200000000000000(node=0|zone=2) [ 27.993077] page_type: f5(slab) [ 27.993425] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.993661] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.994158] page dumped because: kasan: bad access detected [ 27.994350] [ 27.994440] Memory state around the buggy address: [ 27.994664] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.994934] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.995233] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.996054] ^ [ 27.996252] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.996782] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.997096] ================================================================== [ 27.715862] ================================================================== [ 27.716163] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 27.716670] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.716940] [ 27.717271] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.717321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.717334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.717355] Call Trace: [ 27.717421] <TASK> [ 27.717441] dump_stack_lvl+0x73/0xb0 [ 27.717471] print_report+0xd1/0x640 [ 27.717494] ? __virt_addr_valid+0x1db/0x2d0 [ 27.717518] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.717540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.717567] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.717591] kasan_report+0x141/0x180 [ 27.717616] ? kasan_atomics_helper+0x4ba2/0x5450 [ 27.717642] __asan_report_store4_noabort+0x1b/0x30 [ 27.717666] kasan_atomics_helper+0x4ba2/0x5450 [ 27.717690] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.717712] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.717736] ? kasan_atomics+0x152/0x310 [ 27.717762] kasan_atomics+0x1dc/0x310 [ 27.717785] ? __pfx_kasan_atomics+0x10/0x10 [ 27.717808] ? __pfx_read_tsc+0x10/0x10 [ 27.717831] ? ktime_get_ts64+0x86/0x230 [ 27.717856] kunit_try_run_case+0x1a5/0x480 [ 27.717880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.717904] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.717930] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.717965] ? __kthread_parkme+0x82/0x180 [ 27.717986] ? preempt_count_sub+0x50/0x80 [ 27.718010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.718034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.718057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.718081] kthread+0x337/0x6f0 [ 27.718101] ? trace_preempt_on+0x20/0xc0 [ 27.718126] ? __pfx_kthread+0x10/0x10 [ 27.718159] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.718183] ? calculate_sigpending+0x7b/0xa0 [ 27.718207] ? __pfx_kthread+0x10/0x10 [ 27.718229] ret_from_fork+0x116/0x1d0 [ 27.718249] ? __pfx_kthread+0x10/0x10 [ 27.718270] ret_from_fork_asm+0x1a/0x30 [ 27.718303] </TASK> [ 27.718314] [ 27.726431] Allocated by task 314: [ 27.726633] kasan_save_stack+0x45/0x70 [ 27.726793] kasan_save_track+0x18/0x40 [ 27.727050] kasan_save_alloc_info+0x3b/0x50 [ 27.727257] __kasan_kmalloc+0xb7/0xc0 [ 27.727601] __kmalloc_cache_noprof+0x189/0x420 [ 27.727848] kasan_atomics+0x95/0x310 [ 27.728097] kunit_try_run_case+0x1a5/0x480 [ 27.728297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.728574] kthread+0x337/0x6f0 [ 27.728751] ret_from_fork+0x116/0x1d0 [ 27.728909] ret_from_fork_asm+0x1a/0x30 [ 27.729044] [ 27.729110] The buggy address belongs to the object at ffff888106118e00 [ 27.729110] which belongs to the cache kmalloc-64 of size 64 [ 27.729472] The buggy address is located 0 bytes to the right of [ 27.729472] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.729835] [ 27.729902] The buggy address belongs to the physical page: [ 27.730203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.730553] flags: 0x200000000000000(node=0|zone=2) [ 27.730776] page_type: f5(slab) [ 27.730937] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.731314] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.731726] page dumped because: kasan: bad access detected [ 27.731901] [ 27.732041] Memory state around the buggy address: [ 27.732272] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.732663] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.732880] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.733480] ^ [ 27.733847] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.734155] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.734482] ================================================================== [ 27.734924] ================================================================== [ 27.735275] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 27.735833] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.736139] [ 27.736253] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.736302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.736314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.736338] Call Trace: [ 27.736354] <TASK> [ 27.736371] dump_stack_lvl+0x73/0xb0 [ 27.736399] print_report+0xd1/0x640 [ 27.736421] ? __virt_addr_valid+0x1db/0x2d0 [ 27.736445] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.736467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.736493] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.736515] kasan_report+0x141/0x180 [ 27.736537] ? kasan_atomics_helper+0x4b88/0x5450 [ 27.736563] __asan_report_load4_noabort+0x18/0x20 [ 27.736588] kasan_atomics_helper+0x4b88/0x5450 [ 27.736610] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.736632] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.736657] ? kasan_atomics+0x152/0x310 [ 27.736683] kasan_atomics+0x1dc/0x310 [ 27.736705] ? __pfx_kasan_atomics+0x10/0x10 [ 27.736729] ? __pfx_read_tsc+0x10/0x10 [ 27.736752] ? ktime_get_ts64+0x86/0x230 [ 27.736776] kunit_try_run_case+0x1a5/0x480 [ 27.736801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.736823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.736849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.736874] ? __kthread_parkme+0x82/0x180 [ 27.736895] ? preempt_count_sub+0x50/0x80 [ 27.736919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.736995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.737023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.737048] kthread+0x337/0x6f0 [ 27.737070] ? trace_preempt_on+0x20/0xc0 [ 27.737095] ? __pfx_kthread+0x10/0x10 [ 27.737118] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.737155] ? calculate_sigpending+0x7b/0xa0 [ 27.737181] ? __pfx_kthread+0x10/0x10 [ 27.737204] ret_from_fork+0x116/0x1d0 [ 27.737225] ? __pfx_kthread+0x10/0x10 [ 27.737248] ret_from_fork_asm+0x1a/0x30 [ 27.737281] </TASK> [ 27.737293] [ 27.745019] Allocated by task 314: [ 27.745219] kasan_save_stack+0x45/0x70 [ 27.745391] kasan_save_track+0x18/0x40 [ 27.745556] kasan_save_alloc_info+0x3b/0x50 [ 27.745701] __kasan_kmalloc+0xb7/0xc0 [ 27.745830] __kmalloc_cache_noprof+0x189/0x420 [ 27.745982] kasan_atomics+0x95/0x310 [ 27.746111] kunit_try_run_case+0x1a5/0x480 [ 27.746308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.746485] kthread+0x337/0x6f0 [ 27.746605] ret_from_fork+0x116/0x1d0 [ 27.746736] ret_from_fork_asm+0x1a/0x30 [ 27.746873] [ 27.746939] The buggy address belongs to the object at ffff888106118e00 [ 27.746939] which belongs to the cache kmalloc-64 of size 64 [ 27.747935] The buggy address is located 0 bytes to the right of [ 27.747935] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.748480] [ 27.748572] The buggy address belongs to the physical page: [ 27.748820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.749383] flags: 0x200000000000000(node=0|zone=2) [ 27.749623] page_type: f5(slab) [ 27.749787] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.750109] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.750346] page dumped because: kasan: bad access detected [ 27.750514] [ 27.750578] Memory state around the buggy address: [ 27.750730] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.750946] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.751188] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.751503] ^ [ 27.751730] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.752459] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.752808] ================================================================== [ 28.118396] ================================================================== [ 28.118885] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 28.119259] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.119690] [ 28.119812] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.120016] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.120032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.120055] Call Trace: [ 28.120077] <TASK> [ 28.120097] dump_stack_lvl+0x73/0xb0 [ 28.120130] print_report+0xd1/0x640 [ 28.120168] ? __virt_addr_valid+0x1db/0x2d0 [ 28.120194] ? kasan_atomics_helper+0xac7/0x5450 [ 28.120217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.120244] ? kasan_atomics_helper+0xac7/0x5450 [ 28.120266] kasan_report+0x141/0x180 [ 28.120290] ? kasan_atomics_helper+0xac7/0x5450 [ 28.120316] kasan_check_range+0x10c/0x1c0 [ 28.120341] __kasan_check_write+0x18/0x20 [ 28.120364] kasan_atomics_helper+0xac7/0x5450 [ 28.120493] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.120518] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.120597] ? kasan_atomics+0x152/0x310 [ 28.120625] kasan_atomics+0x1dc/0x310 [ 28.120649] ? __pfx_kasan_atomics+0x10/0x10 [ 28.120674] ? __pfx_read_tsc+0x10/0x10 [ 28.120749] ? ktime_get_ts64+0x86/0x230 [ 28.120775] kunit_try_run_case+0x1a5/0x480 [ 28.120802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.120827] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.120854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.120881] ? __kthread_parkme+0x82/0x180 [ 28.120903] ? preempt_count_sub+0x50/0x80 [ 28.120927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.120968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.120993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.121018] kthread+0x337/0x6f0 [ 28.121040] ? trace_preempt_on+0x20/0xc0 [ 28.121065] ? __pfx_kthread+0x10/0x10 [ 28.121087] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.121112] ? calculate_sigpending+0x7b/0xa0 [ 28.121138] ? __pfx_kthread+0x10/0x10 [ 28.121171] ret_from_fork+0x116/0x1d0 [ 28.121192] ? __pfx_kthread+0x10/0x10 [ 28.121214] ret_from_fork_asm+0x1a/0x30 [ 28.121248] </TASK> [ 28.121260] [ 28.131818] Allocated by task 314: [ 28.131987] kasan_save_stack+0x45/0x70 [ 28.132186] kasan_save_track+0x18/0x40 [ 28.132324] kasan_save_alloc_info+0x3b/0x50 [ 28.132589] __kasan_kmalloc+0xb7/0xc0 [ 28.133197] __kmalloc_cache_noprof+0x189/0x420 [ 28.133635] kasan_atomics+0x95/0x310 [ 28.133872] kunit_try_run_case+0x1a5/0x480 [ 28.134053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.134518] kthread+0x337/0x6f0 [ 28.134736] ret_from_fork+0x116/0x1d0 [ 28.135030] ret_from_fork_asm+0x1a/0x30 [ 28.135200] [ 28.135297] The buggy address belongs to the object at ffff888106118e00 [ 28.135297] which belongs to the cache kmalloc-64 of size 64 [ 28.136069] The buggy address is located 0 bytes to the right of [ 28.136069] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.137036] [ 28.137128] The buggy address belongs to the physical page: [ 28.137363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.137913] flags: 0x200000000000000(node=0|zone=2) [ 28.138196] page_type: f5(slab) [ 28.138495] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.138784] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.139261] page dumped because: kasan: bad access detected [ 28.139546] [ 28.139727] Memory state around the buggy address: [ 28.139906] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.140226] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.140679] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.141227] ^ [ 28.141641] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.142038] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.142487] ================================================================== [ 28.242533] ================================================================== [ 28.242765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.243100] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.243337] [ 28.243423] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.243471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.243485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.243506] Call Trace: [ 28.243527] <TASK> [ 28.243545] dump_stack_lvl+0x73/0xb0 [ 28.243573] print_report+0xd1/0x640 [ 28.243596] ? __virt_addr_valid+0x1db/0x2d0 [ 28.243626] ? kasan_atomics_helper+0xe78/0x5450 [ 28.243649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.243676] ? kasan_atomics_helper+0xe78/0x5450 [ 28.243699] kasan_report+0x141/0x180 [ 28.243721] ? kasan_atomics_helper+0xe78/0x5450 [ 28.243747] kasan_check_range+0x10c/0x1c0 [ 28.243772] __kasan_check_write+0x18/0x20 [ 28.243796] kasan_atomics_helper+0xe78/0x5450 [ 28.243819] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.243841] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.243866] ? kasan_atomics+0x152/0x310 [ 28.243893] kasan_atomics+0x1dc/0x310 [ 28.243915] ? __pfx_kasan_atomics+0x10/0x10 [ 28.243940] ? __pfx_read_tsc+0x10/0x10 [ 28.243962] ? ktime_get_ts64+0x86/0x230 [ 28.243988] kunit_try_run_case+0x1a5/0x480 [ 28.244012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.244035] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.244062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.244088] ? __kthread_parkme+0x82/0x180 [ 28.244109] ? preempt_count_sub+0x50/0x80 [ 28.244134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.244169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.244194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.244218] kthread+0x337/0x6f0 [ 28.244240] ? trace_preempt_on+0x20/0xc0 [ 28.244265] ? __pfx_kthread+0x10/0x10 [ 28.244286] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.244312] ? calculate_sigpending+0x7b/0xa0 [ 28.244336] ? __pfx_kthread+0x10/0x10 [ 28.244359] ret_from_fork+0x116/0x1d0 [ 28.244378] ? __pfx_kthread+0x10/0x10 [ 28.244401] ret_from_fork_asm+0x1a/0x30 [ 28.244473] </TASK> [ 28.244488] [ 28.254275] Allocated by task 314: [ 28.254486] kasan_save_stack+0x45/0x70 [ 28.254873] kasan_save_track+0x18/0x40 [ 28.255022] kasan_save_alloc_info+0x3b/0x50 [ 28.255435] __kasan_kmalloc+0xb7/0xc0 [ 28.255577] __kmalloc_cache_noprof+0x189/0x420 [ 28.255796] kasan_atomics+0x95/0x310 [ 28.256045] kunit_try_run_case+0x1a5/0x480 [ 28.256207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.256386] kthread+0x337/0x6f0 [ 28.256555] ret_from_fork+0x116/0x1d0 [ 28.256864] ret_from_fork_asm+0x1a/0x30 [ 28.257218] [ 28.257355] The buggy address belongs to the object at ffff888106118e00 [ 28.257355] which belongs to the cache kmalloc-64 of size 64 [ 28.258040] The buggy address is located 0 bytes to the right of [ 28.258040] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.258481] [ 28.258572] The buggy address belongs to the physical page: [ 28.258913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.259257] flags: 0x200000000000000(node=0|zone=2) [ 28.259504] page_type: f5(slab) [ 28.259713] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.260037] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.260306] page dumped because: kasan: bad access detected [ 28.260645] [ 28.260736] Memory state around the buggy address: [ 28.260948] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.261170] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.261601] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.261804] ^ [ 28.262251] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.262607] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.262906] ================================================================== [ 28.767126] ================================================================== [ 28.767702] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 28.768089] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.768345] [ 28.768511] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.768564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.768579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.768603] Call Trace: [ 28.768624] <TASK> [ 28.768645] dump_stack_lvl+0x73/0xb0 [ 28.768676] print_report+0xd1/0x640 [ 28.768701] ? __virt_addr_valid+0x1db/0x2d0 [ 28.768728] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.768750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.768777] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.768800] kasan_report+0x141/0x180 [ 28.768823] ? kasan_atomics_helper+0x18b1/0x5450 [ 28.768851] kasan_check_range+0x10c/0x1c0 [ 28.768876] __kasan_check_write+0x18/0x20 [ 28.768901] kasan_atomics_helper+0x18b1/0x5450 [ 28.768946] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.768970] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.768997] ? kasan_atomics+0x152/0x310 [ 28.769025] kasan_atomics+0x1dc/0x310 [ 28.769048] ? __pfx_kasan_atomics+0x10/0x10 [ 28.769074] ? __pfx_read_tsc+0x10/0x10 [ 28.769097] ? ktime_get_ts64+0x86/0x230 [ 28.769124] kunit_try_run_case+0x1a5/0x480 [ 28.769159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.769193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.769221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.769249] ? __kthread_parkme+0x82/0x180 [ 28.769281] ? preempt_count_sub+0x50/0x80 [ 28.769307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.769332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.769417] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.769447] kthread+0x337/0x6f0 [ 28.769471] ? trace_preempt_on+0x20/0xc0 [ 28.769496] ? __pfx_kthread+0x10/0x10 [ 28.769519] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.769544] ? calculate_sigpending+0x7b/0xa0 [ 28.769569] ? __pfx_kthread+0x10/0x10 [ 28.769592] ret_from_fork+0x116/0x1d0 [ 28.769614] ? __pfx_kthread+0x10/0x10 [ 28.769635] ret_from_fork_asm+0x1a/0x30 [ 28.769669] </TASK> [ 28.769682] [ 28.778111] Allocated by task 314: [ 28.778334] kasan_save_stack+0x45/0x70 [ 28.778598] kasan_save_track+0x18/0x40 [ 28.778787] kasan_save_alloc_info+0x3b/0x50 [ 28.779032] __kasan_kmalloc+0xb7/0xc0 [ 28.779207] __kmalloc_cache_noprof+0x189/0x420 [ 28.779462] kasan_atomics+0x95/0x310 [ 28.779674] kunit_try_run_case+0x1a5/0x480 [ 28.779896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.780173] kthread+0x337/0x6f0 [ 28.780337] ret_from_fork+0x116/0x1d0 [ 28.780527] ret_from_fork_asm+0x1a/0x30 [ 28.780668] [ 28.780734] The buggy address belongs to the object at ffff888106118e00 [ 28.780734] which belongs to the cache kmalloc-64 of size 64 [ 28.781094] The buggy address is located 0 bytes to the right of [ 28.781094] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.781749] [ 28.781849] The buggy address belongs to the physical page: [ 28.782161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.782712] flags: 0x200000000000000(node=0|zone=2) [ 28.783004] page_type: f5(slab) [ 28.783170] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.783464] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.783700] page dumped because: kasan: bad access detected [ 28.783870] [ 28.783983] Memory state around the buggy address: [ 28.784238] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.784641] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.785030] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.785435] ^ [ 28.785692] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.786032] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.786424] ================================================================== [ 29.046902] ================================================================== [ 29.048625] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 29.049387] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.050105] [ 29.050336] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.050391] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.050405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.050429] Call Trace: [ 29.050451] <TASK> [ 29.050472] dump_stack_lvl+0x73/0xb0 [ 29.050538] print_report+0xd1/0x640 [ 29.050564] ? __virt_addr_valid+0x1db/0x2d0 [ 29.050601] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.050624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.050652] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.050675] kasan_report+0x141/0x180 [ 29.050698] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.050725] __asan_report_load8_noabort+0x18/0x20 [ 29.050751] kasan_atomics_helper+0x4f98/0x5450 [ 29.050775] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.050798] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.050825] ? kasan_atomics+0x152/0x310 [ 29.050852] kasan_atomics+0x1dc/0x310 [ 29.050876] ? __pfx_kasan_atomics+0x10/0x10 [ 29.050902] ? __pfx_read_tsc+0x10/0x10 [ 29.050925] ? ktime_get_ts64+0x86/0x230 [ 29.050963] kunit_try_run_case+0x1a5/0x480 [ 29.050990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.051013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.051040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.051068] ? __kthread_parkme+0x82/0x180 [ 29.051089] ? preempt_count_sub+0x50/0x80 [ 29.051114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.051140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.051174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.051200] kthread+0x337/0x6f0 [ 29.051221] ? trace_preempt_on+0x20/0xc0 [ 29.051247] ? __pfx_kthread+0x10/0x10 [ 29.051268] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.051293] ? calculate_sigpending+0x7b/0xa0 [ 29.051318] ? __pfx_kthread+0x10/0x10 [ 29.051340] ret_from_fork+0x116/0x1d0 [ 29.051362] ? __pfx_kthread+0x10/0x10 [ 29.051384] ret_from_fork_asm+0x1a/0x30 [ 29.051418] </TASK> [ 29.051431] [ 29.063721] Allocated by task 314: [ 29.063923] kasan_save_stack+0x45/0x70 [ 29.064315] kasan_save_track+0x18/0x40 [ 29.064606] kasan_save_alloc_info+0x3b/0x50 [ 29.064820] __kasan_kmalloc+0xb7/0xc0 [ 29.065150] __kmalloc_cache_noprof+0x189/0x420 [ 29.065467] kasan_atomics+0x95/0x310 [ 29.065653] kunit_try_run_case+0x1a5/0x480 [ 29.065845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.066273] kthread+0x337/0x6f0 [ 29.066439] ret_from_fork+0x116/0x1d0 [ 29.066764] ret_from_fork_asm+0x1a/0x30 [ 29.067060] [ 29.067164] The buggy address belongs to the object at ffff888106118e00 [ 29.067164] which belongs to the cache kmalloc-64 of size 64 [ 29.067749] The buggy address is located 0 bytes to the right of [ 29.067749] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.068547] [ 29.068718] The buggy address belongs to the physical page: [ 29.069024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.069473] flags: 0x200000000000000(node=0|zone=2) [ 29.069790] page_type: f5(slab) [ 29.069976] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.070372] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.070696] page dumped because: kasan: bad access detected [ 29.071139] [ 29.071271] Memory state around the buggy address: [ 29.071744] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.072225] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.072439] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.072646] ^ [ 29.072796] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.073015] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.073358] ================================================================== [ 28.991096] ================================================================== [ 28.991536] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 28.991880] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.992198] [ 28.992297] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.992351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.992365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.992621] Call Trace: [ 28.992644] <TASK> [ 28.992666] dump_stack_lvl+0x73/0xb0 [ 28.992698] print_report+0xd1/0x640 [ 28.992723] ? __virt_addr_valid+0x1db/0x2d0 [ 28.992749] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.992773] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.992801] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.992824] kasan_report+0x141/0x180 [ 28.992848] ? kasan_atomics_helper+0x1f43/0x5450 [ 28.992875] kasan_check_range+0x10c/0x1c0 [ 28.992916] __kasan_check_write+0x18/0x20 [ 28.992947] kasan_atomics_helper+0x1f43/0x5450 [ 28.992972] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.992995] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.993022] ? kasan_atomics+0x152/0x310 [ 28.993049] kasan_atomics+0x1dc/0x310 [ 28.993073] ? __pfx_kasan_atomics+0x10/0x10 [ 28.993125] ? __pfx_read_tsc+0x10/0x10 [ 28.993160] ? ktime_get_ts64+0x86/0x230 [ 28.993187] kunit_try_run_case+0x1a5/0x480 [ 28.993214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.993240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.993267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.993293] ? __kthread_parkme+0x82/0x180 [ 28.993315] ? preempt_count_sub+0x50/0x80 [ 28.993340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.993365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.993391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.993424] kthread+0x337/0x6f0 [ 28.993446] ? trace_preempt_on+0x20/0xc0 [ 28.993472] ? __pfx_kthread+0x10/0x10 [ 28.993495] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.993521] ? calculate_sigpending+0x7b/0xa0 [ 28.993546] ? __pfx_kthread+0x10/0x10 [ 28.993569] ret_from_fork+0x116/0x1d0 [ 28.993590] ? __pfx_kthread+0x10/0x10 [ 28.993612] ret_from_fork_asm+0x1a/0x30 [ 28.993646] </TASK> [ 28.993659] [ 29.000449] Allocated by task 314: [ 29.000664] kasan_save_stack+0x45/0x70 [ 29.000867] kasan_save_track+0x18/0x40 [ 29.001050] kasan_save_alloc_info+0x3b/0x50 [ 29.001344] __kasan_kmalloc+0xb7/0xc0 [ 29.001527] __kmalloc_cache_noprof+0x189/0x420 [ 29.001721] kasan_atomics+0x95/0x310 [ 29.001853] kunit_try_run_case+0x1a5/0x480 [ 29.002175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.002427] kthread+0x337/0x6f0 [ 29.002562] ret_from_fork+0x116/0x1d0 [ 29.002737] ret_from_fork_asm+0x1a/0x30 [ 29.002914] [ 29.003081] The buggy address belongs to the object at ffff888106118e00 [ 29.003081] which belongs to the cache kmalloc-64 of size 64 [ 29.003508] The buggy address is located 0 bytes to the right of [ 29.003508] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.003966] [ 29.004065] The buggy address belongs to the physical page: [ 29.004334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.004658] flags: 0x200000000000000(node=0|zone=2) [ 29.004850] page_type: f5(slab) [ 29.005081] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.005380] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.005619] page dumped because: kasan: bad access detected [ 29.005857] [ 29.005931] Memory state around the buggy address: [ 29.006123] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.006404] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.006675] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.007025] ^ [ 29.007233] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.007518] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.007797] ================================================================== [ 28.642856] ================================================================== [ 28.643578] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 28.643922] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.644233] [ 28.644325] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.644423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.644441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.644465] Call Trace: [ 28.644485] <TASK> [ 28.644504] dump_stack_lvl+0x73/0xb0 [ 28.644534] print_report+0xd1/0x640 [ 28.644558] ? __virt_addr_valid+0x1db/0x2d0 [ 28.644584] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.644606] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.644633] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.644656] kasan_report+0x141/0x180 [ 28.644679] ? kasan_atomics_helper+0x15b6/0x5450 [ 28.644706] kasan_check_range+0x10c/0x1c0 [ 28.644731] __kasan_check_write+0x18/0x20 [ 28.644757] kasan_atomics_helper+0x15b6/0x5450 [ 28.644781] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.644804] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.644831] ? kasan_atomics+0x152/0x310 [ 28.644858] kasan_atomics+0x1dc/0x310 [ 28.644882] ? __pfx_kasan_atomics+0x10/0x10 [ 28.644908] ? __pfx_read_tsc+0x10/0x10 [ 28.644932] ? ktime_get_ts64+0x86/0x230 [ 28.644959] kunit_try_run_case+0x1a5/0x480 [ 28.644986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.645010] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.645037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.645064] ? __kthread_parkme+0x82/0x180 [ 28.645086] ? preempt_count_sub+0x50/0x80 [ 28.645112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.645138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.645176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.645201] kthread+0x337/0x6f0 [ 28.645223] ? trace_preempt_on+0x20/0xc0 [ 28.645249] ? __pfx_kthread+0x10/0x10 [ 28.645271] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.645297] ? calculate_sigpending+0x7b/0xa0 [ 28.645322] ? __pfx_kthread+0x10/0x10 [ 28.645345] ret_from_fork+0x116/0x1d0 [ 28.645367] ? __pfx_kthread+0x10/0x10 [ 28.645389] ret_from_fork_asm+0x1a/0x30 [ 28.645422] </TASK> [ 28.645435] [ 28.657505] Allocated by task 314: [ 28.657651] kasan_save_stack+0x45/0x70 [ 28.657801] kasan_save_track+0x18/0x40 [ 28.657933] kasan_save_alloc_info+0x3b/0x50 [ 28.658079] __kasan_kmalloc+0xb7/0xc0 [ 28.658517] __kmalloc_cache_noprof+0x189/0x420 [ 28.659012] kasan_atomics+0x95/0x310 [ 28.659537] kunit_try_run_case+0x1a5/0x480 [ 28.660022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.660645] kthread+0x337/0x6f0 [ 28.661011] ret_from_fork+0x116/0x1d0 [ 28.661420] ret_from_fork_asm+0x1a/0x30 [ 28.661797] [ 28.661981] The buggy address belongs to the object at ffff888106118e00 [ 28.661981] which belongs to the cache kmalloc-64 of size 64 [ 28.663131] The buggy address is located 0 bytes to the right of [ 28.663131] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.664203] [ 28.664373] The buggy address belongs to the physical page: [ 28.664796] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.665445] flags: 0x200000000000000(node=0|zone=2) [ 28.665863] page_type: f5(slab) [ 28.666186] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.666897] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.667339] page dumped because: kasan: bad access detected [ 28.667840] [ 28.667918] Memory state around the buggy address: [ 28.668388] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.669078] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.669321] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.669540] ^ [ 28.669696] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.669910] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.670120] ================================================================== [ 28.746074] ================================================================== [ 28.746421] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 28.746667] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.746893] [ 28.747011] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.747067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.747082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.747106] Call Trace: [ 28.747130] <TASK> [ 28.747163] dump_stack_lvl+0x73/0xb0 [ 28.747197] print_report+0xd1/0x640 [ 28.747233] ? __virt_addr_valid+0x1db/0x2d0 [ 28.747259] ? kasan_atomics_helper+0x1818/0x5450 [ 28.747283] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.747321] ? kasan_atomics_helper+0x1818/0x5450 [ 28.747345] kasan_report+0x141/0x180 [ 28.747369] ? kasan_atomics_helper+0x1818/0x5450 [ 28.747397] kasan_check_range+0x10c/0x1c0 [ 28.747423] __kasan_check_write+0x18/0x20 [ 28.747448] kasan_atomics_helper+0x1818/0x5450 [ 28.747473] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.747497] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.747524] ? kasan_atomics+0x152/0x310 [ 28.747553] kasan_atomics+0x1dc/0x310 [ 28.747577] ? __pfx_kasan_atomics+0x10/0x10 [ 28.747603] ? __pfx_read_tsc+0x10/0x10 [ 28.747633] ? ktime_get_ts64+0x86/0x230 [ 28.747660] kunit_try_run_case+0x1a5/0x480 [ 28.747688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.747711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.747739] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.747767] ? __kthread_parkme+0x82/0x180 [ 28.747789] ? preempt_count_sub+0x50/0x80 [ 28.747813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.747840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.747866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.747891] kthread+0x337/0x6f0 [ 28.747914] ? trace_preempt_on+0x20/0xc0 [ 28.747960] ? __pfx_kthread+0x10/0x10 [ 28.747983] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.748008] ? calculate_sigpending+0x7b/0xa0 [ 28.748034] ? __pfx_kthread+0x10/0x10 [ 28.748057] ret_from_fork+0x116/0x1d0 [ 28.748079] ? __pfx_kthread+0x10/0x10 [ 28.748101] ret_from_fork_asm+0x1a/0x30 [ 28.748158] </TASK> [ 28.748171] [ 28.757213] Allocated by task 314: [ 28.757983] kasan_save_stack+0x45/0x70 [ 28.758271] kasan_save_track+0x18/0x40 [ 28.758644] kasan_save_alloc_info+0x3b/0x50 [ 28.759107] __kasan_kmalloc+0xb7/0xc0 [ 28.759339] __kmalloc_cache_noprof+0x189/0x420 [ 28.759713] kasan_atomics+0x95/0x310 [ 28.759907] kunit_try_run_case+0x1a5/0x480 [ 28.760157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.760343] kthread+0x337/0x6f0 [ 28.760603] ret_from_fork+0x116/0x1d0 [ 28.760794] ret_from_fork_asm+0x1a/0x30 [ 28.761007] [ 28.761103] The buggy address belongs to the object at ffff888106118e00 [ 28.761103] which belongs to the cache kmalloc-64 of size 64 [ 28.761615] The buggy address is located 0 bytes to the right of [ 28.761615] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.762178] [ 28.762265] The buggy address belongs to the physical page: [ 28.762574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.762948] flags: 0x200000000000000(node=0|zone=2) [ 28.763139] page_type: f5(slab) [ 28.763269] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.763715] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.763979] page dumped because: kasan: bad access detected [ 28.764161] [ 28.764281] Memory state around the buggy address: [ 28.764529] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.764841] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.765165] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.765480] ^ [ 28.765798] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.766179] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.766575] ================================================================== [ 29.129042] ================================================================== [ 29.129433] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 29.129778] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.130094] [ 29.130192] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.130243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.130256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.130279] Call Trace: [ 29.130300] <TASK> [ 29.130319] dump_stack_lvl+0x73/0xb0 [ 29.130348] print_report+0xd1/0x640 [ 29.130372] ? __virt_addr_valid+0x1db/0x2d0 [ 29.130398] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.130422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.130451] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.130475] kasan_report+0x141/0x180 [ 29.130499] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.130526] __asan_report_load8_noabort+0x18/0x20 [ 29.130552] kasan_atomics_helper+0x4fa5/0x5450 [ 29.130577] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.130600] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.130626] ? kasan_atomics+0x152/0x310 [ 29.130654] kasan_atomics+0x1dc/0x310 [ 29.130678] ? __pfx_kasan_atomics+0x10/0x10 [ 29.130703] ? __pfx_read_tsc+0x10/0x10 [ 29.130728] ? ktime_get_ts64+0x86/0x230 [ 29.130755] kunit_try_run_case+0x1a5/0x480 [ 29.130781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.130806] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.130834] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.130860] ? __kthread_parkme+0x82/0x180 [ 29.130883] ? preempt_count_sub+0x50/0x80 [ 29.130909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.130934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.131374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.131403] kthread+0x337/0x6f0 [ 29.131426] ? trace_preempt_on+0x20/0xc0 [ 29.131453] ? __pfx_kthread+0x10/0x10 [ 29.131475] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.131502] ? calculate_sigpending+0x7b/0xa0 [ 29.131528] ? __pfx_kthread+0x10/0x10 [ 29.131551] ret_from_fork+0x116/0x1d0 [ 29.131573] ? __pfx_kthread+0x10/0x10 [ 29.131596] ret_from_fork_asm+0x1a/0x30 [ 29.131635] </TASK> [ 29.131648] [ 29.139020] Allocated by task 314: [ 29.139279] kasan_save_stack+0x45/0x70 [ 29.139487] kasan_save_track+0x18/0x40 [ 29.139651] kasan_save_alloc_info+0x3b/0x50 [ 29.139796] __kasan_kmalloc+0xb7/0xc0 [ 29.139926] __kmalloc_cache_noprof+0x189/0x420 [ 29.140078] kasan_atomics+0x95/0x310 [ 29.140219] kunit_try_run_case+0x1a5/0x480 [ 29.140369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.140549] kthread+0x337/0x6f0 [ 29.140669] ret_from_fork+0x116/0x1d0 [ 29.140801] ret_from_fork_asm+0x1a/0x30 [ 29.140955] [ 29.141047] The buggy address belongs to the object at ffff888106118e00 [ 29.141047] which belongs to the cache kmalloc-64 of size 64 [ 29.141570] The buggy address is located 0 bytes to the right of [ 29.141570] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.142447] [ 29.142544] The buggy address belongs to the physical page: [ 29.142818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.143176] flags: 0x200000000000000(node=0|zone=2) [ 29.143357] page_type: f5(slab) [ 29.143478] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.143718] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.144320] page dumped because: kasan: bad access detected [ 29.144566] [ 29.144654] Memory state around the buggy address: [ 29.144852] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.145261] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.145518] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.145721] ^ [ 29.145866] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.146140] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.146448] ================================================================== [ 28.604775] ================================================================== [ 28.605056] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 28.605445] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.605684] [ 28.605811] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.605862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.605876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.605899] Call Trace: [ 28.605921] <TASK> [ 28.605941] dump_stack_lvl+0x73/0xb0 [ 28.606197] print_report+0xd1/0x640 [ 28.606225] ? __virt_addr_valid+0x1db/0x2d0 [ 28.606252] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.606273] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.606301] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.606324] kasan_report+0x141/0x180 [ 28.606347] ? kasan_atomics_helper+0x50d4/0x5450 [ 28.606420] __asan_report_store8_noabort+0x1b/0x30 [ 28.606453] kasan_atomics_helper+0x50d4/0x5450 [ 28.606478] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.606501] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.606527] ? kasan_atomics+0x152/0x310 [ 28.606555] kasan_atomics+0x1dc/0x310 [ 28.606579] ? __pfx_kasan_atomics+0x10/0x10 [ 28.606604] ? __pfx_read_tsc+0x10/0x10 [ 28.606628] ? ktime_get_ts64+0x86/0x230 [ 28.606654] kunit_try_run_case+0x1a5/0x480 [ 28.606681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.606704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.606731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.606758] ? __kthread_parkme+0x82/0x180 [ 28.606780] ? preempt_count_sub+0x50/0x80 [ 28.606805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.606830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.606855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.606881] kthread+0x337/0x6f0 [ 28.606902] ? trace_preempt_on+0x20/0xc0 [ 28.606928] ? __pfx_kthread+0x10/0x10 [ 28.606962] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.606988] ? calculate_sigpending+0x7b/0xa0 [ 28.607013] ? __pfx_kthread+0x10/0x10 [ 28.607036] ret_from_fork+0x116/0x1d0 [ 28.607057] ? __pfx_kthread+0x10/0x10 [ 28.607079] ret_from_fork_asm+0x1a/0x30 [ 28.607112] </TASK> [ 28.607125] [ 28.614778] Allocated by task 314: [ 28.614927] kasan_save_stack+0x45/0x70 [ 28.615075] kasan_save_track+0x18/0x40 [ 28.615256] kasan_save_alloc_info+0x3b/0x50 [ 28.615645] __kasan_kmalloc+0xb7/0xc0 [ 28.615823] __kmalloc_cache_noprof+0x189/0x420 [ 28.615973] kasan_atomics+0x95/0x310 [ 28.616101] kunit_try_run_case+0x1a5/0x480 [ 28.616256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.616961] kthread+0x337/0x6f0 [ 28.617170] ret_from_fork+0x116/0x1d0 [ 28.617361] ret_from_fork_asm+0x1a/0x30 [ 28.617618] [ 28.617710] The buggy address belongs to the object at ffff888106118e00 [ 28.617710] which belongs to the cache kmalloc-64 of size 64 [ 28.618220] The buggy address is located 0 bytes to the right of [ 28.618220] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.618773] [ 28.618873] The buggy address belongs to the physical page: [ 28.619115] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.619487] flags: 0x200000000000000(node=0|zone=2) [ 28.619697] page_type: f5(slab) [ 28.619865] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.620175] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.620545] page dumped because: kasan: bad access detected [ 28.620758] [ 28.620824] Memory state around the buggy address: [ 28.620976] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.621201] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.621417] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.621630] ^ [ 28.621785] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.622094] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.622453] ================================================================== [ 28.972711] ================================================================== [ 28.973238] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 28.973719] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.974931] [ 28.975101] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.975178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.975204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.975228] Call Trace: [ 28.975252] <TASK> [ 28.975276] dump_stack_lvl+0x73/0xb0 [ 28.975311] print_report+0xd1/0x640 [ 28.975343] ? __virt_addr_valid+0x1db/0x2d0 [ 28.975370] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.975394] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.975421] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.975445] kasan_report+0x141/0x180 [ 28.975469] ? kasan_atomics_helper+0x1eaa/0x5450 [ 28.975496] kasan_check_range+0x10c/0x1c0 [ 28.975521] __kasan_check_write+0x18/0x20 [ 28.975546] kasan_atomics_helper+0x1eaa/0x5450 [ 28.975571] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.975594] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.975626] ? kasan_atomics+0x152/0x310 [ 28.975654] kasan_atomics+0x1dc/0x310 [ 28.975677] ? __pfx_kasan_atomics+0x10/0x10 [ 28.975703] ? __pfx_read_tsc+0x10/0x10 [ 28.975728] ? ktime_get_ts64+0x86/0x230 [ 28.975754] kunit_try_run_case+0x1a5/0x480 [ 28.975781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.975805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.975832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.975859] ? __kthread_parkme+0x82/0x180 [ 28.975882] ? preempt_count_sub+0x50/0x80 [ 28.975912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.975956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.975981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.976006] kthread+0x337/0x6f0 [ 28.976028] ? trace_preempt_on+0x20/0xc0 [ 28.976054] ? __pfx_kthread+0x10/0x10 [ 28.976076] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.976100] ? calculate_sigpending+0x7b/0xa0 [ 28.976126] ? __pfx_kthread+0x10/0x10 [ 28.976160] ret_from_fork+0x116/0x1d0 [ 28.976182] ? __pfx_kthread+0x10/0x10 [ 28.976205] ret_from_fork_asm+0x1a/0x30 [ 28.976238] </TASK> [ 28.976251] [ 28.983154] Allocated by task 314: [ 28.983341] kasan_save_stack+0x45/0x70 [ 28.983544] kasan_save_track+0x18/0x40 [ 28.983710] kasan_save_alloc_info+0x3b/0x50 [ 28.983891] __kasan_kmalloc+0xb7/0xc0 [ 28.984124] __kmalloc_cache_noprof+0x189/0x420 [ 28.984339] kasan_atomics+0x95/0x310 [ 28.984470] kunit_try_run_case+0x1a5/0x480 [ 28.984674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.984884] kthread+0x337/0x6f0 [ 28.985174] ret_from_fork+0x116/0x1d0 [ 28.985321] ret_from_fork_asm+0x1a/0x30 [ 28.985498] [ 28.985593] The buggy address belongs to the object at ffff888106118e00 [ 28.985593] which belongs to the cache kmalloc-64 of size 64 [ 28.986073] The buggy address is located 0 bytes to the right of [ 28.986073] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.986561] [ 28.986657] The buggy address belongs to the physical page: [ 28.986851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.987332] flags: 0x200000000000000(node=0|zone=2) [ 28.987521] page_type: f5(slab) [ 28.987695] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.988012] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.988324] page dumped because: kasan: bad access detected [ 28.988545] [ 28.988634] Memory state around the buggy address: [ 28.988831] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.989159] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.989400] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.989612] ^ [ 28.989767] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.990003] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.990370] ================================================================== [ 28.455790] ================================================================== [ 28.456349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 28.456730] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.457207] [ 28.457301] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.457352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.457366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.457435] Call Trace: [ 28.457459] <TASK> [ 28.457479] dump_stack_lvl+0x73/0xb0 [ 28.457510] print_report+0xd1/0x640 [ 28.457535] ? __virt_addr_valid+0x1db/0x2d0 [ 28.457561] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.457585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.457612] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.457634] kasan_report+0x141/0x180 [ 28.457658] ? kasan_atomics_helper+0x49e8/0x5450 [ 28.457685] __asan_report_load4_noabort+0x18/0x20 [ 28.457711] kasan_atomics_helper+0x49e8/0x5450 [ 28.457735] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.457759] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.457785] ? kasan_atomics+0x152/0x310 [ 28.457812] kasan_atomics+0x1dc/0x310 [ 28.457836] ? __pfx_kasan_atomics+0x10/0x10 [ 28.457861] ? __pfx_read_tsc+0x10/0x10 [ 28.457884] ? ktime_get_ts64+0x86/0x230 [ 28.457910] kunit_try_run_case+0x1a5/0x480 [ 28.457937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.457971] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.457998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.458024] ? __kthread_parkme+0x82/0x180 [ 28.458045] ? preempt_count_sub+0x50/0x80 [ 28.458071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.458097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.458121] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.458158] kthread+0x337/0x6f0 [ 28.458181] ? trace_preempt_on+0x20/0xc0 [ 28.458206] ? __pfx_kthread+0x10/0x10 [ 28.458228] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.458253] ? calculate_sigpending+0x7b/0xa0 [ 28.458280] ? __pfx_kthread+0x10/0x10 [ 28.458302] ret_from_fork+0x116/0x1d0 [ 28.458323] ? __pfx_kthread+0x10/0x10 [ 28.458345] ret_from_fork_asm+0x1a/0x30 [ 28.458379] </TASK> [ 28.458391] [ 28.466012] Allocated by task 314: [ 28.466563] kasan_save_stack+0x45/0x70 [ 28.466722] kasan_save_track+0x18/0x40 [ 28.466858] kasan_save_alloc_info+0x3b/0x50 [ 28.467215] __kasan_kmalloc+0xb7/0xc0 [ 28.467452] __kmalloc_cache_noprof+0x189/0x420 [ 28.467689] kasan_atomics+0x95/0x310 [ 28.467880] kunit_try_run_case+0x1a5/0x480 [ 28.468071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.468297] kthread+0x337/0x6f0 [ 28.468508] ret_from_fork+0x116/0x1d0 [ 28.468646] ret_from_fork_asm+0x1a/0x30 [ 28.468843] [ 28.468936] The buggy address belongs to the object at ffff888106118e00 [ 28.468936] which belongs to the cache kmalloc-64 of size 64 [ 28.469493] The buggy address is located 0 bytes to the right of [ 28.469493] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.469873] [ 28.469942] The buggy address belongs to the physical page: [ 28.470121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.470373] flags: 0x200000000000000(node=0|zone=2) [ 28.470533] page_type: f5(slab) [ 28.470654] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.470885] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.471161] page dumped because: kasan: bad access detected [ 28.471451] [ 28.471542] Memory state around the buggy address: [ 28.471770] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.472568] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.473386] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.473709] ^ [ 28.473919] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.474174] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.474426] ================================================================== [ 28.726556] ================================================================== [ 28.726912] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 28.727285] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.727662] [ 28.727809] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.727861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.727874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.727899] Call Trace: [ 28.727939] <TASK> [ 28.727961] dump_stack_lvl+0x73/0xb0 [ 28.727992] print_report+0xd1/0x640 [ 28.728017] ? __virt_addr_valid+0x1db/0x2d0 [ 28.728045] ? kasan_atomics_helper+0x177f/0x5450 [ 28.728068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.728095] ? kasan_atomics_helper+0x177f/0x5450 [ 28.728118] kasan_report+0x141/0x180 [ 28.728156] ? kasan_atomics_helper+0x177f/0x5450 [ 28.728185] kasan_check_range+0x10c/0x1c0 [ 28.728211] __kasan_check_write+0x18/0x20 [ 28.728236] kasan_atomics_helper+0x177f/0x5450 [ 28.728260] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.728283] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.728310] ? kasan_atomics+0x152/0x310 [ 28.728337] kasan_atomics+0x1dc/0x310 [ 28.728378] ? __pfx_kasan_atomics+0x10/0x10 [ 28.728405] ? __pfx_read_tsc+0x10/0x10 [ 28.728430] ? ktime_get_ts64+0x86/0x230 [ 28.728456] kunit_try_run_case+0x1a5/0x480 [ 28.728484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.728508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.728535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.728562] ? __kthread_parkme+0x82/0x180 [ 28.728583] ? preempt_count_sub+0x50/0x80 [ 28.728619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.728647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.728672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.728710] kthread+0x337/0x6f0 [ 28.728732] ? trace_preempt_on+0x20/0xc0 [ 28.728760] ? __pfx_kthread+0x10/0x10 [ 28.728782] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.728808] ? calculate_sigpending+0x7b/0xa0 [ 28.728836] ? __pfx_kthread+0x10/0x10 [ 28.728859] ret_from_fork+0x116/0x1d0 [ 28.728882] ? __pfx_kthread+0x10/0x10 [ 28.728904] ret_from_fork_asm+0x1a/0x30 [ 28.728952] </TASK> [ 28.728964] [ 28.737209] Allocated by task 314: [ 28.737427] kasan_save_stack+0x45/0x70 [ 28.737650] kasan_save_track+0x18/0x40 [ 28.737865] kasan_save_alloc_info+0x3b/0x50 [ 28.738073] __kasan_kmalloc+0xb7/0xc0 [ 28.738274] __kmalloc_cache_noprof+0x189/0x420 [ 28.738575] kasan_atomics+0x95/0x310 [ 28.738708] kunit_try_run_case+0x1a5/0x480 [ 28.738967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.739249] kthread+0x337/0x6f0 [ 28.739452] ret_from_fork+0x116/0x1d0 [ 28.739613] ret_from_fork_asm+0x1a/0x30 [ 28.739815] [ 28.739888] The buggy address belongs to the object at ffff888106118e00 [ 28.739888] which belongs to the cache kmalloc-64 of size 64 [ 28.740351] The buggy address is located 0 bytes to the right of [ 28.740351] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.740988] [ 28.741162] The buggy address belongs to the physical page: [ 28.741490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.741817] flags: 0x200000000000000(node=0|zone=2) [ 28.742066] page_type: f5(slab) [ 28.742218] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.742625] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.742865] page dumped because: kasan: bad access detected [ 28.743073] [ 28.743172] Memory state around the buggy address: [ 28.743430] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.743773] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.744096] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.744663] ^ [ 28.745002] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.745232] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.745536] ================================================================== [ 28.330089] ================================================================== [ 28.330427] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.331021] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.331482] [ 28.331574] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.331631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.331646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.331669] Call Trace: [ 28.331691] <TASK> [ 28.331710] dump_stack_lvl+0x73/0xb0 [ 28.331740] print_report+0xd1/0x640 [ 28.331765] ? __virt_addr_valid+0x1db/0x2d0 [ 28.331792] ? kasan_atomics_helper+0x1079/0x5450 [ 28.331815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.331842] ? kasan_atomics_helper+0x1079/0x5450 [ 28.331866] kasan_report+0x141/0x180 [ 28.331890] ? kasan_atomics_helper+0x1079/0x5450 [ 28.331918] kasan_check_range+0x10c/0x1c0 [ 28.331957] __kasan_check_write+0x18/0x20 [ 28.331982] kasan_atomics_helper+0x1079/0x5450 [ 28.332007] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.332029] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.332056] ? kasan_atomics+0x152/0x310 [ 28.332083] kasan_atomics+0x1dc/0x310 [ 28.332108] ? __pfx_kasan_atomics+0x10/0x10 [ 28.332132] ? __pfx_read_tsc+0x10/0x10 [ 28.332168] ? ktime_get_ts64+0x86/0x230 [ 28.332195] kunit_try_run_case+0x1a5/0x480 [ 28.332222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332247] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.332274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.332301] ? __kthread_parkme+0x82/0x180 [ 28.332323] ? preempt_count_sub+0x50/0x80 [ 28.332348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.332413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.332441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.332467] kthread+0x337/0x6f0 [ 28.332488] ? trace_preempt_on+0x20/0xc0 [ 28.332513] ? __pfx_kthread+0x10/0x10 [ 28.332536] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.332561] ? calculate_sigpending+0x7b/0xa0 [ 28.332587] ? __pfx_kthread+0x10/0x10 [ 28.332610] ret_from_fork+0x116/0x1d0 [ 28.332633] ? __pfx_kthread+0x10/0x10 [ 28.332655] ret_from_fork_asm+0x1a/0x30 [ 28.332689] </TASK> [ 28.332701] [ 28.340938] Allocated by task 314: [ 28.341138] kasan_save_stack+0x45/0x70 [ 28.341337] kasan_save_track+0x18/0x40 [ 28.341617] kasan_save_alloc_info+0x3b/0x50 [ 28.341831] __kasan_kmalloc+0xb7/0xc0 [ 28.342056] __kmalloc_cache_noprof+0x189/0x420 [ 28.342286] kasan_atomics+0x95/0x310 [ 28.342413] kunit_try_run_case+0x1a5/0x480 [ 28.342551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.342717] kthread+0x337/0x6f0 [ 28.342833] ret_from_fork+0x116/0x1d0 [ 28.342958] ret_from_fork_asm+0x1a/0x30 [ 28.343091] [ 28.343165] The buggy address belongs to the object at ffff888106118e00 [ 28.343165] which belongs to the cache kmalloc-64 of size 64 [ 28.343505] The buggy address is located 0 bytes to the right of [ 28.343505] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.343859] [ 28.343926] The buggy address belongs to the physical page: [ 28.344171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.344513] flags: 0x200000000000000(node=0|zone=2) [ 28.344737] page_type: f5(slab) [ 28.344897] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.345303] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.345641] page dumped because: kasan: bad access detected [ 28.345882] [ 28.345991] Memory state around the buggy address: [ 28.346221] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.346525] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.346729] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.346933] ^ [ 28.347606] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.347950] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.348283] ================================================================== [ 28.474947] ================================================================== [ 28.475295] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 28.475678] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.475911] [ 28.476071] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.476122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.476135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.476170] Call Trace: [ 28.476193] <TASK> [ 28.476214] dump_stack_lvl+0x73/0xb0 [ 28.476245] print_report+0xd1/0x640 [ 28.476269] ? __virt_addr_valid+0x1db/0x2d0 [ 28.476296] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.476319] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.476346] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.476382] kasan_report+0x141/0x180 [ 28.476406] ? kasan_atomics_helper+0x12e6/0x5450 [ 28.476433] kasan_check_range+0x10c/0x1c0 [ 28.476458] __kasan_check_write+0x18/0x20 [ 28.476482] kasan_atomics_helper+0x12e6/0x5450 [ 28.476508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.476531] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.476557] ? kasan_atomics+0x152/0x310 [ 28.476586] kasan_atomics+0x1dc/0x310 [ 28.476609] ? __pfx_kasan_atomics+0x10/0x10 [ 28.476634] ? __pfx_read_tsc+0x10/0x10 [ 28.476657] ? ktime_get_ts64+0x86/0x230 [ 28.476684] kunit_try_run_case+0x1a5/0x480 [ 28.476710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.476734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.476761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.476787] ? __kthread_parkme+0x82/0x180 [ 28.476809] ? preempt_count_sub+0x50/0x80 [ 28.476834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.476859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.476884] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.476909] kthread+0x337/0x6f0 [ 28.476930] ? trace_preempt_on+0x20/0xc0 [ 28.476971] ? __pfx_kthread+0x10/0x10 [ 28.476992] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.477018] ? calculate_sigpending+0x7b/0xa0 [ 28.477043] ? __pfx_kthread+0x10/0x10 [ 28.477065] ret_from_fork+0x116/0x1d0 [ 28.477087] ? __pfx_kthread+0x10/0x10 [ 28.477109] ret_from_fork_asm+0x1a/0x30 [ 28.477150] </TASK> [ 28.477164] [ 28.485453] Allocated by task 314: [ 28.485662] kasan_save_stack+0x45/0x70 [ 28.485873] kasan_save_track+0x18/0x40 [ 28.486241] kasan_save_alloc_info+0x3b/0x50 [ 28.486572] __kasan_kmalloc+0xb7/0xc0 [ 28.486730] __kmalloc_cache_noprof+0x189/0x420 [ 28.486930] kasan_atomics+0x95/0x310 [ 28.487097] kunit_try_run_case+0x1a5/0x480 [ 28.487272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.487782] kthread+0x337/0x6f0 [ 28.487971] ret_from_fork+0x116/0x1d0 [ 28.488125] ret_from_fork_asm+0x1a/0x30 [ 28.488330] [ 28.489799] The buggy address belongs to the object at ffff888106118e00 [ 28.489799] which belongs to the cache kmalloc-64 of size 64 [ 28.490265] The buggy address is located 0 bytes to the right of [ 28.490265] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.491894] [ 28.492023] The buggy address belongs to the physical page: [ 28.492216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.492944] flags: 0x200000000000000(node=0|zone=2) [ 28.493291] page_type: f5(slab) [ 28.493464] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.494229] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.494732] page dumped because: kasan: bad access detected [ 28.495306] [ 28.495627] Memory state around the buggy address: [ 28.495853] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.496350] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.496668] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.497157] ^ [ 28.497690] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.498193] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.498667] ================================================================== [ 28.544107] ================================================================== [ 28.544821] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 28.545951] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.546425] [ 28.546525] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.546578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.546593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.546616] Call Trace: [ 28.546638] <TASK> [ 28.546659] dump_stack_lvl+0x73/0xb0 [ 28.546691] print_report+0xd1/0x640 [ 28.546716] ? __virt_addr_valid+0x1db/0x2d0 [ 28.546742] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.546764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.546791] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.546814] kasan_report+0x141/0x180 [ 28.546837] ? kasan_atomics_helper+0x4eae/0x5450 [ 28.546864] __asan_report_load8_noabort+0x18/0x20 [ 28.546889] kasan_atomics_helper+0x4eae/0x5450 [ 28.546913] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.546936] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.546963] ? kasan_atomics+0x152/0x310 [ 28.546989] kasan_atomics+0x1dc/0x310 [ 28.547013] ? __pfx_kasan_atomics+0x10/0x10 [ 28.547038] ? __pfx_read_tsc+0x10/0x10 [ 28.547061] ? ktime_get_ts64+0x86/0x230 [ 28.547086] kunit_try_run_case+0x1a5/0x480 [ 28.547113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.547136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.547175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.547202] ? __kthread_parkme+0x82/0x180 [ 28.547224] ? preempt_count_sub+0x50/0x80 [ 28.547248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.547273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.547298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.547521] kthread+0x337/0x6f0 [ 28.547556] ? trace_preempt_on+0x20/0xc0 [ 28.547583] ? __pfx_kthread+0x10/0x10 [ 28.547605] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.547638] ? calculate_sigpending+0x7b/0xa0 [ 28.547664] ? __pfx_kthread+0x10/0x10 [ 28.547687] ret_from_fork+0x116/0x1d0 [ 28.547708] ? __pfx_kthread+0x10/0x10 [ 28.547731] ret_from_fork_asm+0x1a/0x30 [ 28.547766] </TASK> [ 28.547779] [ 28.564237] Allocated by task 314: [ 28.564706] kasan_save_stack+0x45/0x70 [ 28.565262] kasan_save_track+0x18/0x40 [ 28.565750] kasan_save_alloc_info+0x3b/0x50 [ 28.566141] __kasan_kmalloc+0xb7/0xc0 [ 28.566516] __kmalloc_cache_noprof+0x189/0x420 [ 28.566679] kasan_atomics+0x95/0x310 [ 28.566810] kunit_try_run_case+0x1a5/0x480 [ 28.566967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.567532] kthread+0x337/0x6f0 [ 28.567969] ret_from_fork+0x116/0x1d0 [ 28.568430] ret_from_fork_asm+0x1a/0x30 [ 28.568883] [ 28.569084] The buggy address belongs to the object at ffff888106118e00 [ 28.569084] which belongs to the cache kmalloc-64 of size 64 [ 28.570530] The buggy address is located 0 bytes to the right of [ 28.570530] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.570903] [ 28.570993] The buggy address belongs to the physical page: [ 28.571206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.571870] flags: 0x200000000000000(node=0|zone=2) [ 28.572168] page_type: f5(slab) [ 28.572315] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.572629] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.573108] page dumped because: kasan: bad access detected [ 28.573292] [ 28.573404] Memory state around the buggy address: [ 28.573695] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.574256] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.574674] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.575019] ^ [ 28.575249] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.575544] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.576138] ================================================================== [ 27.797479] ================================================================== [ 27.798883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 27.799585] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.800379] [ 27.800650] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.800717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.800733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.800759] Call Trace: [ 27.800781] <TASK> [ 27.800803] dump_stack_lvl+0x73/0xb0 [ 27.800837] print_report+0xd1/0x640 [ 27.800862] ? __virt_addr_valid+0x1db/0x2d0 [ 27.800888] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.800910] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.800938] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.801090] kasan_report+0x141/0x180 [ 27.801117] ? kasan_atomics_helper+0x4b54/0x5450 [ 27.801200] __asan_report_load4_noabort+0x18/0x20 [ 27.801227] kasan_atomics_helper+0x4b54/0x5450 [ 27.801251] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.801274] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.801301] ? kasan_atomics+0x152/0x310 [ 27.801328] kasan_atomics+0x1dc/0x310 [ 27.801352] ? __pfx_kasan_atomics+0x10/0x10 [ 27.801387] ? __pfx_read_tsc+0x10/0x10 [ 27.801413] ? ktime_get_ts64+0x86/0x230 [ 27.801439] kunit_try_run_case+0x1a5/0x480 [ 27.801466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.801493] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.801522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.801547] ? __kthread_parkme+0x82/0x180 [ 27.801570] ? preempt_count_sub+0x50/0x80 [ 27.801594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.801618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.801643] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.801667] kthread+0x337/0x6f0 [ 27.801689] ? trace_preempt_on+0x20/0xc0 [ 27.801715] ? __pfx_kthread+0x10/0x10 [ 27.801737] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.801762] ? calculate_sigpending+0x7b/0xa0 [ 27.801788] ? __pfx_kthread+0x10/0x10 [ 27.801811] ret_from_fork+0x116/0x1d0 [ 27.801832] ? __pfx_kthread+0x10/0x10 [ 27.801854] ret_from_fork_asm+0x1a/0x30 [ 27.801887] </TASK> [ 27.801900] [ 27.818818] Allocated by task 314: [ 27.819137] kasan_save_stack+0x45/0x70 [ 27.819460] kasan_save_track+0x18/0x40 [ 27.819898] kasan_save_alloc_info+0x3b/0x50 [ 27.820362] __kasan_kmalloc+0xb7/0xc0 [ 27.820679] __kmalloc_cache_noprof+0x189/0x420 [ 27.821151] kasan_atomics+0x95/0x310 [ 27.821362] kunit_try_run_case+0x1a5/0x480 [ 27.821777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.821963] kthread+0x337/0x6f0 [ 27.822293] ret_from_fork+0x116/0x1d0 [ 27.822712] ret_from_fork_asm+0x1a/0x30 [ 27.823156] [ 27.823324] The buggy address belongs to the object at ffff888106118e00 [ 27.823324] which belongs to the cache kmalloc-64 of size 64 [ 27.824068] The buggy address is located 0 bytes to the right of [ 27.824068] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.824455] [ 27.824667] The buggy address belongs to the physical page: [ 27.825233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.826062] flags: 0x200000000000000(node=0|zone=2) [ 27.826565] page_type: f5(slab) [ 27.826935] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.827709] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.827937] page dumped because: kasan: bad access detected [ 27.828106] [ 27.828183] Memory state around the buggy address: [ 27.828337] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.828560] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.829176] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.829929] ^ [ 27.830406] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.831085] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.831786] ================================================================== [ 27.773381] ================================================================== [ 27.773611] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 27.773835] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.774053] [ 27.774135] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.774195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.774210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.774233] Call Trace: [ 27.774252] <TASK> [ 27.774269] dump_stack_lvl+0x73/0xb0 [ 27.774560] print_report+0xd1/0x640 [ 27.774585] ? __virt_addr_valid+0x1db/0x2d0 [ 27.774611] ? kasan_atomics_helper+0x3df/0x5450 [ 27.774634] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.774662] ? kasan_atomics_helper+0x3df/0x5450 [ 27.774685] kasan_report+0x141/0x180 [ 27.774711] ? kasan_atomics_helper+0x3df/0x5450 [ 27.774738] kasan_check_range+0x10c/0x1c0 [ 27.774764] __kasan_check_read+0x15/0x20 [ 27.774788] kasan_atomics_helper+0x3df/0x5450 [ 27.774813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.774835] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.774862] ? kasan_atomics+0x152/0x310 [ 27.774889] kasan_atomics+0x1dc/0x310 [ 27.774914] ? __pfx_kasan_atomics+0x10/0x10 [ 27.774939] ? __pfx_read_tsc+0x10/0x10 [ 27.774963] ? ktime_get_ts64+0x86/0x230 [ 27.774990] kunit_try_run_case+0x1a5/0x480 [ 27.775016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.775040] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.775067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.775095] ? __kthread_parkme+0x82/0x180 [ 27.775116] ? preempt_count_sub+0x50/0x80 [ 27.775141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.775180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.775206] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.775232] kthread+0x337/0x6f0 [ 27.775254] ? trace_preempt_on+0x20/0xc0 [ 27.775280] ? __pfx_kthread+0x10/0x10 [ 27.775302] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.775328] ? calculate_sigpending+0x7b/0xa0 [ 27.775353] ? __pfx_kthread+0x10/0x10 [ 27.775376] ret_from_fork+0x116/0x1d0 [ 27.775397] ? __pfx_kthread+0x10/0x10 [ 27.775474] ret_from_fork_asm+0x1a/0x30 [ 27.775508] </TASK> [ 27.775521] [ 27.783761] Allocated by task 314: [ 27.783900] kasan_save_stack+0x45/0x70 [ 27.784223] kasan_save_track+0x18/0x40 [ 27.784415] kasan_save_alloc_info+0x3b/0x50 [ 27.784599] __kasan_kmalloc+0xb7/0xc0 [ 27.784739] __kmalloc_cache_noprof+0x189/0x420 [ 27.784894] kasan_atomics+0x95/0x310 [ 27.785026] kunit_try_run_case+0x1a5/0x480 [ 27.785254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.785747] kthread+0x337/0x6f0 [ 27.785951] ret_from_fork+0x116/0x1d0 [ 27.786156] ret_from_fork_asm+0x1a/0x30 [ 27.786354] [ 27.786510] The buggy address belongs to the object at ffff888106118e00 [ 27.786510] which belongs to the cache kmalloc-64 of size 64 [ 27.787043] The buggy address is located 0 bytes to the right of [ 27.787043] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.787554] [ 27.787633] The buggy address belongs to the physical page: [ 27.787810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.788122] flags: 0x200000000000000(node=0|zone=2) [ 27.788384] page_type: f5(slab) [ 27.788552] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.788889] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.789113] page dumped because: kasan: bad access detected [ 27.790279] [ 27.790476] Memory state around the buggy address: [ 27.790751] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.793026] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.794049] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.794761] ^ [ 27.794933] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.795434] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.796319] ================================================================== [ 27.897213] ================================================================== [ 27.898128] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 27.899109] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.899602] [ 27.899933] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.900000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.900017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.900049] Call Trace: [ 27.900071] <TASK> [ 27.900093] dump_stack_lvl+0x73/0xb0 [ 27.900128] print_report+0xd1/0x640 [ 27.900166] ? __virt_addr_valid+0x1db/0x2d0 [ 27.900195] ? kasan_atomics_helper+0x565/0x5450 [ 27.900222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.900254] ? kasan_atomics_helper+0x565/0x5450 [ 27.900280] kasan_report+0x141/0x180 [ 27.900306] ? kasan_atomics_helper+0x565/0x5450 [ 27.900337] kasan_check_range+0x10c/0x1c0 [ 27.900365] __kasan_check_write+0x18/0x20 [ 27.900541] kasan_atomics_helper+0x565/0x5450 [ 27.900570] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.900598] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.900628] ? kasan_atomics+0x152/0x310 [ 27.900658] kasan_atomics+0x1dc/0x310 [ 27.900683] ? __pfx_kasan_atomics+0x10/0x10 [ 27.900711] ? __pfx_read_tsc+0x10/0x10 [ 27.900738] ? ktime_get_ts64+0x86/0x230 [ 27.900767] kunit_try_run_case+0x1a5/0x480 [ 27.900797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.900827] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.900857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.900887] ? __kthread_parkme+0x82/0x180 [ 27.900911] ? preempt_count_sub+0x50/0x80 [ 27.900938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.900967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.900997] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.901026] kthread+0x337/0x6f0 [ 27.901050] ? trace_preempt_on+0x20/0xc0 [ 27.901079] ? __pfx_kthread+0x10/0x10 [ 27.901103] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.901131] ? calculate_sigpending+0x7b/0xa0 [ 27.901171] ? __pfx_kthread+0x10/0x10 [ 27.901196] ret_from_fork+0x116/0x1d0 [ 27.901220] ? __pfx_kthread+0x10/0x10 [ 27.901245] ret_from_fork_asm+0x1a/0x30 [ 27.901280] </TASK> [ 27.901293] [ 27.913946] Allocated by task 314: [ 27.914336] kasan_save_stack+0x45/0x70 [ 27.914673] kasan_save_track+0x18/0x40 [ 27.914853] kasan_save_alloc_info+0x3b/0x50 [ 27.915242] __kasan_kmalloc+0xb7/0xc0 [ 27.915452] __kmalloc_cache_noprof+0x189/0x420 [ 27.915727] kasan_atomics+0x95/0x310 [ 27.915979] kunit_try_run_case+0x1a5/0x480 [ 27.916187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.916593] kthread+0x337/0x6f0 [ 27.916760] ret_from_fork+0x116/0x1d0 [ 27.917159] ret_from_fork_asm+0x1a/0x30 [ 27.917333] [ 27.917408] The buggy address belongs to the object at ffff888106118e00 [ 27.917408] which belongs to the cache kmalloc-64 of size 64 [ 27.918285] The buggy address is located 0 bytes to the right of [ 27.918285] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.919177] [ 27.919273] The buggy address belongs to the physical page: [ 27.919690] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.920108] flags: 0x200000000000000(node=0|zone=2) [ 27.920421] page_type: f5(slab) [ 27.920625] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.920984] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.921389] page dumped because: kasan: bad access detected [ 27.921778] [ 27.921879] Memory state around the buggy address: [ 27.922136] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.922577] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.922996] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.923301] ^ [ 27.923601] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924024] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.924345] ================================================================== [ 28.070662] ================================================================== [ 28.070928] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 28.071258] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.071504] [ 28.071978] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.072034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.072048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.072073] Call Trace: [ 28.072094] <TASK> [ 28.072191] dump_stack_lvl+0x73/0xb0 [ 28.072281] print_report+0xd1/0x640 [ 28.072306] ? __virt_addr_valid+0x1db/0x2d0 [ 28.072332] ? kasan_atomics_helper+0x992/0x5450 [ 28.072411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.072440] ? kasan_atomics_helper+0x992/0x5450 [ 28.072463] kasan_report+0x141/0x180 [ 28.072488] ? kasan_atomics_helper+0x992/0x5450 [ 28.072515] kasan_check_range+0x10c/0x1c0 [ 28.072540] __kasan_check_write+0x18/0x20 [ 28.072565] kasan_atomics_helper+0x992/0x5450 [ 28.072588] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.072611] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.072636] ? kasan_atomics+0x152/0x310 [ 28.072662] kasan_atomics+0x1dc/0x310 [ 28.072686] ? __pfx_kasan_atomics+0x10/0x10 [ 28.072712] ? __pfx_read_tsc+0x10/0x10 [ 28.072735] ? ktime_get_ts64+0x86/0x230 [ 28.072762] kunit_try_run_case+0x1a5/0x480 [ 28.072787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.072811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.072839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.072865] ? __kthread_parkme+0x82/0x180 [ 28.072886] ? preempt_count_sub+0x50/0x80 [ 28.072911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.072937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.072962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.072988] kthread+0x337/0x6f0 [ 28.073011] ? trace_preempt_on+0x20/0xc0 [ 28.073036] ? __pfx_kthread+0x10/0x10 [ 28.073059] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.073084] ? calculate_sigpending+0x7b/0xa0 [ 28.073110] ? __pfx_kthread+0x10/0x10 [ 28.073133] ret_from_fork+0x116/0x1d0 [ 28.073165] ? __pfx_kthread+0x10/0x10 [ 28.073188] ret_from_fork_asm+0x1a/0x30 [ 28.073221] </TASK> [ 28.073234] [ 28.083132] Allocated by task 314: [ 28.083653] kasan_save_stack+0x45/0x70 [ 28.083964] kasan_save_track+0x18/0x40 [ 28.084234] kasan_save_alloc_info+0x3b/0x50 [ 28.084399] __kasan_kmalloc+0xb7/0xc0 [ 28.084550] __kmalloc_cache_noprof+0x189/0x420 [ 28.085125] kasan_atomics+0x95/0x310 [ 28.085313] kunit_try_run_case+0x1a5/0x480 [ 28.085515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.085999] kthread+0x337/0x6f0 [ 28.086134] ret_from_fork+0x116/0x1d0 [ 28.086346] ret_from_fork_asm+0x1a/0x30 [ 28.086571] [ 28.086768] The buggy address belongs to the object at ffff888106118e00 [ 28.086768] which belongs to the cache kmalloc-64 of size 64 [ 28.087425] The buggy address is located 0 bytes to the right of [ 28.087425] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.088190] [ 28.088354] The buggy address belongs to the physical page: [ 28.088619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.088920] flags: 0x200000000000000(node=0|zone=2) [ 28.089319] page_type: f5(slab) [ 28.089539] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.090048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.090448] page dumped because: kasan: bad access detected [ 28.090815] [ 28.090956] Memory state around the buggy address: [ 28.091126] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.091658] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.091905] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.092300] ^ [ 28.092796] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.093081] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.093604] ================================================================== [ 29.092707] ================================================================== [ 29.093865] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 29.094353] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.094657] [ 29.094774] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.094829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.094843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.094868] Call Trace: [ 29.094889] <TASK> [ 29.094910] dump_stack_lvl+0x73/0xb0 [ 29.094955] print_report+0xd1/0x640 [ 29.095004] ? __virt_addr_valid+0x1db/0x2d0 [ 29.095030] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.095054] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.095081] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.095122] kasan_report+0x141/0x180 [ 29.095157] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.095186] __asan_report_load8_noabort+0x18/0x20 [ 29.095212] kasan_atomics_helper+0x4fb2/0x5450 [ 29.095237] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.095261] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.095286] ? kasan_atomics+0x152/0x310 [ 29.095314] kasan_atomics+0x1dc/0x310 [ 29.095338] ? __pfx_kasan_atomics+0x10/0x10 [ 29.095364] ? __pfx_read_tsc+0x10/0x10 [ 29.095388] ? ktime_get_ts64+0x86/0x230 [ 29.095414] kunit_try_run_case+0x1a5/0x480 [ 29.095441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.095465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.095514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.095542] ? __kthread_parkme+0x82/0x180 [ 29.095564] ? preempt_count_sub+0x50/0x80 [ 29.095589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.095615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.095644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.095670] kthread+0x337/0x6f0 [ 29.095712] ? trace_preempt_on+0x20/0xc0 [ 29.095739] ? __pfx_kthread+0x10/0x10 [ 29.095761] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.095787] ? calculate_sigpending+0x7b/0xa0 [ 29.095813] ? __pfx_kthread+0x10/0x10 [ 29.095836] ret_from_fork+0x116/0x1d0 [ 29.095857] ? __pfx_kthread+0x10/0x10 [ 29.095879] ret_from_fork_asm+0x1a/0x30 [ 29.095912] </TASK> [ 29.095926] [ 29.103016] Allocated by task 314: [ 29.103208] kasan_save_stack+0x45/0x70 [ 29.103430] kasan_save_track+0x18/0x40 [ 29.103648] kasan_save_alloc_info+0x3b/0x50 [ 29.103859] __kasan_kmalloc+0xb7/0xc0 [ 29.104031] __kmalloc_cache_noprof+0x189/0x420 [ 29.104246] kasan_atomics+0x95/0x310 [ 29.104439] kunit_try_run_case+0x1a5/0x480 [ 29.104590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.104859] kthread+0x337/0x6f0 [ 29.105057] ret_from_fork+0x116/0x1d0 [ 29.105203] ret_from_fork_asm+0x1a/0x30 [ 29.105417] [ 29.105510] The buggy address belongs to the object at ffff888106118e00 [ 29.105510] which belongs to the cache kmalloc-64 of size 64 [ 29.105896] The buggy address is located 0 bytes to the right of [ 29.105896] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.106277] [ 29.106346] The buggy address belongs to the physical page: [ 29.106599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.106977] flags: 0x200000000000000(node=0|zone=2) [ 29.107230] page_type: f5(slab) [ 29.107395] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.107729] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.108207] page dumped because: kasan: bad access detected [ 29.108390] [ 29.108455] Memory state around the buggy address: [ 29.108608] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.108838] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.109417] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.109718] ^ [ 29.109933] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110209] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.110523] ================================================================== [ 27.754532] ================================================================== [ 27.754887] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 27.755559] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.755885] [ 27.755993] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.756042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.756055] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.756078] Call Trace: [ 27.756097] <TASK> [ 27.756114] dump_stack_lvl+0x73/0xb0 [ 27.756157] print_report+0xd1/0x640 [ 27.756181] ? __virt_addr_valid+0x1db/0x2d0 [ 27.756207] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.756230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.756257] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.756280] kasan_report+0x141/0x180 [ 27.756303] ? kasan_atomics_helper+0x4b6e/0x5450 [ 27.756331] __asan_report_store4_noabort+0x1b/0x30 [ 27.756356] kasan_atomics_helper+0x4b6e/0x5450 [ 27.756426] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.756451] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.756478] ? kasan_atomics+0x152/0x310 [ 27.756505] kasan_atomics+0x1dc/0x310 [ 27.756529] ? __pfx_kasan_atomics+0x10/0x10 [ 27.756556] ? __pfx_read_tsc+0x10/0x10 [ 27.756579] ? ktime_get_ts64+0x86/0x230 [ 27.756605] kunit_try_run_case+0x1a5/0x480 [ 27.756631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.756655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.756682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.756709] ? __kthread_parkme+0x82/0x180 [ 27.756731] ? preempt_count_sub+0x50/0x80 [ 27.756755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.756781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.756806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.756832] kthread+0x337/0x6f0 [ 27.756854] ? trace_preempt_on+0x20/0xc0 [ 27.756879] ? __pfx_kthread+0x10/0x10 [ 27.756901] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.756926] ? calculate_sigpending+0x7b/0xa0 [ 27.756961] ? __pfx_kthread+0x10/0x10 [ 27.756984] ret_from_fork+0x116/0x1d0 [ 27.757005] ? __pfx_kthread+0x10/0x10 [ 27.757027] ret_from_fork_asm+0x1a/0x30 [ 27.757059] </TASK> [ 27.757072] [ 27.765299] Allocated by task 314: [ 27.765533] kasan_save_stack+0x45/0x70 [ 27.765681] kasan_save_track+0x18/0x40 [ 27.765814] kasan_save_alloc_info+0x3b/0x50 [ 27.765959] __kasan_kmalloc+0xb7/0xc0 [ 27.766088] __kmalloc_cache_noprof+0x189/0x420 [ 27.766322] kasan_atomics+0x95/0x310 [ 27.766593] kunit_try_run_case+0x1a5/0x480 [ 27.766802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.767045] kthread+0x337/0x6f0 [ 27.767223] ret_from_fork+0x116/0x1d0 [ 27.767408] ret_from_fork_asm+0x1a/0x30 [ 27.767593] [ 27.767666] The buggy address belongs to the object at ffff888106118e00 [ 27.767666] which belongs to the cache kmalloc-64 of size 64 [ 27.768017] The buggy address is located 0 bytes to the right of [ 27.768017] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.769081] [ 27.769190] The buggy address belongs to the physical page: [ 27.769423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.769715] flags: 0x200000000000000(node=0|zone=2) [ 27.769938] page_type: f5(slab) [ 27.770102] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.770401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.770719] page dumped because: kasan: bad access detected [ 27.770925] [ 27.771028] Memory state around the buggy address: [ 27.771229] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.771523] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.771799] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.772088] ^ [ 27.772358] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.772648] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.772921] ================================================================== [ 28.786949] ================================================================== [ 28.787297] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 28.787927] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.788250] [ 28.788424] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.788476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.788490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.788513] Call Trace: [ 28.788535] <TASK> [ 28.788555] dump_stack_lvl+0x73/0xb0 [ 28.788586] print_report+0xd1/0x640 [ 28.788611] ? __virt_addr_valid+0x1db/0x2d0 [ 28.788638] ? kasan_atomics_helper+0x194a/0x5450 [ 28.788661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.788688] ? kasan_atomics_helper+0x194a/0x5450 [ 28.788712] kasan_report+0x141/0x180 [ 28.788735] ? kasan_atomics_helper+0x194a/0x5450 [ 28.788762] kasan_check_range+0x10c/0x1c0 [ 28.788788] __kasan_check_write+0x18/0x20 [ 28.788813] kasan_atomics_helper+0x194a/0x5450 [ 28.788837] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.788860] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.788887] ? kasan_atomics+0x152/0x310 [ 28.788915] kasan_atomics+0x1dc/0x310 [ 28.788948] ? __pfx_kasan_atomics+0x10/0x10 [ 28.788974] ? __pfx_read_tsc+0x10/0x10 [ 28.788997] ? ktime_get_ts64+0x86/0x230 [ 28.789023] kunit_try_run_case+0x1a5/0x480 [ 28.789050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.789074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.789102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.789128] ? __kthread_parkme+0x82/0x180 [ 28.789159] ? preempt_count_sub+0x50/0x80 [ 28.789184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.789210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.789235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.789260] kthread+0x337/0x6f0 [ 28.789281] ? trace_preempt_on+0x20/0xc0 [ 28.789307] ? __pfx_kthread+0x10/0x10 [ 28.789329] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.789355] ? calculate_sigpending+0x7b/0xa0 [ 28.789380] ? __pfx_kthread+0x10/0x10 [ 28.789403] ret_from_fork+0x116/0x1d0 [ 28.789423] ? __pfx_kthread+0x10/0x10 [ 28.789445] ret_from_fork_asm+0x1a/0x30 [ 28.789478] </TASK> [ 28.789491] [ 28.797744] Allocated by task 314: [ 28.797939] kasan_save_stack+0x45/0x70 [ 28.798175] kasan_save_track+0x18/0x40 [ 28.798605] kasan_save_alloc_info+0x3b/0x50 [ 28.798809] __kasan_kmalloc+0xb7/0xc0 [ 28.799009] __kmalloc_cache_noprof+0x189/0x420 [ 28.799248] kasan_atomics+0x95/0x310 [ 28.799507] kunit_try_run_case+0x1a5/0x480 [ 28.799738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.800012] kthread+0x337/0x6f0 [ 28.800186] ret_from_fork+0x116/0x1d0 [ 28.800436] ret_from_fork_asm+0x1a/0x30 [ 28.800630] [ 28.800700] The buggy address belongs to the object at ffff888106118e00 [ 28.800700] which belongs to the cache kmalloc-64 of size 64 [ 28.801248] The buggy address is located 0 bytes to the right of [ 28.801248] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.801867] [ 28.801981] The buggy address belongs to the physical page: [ 28.802231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.802535] flags: 0x200000000000000(node=0|zone=2) [ 28.802702] page_type: f5(slab) [ 28.802825] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.803053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.803386] page dumped because: kasan: bad access detected [ 28.803656] [ 28.803747] Memory state around the buggy address: [ 28.804341] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.804789] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.805189] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.805570] ^ [ 28.805828] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.806179] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.806528] ================================================================== [ 27.925048] ================================================================== [ 27.925372] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 27.925887] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.926167] [ 27.926283] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.926335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.926348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.926372] Call Trace: [ 27.926395] <TASK> [ 27.926561] dump_stack_lvl+0x73/0xb0 [ 27.926597] print_report+0xd1/0x640 [ 27.926623] ? __virt_addr_valid+0x1db/0x2d0 [ 27.926650] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.926672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.926700] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.926723] kasan_report+0x141/0x180 [ 27.926747] ? kasan_atomics_helper+0x5fe/0x5450 [ 27.926774] kasan_check_range+0x10c/0x1c0 [ 27.926800] __kasan_check_write+0x18/0x20 [ 27.926824] kasan_atomics_helper+0x5fe/0x5450 [ 27.926849] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.926872] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.926898] ? kasan_atomics+0x152/0x310 [ 27.926925] kasan_atomics+0x1dc/0x310 [ 27.927084] ? __pfx_kasan_atomics+0x10/0x10 [ 27.927112] ? __pfx_read_tsc+0x10/0x10 [ 27.927137] ? ktime_get_ts64+0x86/0x230 [ 27.927176] kunit_try_run_case+0x1a5/0x480 [ 27.927204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.927318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.927348] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.927392] ? __kthread_parkme+0x82/0x180 [ 27.927422] ? preempt_count_sub+0x50/0x80 [ 27.927448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.927473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.927499] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.927524] kthread+0x337/0x6f0 [ 27.927547] ? trace_preempt_on+0x20/0xc0 [ 27.927573] ? __pfx_kthread+0x10/0x10 [ 27.927594] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.927633] ? calculate_sigpending+0x7b/0xa0 [ 27.927658] ? __pfx_kthread+0x10/0x10 [ 27.927681] ret_from_fork+0x116/0x1d0 [ 27.927703] ? __pfx_kthread+0x10/0x10 [ 27.927725] ret_from_fork_asm+0x1a/0x30 [ 27.927758] </TASK> [ 27.927771] [ 27.937795] Allocated by task 314: [ 27.937965] kasan_save_stack+0x45/0x70 [ 27.938392] kasan_save_track+0x18/0x40 [ 27.938589] kasan_save_alloc_info+0x3b/0x50 [ 27.938768] __kasan_kmalloc+0xb7/0xc0 [ 27.939082] __kmalloc_cache_noprof+0x189/0x420 [ 27.939291] kasan_atomics+0x95/0x310 [ 27.939584] kunit_try_run_case+0x1a5/0x480 [ 27.939811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.940182] kthread+0x337/0x6f0 [ 27.940358] ret_from_fork+0x116/0x1d0 [ 27.940661] ret_from_fork_asm+0x1a/0x30 [ 27.940983] [ 27.941071] The buggy address belongs to the object at ffff888106118e00 [ 27.941071] which belongs to the cache kmalloc-64 of size 64 [ 27.941690] The buggy address is located 0 bytes to the right of [ 27.941690] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.942162] [ 27.942258] The buggy address belongs to the physical page: [ 27.942786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.943289] flags: 0x200000000000000(node=0|zone=2) [ 27.943711] page_type: f5(slab) [ 27.943854] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.944244] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.944803] page dumped because: kasan: bad access detected [ 27.945004] [ 27.945098] Memory state around the buggy address: [ 27.945482] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.945861] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.946193] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.946694] ^ [ 27.946931] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947252] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947634] ================================================================== [ 28.263532] ================================================================== [ 28.263946] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.264366] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.264807] [ 28.264992] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.265042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.265092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.265116] Call Trace: [ 28.265133] <TASK> [ 28.265163] dump_stack_lvl+0x73/0xb0 [ 28.265193] print_report+0xd1/0x640 [ 28.265217] ? __virt_addr_valid+0x1db/0x2d0 [ 28.265274] ? kasan_atomics_helper+0xf10/0x5450 [ 28.265297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.265324] ? kasan_atomics_helper+0xf10/0x5450 [ 28.265345] kasan_report+0x141/0x180 [ 28.265369] ? kasan_atomics_helper+0xf10/0x5450 [ 28.265396] kasan_check_range+0x10c/0x1c0 [ 28.265468] __kasan_check_write+0x18/0x20 [ 28.265493] kasan_atomics_helper+0xf10/0x5450 [ 28.265517] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.265540] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.265567] ? kasan_atomics+0x152/0x310 [ 28.265593] kasan_atomics+0x1dc/0x310 [ 28.265617] ? __pfx_kasan_atomics+0x10/0x10 [ 28.265642] ? __pfx_read_tsc+0x10/0x10 [ 28.265697] ? ktime_get_ts64+0x86/0x230 [ 28.265724] kunit_try_run_case+0x1a5/0x480 [ 28.265774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.265797] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.265824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.265851] ? __kthread_parkme+0x82/0x180 [ 28.265874] ? preempt_count_sub+0x50/0x80 [ 28.265899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.265952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.265978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.266003] kthread+0x337/0x6f0 [ 28.266025] ? trace_preempt_on+0x20/0xc0 [ 28.266050] ? __pfx_kthread+0x10/0x10 [ 28.266071] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.266097] ? calculate_sigpending+0x7b/0xa0 [ 28.266163] ? __pfx_kthread+0x10/0x10 [ 28.266186] ret_from_fork+0x116/0x1d0 [ 28.266207] ? __pfx_kthread+0x10/0x10 [ 28.266229] ret_from_fork_asm+0x1a/0x30 [ 28.266262] </TASK> [ 28.266305] [ 28.274785] Allocated by task 314: [ 28.274924] kasan_save_stack+0x45/0x70 [ 28.275129] kasan_save_track+0x18/0x40 [ 28.275465] kasan_save_alloc_info+0x3b/0x50 [ 28.275693] __kasan_kmalloc+0xb7/0xc0 [ 28.275876] __kmalloc_cache_noprof+0x189/0x420 [ 28.276118] kasan_atomics+0x95/0x310 [ 28.276256] kunit_try_run_case+0x1a5/0x480 [ 28.276759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.277520] kthread+0x337/0x6f0 [ 28.277810] ret_from_fork+0x116/0x1d0 [ 28.277996] ret_from_fork_asm+0x1a/0x30 [ 28.278744] [ 28.278834] The buggy address belongs to the object at ffff888106118e00 [ 28.278834] which belongs to the cache kmalloc-64 of size 64 [ 28.279585] The buggy address is located 0 bytes to the right of [ 28.279585] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.282109] [ 28.282562] The buggy address belongs to the physical page: [ 28.282826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.284592] flags: 0x200000000000000(node=0|zone=2) [ 28.284853] page_type: f5(slab) [ 28.285062] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.285470] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.285714] page dumped because: kasan: bad access detected [ 28.285884] [ 28.285949] Memory state around the buggy address: [ 28.286103] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.287121] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.288021] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.288647] ^ [ 28.289181] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.289746] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.290206] ================================================================== [ 28.162104] ================================================================== [ 28.162492] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 28.162825] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.163181] [ 28.163267] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.163316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.163329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.163353] Call Trace: [ 28.163372] <TASK> [ 28.163390] dump_stack_lvl+0x73/0xb0 [ 28.163418] print_report+0xd1/0x640 [ 28.163441] ? __virt_addr_valid+0x1db/0x2d0 [ 28.163468] ? kasan_atomics_helper+0xc70/0x5450 [ 28.163490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.163517] ? kasan_atomics_helper+0xc70/0x5450 [ 28.163540] kasan_report+0x141/0x180 [ 28.163564] ? kasan_atomics_helper+0xc70/0x5450 [ 28.163591] kasan_check_range+0x10c/0x1c0 [ 28.163649] __kasan_check_write+0x18/0x20 [ 28.163675] kasan_atomics_helper+0xc70/0x5450 [ 28.163699] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.163721] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.163747] ? kasan_atomics+0x152/0x310 [ 28.163775] kasan_atomics+0x1dc/0x310 [ 28.163798] ? __pfx_kasan_atomics+0x10/0x10 [ 28.163824] ? __pfx_read_tsc+0x10/0x10 [ 28.163866] ? ktime_get_ts64+0x86/0x230 [ 28.163892] kunit_try_run_case+0x1a5/0x480 [ 28.163918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.163961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.163989] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.164017] ? __kthread_parkme+0x82/0x180 [ 28.164038] ? preempt_count_sub+0x50/0x80 [ 28.164062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.164087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.164112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.164137] kthread+0x337/0x6f0 [ 28.164167] ? trace_preempt_on+0x20/0xc0 [ 28.164193] ? __pfx_kthread+0x10/0x10 [ 28.164215] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.164239] ? calculate_sigpending+0x7b/0xa0 [ 28.164264] ? __pfx_kthread+0x10/0x10 [ 28.164287] ret_from_fork+0x116/0x1d0 [ 28.164307] ? __pfx_kthread+0x10/0x10 [ 28.164351] ret_from_fork_asm+0x1a/0x30 [ 28.164415] </TASK> [ 28.164428] [ 28.172900] Allocated by task 314: [ 28.173100] kasan_save_stack+0x45/0x70 [ 28.173308] kasan_save_track+0x18/0x40 [ 28.173522] kasan_save_alloc_info+0x3b/0x50 [ 28.173665] __kasan_kmalloc+0xb7/0xc0 [ 28.173791] __kmalloc_cache_noprof+0x189/0x420 [ 28.173963] kasan_atomics+0x95/0x310 [ 28.174326] kunit_try_run_case+0x1a5/0x480 [ 28.174686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.175005] kthread+0x337/0x6f0 [ 28.175170] ret_from_fork+0x116/0x1d0 [ 28.175299] ret_from_fork_asm+0x1a/0x30 [ 28.175433] [ 28.175498] The buggy address belongs to the object at ffff888106118e00 [ 28.175498] which belongs to the cache kmalloc-64 of size 64 [ 28.175975] The buggy address is located 0 bytes to the right of [ 28.175975] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.176551] [ 28.176642] The buggy address belongs to the physical page: [ 28.176881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.177329] flags: 0x200000000000000(node=0|zone=2) [ 28.177594] page_type: f5(slab) [ 28.177752] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.178083] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.178314] page dumped because: kasan: bad access detected [ 28.178478] [ 28.178543] Memory state around the buggy address: [ 28.178714] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.178939] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.179428] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.179743] ^ [ 28.179988] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.180305] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.180609] ================================================================== [ 28.094219] ================================================================== [ 28.094732] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 28.095174] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.095556] [ 28.095685] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.095736] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.095751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.095774] Call Trace: [ 28.095943] <TASK> [ 28.095965] dump_stack_lvl+0x73/0xb0 [ 28.095998] print_report+0xd1/0x640 [ 28.096021] ? __virt_addr_valid+0x1db/0x2d0 [ 28.096047] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.096070] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.096097] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.096120] kasan_report+0x141/0x180 [ 28.096157] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.096184] kasan_check_range+0x10c/0x1c0 [ 28.096209] __kasan_check_write+0x18/0x20 [ 28.096233] kasan_atomics_helper+0xa2b/0x5450 [ 28.096257] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.096280] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.096305] ? kasan_atomics+0x152/0x310 [ 28.096333] kasan_atomics+0x1dc/0x310 [ 28.096356] ? __pfx_kasan_atomics+0x10/0x10 [ 28.096453] ? __pfx_read_tsc+0x10/0x10 [ 28.096480] ? ktime_get_ts64+0x86/0x230 [ 28.096506] kunit_try_run_case+0x1a5/0x480 [ 28.096533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.096556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.096584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.096611] ? __kthread_parkme+0x82/0x180 [ 28.096633] ? preempt_count_sub+0x50/0x80 [ 28.096658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.096683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.096707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.096732] kthread+0x337/0x6f0 [ 28.096754] ? trace_preempt_on+0x20/0xc0 [ 28.096779] ? __pfx_kthread+0x10/0x10 [ 28.096801] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.096826] ? calculate_sigpending+0x7b/0xa0 [ 28.096851] ? __pfx_kthread+0x10/0x10 [ 28.096874] ret_from_fork+0x116/0x1d0 [ 28.096895] ? __pfx_kthread+0x10/0x10 [ 28.096917] ret_from_fork_asm+0x1a/0x30 [ 28.096949] </TASK> [ 28.096962] [ 28.107161] Allocated by task 314: [ 28.107341] kasan_save_stack+0x45/0x70 [ 28.107660] kasan_save_track+0x18/0x40 [ 28.107850] kasan_save_alloc_info+0x3b/0x50 [ 28.108327] __kasan_kmalloc+0xb7/0xc0 [ 28.108573] __kmalloc_cache_noprof+0x189/0x420 [ 28.108861] kasan_atomics+0x95/0x310 [ 28.109128] kunit_try_run_case+0x1a5/0x480 [ 28.109332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.109562] kthread+0x337/0x6f0 [ 28.109966] ret_from_fork+0x116/0x1d0 [ 28.110159] ret_from_fork_asm+0x1a/0x30 [ 28.110561] [ 28.110638] The buggy address belongs to the object at ffff888106118e00 [ 28.110638] which belongs to the cache kmalloc-64 of size 64 [ 28.111102] The buggy address is located 0 bytes to the right of [ 28.111102] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.112093] [ 28.112266] The buggy address belongs to the physical page: [ 28.112670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.113186] flags: 0x200000000000000(node=0|zone=2) [ 28.113452] page_type: f5(slab) [ 28.113579] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.114066] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.114396] page dumped because: kasan: bad access detected [ 28.114807] [ 28.114894] Memory state around the buggy address: [ 28.115112] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.115667] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.116101] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.116605] ^ [ 28.116803] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.117190] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.117659] ================================================================== [ 28.807080] ================================================================== [ 28.807333] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 28.807774] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.808130] [ 28.808288] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.808341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.808354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.808446] Call Trace: [ 28.808469] <TASK> [ 28.808490] dump_stack_lvl+0x73/0xb0 [ 28.808522] print_report+0xd1/0x640 [ 28.808545] ? __virt_addr_valid+0x1db/0x2d0 [ 28.808572] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.808595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.808622] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.808645] kasan_report+0x141/0x180 [ 28.808668] ? kasan_atomics_helper+0x19e3/0x5450 [ 28.808695] kasan_check_range+0x10c/0x1c0 [ 28.808719] __kasan_check_write+0x18/0x20 [ 28.808745] kasan_atomics_helper+0x19e3/0x5450 [ 28.808768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.808791] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.808817] ? kasan_atomics+0x152/0x310 [ 28.808856] kasan_atomics+0x1dc/0x310 [ 28.808882] ? __pfx_kasan_atomics+0x10/0x10 [ 28.808907] ? __pfx_read_tsc+0x10/0x10 [ 28.808942] ? ktime_get_ts64+0x86/0x230 [ 28.808984] kunit_try_run_case+0x1a5/0x480 [ 28.809011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.809035] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.809063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.809091] ? __kthread_parkme+0x82/0x180 [ 28.809113] ? preempt_count_sub+0x50/0x80 [ 28.809138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.809172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.809197] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.809222] kthread+0x337/0x6f0 [ 28.809245] ? trace_preempt_on+0x20/0xc0 [ 28.809272] ? __pfx_kthread+0x10/0x10 [ 28.809294] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.809319] ? calculate_sigpending+0x7b/0xa0 [ 28.809344] ? __pfx_kthread+0x10/0x10 [ 28.809423] ret_from_fork+0x116/0x1d0 [ 28.809448] ? __pfx_kthread+0x10/0x10 [ 28.809470] ret_from_fork_asm+0x1a/0x30 [ 28.809503] </TASK> [ 28.809515] [ 28.817534] Allocated by task 314: [ 28.817684] kasan_save_stack+0x45/0x70 [ 28.817836] kasan_save_track+0x18/0x40 [ 28.818074] kasan_save_alloc_info+0x3b/0x50 [ 28.818294] __kasan_kmalloc+0xb7/0xc0 [ 28.818761] __kmalloc_cache_noprof+0x189/0x420 [ 28.819030] kasan_atomics+0x95/0x310 [ 28.819242] kunit_try_run_case+0x1a5/0x480 [ 28.819546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.819835] kthread+0x337/0x6f0 [ 28.820011] ret_from_fork+0x116/0x1d0 [ 28.820199] ret_from_fork_asm+0x1a/0x30 [ 28.820437] [ 28.820559] The buggy address belongs to the object at ffff888106118e00 [ 28.820559] which belongs to the cache kmalloc-64 of size 64 [ 28.821082] The buggy address is located 0 bytes to the right of [ 28.821082] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.821668] [ 28.821783] The buggy address belongs to the physical page: [ 28.822043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.822486] flags: 0x200000000000000(node=0|zone=2) [ 28.822712] page_type: f5(slab) [ 28.822902] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.823231] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.823846] page dumped because: kasan: bad access detected [ 28.824089] [ 28.824220] Memory state around the buggy address: [ 28.824433] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.824793] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.825038] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.825331] ^ [ 28.825660] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.826025] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.826347] ================================================================== [ 28.046259] ================================================================== [ 28.046723] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 28.047009] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.047762] [ 28.047942] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.047995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.048009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.048033] Call Trace: [ 28.048055] <TASK> [ 28.048074] dump_stack_lvl+0x73/0xb0 [ 28.048105] print_report+0xd1/0x640 [ 28.048129] ? __virt_addr_valid+0x1db/0x2d0 [ 28.048167] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.048190] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.048219] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.048242] kasan_report+0x141/0x180 [ 28.048266] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.048293] kasan_check_range+0x10c/0x1c0 [ 28.048318] __kasan_check_write+0x18/0x20 [ 28.048343] kasan_atomics_helper+0x8f9/0x5450 [ 28.048525] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.048610] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.048639] ? kasan_atomics+0x152/0x310 [ 28.048721] kasan_atomics+0x1dc/0x310 [ 28.048749] ? __pfx_kasan_atomics+0x10/0x10 [ 28.048775] ? __pfx_read_tsc+0x10/0x10 [ 28.048801] ? ktime_get_ts64+0x86/0x230 [ 28.048832] kunit_try_run_case+0x1a5/0x480 [ 28.048859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.048883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.048911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.048946] ? __kthread_parkme+0x82/0x180 [ 28.048968] ? preempt_count_sub+0x50/0x80 [ 28.048994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.049019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.049044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.049070] kthread+0x337/0x6f0 [ 28.049092] ? trace_preempt_on+0x20/0xc0 [ 28.049118] ? __pfx_kthread+0x10/0x10 [ 28.049141] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.049179] ? calculate_sigpending+0x7b/0xa0 [ 28.049205] ? __pfx_kthread+0x10/0x10 [ 28.049229] ret_from_fork+0x116/0x1d0 [ 28.049251] ? __pfx_kthread+0x10/0x10 [ 28.049273] ret_from_fork_asm+0x1a/0x30 [ 28.049305] </TASK> [ 28.049318] [ 28.059715] Allocated by task 314: [ 28.060121] kasan_save_stack+0x45/0x70 [ 28.060453] kasan_save_track+0x18/0x40 [ 28.060722] kasan_save_alloc_info+0x3b/0x50 [ 28.060899] __kasan_kmalloc+0xb7/0xc0 [ 28.061108] __kmalloc_cache_noprof+0x189/0x420 [ 28.061693] kasan_atomics+0x95/0x310 [ 28.061851] kunit_try_run_case+0x1a5/0x480 [ 28.062086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.062496] kthread+0x337/0x6f0 [ 28.062675] ret_from_fork+0x116/0x1d0 [ 28.062927] ret_from_fork_asm+0x1a/0x30 [ 28.063138] [ 28.063262] The buggy address belongs to the object at ffff888106118e00 [ 28.063262] which belongs to the cache kmalloc-64 of size 64 [ 28.064081] The buggy address is located 0 bytes to the right of [ 28.064081] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.064585] [ 28.064692] The buggy address belongs to the physical page: [ 28.064920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.065639] flags: 0x200000000000000(node=0|zone=2) [ 28.065981] page_type: f5(slab) [ 28.066259] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.066562] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.067073] page dumped because: kasan: bad access detected [ 28.067301] [ 28.067488] Memory state around the buggy address: [ 28.067766] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.068187] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.068503] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.068836] ^ [ 28.069023] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.069465] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.069954] ================================================================== [ 27.948554] ================================================================== [ 27.949158] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 27.949548] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.949936] [ 27.950063] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.950116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.950132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.950353] Call Trace: [ 27.950371] <TASK> [ 27.950460] dump_stack_lvl+0x73/0xb0 [ 27.950497] print_report+0xd1/0x640 [ 27.950522] ? __virt_addr_valid+0x1db/0x2d0 [ 27.950548] ? kasan_atomics_helper+0x697/0x5450 [ 27.950571] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.950599] ? kasan_atomics_helper+0x697/0x5450 [ 27.950622] kasan_report+0x141/0x180 [ 27.950647] ? kasan_atomics_helper+0x697/0x5450 [ 27.950674] kasan_check_range+0x10c/0x1c0 [ 27.950699] __kasan_check_write+0x18/0x20 [ 27.950724] kasan_atomics_helper+0x697/0x5450 [ 27.950749] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.950772] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.950798] ? kasan_atomics+0x152/0x310 [ 27.950825] kasan_atomics+0x1dc/0x310 [ 27.950848] ? __pfx_kasan_atomics+0x10/0x10 [ 27.950874] ? __pfx_read_tsc+0x10/0x10 [ 27.950899] ? ktime_get_ts64+0x86/0x230 [ 27.950925] kunit_try_run_case+0x1a5/0x480 [ 27.951042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.951066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.951093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.951119] ? __kthread_parkme+0x82/0x180 [ 27.951140] ? preempt_count_sub+0x50/0x80 [ 27.951179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.951205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.951229] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.951254] kthread+0x337/0x6f0 [ 27.951277] ? trace_preempt_on+0x20/0xc0 [ 27.951302] ? __pfx_kthread+0x10/0x10 [ 27.951325] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.951349] ? calculate_sigpending+0x7b/0xa0 [ 27.951376] ? __pfx_kthread+0x10/0x10 [ 27.951407] ret_from_fork+0x116/0x1d0 [ 27.951430] ? __pfx_kthread+0x10/0x10 [ 27.951452] ret_from_fork_asm+0x1a/0x30 [ 27.951484] </TASK> [ 27.951497] [ 27.961827] Allocated by task 314: [ 27.962262] kasan_save_stack+0x45/0x70 [ 27.962576] kasan_save_track+0x18/0x40 [ 27.962818] kasan_save_alloc_info+0x3b/0x50 [ 27.963222] __kasan_kmalloc+0xb7/0xc0 [ 27.963464] __kmalloc_cache_noprof+0x189/0x420 [ 27.963745] kasan_atomics+0x95/0x310 [ 27.964021] kunit_try_run_case+0x1a5/0x480 [ 27.964229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.964457] kthread+0x337/0x6f0 [ 27.964815] ret_from_fork+0x116/0x1d0 [ 27.964991] ret_from_fork_asm+0x1a/0x30 [ 27.965283] [ 27.965471] The buggy address belongs to the object at ffff888106118e00 [ 27.965471] which belongs to the cache kmalloc-64 of size 64 [ 27.966123] The buggy address is located 0 bytes to the right of [ 27.966123] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.966705] [ 27.966800] The buggy address belongs to the physical page: [ 27.967194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.967708] flags: 0x200000000000000(node=0|zone=2) [ 27.967925] page_type: f5(slab) [ 27.968388] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.968764] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.969240] page dumped because: kasan: bad access detected [ 27.969433] [ 27.969525] Memory state around the buggy address: [ 27.969809] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.970234] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.970790] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.971062] ^ [ 27.971325] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.971895] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.972388] ================================================================== [ 28.499505] ================================================================== [ 28.499818] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 28.500808] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.501157] [ 28.501283] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.501336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.501352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.501376] Call Trace: [ 28.501397] <TASK> [ 28.501418] dump_stack_lvl+0x73/0xb0 [ 28.501450] print_report+0xd1/0x640 [ 28.501474] ? __virt_addr_valid+0x1db/0x2d0 [ 28.501500] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.501523] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.501551] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.501575] kasan_report+0x141/0x180 [ 28.501599] ? kasan_atomics_helper+0x49ce/0x5450 [ 28.501647] __asan_report_load4_noabort+0x18/0x20 [ 28.501674] kasan_atomics_helper+0x49ce/0x5450 [ 28.501697] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.501719] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.501746] ? kasan_atomics+0x152/0x310 [ 28.501772] kasan_atomics+0x1dc/0x310 [ 28.501796] ? __pfx_kasan_atomics+0x10/0x10 [ 28.501821] ? __pfx_read_tsc+0x10/0x10 [ 28.501844] ? ktime_get_ts64+0x86/0x230 [ 28.501870] kunit_try_run_case+0x1a5/0x480 [ 28.501896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.501920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.501956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.501984] ? __kthread_parkme+0x82/0x180 [ 28.502005] ? preempt_count_sub+0x50/0x80 [ 28.502030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.502055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.502081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.502105] kthread+0x337/0x6f0 [ 28.502127] ? trace_preempt_on+0x20/0xc0 [ 28.502162] ? __pfx_kthread+0x10/0x10 [ 28.502185] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.502209] ? calculate_sigpending+0x7b/0xa0 [ 28.502235] ? __pfx_kthread+0x10/0x10 [ 28.502257] ret_from_fork+0x116/0x1d0 [ 28.502279] ? __pfx_kthread+0x10/0x10 [ 28.502300] ret_from_fork_asm+0x1a/0x30 [ 28.502333] </TASK> [ 28.502345] [ 28.510540] Allocated by task 314: [ 28.510706] kasan_save_stack+0x45/0x70 [ 28.510879] kasan_save_track+0x18/0x40 [ 28.511010] kasan_save_alloc_info+0x3b/0x50 [ 28.511180] __kasan_kmalloc+0xb7/0xc0 [ 28.511386] __kmalloc_cache_noprof+0x189/0x420 [ 28.511843] kasan_atomics+0x95/0x310 [ 28.512031] kunit_try_run_case+0x1a5/0x480 [ 28.512185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.512356] kthread+0x337/0x6f0 [ 28.512588] ret_from_fork+0x116/0x1d0 [ 28.513098] ret_from_fork_asm+0x1a/0x30 [ 28.513505] [ 28.513590] The buggy address belongs to the object at ffff888106118e00 [ 28.513590] which belongs to the cache kmalloc-64 of size 64 [ 28.514076] The buggy address is located 0 bytes to the right of [ 28.514076] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.514557] [ 28.514649] The buggy address belongs to the physical page: [ 28.514943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.515292] flags: 0x200000000000000(node=0|zone=2) [ 28.515640] page_type: f5(slab) [ 28.515804] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.516042] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.516381] page dumped because: kasan: bad access detected [ 28.516585] [ 28.516652] Memory state around the buggy address: [ 28.516957] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.517310] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.517525] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.517735] ^ [ 28.517888] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.518100] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.518317] ================================================================== [ 28.622989] ================================================================== [ 28.623969] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 28.624335] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.624620] [ 28.624713] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.624764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.624779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.624802] Call Trace: [ 28.624824] <TASK> [ 28.624845] dump_stack_lvl+0x73/0xb0 [ 28.624875] print_report+0xd1/0x640 [ 28.624899] ? __virt_addr_valid+0x1db/0x2d0 [ 28.624926] ? kasan_atomics_helper+0x151d/0x5450 [ 28.624958] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.624986] ? kasan_atomics_helper+0x151d/0x5450 [ 28.625010] kasan_report+0x141/0x180 [ 28.625034] ? kasan_atomics_helper+0x151d/0x5450 [ 28.625061] kasan_check_range+0x10c/0x1c0 [ 28.625087] __kasan_check_write+0x18/0x20 [ 28.625111] kasan_atomics_helper+0x151d/0x5450 [ 28.625136] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.625172] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.625198] ? kasan_atomics+0x152/0x310 [ 28.625226] kasan_atomics+0x1dc/0x310 [ 28.625250] ? __pfx_kasan_atomics+0x10/0x10 [ 28.625276] ? __pfx_read_tsc+0x10/0x10 [ 28.625300] ? ktime_get_ts64+0x86/0x230 [ 28.625326] kunit_try_run_case+0x1a5/0x480 [ 28.625353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.625377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.625455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.625482] ? __kthread_parkme+0x82/0x180 [ 28.625504] ? preempt_count_sub+0x50/0x80 [ 28.625527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.625553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.625579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.625604] kthread+0x337/0x6f0 [ 28.625626] ? trace_preempt_on+0x20/0xc0 [ 28.625652] ? __pfx_kthread+0x10/0x10 [ 28.625674] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.625700] ? calculate_sigpending+0x7b/0xa0 [ 28.625726] ? __pfx_kthread+0x10/0x10 [ 28.625748] ret_from_fork+0x116/0x1d0 [ 28.625771] ? __pfx_kthread+0x10/0x10 [ 28.625793] ret_from_fork_asm+0x1a/0x30 [ 28.625826] </TASK> [ 28.625839] [ 28.633838] Allocated by task 314: [ 28.634080] kasan_save_stack+0x45/0x70 [ 28.634303] kasan_save_track+0x18/0x40 [ 28.634582] kasan_save_alloc_info+0x3b/0x50 [ 28.634773] __kasan_kmalloc+0xb7/0xc0 [ 28.634955] __kmalloc_cache_noprof+0x189/0x420 [ 28.635366] kasan_atomics+0x95/0x310 [ 28.635628] kunit_try_run_case+0x1a5/0x480 [ 28.635831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.636125] kthread+0x337/0x6f0 [ 28.636289] ret_from_fork+0x116/0x1d0 [ 28.636572] ret_from_fork_asm+0x1a/0x30 [ 28.636764] [ 28.636857] The buggy address belongs to the object at ffff888106118e00 [ 28.636857] which belongs to the cache kmalloc-64 of size 64 [ 28.637344] The buggy address is located 0 bytes to the right of [ 28.637344] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.637908] [ 28.638040] The buggy address belongs to the physical page: [ 28.638288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.638679] flags: 0x200000000000000(node=0|zone=2) [ 28.638846] page_type: f5(slab) [ 28.638967] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.639234] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.639810] page dumped because: kasan: bad access detected [ 28.640059] [ 28.640152] Memory state around the buggy address: [ 28.640307] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.640522] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.641161] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.641457] ^ [ 28.641638] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.641850] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.642058] ================================================================== [ 29.171592] ================================================================== [ 29.172269] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.172898] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.173631] [ 29.173844] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.173898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.173912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.173935] Call Trace: [ 29.173969] <TASK> [ 29.173990] dump_stack_lvl+0x73/0xb0 [ 29.174021] print_report+0xd1/0x640 [ 29.174045] ? __virt_addr_valid+0x1db/0x2d0 [ 29.174071] ? kasan_atomics_helper+0x5115/0x5450 [ 29.174094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.174120] ? kasan_atomics_helper+0x5115/0x5450 [ 29.174153] kasan_report+0x141/0x180 [ 29.174176] ? kasan_atomics_helper+0x5115/0x5450 [ 29.174204] __asan_report_load8_noabort+0x18/0x20 [ 29.174241] kasan_atomics_helper+0x5115/0x5450 [ 29.174265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.174301] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.174327] ? kasan_atomics+0x152/0x310 [ 29.174354] kasan_atomics+0x1dc/0x310 [ 29.174378] ? __pfx_kasan_atomics+0x10/0x10 [ 29.174403] ? __pfx_read_tsc+0x10/0x10 [ 29.174437] ? ktime_get_ts64+0x86/0x230 [ 29.174464] kunit_try_run_case+0x1a5/0x480 [ 29.174501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.174525] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.174554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.174580] ? __kthread_parkme+0x82/0x180 [ 29.174603] ? preempt_count_sub+0x50/0x80 [ 29.174627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.174653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.174678] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.174703] kthread+0x337/0x6f0 [ 29.174725] ? trace_preempt_on+0x20/0xc0 [ 29.174752] ? __pfx_kthread+0x10/0x10 [ 29.174774] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.174798] ? calculate_sigpending+0x7b/0xa0 [ 29.174824] ? __pfx_kthread+0x10/0x10 [ 29.174847] ret_from_fork+0x116/0x1d0 [ 29.174868] ? __pfx_kthread+0x10/0x10 [ 29.174890] ret_from_fork_asm+0x1a/0x30 [ 29.174922] </TASK> [ 29.174944] [ 29.182466] Allocated by task 314: [ 29.182651] kasan_save_stack+0x45/0x70 [ 29.182842] kasan_save_track+0x18/0x40 [ 29.183043] kasan_save_alloc_info+0x3b/0x50 [ 29.183264] __kasan_kmalloc+0xb7/0xc0 [ 29.183426] __kmalloc_cache_noprof+0x189/0x420 [ 29.183636] kasan_atomics+0x95/0x310 [ 29.183841] kunit_try_run_case+0x1a5/0x480 [ 29.184026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.184269] kthread+0x337/0x6f0 [ 29.184422] ret_from_fork+0x116/0x1d0 [ 29.184609] ret_from_fork_asm+0x1a/0x30 [ 29.184793] [ 29.184889] The buggy address belongs to the object at ffff888106118e00 [ 29.184889] which belongs to the cache kmalloc-64 of size 64 [ 29.185424] The buggy address is located 0 bytes to the right of [ 29.185424] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.185775] [ 29.185842] The buggy address belongs to the physical page: [ 29.186187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.186555] flags: 0x200000000000000(node=0|zone=2) [ 29.186731] page_type: f5(slab) [ 29.186846] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.187276] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.187572] page dumped because: kasan: bad access detected [ 29.187840] [ 29.187929] Memory state around the buggy address: [ 29.188131] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.188368] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.188692] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.189090] ^ [ 29.189288] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.189618] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.189906] ================================================================== [ 28.931797] ================================================================== [ 28.932450] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 28.932786] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.933284] [ 28.933384] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.933440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.933454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.933479] Call Trace: [ 28.933500] <TASK> [ 28.933522] dump_stack_lvl+0x73/0xb0 [ 28.933553] print_report+0xd1/0x640 [ 28.933661] ? __virt_addr_valid+0x1db/0x2d0 [ 28.933692] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.933715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.933744] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.933767] kasan_report+0x141/0x180 [ 28.933791] ? kasan_atomics_helper+0x1d7a/0x5450 [ 28.933819] kasan_check_range+0x10c/0x1c0 [ 28.933844] __kasan_check_write+0x18/0x20 [ 28.933869] kasan_atomics_helper+0x1d7a/0x5450 [ 28.933893] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.933917] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.934053] ? kasan_atomics+0x152/0x310 [ 28.934082] kasan_atomics+0x1dc/0x310 [ 28.934212] ? __pfx_kasan_atomics+0x10/0x10 [ 28.934239] ? __pfx_read_tsc+0x10/0x10 [ 28.934263] ? ktime_get_ts64+0x86/0x230 [ 28.934289] kunit_try_run_case+0x1a5/0x480 [ 28.934316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.934339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.934368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.934395] ? __kthread_parkme+0x82/0x180 [ 28.934418] ? preempt_count_sub+0x50/0x80 [ 28.934443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.934467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.934492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.934517] kthread+0x337/0x6f0 [ 28.934539] ? trace_preempt_on+0x20/0xc0 [ 28.934566] ? __pfx_kthread+0x10/0x10 [ 28.934588] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.934612] ? calculate_sigpending+0x7b/0xa0 [ 28.934638] ? __pfx_kthread+0x10/0x10 [ 28.934660] ret_from_fork+0x116/0x1d0 [ 28.934682] ? __pfx_kthread+0x10/0x10 [ 28.934705] ret_from_fork_asm+0x1a/0x30 [ 28.934738] </TASK> [ 28.934752] [ 28.946021] Allocated by task 314: [ 28.946185] kasan_save_stack+0x45/0x70 [ 28.946345] kasan_save_track+0x18/0x40 [ 28.946479] kasan_save_alloc_info+0x3b/0x50 [ 28.946625] __kasan_kmalloc+0xb7/0xc0 [ 28.946755] __kmalloc_cache_noprof+0x189/0x420 [ 28.946913] kasan_atomics+0x95/0x310 [ 28.947088] kunit_try_run_case+0x1a5/0x480 [ 28.947259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.947496] kthread+0x337/0x6f0 [ 28.947621] ret_from_fork+0x116/0x1d0 [ 28.947753] ret_from_fork_asm+0x1a/0x30 [ 28.947909] [ 28.948014] The buggy address belongs to the object at ffff888106118e00 [ 28.948014] which belongs to the cache kmalloc-64 of size 64 [ 28.948484] The buggy address is located 0 bytes to the right of [ 28.948484] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.948955] [ 28.949050] The buggy address belongs to the physical page: [ 28.949323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.949673] flags: 0x200000000000000(node=0|zone=2) [ 28.949886] page_type: f5(slab) [ 28.950114] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.950421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.950716] page dumped because: kasan: bad access detected [ 28.950925] [ 28.951018] Memory state around the buggy address: [ 28.951235] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.951499] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.951782] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.952095] ^ [ 28.952276] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.952490] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.952761] ================================================================== [ 27.832703] ================================================================== [ 27.833428] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 27.834123] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.834837] [ 27.835059] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.835120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.835134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.835166] Call Trace: [ 27.835188] <TASK> [ 27.835209] dump_stack_lvl+0x73/0xb0 [ 27.835240] print_report+0xd1/0x640 [ 27.835263] ? __virt_addr_valid+0x1db/0x2d0 [ 27.835290] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.835314] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.835351] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.835404] kasan_report+0x141/0x180 [ 27.835429] ? kasan_atomics_helper+0x4a0/0x5450 [ 27.835456] kasan_check_range+0x10c/0x1c0 [ 27.835480] __kasan_check_write+0x18/0x20 [ 27.835505] kasan_atomics_helper+0x4a0/0x5450 [ 27.835529] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.835552] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.835579] ? kasan_atomics+0x152/0x310 [ 27.835606] kasan_atomics+0x1dc/0x310 [ 27.835634] ? __pfx_kasan_atomics+0x10/0x10 [ 27.835659] ? __pfx_read_tsc+0x10/0x10 [ 27.835682] ? ktime_get_ts64+0x86/0x230 [ 27.835709] kunit_try_run_case+0x1a5/0x480 [ 27.835735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.835759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.835786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.835813] ? __kthread_parkme+0x82/0x180 [ 27.835834] ? preempt_count_sub+0x50/0x80 [ 27.835858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.835883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.835908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.835933] kthread+0x337/0x6f0 [ 27.835963] ? trace_preempt_on+0x20/0xc0 [ 27.835990] ? __pfx_kthread+0x10/0x10 [ 27.836011] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.836037] ? calculate_sigpending+0x7b/0xa0 [ 27.836063] ? __pfx_kthread+0x10/0x10 [ 27.836086] ret_from_fork+0x116/0x1d0 [ 27.836107] ? __pfx_kthread+0x10/0x10 [ 27.836128] ret_from_fork_asm+0x1a/0x30 [ 27.836171] </TASK> [ 27.836183] [ 27.851064] Allocated by task 314: [ 27.851431] kasan_save_stack+0x45/0x70 [ 27.851846] kasan_save_track+0x18/0x40 [ 27.852259] kasan_save_alloc_info+0x3b/0x50 [ 27.852620] __kasan_kmalloc+0xb7/0xc0 [ 27.852970] __kmalloc_cache_noprof+0x189/0x420 [ 27.853159] kasan_atomics+0x95/0x310 [ 27.853314] kunit_try_run_case+0x1a5/0x480 [ 27.853779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.854354] kthread+0x337/0x6f0 [ 27.854680] ret_from_fork+0x116/0x1d0 [ 27.855061] ret_from_fork_asm+0x1a/0x30 [ 27.855472] [ 27.855680] The buggy address belongs to the object at ffff888106118e00 [ 27.855680] which belongs to the cache kmalloc-64 of size 64 [ 27.856053] The buggy address is located 0 bytes to the right of [ 27.856053] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.857094] [ 27.857279] The buggy address belongs to the physical page: [ 27.857816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.858334] flags: 0x200000000000000(node=0|zone=2) [ 27.858841] page_type: f5(slab) [ 27.859197] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.859598] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.860122] page dumped because: kasan: bad access detected [ 27.860422] [ 27.860612] Memory state around the buggy address: [ 27.861076] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.861766] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.862463] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.862730] ^ [ 27.862885] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.863550] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.864281] ================================================================== [ 28.143202] ================================================================== [ 28.143454] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 28.144361] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.144663] [ 28.144756] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.144809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.144823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.144846] Call Trace: [ 28.144866] <TASK> [ 28.144885] dump_stack_lvl+0x73/0xb0 [ 28.144915] print_report+0xd1/0x640 [ 28.144949] ? __virt_addr_valid+0x1db/0x2d0 [ 28.144975] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.144998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.145026] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.145048] kasan_report+0x141/0x180 [ 28.145072] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.145098] kasan_check_range+0x10c/0x1c0 [ 28.145123] __kasan_check_write+0x18/0x20 [ 28.145159] kasan_atomics_helper+0xb6a/0x5450 [ 28.145183] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.145206] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.145232] ? kasan_atomics+0x152/0x310 [ 28.145259] kasan_atomics+0x1dc/0x310 [ 28.145282] ? __pfx_kasan_atomics+0x10/0x10 [ 28.145308] ? __pfx_read_tsc+0x10/0x10 [ 28.145334] ? ktime_get_ts64+0x86/0x230 [ 28.145360] kunit_try_run_case+0x1a5/0x480 [ 28.145398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.145422] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.145449] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.145476] ? __kthread_parkme+0x82/0x180 [ 28.145496] ? preempt_count_sub+0x50/0x80 [ 28.145521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.145546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.145571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.145595] kthread+0x337/0x6f0 [ 28.145617] ? trace_preempt_on+0x20/0xc0 [ 28.145643] ? __pfx_kthread+0x10/0x10 [ 28.145665] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.145691] ? calculate_sigpending+0x7b/0xa0 [ 28.145715] ? __pfx_kthread+0x10/0x10 [ 28.145737] ret_from_fork+0x116/0x1d0 [ 28.145759] ? __pfx_kthread+0x10/0x10 [ 28.145781] ret_from_fork_asm+0x1a/0x30 [ 28.145813] </TASK> [ 28.145825] [ 28.153836] Allocated by task 314: [ 28.153992] kasan_save_stack+0x45/0x70 [ 28.154134] kasan_save_track+0x18/0x40 [ 28.154273] kasan_save_alloc_info+0x3b/0x50 [ 28.154413] __kasan_kmalloc+0xb7/0xc0 [ 28.154614] __kmalloc_cache_noprof+0x189/0x420 [ 28.154965] kasan_atomics+0x95/0x310 [ 28.155158] kunit_try_run_case+0x1a5/0x480 [ 28.155387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.155645] kthread+0x337/0x6f0 [ 28.155836] ret_from_fork+0x116/0x1d0 [ 28.156047] ret_from_fork_asm+0x1a/0x30 [ 28.156252] [ 28.156372] The buggy address belongs to the object at ffff888106118e00 [ 28.156372] which belongs to the cache kmalloc-64 of size 64 [ 28.156821] The buggy address is located 0 bytes to the right of [ 28.156821] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.157208] [ 28.157277] The buggy address belongs to the physical page: [ 28.157596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.158027] flags: 0x200000000000000(node=0|zone=2) [ 28.158267] page_type: f5(slab) [ 28.158496] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.158759] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.159000] page dumped because: kasan: bad access detected [ 28.159173] [ 28.159240] Memory state around the buggy address: [ 28.159386] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.160015] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.160386] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.160735] ^ [ 28.160983] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.161331] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.161573] ================================================================== [ 28.410919] ================================================================== [ 28.411471] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 28.412060] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.412341] [ 28.412434] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.412531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.412544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.412568] Call Trace: [ 28.412590] <TASK> [ 28.412612] dump_stack_lvl+0x73/0xb0 [ 28.412642] print_report+0xd1/0x640 [ 28.412665] ? __virt_addr_valid+0x1db/0x2d0 [ 28.412691] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.412715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.412742] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.412764] kasan_report+0x141/0x180 [ 28.412787] ? kasan_atomics_helper+0x4a02/0x5450 [ 28.412814] __asan_report_load4_noabort+0x18/0x20 [ 28.412839] kasan_atomics_helper+0x4a02/0x5450 [ 28.412864] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.412887] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.412913] ? kasan_atomics+0x152/0x310 [ 28.412950] kasan_atomics+0x1dc/0x310 [ 28.412976] ? __pfx_kasan_atomics+0x10/0x10 [ 28.413003] ? __pfx_read_tsc+0x10/0x10 [ 28.413029] ? ktime_get_ts64+0x86/0x230 [ 28.413056] kunit_try_run_case+0x1a5/0x480 [ 28.413082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.413105] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.413133] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.413173] ? __kthread_parkme+0x82/0x180 [ 28.413194] ? preempt_count_sub+0x50/0x80 [ 28.413218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.413245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.413272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.413298] kthread+0x337/0x6f0 [ 28.413321] ? trace_preempt_on+0x20/0xc0 [ 28.413347] ? __pfx_kthread+0x10/0x10 [ 28.413418] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.413447] ? calculate_sigpending+0x7b/0xa0 [ 28.413473] ? __pfx_kthread+0x10/0x10 [ 28.413496] ret_from_fork+0x116/0x1d0 [ 28.413518] ? __pfx_kthread+0x10/0x10 [ 28.413540] ret_from_fork_asm+0x1a/0x30 [ 28.413573] </TASK> [ 28.413585] [ 28.426818] Allocated by task 314: [ 28.427170] kasan_save_stack+0x45/0x70 [ 28.427587] kasan_save_track+0x18/0x40 [ 28.427981] kasan_save_alloc_info+0x3b/0x50 [ 28.428234] __kasan_kmalloc+0xb7/0xc0 [ 28.428365] __kmalloc_cache_noprof+0x189/0x420 [ 28.428972] kasan_atomics+0x95/0x310 [ 28.429389] kunit_try_run_case+0x1a5/0x480 [ 28.429798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.430093] kthread+0x337/0x6f0 [ 28.430266] ret_from_fork+0x116/0x1d0 [ 28.430612] ret_from_fork_asm+0x1a/0x30 [ 28.430996] [ 28.431166] The buggy address belongs to the object at ffff888106118e00 [ 28.431166] which belongs to the cache kmalloc-64 of size 64 [ 28.431705] The buggy address is located 0 bytes to the right of [ 28.431705] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.432095] [ 28.432176] The buggy address belongs to the physical page: [ 28.432519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.432830] flags: 0x200000000000000(node=0|zone=2) [ 28.433054] page_type: f5(slab) [ 28.433207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.433533] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.433823] page dumped because: kasan: bad access detected [ 28.434137] [ 28.434219] Memory state around the buggy address: [ 28.434373] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.434732] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.435113] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.435461] ^ [ 28.435673] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.435984] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.436276] ================================================================== [ 29.026178] ================================================================== [ 29.026779] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 29.027019] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.027258] [ 29.027346] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.027397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.027411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.027435] Call Trace: [ 29.027455] <TASK> [ 29.027475] dump_stack_lvl+0x73/0xb0 [ 29.027505] print_report+0xd1/0x640 [ 29.027529] ? __virt_addr_valid+0x1db/0x2d0 [ 29.027555] ? kasan_atomics_helper+0x2006/0x5450 [ 29.027577] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.027605] ? kasan_atomics_helper+0x2006/0x5450 [ 29.027633] kasan_report+0x141/0x180 [ 29.027657] ? kasan_atomics_helper+0x2006/0x5450 [ 29.027684] kasan_check_range+0x10c/0x1c0 [ 29.027709] __kasan_check_write+0x18/0x20 [ 29.027734] kasan_atomics_helper+0x2006/0x5450 [ 29.027758] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.027782] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.027810] ? kasan_atomics+0x152/0x310 [ 29.027838] kasan_atomics+0x1dc/0x310 [ 29.027862] ? __pfx_kasan_atomics+0x10/0x10 [ 29.027888] ? __pfx_read_tsc+0x10/0x10 [ 29.027912] ? ktime_get_ts64+0x86/0x230 [ 29.027939] kunit_try_run_case+0x1a5/0x480 [ 29.027965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.027990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.028017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.028044] ? __kthread_parkme+0x82/0x180 [ 29.028066] ? preempt_count_sub+0x50/0x80 [ 29.028091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.028117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.028152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.028177] kthread+0x337/0x6f0 [ 29.028199] ? trace_preempt_on+0x20/0xc0 [ 29.028225] ? __pfx_kthread+0x10/0x10 [ 29.028246] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.028272] ? calculate_sigpending+0x7b/0xa0 [ 29.028298] ? __pfx_kthread+0x10/0x10 [ 29.028321] ret_from_fork+0x116/0x1d0 [ 29.028341] ? __pfx_kthread+0x10/0x10 [ 29.028364] ret_from_fork_asm+0x1a/0x30 [ 29.028396] </TASK> [ 29.028409] [ 29.035945] Allocated by task 314: [ 29.036124] kasan_save_stack+0x45/0x70 [ 29.036334] kasan_save_track+0x18/0x40 [ 29.036521] kasan_save_alloc_info+0x3b/0x50 [ 29.036726] __kasan_kmalloc+0xb7/0xc0 [ 29.036889] __kmalloc_cache_noprof+0x189/0x420 [ 29.037174] kasan_atomics+0x95/0x310 [ 29.037306] kunit_try_run_case+0x1a5/0x480 [ 29.037450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.037622] kthread+0x337/0x6f0 [ 29.037738] ret_from_fork+0x116/0x1d0 [ 29.037869] ret_from_fork_asm+0x1a/0x30 [ 29.038005] [ 29.038072] The buggy address belongs to the object at ffff888106118e00 [ 29.038072] which belongs to the cache kmalloc-64 of size 64 [ 29.038592] The buggy address is located 0 bytes to the right of [ 29.038592] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.039217] [ 29.039319] The buggy address belongs to the physical page: [ 29.039580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.039953] flags: 0x200000000000000(node=0|zone=2) [ 29.040197] page_type: f5(slab) [ 29.040323] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.040544] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.040757] page dumped because: kasan: bad access detected [ 29.040931] [ 29.041012] Memory state around the buggy address: [ 29.042665] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.043041] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.043423] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.043747] ^ [ 29.044019] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.044424] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.045286] ================================================================== [ 28.291550] ================================================================== [ 28.291835] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.292195] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.292461] [ 28.292768] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.292828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.292843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.292867] Call Trace: [ 28.292881] <TASK> [ 28.292900] dump_stack_lvl+0x73/0xb0 [ 28.292933] print_report+0xd1/0x640 [ 28.292973] ? __virt_addr_valid+0x1db/0x2d0 [ 28.292999] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.293021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.293049] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.293071] kasan_report+0x141/0x180 [ 28.293094] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.293121] kasan_check_range+0x10c/0x1c0 [ 28.293159] __kasan_check_write+0x18/0x20 [ 28.293186] kasan_atomics_helper+0xfa9/0x5450 [ 28.293210] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.293233] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.293259] ? kasan_atomics+0x152/0x310 [ 28.293287] kasan_atomics+0x1dc/0x310 [ 28.293312] ? __pfx_kasan_atomics+0x10/0x10 [ 28.293337] ? __pfx_read_tsc+0x10/0x10 [ 28.293361] ? ktime_get_ts64+0x86/0x230 [ 28.293443] kunit_try_run_case+0x1a5/0x480 [ 28.293475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.293499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.293526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.293553] ? __kthread_parkme+0x82/0x180 [ 28.293575] ? preempt_count_sub+0x50/0x80 [ 28.293599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.293625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.293651] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.293675] kthread+0x337/0x6f0 [ 28.293697] ? trace_preempt_on+0x20/0xc0 [ 28.293723] ? __pfx_kthread+0x10/0x10 [ 28.293746] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.293770] ? calculate_sigpending+0x7b/0xa0 [ 28.293796] ? __pfx_kthread+0x10/0x10 [ 28.293819] ret_from_fork+0x116/0x1d0 [ 28.293840] ? __pfx_kthread+0x10/0x10 [ 28.293863] ret_from_fork_asm+0x1a/0x30 [ 28.293895] </TASK> [ 28.293909] [ 28.301986] Allocated by task 314: [ 28.302129] kasan_save_stack+0x45/0x70 [ 28.302287] kasan_save_track+0x18/0x40 [ 28.302465] kasan_save_alloc_info+0x3b/0x50 [ 28.302682] __kasan_kmalloc+0xb7/0xc0 [ 28.302864] __kmalloc_cache_noprof+0x189/0x420 [ 28.303206] kasan_atomics+0x95/0x310 [ 28.303653] kunit_try_run_case+0x1a5/0x480 [ 28.303888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.304381] kthread+0x337/0x6f0 [ 28.304531] ret_from_fork+0x116/0x1d0 [ 28.304756] ret_from_fork_asm+0x1a/0x30 [ 28.304935] [ 28.305072] The buggy address belongs to the object at ffff888106118e00 [ 28.305072] which belongs to the cache kmalloc-64 of size 64 [ 28.305573] The buggy address is located 0 bytes to the right of [ 28.305573] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.306217] [ 28.306310] The buggy address belongs to the physical page: [ 28.306543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.306896] flags: 0x200000000000000(node=0|zone=2) [ 28.307079] page_type: f5(slab) [ 28.307254] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.307556] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.307870] page dumped because: kasan: bad access detected [ 28.308099] [ 28.308184] Memory state around the buggy address: [ 28.308432] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.308649] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.308861] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.309074] ^ [ 28.309281] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.309768] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.310498] ================================================================== [ 28.670979] ================================================================== [ 28.671754] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 28.672417] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.673124] [ 28.673326] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.673377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.673400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.673423] Call Trace: [ 28.673444] <TASK> [ 28.673462] dump_stack_lvl+0x73/0xb0 [ 28.673495] print_report+0xd1/0x640 [ 28.673521] ? __virt_addr_valid+0x1db/0x2d0 [ 28.673562] ? kasan_atomics_helper+0x164f/0x5450 [ 28.673585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.673622] ? kasan_atomics_helper+0x164f/0x5450 [ 28.673644] kasan_report+0x141/0x180 [ 28.673667] ? kasan_atomics_helper+0x164f/0x5450 [ 28.673694] kasan_check_range+0x10c/0x1c0 [ 28.673719] __kasan_check_write+0x18/0x20 [ 28.673745] kasan_atomics_helper+0x164f/0x5450 [ 28.673768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.673791] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.673818] ? kasan_atomics+0x152/0x310 [ 28.673846] kasan_atomics+0x1dc/0x310 [ 28.673869] ? __pfx_kasan_atomics+0x10/0x10 [ 28.673894] ? __pfx_read_tsc+0x10/0x10 [ 28.673918] ? ktime_get_ts64+0x86/0x230 [ 28.673962] kunit_try_run_case+0x1a5/0x480 [ 28.673988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.674012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.674039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.674067] ? __kthread_parkme+0x82/0x180 [ 28.674089] ? preempt_count_sub+0x50/0x80 [ 28.674114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.674139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.674173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.674199] kthread+0x337/0x6f0 [ 28.674223] ? trace_preempt_on+0x20/0xc0 [ 28.674249] ? __pfx_kthread+0x10/0x10 [ 28.674272] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.674297] ? calculate_sigpending+0x7b/0xa0 [ 28.674322] ? __pfx_kthread+0x10/0x10 [ 28.674345] ret_from_fork+0x116/0x1d0 [ 28.674386] ? __pfx_kthread+0x10/0x10 [ 28.674410] ret_from_fork_asm+0x1a/0x30 [ 28.674442] </TASK> [ 28.674457] [ 28.685792] Allocated by task 314: [ 28.686248] kasan_save_stack+0x45/0x70 [ 28.686655] kasan_save_track+0x18/0x40 [ 28.687043] kasan_save_alloc_info+0x3b/0x50 [ 28.687527] __kasan_kmalloc+0xb7/0xc0 [ 28.687891] __kmalloc_cache_noprof+0x189/0x420 [ 28.688327] kasan_atomics+0x95/0x310 [ 28.688742] kunit_try_run_case+0x1a5/0x480 [ 28.689153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.689710] kthread+0x337/0x6f0 [ 28.690040] ret_from_fork+0x116/0x1d0 [ 28.690444] ret_from_fork_asm+0x1a/0x30 [ 28.690794] [ 28.690975] The buggy address belongs to the object at ffff888106118e00 [ 28.690975] which belongs to the cache kmalloc-64 of size 64 [ 28.692283] The buggy address is located 0 bytes to the right of [ 28.692283] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.693631] [ 28.693790] The buggy address belongs to the physical page: [ 28.694318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.695133] flags: 0x200000000000000(node=0|zone=2) [ 28.695643] page_type: f5(slab) [ 28.695941] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.696815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.697221] page dumped because: kasan: bad access detected [ 28.697506] [ 28.697691] Memory state around the buggy address: [ 28.698246] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.698934] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.699550] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.699771] ^ [ 28.699949] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.700722] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.701519] ================================================================== [ 28.519189] ================================================================== [ 28.519900] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 28.520252] Read of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.521138] [ 28.521696] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.521761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.521778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.521802] Call Trace: [ 28.521819] <TASK> [ 28.522076] dump_stack_lvl+0x73/0xb0 [ 28.522121] print_report+0xd1/0x640 [ 28.522160] ? __virt_addr_valid+0x1db/0x2d0 [ 28.522188] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.522213] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.522240] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.522263] kasan_report+0x141/0x180 [ 28.522287] ? kasan_atomics_helper+0x13b5/0x5450 [ 28.522314] kasan_check_range+0x10c/0x1c0 [ 28.522340] __kasan_check_read+0x15/0x20 [ 28.522365] kasan_atomics_helper+0x13b5/0x5450 [ 28.522389] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.522412] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.522438] ? kasan_atomics+0x152/0x310 [ 28.522466] kasan_atomics+0x1dc/0x310 [ 28.522489] ? __pfx_kasan_atomics+0x10/0x10 [ 28.522515] ? __pfx_read_tsc+0x10/0x10 [ 28.522538] ? ktime_get_ts64+0x86/0x230 [ 28.522564] kunit_try_run_case+0x1a5/0x480 [ 28.522590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.522614] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.522640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.522667] ? __kthread_parkme+0x82/0x180 [ 28.522689] ? preempt_count_sub+0x50/0x80 [ 28.522727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.522753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.522777] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.522802] kthread+0x337/0x6f0 [ 28.522823] ? trace_preempt_on+0x20/0xc0 [ 28.522849] ? __pfx_kthread+0x10/0x10 [ 28.522872] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.522896] ? calculate_sigpending+0x7b/0xa0 [ 28.522921] ? __pfx_kthread+0x10/0x10 [ 28.522952] ret_from_fork+0x116/0x1d0 [ 28.522972] ? __pfx_kthread+0x10/0x10 [ 28.522995] ret_from_fork_asm+0x1a/0x30 [ 28.523026] </TASK> [ 28.523040] [ 28.531038] Allocated by task 314: [ 28.531228] kasan_save_stack+0x45/0x70 [ 28.531500] kasan_save_track+0x18/0x40 [ 28.531867] kasan_save_alloc_info+0x3b/0x50 [ 28.532081] __kasan_kmalloc+0xb7/0xc0 [ 28.532255] __kmalloc_cache_noprof+0x189/0x420 [ 28.532470] kasan_atomics+0x95/0x310 [ 28.532601] kunit_try_run_case+0x1a5/0x480 [ 28.532744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.533040] kthread+0x337/0x6f0 [ 28.533228] ret_from_fork+0x116/0x1d0 [ 28.533625] ret_from_fork_asm+0x1a/0x30 [ 28.533766] [ 28.533834] The buggy address belongs to the object at ffff888106118e00 [ 28.533834] which belongs to the cache kmalloc-64 of size 64 [ 28.534626] The buggy address is located 0 bytes to the right of [ 28.534626] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.535179] [ 28.535277] The buggy address belongs to the physical page: [ 28.535481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.535930] flags: 0x200000000000000(node=0|zone=2) [ 28.537673] page_type: f5(slab) [ 28.537826] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.538306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.538657] page dumped because: kasan: bad access detected [ 28.538828] [ 28.538894] Memory state around the buggy address: [ 28.539321] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.540431] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.540729] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.541402] ^ [ 28.541950] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542439] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542869] ================================================================== [ 28.576892] ================================================================== [ 28.577261] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 28.577574] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.577834] [ 28.578070] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.578123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.578137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.578171] Call Trace: [ 28.578193] <TASK> [ 28.578214] dump_stack_lvl+0x73/0xb0 [ 28.578259] print_report+0xd1/0x640 [ 28.578282] ? __virt_addr_valid+0x1db/0x2d0 [ 28.578308] ? kasan_atomics_helper+0x1467/0x5450 [ 28.578331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.578434] ? kasan_atomics_helper+0x1467/0x5450 [ 28.578462] kasan_report+0x141/0x180 [ 28.578517] ? kasan_atomics_helper+0x1467/0x5450 [ 28.578545] kasan_check_range+0x10c/0x1c0 [ 28.578581] __kasan_check_write+0x18/0x20 [ 28.578606] kasan_atomics_helper+0x1467/0x5450 [ 28.578633] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.578657] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.578701] ? kasan_atomics+0x152/0x310 [ 28.578737] kasan_atomics+0x1dc/0x310 [ 28.578761] ? __pfx_kasan_atomics+0x10/0x10 [ 28.578796] ? __pfx_read_tsc+0x10/0x10 [ 28.578821] ? ktime_get_ts64+0x86/0x230 [ 28.578847] kunit_try_run_case+0x1a5/0x480 [ 28.578872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.578896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.578923] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.578958] ? __kthread_parkme+0x82/0x180 [ 28.579006] ? preempt_count_sub+0x50/0x80 [ 28.579031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.579057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.579094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.579119] kthread+0x337/0x6f0 [ 28.579176] ? trace_preempt_on+0x20/0xc0 [ 28.579203] ? __pfx_kthread+0x10/0x10 [ 28.579226] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.579262] ? calculate_sigpending+0x7b/0xa0 [ 28.579288] ? __pfx_kthread+0x10/0x10 [ 28.579310] ret_from_fork+0x116/0x1d0 [ 28.579332] ? __pfx_kthread+0x10/0x10 [ 28.579354] ret_from_fork_asm+0x1a/0x30 [ 28.579428] </TASK> [ 28.579443] [ 28.592860] Allocated by task 314: [ 28.593309] kasan_save_stack+0x45/0x70 [ 28.593762] kasan_save_track+0x18/0x40 [ 28.594364] kasan_save_alloc_info+0x3b/0x50 [ 28.594780] __kasan_kmalloc+0xb7/0xc0 [ 28.595076] __kmalloc_cache_noprof+0x189/0x420 [ 28.595245] kasan_atomics+0x95/0x310 [ 28.595416] kunit_try_run_case+0x1a5/0x480 [ 28.595795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.596308] kthread+0x337/0x6f0 [ 28.596641] ret_from_fork+0x116/0x1d0 [ 28.597042] ret_from_fork_asm+0x1a/0x30 [ 28.597489] [ 28.597681] The buggy address belongs to the object at ffff888106118e00 [ 28.597681] which belongs to the cache kmalloc-64 of size 64 [ 28.598190] The buggy address is located 0 bytes to the right of [ 28.598190] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.598767] [ 28.598929] The buggy address belongs to the physical page: [ 28.599489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.600436] flags: 0x200000000000000(node=0|zone=2) [ 28.600926] page_type: f5(slab) [ 28.601231] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.601714] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.601944] page dumped because: kasan: bad access detected [ 28.602115] [ 28.602200] Memory state around the buggy address: [ 28.602355] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.602747] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.603109] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.603358] ^ [ 28.603565] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.603838] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.604220] ================================================================== [ 29.147172] ================================================================== [ 29.148163] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.148509] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.148806] [ 29.148934] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.148987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.149001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.149025] Call Trace: [ 29.149047] <TASK> [ 29.149088] dump_stack_lvl+0x73/0xb0 [ 29.149119] print_report+0xd1/0x640 [ 29.149154] ? __virt_addr_valid+0x1db/0x2d0 [ 29.149180] ? kasan_atomics_helper+0x224c/0x5450 [ 29.149203] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.149231] ? kasan_atomics_helper+0x224c/0x5450 [ 29.149272] kasan_report+0x141/0x180 [ 29.149297] ? kasan_atomics_helper+0x224c/0x5450 [ 29.149328] kasan_check_range+0x10c/0x1c0 [ 29.149356] __kasan_check_write+0x18/0x20 [ 29.149382] kasan_atomics_helper+0x224c/0x5450 [ 29.149406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.149430] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.149457] ? kasan_atomics+0x152/0x310 [ 29.149484] kasan_atomics+0x1dc/0x310 [ 29.149508] ? __pfx_kasan_atomics+0x10/0x10 [ 29.149533] ? __pfx_read_tsc+0x10/0x10 [ 29.149557] ? ktime_get_ts64+0x86/0x230 [ 29.149583] kunit_try_run_case+0x1a5/0x480 [ 29.149609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.149633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.149661] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.149688] ? __kthread_parkme+0x82/0x180 [ 29.149710] ? preempt_count_sub+0x50/0x80 [ 29.149736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.149761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.149786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.149812] kthread+0x337/0x6f0 [ 29.149833] ? trace_preempt_on+0x20/0xc0 [ 29.149859] ? __pfx_kthread+0x10/0x10 [ 29.149882] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.149906] ? calculate_sigpending+0x7b/0xa0 [ 29.149932] ? __pfx_kthread+0x10/0x10 [ 29.149982] ret_from_fork+0x116/0x1d0 [ 29.150004] ? __pfx_kthread+0x10/0x10 [ 29.150026] ret_from_fork_asm+0x1a/0x30 [ 29.150059] </TASK> [ 29.150071] [ 29.157463] Allocated by task 314: [ 29.157650] kasan_save_stack+0x45/0x70 [ 29.157869] kasan_save_track+0x18/0x40 [ 29.158257] kasan_save_alloc_info+0x3b/0x50 [ 29.158472] __kasan_kmalloc+0xb7/0xc0 [ 29.158887] __kmalloc_cache_noprof+0x189/0x420 [ 29.159841] kasan_atomics+0x95/0x310 [ 29.160204] kunit_try_run_case+0x1a5/0x480 [ 29.160375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.161480] kthread+0x337/0x6f0 [ 29.161613] ret_from_fork+0x116/0x1d0 [ 29.161747] ret_from_fork_asm+0x1a/0x30 [ 29.161890] [ 29.161971] The buggy address belongs to the object at ffff888106118e00 [ 29.161971] which belongs to the cache kmalloc-64 of size 64 [ 29.162337] The buggy address is located 0 bytes to the right of [ 29.162337] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.162708] [ 29.162780] The buggy address belongs to the physical page: [ 29.162957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.163322] flags: 0x200000000000000(node=0|zone=2) [ 29.163909] page_type: f5(slab) [ 29.164236] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.164992] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.165663] page dumped because: kasan: bad access detected [ 29.166211] [ 29.166365] Memory state around the buggy address: [ 29.166802] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.167549] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.168246] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.168883] ^ [ 29.169344] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.169977] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.170595] ================================================================== [ 28.221857] ================================================================== [ 28.222549] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.222812] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.223111] [ 28.223230] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.223280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.223294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.223318] Call Trace: [ 28.223338] <TASK> [ 28.223419] dump_stack_lvl+0x73/0xb0 [ 28.223454] print_report+0xd1/0x640 [ 28.223478] ? __virt_addr_valid+0x1db/0x2d0 [ 28.223513] ? kasan_atomics_helper+0xde0/0x5450 [ 28.223536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.223563] ? kasan_atomics_helper+0xde0/0x5450 [ 28.223587] kasan_report+0x141/0x180 [ 28.223651] ? kasan_atomics_helper+0xde0/0x5450 [ 28.223680] kasan_check_range+0x10c/0x1c0 [ 28.223705] __kasan_check_write+0x18/0x20 [ 28.223729] kasan_atomics_helper+0xde0/0x5450 [ 28.223752] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.223775] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.223833] ? kasan_atomics+0x152/0x310 [ 28.223859] kasan_atomics+0x1dc/0x310 [ 28.223883] ? __pfx_kasan_atomics+0x10/0x10 [ 28.223909] ? __pfx_read_tsc+0x10/0x10 [ 28.223949] ? ktime_get_ts64+0x86/0x230 [ 28.224009] kunit_try_run_case+0x1a5/0x480 [ 28.224036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.224060] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.224087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.224114] ? __kthread_parkme+0x82/0x180 [ 28.224135] ? preempt_count_sub+0x50/0x80 [ 28.224203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.224228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.224253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.224278] kthread+0x337/0x6f0 [ 28.224300] ? trace_preempt_on+0x20/0xc0 [ 28.224356] ? __pfx_kthread+0x10/0x10 [ 28.224398] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.224423] ? calculate_sigpending+0x7b/0xa0 [ 28.224450] ? __pfx_kthread+0x10/0x10 [ 28.224473] ret_from_fork+0x116/0x1d0 [ 28.224495] ? __pfx_kthread+0x10/0x10 [ 28.224517] ret_from_fork_asm+0x1a/0x30 [ 28.224583] </TASK> [ 28.224595] [ 28.233844] Allocated by task 314: [ 28.234088] kasan_save_stack+0x45/0x70 [ 28.234318] kasan_save_track+0x18/0x40 [ 28.234571] kasan_save_alloc_info+0x3b/0x50 [ 28.234774] __kasan_kmalloc+0xb7/0xc0 [ 28.234953] __kmalloc_cache_noprof+0x189/0x420 [ 28.235186] kasan_atomics+0x95/0x310 [ 28.235430] kunit_try_run_case+0x1a5/0x480 [ 28.235656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.235889] kthread+0x337/0x6f0 [ 28.236192] ret_from_fork+0x116/0x1d0 [ 28.236410] ret_from_fork_asm+0x1a/0x30 [ 28.236618] [ 28.236743] The buggy address belongs to the object at ffff888106118e00 [ 28.236743] which belongs to the cache kmalloc-64 of size 64 [ 28.237292] The buggy address is located 0 bytes to the right of [ 28.237292] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.237789] [ 28.237993] The buggy address belongs to the physical page: [ 28.238260] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.238583] flags: 0x200000000000000(node=0|zone=2) [ 28.238824] page_type: f5(slab) [ 28.238985] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.239359] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.239705] page dumped because: kasan: bad access detected [ 28.240090] [ 28.240180] Memory state around the buggy address: [ 28.240372] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.240686] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.241157] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.241523] ^ [ 28.241704] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.241919] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.242129] ================================================================== [ 28.022037] ================================================================== [ 28.022365] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 28.023000] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.023523] [ 28.023627] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.023680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.023694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.023718] Call Trace: [ 28.023740] <TASK> [ 28.023760] dump_stack_lvl+0x73/0xb0 [ 28.023790] print_report+0xd1/0x640 [ 28.023814] ? __virt_addr_valid+0x1db/0x2d0 [ 28.023840] ? kasan_atomics_helper+0x860/0x5450 [ 28.023863] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.023890] ? kasan_atomics_helper+0x860/0x5450 [ 28.024137] kasan_report+0x141/0x180 [ 28.024177] ? kasan_atomics_helper+0x860/0x5450 [ 28.024204] kasan_check_range+0x10c/0x1c0 [ 28.024230] __kasan_check_write+0x18/0x20 [ 28.024255] kasan_atomics_helper+0x860/0x5450 [ 28.024278] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.024302] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.024328] ? kasan_atomics+0x152/0x310 [ 28.024356] kasan_atomics+0x1dc/0x310 [ 28.024389] ? __pfx_kasan_atomics+0x10/0x10 [ 28.024415] ? __pfx_read_tsc+0x10/0x10 [ 28.024438] ? ktime_get_ts64+0x86/0x230 [ 28.024464] kunit_try_run_case+0x1a5/0x480 [ 28.024490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.024514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.024541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.024568] ? __kthread_parkme+0x82/0x180 [ 28.024591] ? preempt_count_sub+0x50/0x80 [ 28.024615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.024641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.024666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.024691] kthread+0x337/0x6f0 [ 28.024713] ? trace_preempt_on+0x20/0xc0 [ 28.024739] ? __pfx_kthread+0x10/0x10 [ 28.024761] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.024786] ? calculate_sigpending+0x7b/0xa0 [ 28.024812] ? __pfx_kthread+0x10/0x10 [ 28.024834] ret_from_fork+0x116/0x1d0 [ 28.024854] ? __pfx_kthread+0x10/0x10 [ 28.024876] ret_from_fork_asm+0x1a/0x30 [ 28.024910] </TASK> [ 28.024922] [ 28.034803] Allocated by task 314: [ 28.034940] kasan_save_stack+0x45/0x70 [ 28.035169] kasan_save_track+0x18/0x40 [ 28.035717] kasan_save_alloc_info+0x3b/0x50 [ 28.036014] __kasan_kmalloc+0xb7/0xc0 [ 28.036209] __kmalloc_cache_noprof+0x189/0x420 [ 28.036532] kasan_atomics+0x95/0x310 [ 28.036705] kunit_try_run_case+0x1a5/0x480 [ 28.036890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.037444] kthread+0x337/0x6f0 [ 28.037640] ret_from_fork+0x116/0x1d0 [ 28.037812] ret_from_fork_asm+0x1a/0x30 [ 28.038122] [ 28.038336] The buggy address belongs to the object at ffff888106118e00 [ 28.038336] which belongs to the cache kmalloc-64 of size 64 [ 28.038995] The buggy address is located 0 bytes to the right of [ 28.038995] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.039671] [ 28.039839] The buggy address belongs to the physical page: [ 28.040159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.040586] flags: 0x200000000000000(node=0|zone=2) [ 28.041005] page_type: f5(slab) [ 28.041205] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.041800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.042172] page dumped because: kasan: bad access detected [ 28.042549] [ 28.042673] Memory state around the buggy address: [ 28.043168] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.043571] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.043896] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.044282] ^ [ 28.044557] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.045105] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.045625] ================================================================== [ 28.867108] ================================================================== [ 28.867581] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 28.867834] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.868138] [ 28.868283] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.868344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.868431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.868458] Call Trace: [ 28.868482] <TASK> [ 28.868504] dump_stack_lvl+0x73/0xb0 [ 28.868537] print_report+0xd1/0x640 [ 28.868572] ? __virt_addr_valid+0x1db/0x2d0 [ 28.868599] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.868623] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.868663] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.868687] kasan_report+0x141/0x180 [ 28.868712] ? kasan_atomics_helper+0x1c18/0x5450 [ 28.868740] kasan_check_range+0x10c/0x1c0 [ 28.868773] __kasan_check_write+0x18/0x20 [ 28.868797] kasan_atomics_helper+0x1c18/0x5450 [ 28.868822] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.868855] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.868883] ? kasan_atomics+0x152/0x310 [ 28.868910] kasan_atomics+0x1dc/0x310 [ 28.868941] ? __pfx_kasan_atomics+0x10/0x10 [ 28.868973] ? __pfx_read_tsc+0x10/0x10 [ 28.868997] ? ktime_get_ts64+0x86/0x230 [ 28.869024] kunit_try_run_case+0x1a5/0x480 [ 28.869051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.869075] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.869102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.869129] ? __kthread_parkme+0x82/0x180 [ 28.869159] ? preempt_count_sub+0x50/0x80 [ 28.869186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.869211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.869237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.869262] kthread+0x337/0x6f0 [ 28.869283] ? trace_preempt_on+0x20/0xc0 [ 28.869309] ? __pfx_kthread+0x10/0x10 [ 28.869331] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.869356] ? calculate_sigpending+0x7b/0xa0 [ 28.869383] ? __pfx_kthread+0x10/0x10 [ 28.869406] ret_from_fork+0x116/0x1d0 [ 28.869428] ? __pfx_kthread+0x10/0x10 [ 28.869450] ret_from_fork_asm+0x1a/0x30 [ 28.869483] </TASK> [ 28.869496] [ 28.878119] Allocated by task 314: [ 28.878453] kasan_save_stack+0x45/0x70 [ 28.878684] kasan_save_track+0x18/0x40 [ 28.878847] kasan_save_alloc_info+0x3b/0x50 [ 28.879101] __kasan_kmalloc+0xb7/0xc0 [ 28.879244] __kmalloc_cache_noprof+0x189/0x420 [ 28.879456] kasan_atomics+0x95/0x310 [ 28.879594] kunit_try_run_case+0x1a5/0x480 [ 28.879745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.880036] kthread+0x337/0x6f0 [ 28.880219] ret_from_fork+0x116/0x1d0 [ 28.880463] ret_from_fork_asm+0x1a/0x30 [ 28.880665] [ 28.880761] The buggy address belongs to the object at ffff888106118e00 [ 28.880761] which belongs to the cache kmalloc-64 of size 64 [ 28.881325] The buggy address is located 0 bytes to the right of [ 28.881325] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.881980] [ 28.882089] The buggy address belongs to the physical page: [ 28.882290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.882930] flags: 0x200000000000000(node=0|zone=2) [ 28.883220] page_type: f5(slab) [ 28.883492] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.883869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.884232] page dumped because: kasan: bad access detected [ 28.884500] [ 28.884574] Memory state around the buggy address: [ 28.884733] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.884969] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.885287] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.885658] ^ [ 28.885887] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.886236] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.886574] ================================================================== [ 28.348714] ================================================================== [ 28.348935] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 28.349288] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.349986] [ 28.350093] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.350154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.350168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.350191] Call Trace: [ 28.350211] <TASK> [ 28.350230] dump_stack_lvl+0x73/0xb0 [ 28.350260] print_report+0xd1/0x640 [ 28.350284] ? __virt_addr_valid+0x1db/0x2d0 [ 28.350309] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.350332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.350358] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.350381] kasan_report+0x141/0x180 [ 28.350405] ? kasan_atomics_helper+0x4a1c/0x5450 [ 28.350432] __asan_report_load4_noabort+0x18/0x20 [ 28.350458] kasan_atomics_helper+0x4a1c/0x5450 [ 28.350482] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.350504] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.350530] ? kasan_atomics+0x152/0x310 [ 28.350558] kasan_atomics+0x1dc/0x310 [ 28.350581] ? __pfx_kasan_atomics+0x10/0x10 [ 28.350606] ? __pfx_read_tsc+0x10/0x10 [ 28.350629] ? ktime_get_ts64+0x86/0x230 [ 28.350656] kunit_try_run_case+0x1a5/0x480 [ 28.350682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.350706] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.350732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.350758] ? __kthread_parkme+0x82/0x180 [ 28.350781] ? preempt_count_sub+0x50/0x80 [ 28.350806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.350831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.350857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.350887] kthread+0x337/0x6f0 [ 28.350910] ? trace_preempt_on+0x20/0xc0 [ 28.350936] ? __pfx_kthread+0x10/0x10 [ 28.351204] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.351233] ? calculate_sigpending+0x7b/0xa0 [ 28.351261] ? __pfx_kthread+0x10/0x10 [ 28.351285] ret_from_fork+0x116/0x1d0 [ 28.351309] ? __pfx_kthread+0x10/0x10 [ 28.351332] ret_from_fork_asm+0x1a/0x30 [ 28.351364] </TASK> [ 28.351430] [ 28.359773] Allocated by task 314: [ 28.359909] kasan_save_stack+0x45/0x70 [ 28.360111] kasan_save_track+0x18/0x40 [ 28.360325] kasan_save_alloc_info+0x3b/0x50 [ 28.360773] __kasan_kmalloc+0xb7/0xc0 [ 28.361040] __kmalloc_cache_noprof+0x189/0x420 [ 28.361255] kasan_atomics+0x95/0x310 [ 28.361385] kunit_try_run_case+0x1a5/0x480 [ 28.361538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.361814] kthread+0x337/0x6f0 [ 28.362032] ret_from_fork+0x116/0x1d0 [ 28.362325] ret_from_fork_asm+0x1a/0x30 [ 28.362781] [ 28.362884] The buggy address belongs to the object at ffff888106118e00 [ 28.362884] which belongs to the cache kmalloc-64 of size 64 [ 28.363368] The buggy address is located 0 bytes to the right of [ 28.363368] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.363729] [ 28.363797] The buggy address belongs to the physical page: [ 28.363968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.364264] flags: 0x200000000000000(node=0|zone=2) [ 28.364581] page_type: f5(slab) [ 28.364771] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.365114] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.365468] page dumped because: kasan: bad access detected [ 28.365714] [ 28.365804] Memory state around the buggy address: [ 28.366027] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.368577] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.369714] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.370622] ^ [ 28.371492] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.372215] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.373282] ================================================================== [ 27.696890] ================================================================== [ 27.697484] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 27.698111] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.698504] [ 27.698620] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.698673] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.698687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.698709] Call Trace: [ 27.698723] <TASK> [ 27.698740] dump_stack_lvl+0x73/0xb0 [ 27.698772] print_report+0xd1/0x640 [ 27.698795] ? __virt_addr_valid+0x1db/0x2d0 [ 27.698820] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.698841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.698868] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.698889] kasan_report+0x141/0x180 [ 27.698912] ? kasan_atomics_helper+0x4bbc/0x5450 [ 27.698938] __asan_report_load4_noabort+0x18/0x20 [ 27.698975] kasan_atomics_helper+0x4bbc/0x5450 [ 27.698999] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.699021] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.699046] ? kasan_atomics+0x152/0x310 [ 27.699072] kasan_atomics+0x1dc/0x310 [ 27.699095] ? __pfx_kasan_atomics+0x10/0x10 [ 27.699118] ? __pfx_read_tsc+0x10/0x10 [ 27.699140] ? ktime_get_ts64+0x86/0x230 [ 27.699178] kunit_try_run_case+0x1a5/0x480 [ 27.699204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.699227] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.699254] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.699280] ? __kthread_parkme+0x82/0x180 [ 27.699301] ? preempt_count_sub+0x50/0x80 [ 27.699324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.699349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.699372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.699448] kthread+0x337/0x6f0 [ 27.699470] ? trace_preempt_on+0x20/0xc0 [ 27.699495] ? __pfx_kthread+0x10/0x10 [ 27.699517] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.699542] ? calculate_sigpending+0x7b/0xa0 [ 27.699567] ? __pfx_kthread+0x10/0x10 [ 27.699589] ret_from_fork+0x116/0x1d0 [ 27.699608] ? __pfx_kthread+0x10/0x10 [ 27.699635] ret_from_fork_asm+0x1a/0x30 [ 27.699668] </TASK> [ 27.699679] [ 27.707100] Allocated by task 314: [ 27.707284] kasan_save_stack+0x45/0x70 [ 27.707646] kasan_save_track+0x18/0x40 [ 27.707810] kasan_save_alloc_info+0x3b/0x50 [ 27.707954] __kasan_kmalloc+0xb7/0xc0 [ 27.708082] __kmalloc_cache_noprof+0x189/0x420 [ 27.708243] kasan_atomics+0x95/0x310 [ 27.708469] kunit_try_run_case+0x1a5/0x480 [ 27.708681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.708928] kthread+0x337/0x6f0 [ 27.709103] ret_from_fork+0x116/0x1d0 [ 27.709298] ret_from_fork_asm+0x1a/0x30 [ 27.709668] [ 27.709768] The buggy address belongs to the object at ffff888106118e00 [ 27.709768] which belongs to the cache kmalloc-64 of size 64 [ 27.710649] The buggy address is located 0 bytes to the right of [ 27.710649] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.711027] [ 27.711097] The buggy address belongs to the physical page: [ 27.711288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.711640] flags: 0x200000000000000(node=0|zone=2) [ 27.711868] page_type: f5(slab) [ 27.712210] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.712472] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.712691] page dumped because: kasan: bad access detected [ 27.712856] [ 27.712919] Memory state around the buggy address: [ 27.713154] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.713476] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.713798] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.714400] ^ [ 27.714636] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.714963] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.715284] ================================================================== [ 28.827012] ================================================================== [ 28.827332] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 28.827807] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.828128] [ 28.828285] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.828339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.828353] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.828451] Call Trace: [ 28.828473] <TASK> [ 28.828507] dump_stack_lvl+0x73/0xb0 [ 28.828541] print_report+0xd1/0x640 [ 28.828566] ? __virt_addr_valid+0x1db/0x2d0 [ 28.828594] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.828617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.828644] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.828668] kasan_report+0x141/0x180 [ 28.828691] ? kasan_atomics_helper+0x1a7f/0x5450 [ 28.828718] kasan_check_range+0x10c/0x1c0 [ 28.828742] __kasan_check_write+0x18/0x20 [ 28.828766] kasan_atomics_helper+0x1a7f/0x5450 [ 28.828791] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.828824] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.828850] ? kasan_atomics+0x152/0x310 [ 28.828888] kasan_atomics+0x1dc/0x310 [ 28.828912] ? __pfx_kasan_atomics+0x10/0x10 [ 28.828938] ? __pfx_read_tsc+0x10/0x10 [ 28.828961] ? ktime_get_ts64+0x86/0x230 [ 28.829004] kunit_try_run_case+0x1a5/0x480 [ 28.829031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.829056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.829083] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.829110] ? __kthread_parkme+0x82/0x180 [ 28.829133] ? preempt_count_sub+0x50/0x80 [ 28.829166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.829191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.829216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.829241] kthread+0x337/0x6f0 [ 28.829263] ? trace_preempt_on+0x20/0xc0 [ 28.829289] ? __pfx_kthread+0x10/0x10 [ 28.829312] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.829336] ? calculate_sigpending+0x7b/0xa0 [ 28.829395] ? __pfx_kthread+0x10/0x10 [ 28.829419] ret_from_fork+0x116/0x1d0 [ 28.829440] ? __pfx_kthread+0x10/0x10 [ 28.829473] ret_from_fork_asm+0x1a/0x30 [ 28.829506] </TASK> [ 28.829518] [ 28.837743] Allocated by task 314: [ 28.837977] kasan_save_stack+0x45/0x70 [ 28.838153] kasan_save_track+0x18/0x40 [ 28.838289] kasan_save_alloc_info+0x3b/0x50 [ 28.838788] __kasan_kmalloc+0xb7/0xc0 [ 28.839017] __kmalloc_cache_noprof+0x189/0x420 [ 28.839250] kasan_atomics+0x95/0x310 [ 28.839517] kunit_try_run_case+0x1a5/0x480 [ 28.839736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.839992] kthread+0x337/0x6f0 [ 28.840156] ret_from_fork+0x116/0x1d0 [ 28.840355] ret_from_fork_asm+0x1a/0x30 [ 28.840558] [ 28.840651] The buggy address belongs to the object at ffff888106118e00 [ 28.840651] which belongs to the cache kmalloc-64 of size 64 [ 28.841247] The buggy address is located 0 bytes to the right of [ 28.841247] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.841855] [ 28.841956] The buggy address belongs to the physical page: [ 28.842138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.842453] flags: 0x200000000000000(node=0|zone=2) [ 28.842677] page_type: f5(slab) [ 28.842858] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.843232] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.843883] page dumped because: kasan: bad access detected [ 28.844200] [ 28.844292] Memory state around the buggy address: [ 28.844611] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.844864] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.845102] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.845334] ^ [ 28.845638] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.846011] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.846414] ================================================================== [ 28.847006] ================================================================== [ 28.847339] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 28.847612] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.847944] [ 28.848057] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.848108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.848123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.848155] Call Trace: [ 28.848178] <TASK> [ 28.848199] dump_stack_lvl+0x73/0xb0 [ 28.848228] print_report+0xd1/0x640 [ 28.848252] ? __virt_addr_valid+0x1db/0x2d0 [ 28.848278] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.848301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.848328] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.848351] kasan_report+0x141/0x180 [ 28.848374] ? kasan_atomics_helper+0x1b22/0x5450 [ 28.848401] kasan_check_range+0x10c/0x1c0 [ 28.848426] __kasan_check_write+0x18/0x20 [ 28.848451] kasan_atomics_helper+0x1b22/0x5450 [ 28.848475] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.848499] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.848526] ? kasan_atomics+0x152/0x310 [ 28.848552] kasan_atomics+0x1dc/0x310 [ 28.848575] ? __pfx_kasan_atomics+0x10/0x10 [ 28.848601] ? __pfx_read_tsc+0x10/0x10 [ 28.848625] ? ktime_get_ts64+0x86/0x230 [ 28.848651] kunit_try_run_case+0x1a5/0x480 [ 28.848676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.848700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.848727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.848754] ? __kthread_parkme+0x82/0x180 [ 28.848776] ? preempt_count_sub+0x50/0x80 [ 28.848801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.848826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.848850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.848875] kthread+0x337/0x6f0 [ 28.848897] ? trace_preempt_on+0x20/0xc0 [ 28.848923] ? __pfx_kthread+0x10/0x10 [ 28.848945] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.848969] ? calculate_sigpending+0x7b/0xa0 [ 28.848994] ? __pfx_kthread+0x10/0x10 [ 28.849018] ret_from_fork+0x116/0x1d0 [ 28.849039] ? __pfx_kthread+0x10/0x10 [ 28.849061] ret_from_fork_asm+0x1a/0x30 [ 28.849094] </TASK> [ 28.849107] [ 28.857578] Allocated by task 314: [ 28.857797] kasan_save_stack+0x45/0x70 [ 28.858049] kasan_save_track+0x18/0x40 [ 28.858258] kasan_save_alloc_info+0x3b/0x50 [ 28.858550] __kasan_kmalloc+0xb7/0xc0 [ 28.858734] __kmalloc_cache_noprof+0x189/0x420 [ 28.858933] kasan_atomics+0x95/0x310 [ 28.859121] kunit_try_run_case+0x1a5/0x480 [ 28.859354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.859903] kthread+0x337/0x6f0 [ 28.860192] ret_from_fork+0x116/0x1d0 [ 28.860364] ret_from_fork_asm+0x1a/0x30 [ 28.860643] [ 28.860744] The buggy address belongs to the object at ffff888106118e00 [ 28.860744] which belongs to the cache kmalloc-64 of size 64 [ 28.861289] The buggy address is located 0 bytes to the right of [ 28.861289] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.861858] [ 28.861957] The buggy address belongs to the physical page: [ 28.862138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.862453] flags: 0x200000000000000(node=0|zone=2) [ 28.862623] page_type: f5(slab) [ 28.862819] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.863190] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.863591] page dumped because: kasan: bad access detected [ 28.863881] [ 28.863995] Memory state around the buggy address: [ 28.864228] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.864956] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.865202] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.865552] ^ [ 28.865778] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.866177] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.866578] ================================================================== [ 29.075178] ================================================================== [ 29.075456] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 29.075816] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.076211] [ 29.076318] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.076371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.076385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.076409] Call Trace: [ 29.076430] <TASK> [ 29.076452] dump_stack_lvl+0x73/0xb0 [ 29.076484] print_report+0xd1/0x640 [ 29.076508] ? __virt_addr_valid+0x1db/0x2d0 [ 29.076534] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.076557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.076604] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.076627] kasan_report+0x141/0x180 [ 29.076650] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.076677] kasan_check_range+0x10c/0x1c0 [ 29.076702] __kasan_check_write+0x18/0x20 [ 29.076727] kasan_atomics_helper+0x20c8/0x5450 [ 29.076750] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.076773] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.076800] ? kasan_atomics+0x152/0x310 [ 29.076827] kasan_atomics+0x1dc/0x310 [ 29.076851] ? __pfx_kasan_atomics+0x10/0x10 [ 29.076876] ? __pfx_read_tsc+0x10/0x10 [ 29.076900] ? ktime_get_ts64+0x86/0x230 [ 29.076926] kunit_try_run_case+0x1a5/0x480 [ 29.076978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.077002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.077030] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.077056] ? __kthread_parkme+0x82/0x180 [ 29.077078] ? preempt_count_sub+0x50/0x80 [ 29.077103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.077127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.077164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.077189] kthread+0x337/0x6f0 [ 29.077212] ? trace_preempt_on+0x20/0xc0 [ 29.077238] ? __pfx_kthread+0x10/0x10 [ 29.077260] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.077286] ? calculate_sigpending+0x7b/0xa0 [ 29.077311] ? __pfx_kthread+0x10/0x10 [ 29.077333] ret_from_fork+0x116/0x1d0 [ 29.077354] ? __pfx_kthread+0x10/0x10 [ 29.077376] ret_from_fork_asm+0x1a/0x30 [ 29.077408] </TASK> [ 29.077421] [ 29.084681] Allocated by task 314: [ 29.084859] kasan_save_stack+0x45/0x70 [ 29.085054] kasan_save_track+0x18/0x40 [ 29.085245] kasan_save_alloc_info+0x3b/0x50 [ 29.085446] __kasan_kmalloc+0xb7/0xc0 [ 29.085788] __kmalloc_cache_noprof+0x189/0x420 [ 29.086078] kasan_atomics+0x95/0x310 [ 29.086228] kunit_try_run_case+0x1a5/0x480 [ 29.086372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.086542] kthread+0x337/0x6f0 [ 29.086660] ret_from_fork+0x116/0x1d0 [ 29.086804] ret_from_fork_asm+0x1a/0x30 [ 29.086993] [ 29.087083] The buggy address belongs to the object at ffff888106118e00 [ 29.087083] which belongs to the cache kmalloc-64 of size 64 [ 29.087607] The buggy address is located 0 bytes to the right of [ 29.087607] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.088173] [ 29.088244] The buggy address belongs to the physical page: [ 29.088415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.088644] flags: 0x200000000000000(node=0|zone=2) [ 29.088873] page_type: f5(slab) [ 29.089134] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.089503] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.089835] page dumped because: kasan: bad access detected [ 29.090191] [ 29.090291] Memory state around the buggy address: [ 29.090468] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.090762] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.090987] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.091201] ^ [ 29.091350] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.091554] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.091885] ================================================================== [ 28.909271] ================================================================== [ 28.909616] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 28.909924] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.910259] [ 28.910428] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.910505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.910520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.910545] Call Trace: [ 28.910570] <TASK> [ 28.910594] dump_stack_lvl+0x73/0xb0 [ 28.910627] print_report+0xd1/0x640 [ 28.910653] ? __virt_addr_valid+0x1db/0x2d0 [ 28.910680] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.910703] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.910731] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.910758] kasan_report+0x141/0x180 [ 28.910783] ? kasan_atomics_helper+0x1ce1/0x5450 [ 28.910811] kasan_check_range+0x10c/0x1c0 [ 28.910837] __kasan_check_write+0x18/0x20 [ 28.910863] kasan_atomics_helper+0x1ce1/0x5450 [ 28.910888] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.910911] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.910937] ? kasan_atomics+0x152/0x310 [ 28.910983] kasan_atomics+0x1dc/0x310 [ 28.911007] ? __pfx_kasan_atomics+0x10/0x10 [ 28.911032] ? __pfx_read_tsc+0x10/0x10 [ 28.911057] ? ktime_get_ts64+0x86/0x230 [ 28.911083] kunit_try_run_case+0x1a5/0x480 [ 28.911110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.911134] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.911174] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.911201] ? __kthread_parkme+0x82/0x180 [ 28.911223] ? preempt_count_sub+0x50/0x80 [ 28.911248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.911274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.911299] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.911325] kthread+0x337/0x6f0 [ 28.911347] ? trace_preempt_on+0x20/0xc0 [ 28.911374] ? __pfx_kthread+0x10/0x10 [ 28.911396] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.911422] ? calculate_sigpending+0x7b/0xa0 [ 28.911447] ? __pfx_kthread+0x10/0x10 [ 28.911471] ret_from_fork+0x116/0x1d0 [ 28.911493] ? __pfx_kthread+0x10/0x10 [ 28.911515] ret_from_fork_asm+0x1a/0x30 [ 28.911549] </TASK> [ 28.911562] [ 28.921097] Allocated by task 314: [ 28.921294] kasan_save_stack+0x45/0x70 [ 28.921494] kasan_save_track+0x18/0x40 [ 28.921653] kasan_save_alloc_info+0x3b/0x50 [ 28.921863] __kasan_kmalloc+0xb7/0xc0 [ 28.922049] __kmalloc_cache_noprof+0x189/0x420 [ 28.922714] kasan_atomics+0x95/0x310 [ 28.922872] kunit_try_run_case+0x1a5/0x480 [ 28.923252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.923567] kthread+0x337/0x6f0 [ 28.923713] ret_from_fork+0x116/0x1d0 [ 28.923905] ret_from_fork_asm+0x1a/0x30 [ 28.924252] [ 28.924435] The buggy address belongs to the object at ffff888106118e00 [ 28.924435] which belongs to the cache kmalloc-64 of size 64 [ 28.925069] The buggy address is located 0 bytes to the right of [ 28.925069] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.925681] [ 28.925794] The buggy address belongs to the physical page: [ 28.926289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.926712] flags: 0x200000000000000(node=0|zone=2) [ 28.926916] page_type: f5(slab) [ 28.927234] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.927617] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.927932] page dumped because: kasan: bad access detected [ 28.928373] [ 28.928463] Memory state around the buggy address: [ 28.928647] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.929170] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.929619] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.929863] ^ [ 28.930179] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.930559] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.930867] ================================================================== [ 27.865161] ================================================================== [ 27.865850] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 27.866287] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.866807] [ 27.866993] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.867056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.867071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.867094] Call Trace: [ 27.867115] <TASK> [ 27.867134] dump_stack_lvl+0x73/0xb0 [ 27.867185] print_report+0xd1/0x640 [ 27.867210] ? __virt_addr_valid+0x1db/0x2d0 [ 27.867236] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.867270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.867306] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.867331] kasan_report+0x141/0x180 [ 27.867355] ? kasan_atomics_helper+0x4b3a/0x5450 [ 27.867393] __asan_report_store4_noabort+0x1b/0x30 [ 27.867419] kasan_atomics_helper+0x4b3a/0x5450 [ 27.867442] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 27.867466] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.867491] ? kasan_atomics+0x152/0x310 [ 27.867531] kasan_atomics+0x1dc/0x310 [ 27.867555] ? __pfx_kasan_atomics+0x10/0x10 [ 27.867581] ? __pfx_read_tsc+0x10/0x10 [ 27.867613] ? ktime_get_ts64+0x86/0x230 [ 27.867644] kunit_try_run_case+0x1a5/0x480 [ 27.867671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.867706] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.867733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.867759] ? __kthread_parkme+0x82/0x180 [ 27.867781] ? preempt_count_sub+0x50/0x80 [ 27.867806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.867832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.867857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.867882] kthread+0x337/0x6f0 [ 27.867904] ? trace_preempt_on+0x20/0xc0 [ 27.867931] ? __pfx_kthread+0x10/0x10 [ 27.867962] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.867988] ? calculate_sigpending+0x7b/0xa0 [ 27.868014] ? __pfx_kthread+0x10/0x10 [ 27.868037] ret_from_fork+0x116/0x1d0 [ 27.868059] ? __pfx_kthread+0x10/0x10 [ 27.868080] ret_from_fork_asm+0x1a/0x30 [ 27.868113] </TASK> [ 27.868125] [ 27.881801] Allocated by task 314: [ 27.882195] kasan_save_stack+0x45/0x70 [ 27.882891] kasan_save_track+0x18/0x40 [ 27.883134] kasan_save_alloc_info+0x3b/0x50 [ 27.883388] __kasan_kmalloc+0xb7/0xc0 [ 27.883600] __kmalloc_cache_noprof+0x189/0x420 [ 27.884040] kasan_atomics+0x95/0x310 [ 27.884366] kunit_try_run_case+0x1a5/0x480 [ 27.884554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.885016] kthread+0x337/0x6f0 [ 27.885335] ret_from_fork+0x116/0x1d0 [ 27.885765] ret_from_fork_asm+0x1a/0x30 [ 27.886263] [ 27.886417] The buggy address belongs to the object at ffff888106118e00 [ 27.886417] which belongs to the cache kmalloc-64 of size 64 [ 27.887271] The buggy address is located 0 bytes to the right of [ 27.887271] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 27.888607] [ 27.888786] The buggy address belongs to the physical page: [ 27.889096] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 27.889885] flags: 0x200000000000000(node=0|zone=2) [ 27.890425] page_type: f5(slab) [ 27.890756] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.891509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.891858] page dumped because: kasan: bad access detected [ 27.892138] [ 27.892478] Memory state around the buggy address: [ 27.893048] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.893814] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.894416] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.894638] ^ [ 27.894792] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.895168] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.896102] ================================================================== [ 28.374706] ================================================================== [ 28.375289] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 28.376360] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.377290] [ 28.377845] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.377913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.377928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.377952] Call Trace: [ 28.377976] <TASK> [ 28.377999] dump_stack_lvl+0x73/0xb0 [ 28.378034] print_report+0xd1/0x640 [ 28.378060] ? __virt_addr_valid+0x1db/0x2d0 [ 28.378088] ? kasan_atomics_helper+0x1148/0x5450 [ 28.378111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.378138] ? kasan_atomics_helper+0x1148/0x5450 [ 28.378170] kasan_report+0x141/0x180 [ 28.378194] ? kasan_atomics_helper+0x1148/0x5450 [ 28.378221] kasan_check_range+0x10c/0x1c0 [ 28.378246] __kasan_check_write+0x18/0x20 [ 28.378271] kasan_atomics_helper+0x1148/0x5450 [ 28.378294] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.378318] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.378343] ? kasan_atomics+0x152/0x310 [ 28.378499] kasan_atomics+0x1dc/0x310 [ 28.378539] ? __pfx_kasan_atomics+0x10/0x10 [ 28.378579] ? __pfx_read_tsc+0x10/0x10 [ 28.378605] ? ktime_get_ts64+0x86/0x230 [ 28.378670] kunit_try_run_case+0x1a5/0x480 [ 28.378699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.378724] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.378751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.378778] ? __kthread_parkme+0x82/0x180 [ 28.378800] ? preempt_count_sub+0x50/0x80 [ 28.378823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.378848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.378873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.378898] kthread+0x337/0x6f0 [ 28.378920] ? trace_preempt_on+0x20/0xc0 [ 28.378947] ? __pfx_kthread+0x10/0x10 [ 28.378970] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.378995] ? calculate_sigpending+0x7b/0xa0 [ 28.379020] ? __pfx_kthread+0x10/0x10 [ 28.379043] ret_from_fork+0x116/0x1d0 [ 28.379064] ? __pfx_kthread+0x10/0x10 [ 28.379086] ret_from_fork_asm+0x1a/0x30 [ 28.379118] </TASK> [ 28.379131] [ 28.394867] Allocated by task 314: [ 28.395410] kasan_save_stack+0x45/0x70 [ 28.395896] kasan_save_track+0x18/0x40 [ 28.396350] kasan_save_alloc_info+0x3b/0x50 [ 28.396537] __kasan_kmalloc+0xb7/0xc0 [ 28.397056] __kmalloc_cache_noprof+0x189/0x420 [ 28.397639] kasan_atomics+0x95/0x310 [ 28.397783] kunit_try_run_case+0x1a5/0x480 [ 28.397930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.398629] kthread+0x337/0x6f0 [ 28.399026] ret_from_fork+0x116/0x1d0 [ 28.399526] ret_from_fork_asm+0x1a/0x30 [ 28.399920] [ 28.400168] The buggy address belongs to the object at ffff888106118e00 [ 28.400168] which belongs to the cache kmalloc-64 of size 64 [ 28.400879] The buggy address is located 0 bytes to the right of [ 28.400879] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.402254] [ 28.402448] The buggy address belongs to the physical page: [ 28.402995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.403605] flags: 0x200000000000000(node=0|zone=2) [ 28.403784] page_type: f5(slab) [ 28.403908] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.404776] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.405738] page dumped because: kasan: bad access detected [ 28.406587] [ 28.406764] Memory state around the buggy address: [ 28.407347] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.407588] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.407812] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.408029] ^ [ 28.408370] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.409118] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.409833] ================================================================== [ 28.702501] ================================================================== [ 28.703152] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 28.703494] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.704278] [ 28.704573] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.704627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.704641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.704664] Call Trace: [ 28.704687] <TASK> [ 28.704708] dump_stack_lvl+0x73/0xb0 [ 28.704741] print_report+0xd1/0x640 [ 28.704776] ? __virt_addr_valid+0x1db/0x2d0 [ 28.704804] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.704839] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.704866] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.704890] kasan_report+0x141/0x180 [ 28.704914] ? kasan_atomics_helper+0x16e7/0x5450 [ 28.704957] kasan_check_range+0x10c/0x1c0 [ 28.704982] __kasan_check_write+0x18/0x20 [ 28.705007] kasan_atomics_helper+0x16e7/0x5450 [ 28.705040] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.705064] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.705092] ? kasan_atomics+0x152/0x310 [ 28.705131] kasan_atomics+0x1dc/0x310 [ 28.705164] ? __pfx_kasan_atomics+0x10/0x10 [ 28.705191] ? __pfx_read_tsc+0x10/0x10 [ 28.705215] ? ktime_get_ts64+0x86/0x230 [ 28.705242] kunit_try_run_case+0x1a5/0x480 [ 28.705269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.705293] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.705320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.705347] ? __kthread_parkme+0x82/0x180 [ 28.705388] ? preempt_count_sub+0x50/0x80 [ 28.705414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.705440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.705465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.705491] kthread+0x337/0x6f0 [ 28.705513] ? trace_preempt_on+0x20/0xc0 [ 28.705540] ? __pfx_kthread+0x10/0x10 [ 28.705563] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.705590] ? calculate_sigpending+0x7b/0xa0 [ 28.705617] ? __pfx_kthread+0x10/0x10 [ 28.705640] ret_from_fork+0x116/0x1d0 [ 28.705662] ? __pfx_kthread+0x10/0x10 [ 28.705685] ret_from_fork_asm+0x1a/0x30 [ 28.705718] </TASK> [ 28.705731] [ 28.718350] Allocated by task 314: [ 28.718487] kasan_save_stack+0x45/0x70 [ 28.718639] kasan_save_track+0x18/0x40 [ 28.718774] kasan_save_alloc_info+0x3b/0x50 [ 28.718924] __kasan_kmalloc+0xb7/0xc0 [ 28.719054] __kmalloc_cache_noprof+0x189/0x420 [ 28.719243] kasan_atomics+0x95/0x310 [ 28.719381] kunit_try_run_case+0x1a5/0x480 [ 28.719527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.719707] kthread+0x337/0x6f0 [ 28.719828] ret_from_fork+0x116/0x1d0 [ 28.720162] ret_from_fork_asm+0x1a/0x30 [ 28.720469] [ 28.720564] The buggy address belongs to the object at ffff888106118e00 [ 28.720564] which belongs to the cache kmalloc-64 of size 64 [ 28.721049] The buggy address is located 0 bytes to the right of [ 28.721049] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.721650] [ 28.721745] The buggy address belongs to the physical page: [ 28.722024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.722428] flags: 0x200000000000000(node=0|zone=2) [ 28.722619] page_type: f5(slab) [ 28.722743] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.723003] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.723312] page dumped because: kasan: bad access detected [ 28.723687] [ 28.723788] Memory state around the buggy address: [ 28.724132] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.724471] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.724731] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.725106] ^ [ 28.725274] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.725512] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.725881] ================================================================== [ 28.200973] ================================================================== [ 28.201380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.201815] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.202230] [ 28.202338] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.202394] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.202408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.202481] Call Trace: [ 28.202501] <TASK> [ 28.202517] dump_stack_lvl+0x73/0xb0 [ 28.202548] print_report+0xd1/0x640 [ 28.202572] ? __virt_addr_valid+0x1db/0x2d0 [ 28.202598] ? kasan_atomics_helper+0xd47/0x5450 [ 28.202620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.202682] ? kasan_atomics_helper+0xd47/0x5450 [ 28.202705] kasan_report+0x141/0x180 [ 28.202729] ? kasan_atomics_helper+0xd47/0x5450 [ 28.202756] kasan_check_range+0x10c/0x1c0 [ 28.202782] __kasan_check_write+0x18/0x20 [ 28.202837] kasan_atomics_helper+0xd47/0x5450 [ 28.202862] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.202885] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.202912] ? kasan_atomics+0x152/0x310 [ 28.202984] kasan_atomics+0x1dc/0x310 [ 28.203011] ? __pfx_kasan_atomics+0x10/0x10 [ 28.203036] ? __pfx_read_tsc+0x10/0x10 [ 28.203060] ? ktime_get_ts64+0x86/0x230 [ 28.203086] kunit_try_run_case+0x1a5/0x480 [ 28.203153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.203177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.203204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.203231] ? __kthread_parkme+0x82/0x180 [ 28.203283] ? preempt_count_sub+0x50/0x80 [ 28.203308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.203333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.203380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.203407] kthread+0x337/0x6f0 [ 28.203428] ? trace_preempt_on+0x20/0xc0 [ 28.203486] ? __pfx_kthread+0x10/0x10 [ 28.203509] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.203534] ? calculate_sigpending+0x7b/0xa0 [ 28.203560] ? __pfx_kthread+0x10/0x10 [ 28.203582] ret_from_fork+0x116/0x1d0 [ 28.203604] ? __pfx_kthread+0x10/0x10 [ 28.203657] ret_from_fork_asm+0x1a/0x30 [ 28.203690] </TASK> [ 28.203702] [ 28.211490] Allocated by task 314: [ 28.211668] kasan_save_stack+0x45/0x70 [ 28.211850] kasan_save_track+0x18/0x40 [ 28.212015] kasan_save_alloc_info+0x3b/0x50 [ 28.214183] __kasan_kmalloc+0xb7/0xc0 [ 28.214392] __kmalloc_cache_noprof+0x189/0x420 [ 28.214551] kasan_atomics+0x95/0x310 [ 28.214682] kunit_try_run_case+0x1a5/0x480 [ 28.214826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.215005] kthread+0x337/0x6f0 [ 28.215126] ret_from_fork+0x116/0x1d0 [ 28.215267] ret_from_fork_asm+0x1a/0x30 [ 28.215404] [ 28.215472] The buggy address belongs to the object at ffff888106118e00 [ 28.215472] which belongs to the cache kmalloc-64 of size 64 [ 28.215828] The buggy address is located 0 bytes to the right of [ 28.215828] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.216391] [ 28.216496] The buggy address belongs to the physical page: [ 28.216760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.217358] flags: 0x200000000000000(node=0|zone=2) [ 28.217591] page_type: f5(slab) [ 28.217803] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.218171] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.218550] page dumped because: kasan: bad access detected [ 28.218814] [ 28.218910] Memory state around the buggy address: [ 28.219185] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.219539] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.219897] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.220253] ^ [ 28.220540] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.220875] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.221308] ================================================================== [ 28.953502] ================================================================== [ 28.953825] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 28.954384] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.954611] [ 28.954699] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.954751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.954765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.954789] Call Trace: [ 28.954811] <TASK> [ 28.954832] dump_stack_lvl+0x73/0xb0 [ 28.954863] print_report+0xd1/0x640 [ 28.954888] ? __virt_addr_valid+0x1db/0x2d0 [ 28.954914] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.954947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.954976] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.954999] kasan_report+0x141/0x180 [ 28.955023] ? kasan_atomics_helper+0x1e12/0x5450 [ 28.955051] kasan_check_range+0x10c/0x1c0 [ 28.956759] __kasan_check_write+0x18/0x20 [ 28.956816] kasan_atomics_helper+0x1e12/0x5450 [ 28.956844] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.956869] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.956896] ? kasan_atomics+0x152/0x310 [ 28.956924] kasan_atomics+0x1dc/0x310 [ 28.956961] ? __pfx_kasan_atomics+0x10/0x10 [ 28.956989] ? __pfx_read_tsc+0x10/0x10 [ 28.957016] ? ktime_get_ts64+0x86/0x230 [ 28.957042] kunit_try_run_case+0x1a5/0x480 [ 28.957070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.957094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.957122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.957165] ? __kthread_parkme+0x82/0x180 [ 28.957188] ? preempt_count_sub+0x50/0x80 [ 28.957213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.957238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.957264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.957289] kthread+0x337/0x6f0 [ 28.957312] ? trace_preempt_on+0x20/0xc0 [ 28.957338] ? __pfx_kthread+0x10/0x10 [ 28.957360] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.957385] ? calculate_sigpending+0x7b/0xa0 [ 28.957411] ? __pfx_kthread+0x10/0x10 [ 28.957434] ret_from_fork+0x116/0x1d0 [ 28.957455] ? __pfx_kthread+0x10/0x10 [ 28.957504] ret_from_fork_asm+0x1a/0x30 [ 28.957538] </TASK> [ 28.957552] [ 28.964858] Allocated by task 314: [ 28.965084] kasan_save_stack+0x45/0x70 [ 28.965295] kasan_save_track+0x18/0x40 [ 28.965459] kasan_save_alloc_info+0x3b/0x50 [ 28.965639] __kasan_kmalloc+0xb7/0xc0 [ 28.965802] __kmalloc_cache_noprof+0x189/0x420 [ 28.966020] kasan_atomics+0x95/0x310 [ 28.966194] kunit_try_run_case+0x1a5/0x480 [ 28.966390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.966620] kthread+0x337/0x6f0 [ 28.966771] ret_from_fork+0x116/0x1d0 [ 28.966927] ret_from_fork_asm+0x1a/0x30 [ 28.967089] [ 28.967168] The buggy address belongs to the object at ffff888106118e00 [ 28.967168] which belongs to the cache kmalloc-64 of size 64 [ 28.967575] The buggy address is located 0 bytes to the right of [ 28.967575] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.968199] [ 28.968340] The buggy address belongs to the physical page: [ 28.968519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.968820] flags: 0x200000000000000(node=0|zone=2) [ 28.969202] page_type: f5(slab) [ 28.969376] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.969660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.969966] page dumped because: kasan: bad access detected [ 28.970199] [ 28.970290] Memory state around the buggy address: [ 28.970472] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.970688] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.970900] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.971111] ^ [ 28.971277] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971494] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971815] ================================================================== [ 28.181230] ================================================================== [ 28.181620] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 28.181967] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.182201] [ 28.182284] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.182332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.182346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.182369] Call Trace: [ 28.182385] <TASK> [ 28.182424] dump_stack_lvl+0x73/0xb0 [ 28.182454] print_report+0xd1/0x640 [ 28.182478] ? __virt_addr_valid+0x1db/0x2d0 [ 28.182503] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.182526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.182598] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.182621] kasan_report+0x141/0x180 [ 28.182644] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.182672] __asan_report_load4_noabort+0x18/0x20 [ 28.182697] kasan_atomics_helper+0x4a84/0x5450 [ 28.182753] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.182777] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.182804] ? kasan_atomics+0x152/0x310 [ 28.182830] kasan_atomics+0x1dc/0x310 [ 28.182853] ? __pfx_kasan_atomics+0x10/0x10 [ 28.182908] ? __pfx_read_tsc+0x10/0x10 [ 28.182949] ? ktime_get_ts64+0x86/0x230 [ 28.182976] kunit_try_run_case+0x1a5/0x480 [ 28.183002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.183026] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.183085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.183115] ? __kthread_parkme+0x82/0x180 [ 28.183138] ? preempt_count_sub+0x50/0x80 [ 28.183172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.183229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.183253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.183278] kthread+0x337/0x6f0 [ 28.183302] ? trace_preempt_on+0x20/0xc0 [ 28.183327] ? __pfx_kthread+0x10/0x10 [ 28.183398] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.183426] ? calculate_sigpending+0x7b/0xa0 [ 28.183451] ? __pfx_kthread+0x10/0x10 [ 28.183483] ret_from_fork+0x116/0x1d0 [ 28.183505] ? __pfx_kthread+0x10/0x10 [ 28.183527] ret_from_fork_asm+0x1a/0x30 [ 28.183559] </TASK> [ 28.183571] [ 28.191417] Allocated by task 314: [ 28.191597] kasan_save_stack+0x45/0x70 [ 28.191794] kasan_save_track+0x18/0x40 [ 28.192039] kasan_save_alloc_info+0x3b/0x50 [ 28.192192] __kasan_kmalloc+0xb7/0xc0 [ 28.192319] __kmalloc_cache_noprof+0x189/0x420 [ 28.192688] kasan_atomics+0x95/0x310 [ 28.192891] kunit_try_run_case+0x1a5/0x480 [ 28.193154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.193403] kthread+0x337/0x6f0 [ 28.193589] ret_from_fork+0x116/0x1d0 [ 28.193772] ret_from_fork_asm+0x1a/0x30 [ 28.194059] [ 28.194200] The buggy address belongs to the object at ffff888106118e00 [ 28.194200] which belongs to the cache kmalloc-64 of size 64 [ 28.194676] The buggy address is located 0 bytes to the right of [ 28.194676] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.195316] [ 28.195419] The buggy address belongs to the physical page: [ 28.195676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.196112] flags: 0x200000000000000(node=0|zone=2) [ 28.196324] page_type: f5(slab) [ 28.196513] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.197067] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.197389] page dumped because: kasan: bad access detected [ 28.197718] [ 28.197809] Memory state around the buggy address: [ 28.198049] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.198430] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.198894] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.199235] ^ [ 28.199452] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.199977] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.200193] ================================================================== [ 28.311184] ================================================================== [ 28.311662] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.311971] Read of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.312215] [ 28.312304] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.312357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.312371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.312411] Call Trace: [ 28.312426] <TASK> [ 28.312445] dump_stack_lvl+0x73/0xb0 [ 28.312476] print_report+0xd1/0x640 [ 28.312499] ? __virt_addr_valid+0x1db/0x2d0 [ 28.312527] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.312549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.312576] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.312600] kasan_report+0x141/0x180 [ 28.312622] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.312649] __asan_report_load4_noabort+0x18/0x20 [ 28.312674] kasan_atomics_helper+0x4a36/0x5450 [ 28.312698] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.312721] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.312748] ? kasan_atomics+0x152/0x310 [ 28.312775] kasan_atomics+0x1dc/0x310 [ 28.312800] ? __pfx_kasan_atomics+0x10/0x10 [ 28.312826] ? __pfx_read_tsc+0x10/0x10 [ 28.312850] ? ktime_get_ts64+0x86/0x230 [ 28.312876] kunit_try_run_case+0x1a5/0x480 [ 28.312903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.312927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.312964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.312991] ? __kthread_parkme+0x82/0x180 [ 28.313012] ? preempt_count_sub+0x50/0x80 [ 28.313037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.313062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.313088] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.313114] kthread+0x337/0x6f0 [ 28.313134] ? trace_preempt_on+0x20/0xc0 [ 28.313172] ? __pfx_kthread+0x10/0x10 [ 28.313194] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.313219] ? calculate_sigpending+0x7b/0xa0 [ 28.313245] ? __pfx_kthread+0x10/0x10 [ 28.313267] ret_from_fork+0x116/0x1d0 [ 28.313288] ? __pfx_kthread+0x10/0x10 [ 28.313310] ret_from_fork_asm+0x1a/0x30 [ 28.313344] </TASK> [ 28.313356] [ 28.320919] Allocated by task 314: [ 28.321113] kasan_save_stack+0x45/0x70 [ 28.321321] kasan_save_track+0x18/0x40 [ 28.321620] kasan_save_alloc_info+0x3b/0x50 [ 28.321765] __kasan_kmalloc+0xb7/0xc0 [ 28.321891] __kmalloc_cache_noprof+0x189/0x420 [ 28.322268] kasan_atomics+0x95/0x310 [ 28.322455] kunit_try_run_case+0x1a5/0x480 [ 28.322660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.322909] kthread+0x337/0x6f0 [ 28.323492] ret_from_fork+0x116/0x1d0 [ 28.323654] ret_from_fork_asm+0x1a/0x30 [ 28.323854] [ 28.323960] The buggy address belongs to the object at ffff888106118e00 [ 28.323960] which belongs to the cache kmalloc-64 of size 64 [ 28.324560] The buggy address is located 0 bytes to the right of [ 28.324560] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.325077] [ 28.325182] The buggy address belongs to the physical page: [ 28.325444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.325803] flags: 0x200000000000000(node=0|zone=2) [ 28.326046] page_type: f5(slab) [ 28.326186] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.326532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.326753] page dumped because: kasan: bad access detected [ 28.326921] [ 28.326986] Memory state around the buggy address: [ 28.327137] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.327483] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.327799] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.328299] ^ [ 28.329016] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.329333] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.329700] ================================================================== [ 27.997799] ================================================================== [ 27.998255] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 27.998606] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 27.998990] [ 27.999465] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.999521] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.999535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.999559] Call Trace: [ 27.999580] <TASK> [ 27.999675] dump_stack_lvl+0x73/0xb0 [ 27.999711] print_report+0xd1/0x640 [ 27.999790] ? __virt_addr_valid+0x1db/0x2d0 [ 27.999818] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.999842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.999869] ? kasan_atomics_helper+0x7c7/0x5450 [ 27.999949] kasan_report+0x141/0x180 [ 27.999975] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.000002] kasan_check_range+0x10c/0x1c0 [ 28.000027] __kasan_check_write+0x18/0x20 [ 28.000051] kasan_atomics_helper+0x7c7/0x5450 [ 28.000076] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.000099] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.000127] ? kasan_atomics+0x152/0x310 [ 28.000167] kasan_atomics+0x1dc/0x310 [ 28.000192] ? __pfx_kasan_atomics+0x10/0x10 [ 28.000217] ? __pfx_read_tsc+0x10/0x10 [ 28.000241] ? ktime_get_ts64+0x86/0x230 [ 28.000268] kunit_try_run_case+0x1a5/0x480 [ 28.000293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.000317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.000345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.000383] ? __kthread_parkme+0x82/0x180 [ 28.000406] ? preempt_count_sub+0x50/0x80 [ 28.000431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.000457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.000483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.000508] kthread+0x337/0x6f0 [ 28.000529] ? trace_preempt_on+0x20/0xc0 [ 28.000554] ? __pfx_kthread+0x10/0x10 [ 28.000576] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.000601] ? calculate_sigpending+0x7b/0xa0 [ 28.000627] ? __pfx_kthread+0x10/0x10 [ 28.000649] ret_from_fork+0x116/0x1d0 [ 28.000671] ? __pfx_kthread+0x10/0x10 [ 28.000693] ret_from_fork_asm+0x1a/0x30 [ 28.000726] </TASK> [ 28.000739] [ 28.010766] Allocated by task 314: [ 28.010937] kasan_save_stack+0x45/0x70 [ 28.011117] kasan_save_track+0x18/0x40 [ 28.011261] kasan_save_alloc_info+0x3b/0x50 [ 28.011924] __kasan_kmalloc+0xb7/0xc0 [ 28.012178] __kmalloc_cache_noprof+0x189/0x420 [ 28.012392] kasan_atomics+0x95/0x310 [ 28.012752] kunit_try_run_case+0x1a5/0x480 [ 28.013021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.013269] kthread+0x337/0x6f0 [ 28.013704] ret_from_fork+0x116/0x1d0 [ 28.013909] ret_from_fork_asm+0x1a/0x30 [ 28.014255] [ 28.014452] The buggy address belongs to the object at ffff888106118e00 [ 28.014452] which belongs to the cache kmalloc-64 of size 64 [ 28.014918] The buggy address is located 0 bytes to the right of [ 28.014918] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.015529] [ 28.015641] The buggy address belongs to the physical page: [ 28.015866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.016709] flags: 0x200000000000000(node=0|zone=2) [ 28.016975] page_type: f5(slab) [ 28.017250] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.017533] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.017977] page dumped because: kasan: bad access detected [ 28.018176] [ 28.018273] Memory state around the buggy address: [ 28.018524] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.019188] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.019542] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.019906] ^ [ 28.020310] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.020782] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.021152] ================================================================== [ 28.437160] ================================================================== [ 28.437473] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 28.437903] Write of size 4 at addr ffff888106118e30 by task kunit_try_catch/314 [ 28.438261] [ 28.438364] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 28.438459] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.438473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.438497] Call Trace: [ 28.438519] <TASK> [ 28.438541] dump_stack_lvl+0x73/0xb0 [ 28.438572] print_report+0xd1/0x640 [ 28.438597] ? __virt_addr_valid+0x1db/0x2d0 [ 28.438624] ? kasan_atomics_helper+0x1217/0x5450 [ 28.438647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.438675] ? kasan_atomics_helper+0x1217/0x5450 [ 28.438698] kasan_report+0x141/0x180 [ 28.438722] ? kasan_atomics_helper+0x1217/0x5450 [ 28.438750] kasan_check_range+0x10c/0x1c0 [ 28.438774] __kasan_check_write+0x18/0x20 [ 28.438799] kasan_atomics_helper+0x1217/0x5450 [ 28.438823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.438845] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.438872] ? kasan_atomics+0x152/0x310 [ 28.438899] kasan_atomics+0x1dc/0x310 [ 28.438923] ? __pfx_kasan_atomics+0x10/0x10 [ 28.438948] ? __pfx_read_tsc+0x10/0x10 [ 28.438972] ? ktime_get_ts64+0x86/0x230 [ 28.438999] kunit_try_run_case+0x1a5/0x480 [ 28.439025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.439049] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.439076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.439111] ? __kthread_parkme+0x82/0x180 [ 28.439132] ? preempt_count_sub+0x50/0x80 [ 28.439170] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.439198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.439223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.439247] kthread+0x337/0x6f0 [ 28.439269] ? trace_preempt_on+0x20/0xc0 [ 28.439295] ? __pfx_kthread+0x10/0x10 [ 28.439317] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.439341] ? calculate_sigpending+0x7b/0xa0 [ 28.439368] ? __pfx_kthread+0x10/0x10 [ 28.439389] ret_from_fork+0x116/0x1d0 [ 28.439422] ? __pfx_kthread+0x10/0x10 [ 28.439444] ret_from_fork_asm+0x1a/0x30 [ 28.439477] </TASK> [ 28.439489] [ 28.447643] Allocated by task 314: [ 28.447815] kasan_save_stack+0x45/0x70 [ 28.448031] kasan_save_track+0x18/0x40 [ 28.448230] kasan_save_alloc_info+0x3b/0x50 [ 28.448506] __kasan_kmalloc+0xb7/0xc0 [ 28.448678] __kmalloc_cache_noprof+0x189/0x420 [ 28.448879] kasan_atomics+0x95/0x310 [ 28.449059] kunit_try_run_case+0x1a5/0x480 [ 28.449226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.449414] kthread+0x337/0x6f0 [ 28.449579] ret_from_fork+0x116/0x1d0 [ 28.449804] ret_from_fork_asm+0x1a/0x30 [ 28.450023] [ 28.450109] The buggy address belongs to the object at ffff888106118e00 [ 28.450109] which belongs to the cache kmalloc-64 of size 64 [ 28.450560] The buggy address is located 0 bytes to the right of [ 28.450560] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 28.451094] [ 28.451277] The buggy address belongs to the physical page: [ 28.451540] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 28.451893] flags: 0x200000000000000(node=0|zone=2) [ 28.452265] page_type: f5(slab) [ 28.452421] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.452673] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.452897] page dumped because: kasan: bad access detected [ 28.453136] [ 28.453503] Memory state around the buggy address: [ 28.453919] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.454201] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.454419] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.454630] ^ [ 28.454784] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.454997] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.455314] ================================================================== [ 29.111492] ================================================================== [ 29.112026] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 29.112337] Write of size 8 at addr ffff888106118e30 by task kunit_try_catch/314 [ 29.112660] [ 29.112771] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 29.112823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.112837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.112861] Call Trace: [ 29.112881] <TASK> [ 29.112900] dump_stack_lvl+0x73/0xb0 [ 29.112955] print_report+0xd1/0x640 [ 29.112979] ? __virt_addr_valid+0x1db/0x2d0 [ 29.113005] ? kasan_atomics_helper+0x218a/0x5450 [ 29.113028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.113055] ? kasan_atomics_helper+0x218a/0x5450 [ 29.113078] kasan_report+0x141/0x180 [ 29.113102] ? kasan_atomics_helper+0x218a/0x5450 [ 29.113129] kasan_check_range+0x10c/0x1c0 [ 29.113165] __kasan_check_write+0x18/0x20 [ 29.113190] kasan_atomics_helper+0x218a/0x5450 [ 29.113214] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.113238] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.113264] ? kasan_atomics+0x152/0x310 [ 29.113291] kasan_atomics+0x1dc/0x310 [ 29.113315] ? __pfx_kasan_atomics+0x10/0x10 [ 29.113340] ? __pfx_read_tsc+0x10/0x10 [ 29.113364] ? ktime_get_ts64+0x86/0x230 [ 29.113390] kunit_try_run_case+0x1a5/0x480 [ 29.113416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.113440] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.113468] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.113494] ? __kthread_parkme+0x82/0x180 [ 29.113516] ? preempt_count_sub+0x50/0x80 [ 29.113542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.113568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.113592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.113618] kthread+0x337/0x6f0 [ 29.113640] ? trace_preempt_on+0x20/0xc0 [ 29.113666] ? __pfx_kthread+0x10/0x10 [ 29.113688] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.113727] ? calculate_sigpending+0x7b/0xa0 [ 29.113753] ? __pfx_kthread+0x10/0x10 [ 29.113776] ret_from_fork+0x116/0x1d0 [ 29.113798] ? __pfx_kthread+0x10/0x10 [ 29.113820] ret_from_fork_asm+0x1a/0x30 [ 29.113853] </TASK> [ 29.113865] [ 29.121140] Allocated by task 314: [ 29.121344] kasan_save_stack+0x45/0x70 [ 29.121501] kasan_save_track+0x18/0x40 [ 29.121704] kasan_save_alloc_info+0x3b/0x50 [ 29.121849] __kasan_kmalloc+0xb7/0xc0 [ 29.121979] __kmalloc_cache_noprof+0x189/0x420 [ 29.122129] kasan_atomics+0x95/0x310 [ 29.122268] kunit_try_run_case+0x1a5/0x480 [ 29.122522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.122771] kthread+0x337/0x6f0 [ 29.122959] ret_from_fork+0x116/0x1d0 [ 29.123158] ret_from_fork_asm+0x1a/0x30 [ 29.123355] [ 29.123447] The buggy address belongs to the object at ffff888106118e00 [ 29.123447] which belongs to the cache kmalloc-64 of size 64 [ 29.124064] The buggy address is located 0 bytes to the right of [ 29.124064] allocated 48-byte region [ffff888106118e00, ffff888106118e30) [ 29.124488] [ 29.124560] The buggy address belongs to the physical page: [ 29.124741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 29.124981] flags: 0x200000000000000(node=0|zone=2) [ 29.125175] page_type: f5(slab) [ 29.125360] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.125696] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.126020] page dumped because: kasan: bad access detected [ 29.126455] [ 29.126545] Memory state around the buggy address: [ 29.126764] ffff888106118d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.127214] ffff888106118d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.127491] >ffff888106118e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.127729] ^ [ 29.127880] ffff888106118e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.128095] ffff888106118f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.128319] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 27.502905] ================================================================== [ 27.503199] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.503731] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.504060] [ 27.504179] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.504228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.504241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.504263] Call Trace: [ 27.504282] <TASK> [ 27.504299] dump_stack_lvl+0x73/0xb0 [ 27.504328] print_report+0xd1/0x640 [ 27.504350] ? __virt_addr_valid+0x1db/0x2d0 [ 27.504376] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.504403] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.504429] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.504456] kasan_report+0x141/0x180 [ 27.504478] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.504509] kasan_check_range+0x10c/0x1c0 [ 27.504533] __kasan_check_write+0x18/0x20 [ 27.504556] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 27.504584] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.504611] ? ret_from_fork_asm+0x1a/0x30 [ 27.504634] ? kthread+0x337/0x6f0 [ 27.504659] kasan_bitops_generic+0x121/0x1c0 [ 27.504682] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.504707] ? __pfx_read_tsc+0x10/0x10 [ 27.504730] ? ktime_get_ts64+0x86/0x230 [ 27.504756] kunit_try_run_case+0x1a5/0x480 [ 27.504780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.504803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.504829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.504855] ? __kthread_parkme+0x82/0x180 [ 27.504875] ? preempt_count_sub+0x50/0x80 [ 27.504898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.504922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.505135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.505186] kthread+0x337/0x6f0 [ 27.505210] ? trace_preempt_on+0x20/0xc0 [ 27.505235] ? __pfx_kthread+0x10/0x10 [ 27.505258] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.505283] ? calculate_sigpending+0x7b/0xa0 [ 27.505308] ? __pfx_kthread+0x10/0x10 [ 27.505330] ret_from_fork+0x116/0x1d0 [ 27.505350] ? __pfx_kthread+0x10/0x10 [ 27.505420] ret_from_fork_asm+0x1a/0x30 [ 27.505455] </TASK> [ 27.505467] [ 27.513418] Allocated by task 310: [ 27.513548] kasan_save_stack+0x45/0x70 [ 27.513685] kasan_save_track+0x18/0x40 [ 27.513924] kasan_save_alloc_info+0x3b/0x50 [ 27.514137] __kasan_kmalloc+0xb7/0xc0 [ 27.514327] __kmalloc_cache_noprof+0x189/0x420 [ 27.514544] kasan_bitops_generic+0x92/0x1c0 [ 27.514718] kunit_try_run_case+0x1a5/0x480 [ 27.514956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.515178] kthread+0x337/0x6f0 [ 27.515336] ret_from_fork+0x116/0x1d0 [ 27.515580] ret_from_fork_asm+0x1a/0x30 [ 27.515756] [ 27.515849] The buggy address belongs to the object at ffff8881049630a0 [ 27.515849] which belongs to the cache kmalloc-16 of size 16 [ 27.516360] The buggy address is located 8 bytes inside of [ 27.516360] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.516707] [ 27.516773] The buggy address belongs to the physical page: [ 27.516950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.517363] flags: 0x200000000000000(node=0|zone=2) [ 27.517733] page_type: f5(slab) [ 27.517893] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.518230] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.518553] page dumped because: kasan: bad access detected [ 27.518754] [ 27.518817] Memory state around the buggy address: [ 27.518968] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.519189] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.519808] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.520294] ^ [ 27.520616] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.520930] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.521263] ================================================================== [ 27.631272] ================================================================== [ 27.631508] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.632513] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.632877] [ 27.633015] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.633068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.633081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.633103] Call Trace: [ 27.633122] <TASK> [ 27.633142] dump_stack_lvl+0x73/0xb0 [ 27.633184] print_report+0xd1/0x640 [ 27.633206] ? __virt_addr_valid+0x1db/0x2d0 [ 27.633230] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.633257] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.633283] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.633311] kasan_report+0x141/0x180 [ 27.633333] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.633365] kasan_check_range+0x10c/0x1c0 [ 27.633450] __kasan_check_write+0x18/0x20 [ 27.633474] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 27.633501] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.633530] ? ret_from_fork_asm+0x1a/0x30 [ 27.633553] ? kthread+0x337/0x6f0 [ 27.633576] kasan_bitops_generic+0x121/0x1c0 [ 27.633600] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.633625] ? __pfx_read_tsc+0x10/0x10 [ 27.633647] ? ktime_get_ts64+0x86/0x230 [ 27.633672] kunit_try_run_case+0x1a5/0x480 [ 27.633697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.633723] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.633750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.633775] ? __kthread_parkme+0x82/0x180 [ 27.633795] ? preempt_count_sub+0x50/0x80 [ 27.633818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.633841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.633878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.633901] kthread+0x337/0x6f0 [ 27.633921] ? trace_preempt_on+0x20/0xc0 [ 27.633955] ? __pfx_kthread+0x10/0x10 [ 27.633976] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.633999] ? calculate_sigpending+0x7b/0xa0 [ 27.634023] ? __pfx_kthread+0x10/0x10 [ 27.634045] ret_from_fork+0x116/0x1d0 [ 27.634065] ? __pfx_kthread+0x10/0x10 [ 27.634086] ret_from_fork_asm+0x1a/0x30 [ 27.634116] </TASK> [ 27.634129] [ 27.642241] Allocated by task 310: [ 27.642466] kasan_save_stack+0x45/0x70 [ 27.642657] kasan_save_track+0x18/0x40 [ 27.642818] kasan_save_alloc_info+0x3b/0x50 [ 27.643042] __kasan_kmalloc+0xb7/0xc0 [ 27.643246] __kmalloc_cache_noprof+0x189/0x420 [ 27.643420] kasan_bitops_generic+0x92/0x1c0 [ 27.643661] kunit_try_run_case+0x1a5/0x480 [ 27.643804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.643974] kthread+0x337/0x6f0 [ 27.644369] ret_from_fork+0x116/0x1d0 [ 27.644560] ret_from_fork_asm+0x1a/0x30 [ 27.644823] [ 27.644923] The buggy address belongs to the object at ffff8881049630a0 [ 27.644923] which belongs to the cache kmalloc-16 of size 16 [ 27.645436] The buggy address is located 8 bytes inside of [ 27.645436] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.645903] [ 27.645971] The buggy address belongs to the physical page: [ 27.646158] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.646397] flags: 0x200000000000000(node=0|zone=2) [ 27.646555] page_type: f5(slab) [ 27.646672] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.647302] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.647882] page dumped because: kasan: bad access detected [ 27.648048] [ 27.648112] Memory state around the buggy address: [ 27.648612] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.648917] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.649218] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.649547] ^ [ 27.649726] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.649949] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.650274] ================================================================== [ 27.670316] ================================================================== [ 27.671171] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.671681] Read of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.672114] [ 27.672223] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.672271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.672283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.672305] Call Trace: [ 27.672321] <TASK> [ 27.672337] dump_stack_lvl+0x73/0xb0 [ 27.672365] print_report+0xd1/0x640 [ 27.672438] ? __virt_addr_valid+0x1db/0x2d0 [ 27.672462] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.672490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.672516] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.672544] kasan_report+0x141/0x180 [ 27.672566] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.672598] __asan_report_load8_noabort+0x18/0x20 [ 27.672622] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 27.672650] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.672679] ? ret_from_fork_asm+0x1a/0x30 [ 27.672703] ? kthread+0x337/0x6f0 [ 27.672727] kasan_bitops_generic+0x121/0x1c0 [ 27.672752] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.672776] ? __pfx_read_tsc+0x10/0x10 [ 27.672798] ? ktime_get_ts64+0x86/0x230 [ 27.672823] kunit_try_run_case+0x1a5/0x480 [ 27.672848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.672870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.672896] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.672922] ? __kthread_parkme+0x82/0x180 [ 27.672953] ? preempt_count_sub+0x50/0x80 [ 27.672978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.673002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.673026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.673051] kthread+0x337/0x6f0 [ 27.673071] ? trace_preempt_on+0x20/0xc0 [ 27.673095] ? __pfx_kthread+0x10/0x10 [ 27.673117] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.673140] ? calculate_sigpending+0x7b/0xa0 [ 27.673177] ? __pfx_kthread+0x10/0x10 [ 27.673199] ret_from_fork+0x116/0x1d0 [ 27.673219] ? __pfx_kthread+0x10/0x10 [ 27.673240] ret_from_fork_asm+0x1a/0x30 [ 27.673271] </TASK> [ 27.673283] [ 27.681544] Allocated by task 310: [ 27.681682] kasan_save_stack+0x45/0x70 [ 27.681824] kasan_save_track+0x18/0x40 [ 27.682089] kasan_save_alloc_info+0x3b/0x50 [ 27.682310] __kasan_kmalloc+0xb7/0xc0 [ 27.682759] __kmalloc_cache_noprof+0x189/0x420 [ 27.682998] kasan_bitops_generic+0x92/0x1c0 [ 27.683195] kunit_try_run_case+0x1a5/0x480 [ 27.683356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.683593] kthread+0x337/0x6f0 [ 27.683749] ret_from_fork+0x116/0x1d0 [ 27.683906] ret_from_fork_asm+0x1a/0x30 [ 27.684112] [ 27.684215] The buggy address belongs to the object at ffff8881049630a0 [ 27.684215] which belongs to the cache kmalloc-16 of size 16 [ 27.684666] The buggy address is located 8 bytes inside of [ 27.684666] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.685184] [ 27.685251] The buggy address belongs to the physical page: [ 27.685424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.685661] flags: 0x200000000000000(node=0|zone=2) [ 27.685821] page_type: f5(slab) [ 27.685936] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.686276] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.686660] page dumped because: kasan: bad access detected [ 27.686905] [ 27.686992] Memory state around the buggy address: [ 27.687215] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.687680] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.687895] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.688347] ^ [ 27.688578] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.688829] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.689154] ================================================================== [ 27.580774] ================================================================== [ 27.581197] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.581879] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.582214] [ 27.582300] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.582348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.582360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.582391] Call Trace: [ 27.582408] <TASK> [ 27.582425] dump_stack_lvl+0x73/0xb0 [ 27.582452] print_report+0xd1/0x640 [ 27.582474] ? __virt_addr_valid+0x1db/0x2d0 [ 27.582498] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.582525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.582551] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.582578] kasan_report+0x141/0x180 [ 27.582600] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.582631] kasan_check_range+0x10c/0x1c0 [ 27.582656] __kasan_check_write+0x18/0x20 [ 27.582680] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 27.582707] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.582735] ? ret_from_fork_asm+0x1a/0x30 [ 27.582757] ? kthread+0x337/0x6f0 [ 27.582782] kasan_bitops_generic+0x121/0x1c0 [ 27.582806] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.582830] ? __pfx_read_tsc+0x10/0x10 [ 27.582852] ? ktime_get_ts64+0x86/0x230 [ 27.582877] kunit_try_run_case+0x1a5/0x480 [ 27.582900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.582923] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.582948] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.582973] ? __kthread_parkme+0x82/0x180 [ 27.582998] ? preempt_count_sub+0x50/0x80 [ 27.583025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.583048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.583073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.583096] kthread+0x337/0x6f0 [ 27.583116] ? trace_preempt_on+0x20/0xc0 [ 27.583141] ? __pfx_kthread+0x10/0x10 [ 27.583173] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.583197] ? calculate_sigpending+0x7b/0xa0 [ 27.583220] ? __pfx_kthread+0x10/0x10 [ 27.583242] ret_from_fork+0x116/0x1d0 [ 27.583261] ? __pfx_kthread+0x10/0x10 [ 27.583282] ret_from_fork_asm+0x1a/0x30 [ 27.583313] </TASK> [ 27.583323] [ 27.595244] Allocated by task 310: [ 27.595465] kasan_save_stack+0x45/0x70 [ 27.595616] kasan_save_track+0x18/0x40 [ 27.595752] kasan_save_alloc_info+0x3b/0x50 [ 27.595896] __kasan_kmalloc+0xb7/0xc0 [ 27.596080] __kmalloc_cache_noprof+0x189/0x420 [ 27.596522] kasan_bitops_generic+0x92/0x1c0 [ 27.596895] kunit_try_run_case+0x1a5/0x480 [ 27.597255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.597593] kthread+0x337/0x6f0 [ 27.597827] ret_from_fork+0x116/0x1d0 [ 27.598033] ret_from_fork_asm+0x1a/0x30 [ 27.598201] [ 27.598270] The buggy address belongs to the object at ffff8881049630a0 [ 27.598270] which belongs to the cache kmalloc-16 of size 16 [ 27.599028] The buggy address is located 8 bytes inside of [ 27.599028] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.599624] [ 27.599732] The buggy address belongs to the physical page: [ 27.599988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.600256] flags: 0x200000000000000(node=0|zone=2) [ 27.600421] page_type: f5(slab) [ 27.600541] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.601332] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.602122] page dumped because: kasan: bad access detected [ 27.602621] [ 27.602816] Memory state around the buggy address: [ 27.603255] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.603799] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.604360] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.605079] ^ [ 27.605305] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.605908] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.606369] ================================================================== [ 27.560654] ================================================================== [ 27.560949] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.561328] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.561699] [ 27.561786] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.561834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.561847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.561868] Call Trace: [ 27.561887] <TASK> [ 27.561905] dump_stack_lvl+0x73/0xb0 [ 27.561934] print_report+0xd1/0x640 [ 27.561956] ? __virt_addr_valid+0x1db/0x2d0 [ 27.561979] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.562007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.562032] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.562060] kasan_report+0x141/0x180 [ 27.562082] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.562112] kasan_check_range+0x10c/0x1c0 [ 27.562136] __kasan_check_write+0x18/0x20 [ 27.562173] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 27.562200] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.562230] ? ret_from_fork_asm+0x1a/0x30 [ 27.562254] ? kthread+0x337/0x6f0 [ 27.562279] kasan_bitops_generic+0x121/0x1c0 [ 27.562302] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.562327] ? __pfx_read_tsc+0x10/0x10 [ 27.562350] ? ktime_get_ts64+0x86/0x230 [ 27.562376] kunit_try_run_case+0x1a5/0x480 [ 27.562399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.562422] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.562447] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.562472] ? __kthread_parkme+0x82/0x180 [ 27.562492] ? preempt_count_sub+0x50/0x80 [ 27.562515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.562539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.562562] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.562585] kthread+0x337/0x6f0 [ 27.562605] ? trace_preempt_on+0x20/0xc0 [ 27.562629] ? __pfx_kthread+0x10/0x10 [ 27.562649] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.562673] ? calculate_sigpending+0x7b/0xa0 [ 27.562697] ? __pfx_kthread+0x10/0x10 [ 27.562718] ret_from_fork+0x116/0x1d0 [ 27.562738] ? __pfx_kthread+0x10/0x10 [ 27.562807] ret_from_fork_asm+0x1a/0x30 [ 27.562841] </TASK> [ 27.562852] [ 27.571471] Allocated by task 310: [ 27.571624] kasan_save_stack+0x45/0x70 [ 27.571811] kasan_save_track+0x18/0x40 [ 27.572031] kasan_save_alloc_info+0x3b/0x50 [ 27.572216] __kasan_kmalloc+0xb7/0xc0 [ 27.572347] __kmalloc_cache_noprof+0x189/0x420 [ 27.572865] kasan_bitops_generic+0x92/0x1c0 [ 27.573218] kunit_try_run_case+0x1a5/0x480 [ 27.573513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.573717] kthread+0x337/0x6f0 [ 27.573885] ret_from_fork+0x116/0x1d0 [ 27.574079] ret_from_fork_asm+0x1a/0x30 [ 27.574231] [ 27.574329] The buggy address belongs to the object at ffff8881049630a0 [ 27.574329] which belongs to the cache kmalloc-16 of size 16 [ 27.575101] The buggy address is located 8 bytes inside of [ 27.575101] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.575706] [ 27.575808] The buggy address belongs to the physical page: [ 27.576092] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.576469] flags: 0x200000000000000(node=0|zone=2) [ 27.576654] page_type: f5(slab) [ 27.576820] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.577134] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.577710] page dumped because: kasan: bad access detected [ 27.577968] [ 27.578076] Memory state around the buggy address: [ 27.578513] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.578730] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.578935] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.579137] ^ [ 27.579352] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.579971] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.580343] ================================================================== [ 27.650820] ================================================================== [ 27.651165] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.651784] Read of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.652089] [ 27.652188] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.652236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.652249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.652271] Call Trace: [ 27.652288] <TASK> [ 27.652306] dump_stack_lvl+0x73/0xb0 [ 27.652334] print_report+0xd1/0x640 [ 27.652357] ? __virt_addr_valid+0x1db/0x2d0 [ 27.652381] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.652408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.652434] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.652463] kasan_report+0x141/0x180 [ 27.652486] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.652517] kasan_check_range+0x10c/0x1c0 [ 27.652540] __kasan_check_read+0x15/0x20 [ 27.652624] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 27.652657] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.652687] ? ret_from_fork_asm+0x1a/0x30 [ 27.652710] ? kthread+0x337/0x6f0 [ 27.652734] kasan_bitops_generic+0x121/0x1c0 [ 27.652758] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.652782] ? __pfx_read_tsc+0x10/0x10 [ 27.652805] ? ktime_get_ts64+0x86/0x230 [ 27.652829] kunit_try_run_case+0x1a5/0x480 [ 27.652855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.652876] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.652902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.652927] ? __kthread_parkme+0x82/0x180 [ 27.652960] ? preempt_count_sub+0x50/0x80 [ 27.652983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.653008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.653031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.653055] kthread+0x337/0x6f0 [ 27.653075] ? trace_preempt_on+0x20/0xc0 [ 27.653100] ? __pfx_kthread+0x10/0x10 [ 27.653121] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.653156] ? calculate_sigpending+0x7b/0xa0 [ 27.653181] ? __pfx_kthread+0x10/0x10 [ 27.653202] ret_from_fork+0x116/0x1d0 [ 27.653223] ? __pfx_kthread+0x10/0x10 [ 27.653244] ret_from_fork_asm+0x1a/0x30 [ 27.653274] </TASK> [ 27.653285] [ 27.661679] Allocated by task 310: [ 27.661866] kasan_save_stack+0x45/0x70 [ 27.662118] kasan_save_track+0x18/0x40 [ 27.662379] kasan_save_alloc_info+0x3b/0x50 [ 27.662588] __kasan_kmalloc+0xb7/0xc0 [ 27.662739] __kmalloc_cache_noprof+0x189/0x420 [ 27.662956] kasan_bitops_generic+0x92/0x1c0 [ 27.663295] kunit_try_run_case+0x1a5/0x480 [ 27.663548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.663841] kthread+0x337/0x6f0 [ 27.664036] ret_from_fork+0x116/0x1d0 [ 27.664231] ret_from_fork_asm+0x1a/0x30 [ 27.664466] [ 27.664552] The buggy address belongs to the object at ffff8881049630a0 [ 27.664552] which belongs to the cache kmalloc-16 of size 16 [ 27.665023] The buggy address is located 8 bytes inside of [ 27.665023] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.665375] [ 27.665443] The buggy address belongs to the physical page: [ 27.665617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.665851] flags: 0x200000000000000(node=0|zone=2) [ 27.666008] page_type: f5(slab) [ 27.666123] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.666823] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.667434] page dumped because: kasan: bad access detected [ 27.667688] [ 27.667775] Memory state around the buggy address: [ 27.668041] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.668308] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.668519] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.668732] ^ [ 27.668882] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.669367] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.669709] ================================================================== [ 27.607139] ================================================================== [ 27.607432] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.607903] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.608212] [ 27.608363] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.608457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.608469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.608491] Call Trace: [ 27.608511] <TASK> [ 27.608542] dump_stack_lvl+0x73/0xb0 [ 27.608574] print_report+0xd1/0x640 [ 27.608597] ? __virt_addr_valid+0x1db/0x2d0 [ 27.608633] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.608660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.608687] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.608714] kasan_report+0x141/0x180 [ 27.608745] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.608776] kasan_check_range+0x10c/0x1c0 [ 27.608811] __kasan_check_write+0x18/0x20 [ 27.608835] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 27.608862] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.608891] ? ret_from_fork_asm+0x1a/0x30 [ 27.608915] ? kthread+0x337/0x6f0 [ 27.608950] kasan_bitops_generic+0x121/0x1c0 [ 27.608974] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.609008] ? __pfx_read_tsc+0x10/0x10 [ 27.609030] ? ktime_get_ts64+0x86/0x230 [ 27.609066] kunit_try_run_case+0x1a5/0x480 [ 27.609091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.609114] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.609139] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.609174] ? __kthread_parkme+0x82/0x180 [ 27.609194] ? preempt_count_sub+0x50/0x80 [ 27.609218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.609242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.609266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.609289] kthread+0x337/0x6f0 [ 27.609308] ? trace_preempt_on+0x20/0xc0 [ 27.609333] ? __pfx_kthread+0x10/0x10 [ 27.609353] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.609377] ? calculate_sigpending+0x7b/0xa0 [ 27.609400] ? __pfx_kthread+0x10/0x10 [ 27.609423] ret_from_fork+0x116/0x1d0 [ 27.609443] ? __pfx_kthread+0x10/0x10 [ 27.609464] ret_from_fork_asm+0x1a/0x30 [ 27.609504] </TASK> [ 27.609516] [ 27.620503] Allocated by task 310: [ 27.620647] kasan_save_stack+0x45/0x70 [ 27.620796] kasan_save_track+0x18/0x40 [ 27.621028] kasan_save_alloc_info+0x3b/0x50 [ 27.621467] __kasan_kmalloc+0xb7/0xc0 [ 27.621656] __kmalloc_cache_noprof+0x189/0x420 [ 27.621811] kasan_bitops_generic+0x92/0x1c0 [ 27.621955] kunit_try_run_case+0x1a5/0x480 [ 27.622153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.622424] kthread+0x337/0x6f0 [ 27.622627] ret_from_fork+0x116/0x1d0 [ 27.622872] ret_from_fork_asm+0x1a/0x30 [ 27.623237] [ 27.623578] The buggy address belongs to the object at ffff8881049630a0 [ 27.623578] which belongs to the cache kmalloc-16 of size 16 [ 27.624070] The buggy address is located 8 bytes inside of [ 27.624070] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.624896] [ 27.625034] The buggy address belongs to the physical page: [ 27.625299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.625807] flags: 0x200000000000000(node=0|zone=2) [ 27.625967] page_type: f5(slab) [ 27.626131] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.626659] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.627526] page dumped because: kasan: bad access detected [ 27.627795] [ 27.627884] Memory state around the buggy address: [ 27.628417] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.628713] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.629033] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.629442] ^ [ 27.629761] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.630220] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.630715] ================================================================== [ 27.541066] ================================================================== [ 27.541321] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.542010] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.542248] [ 27.542334] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.542381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.542394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.542415] Call Trace: [ 27.542435] <TASK> [ 27.542453] dump_stack_lvl+0x73/0xb0 [ 27.542482] print_report+0xd1/0x640 [ 27.542503] ? __virt_addr_valid+0x1db/0x2d0 [ 27.542527] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.542554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.542579] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.542606] kasan_report+0x141/0x180 [ 27.542628] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.542659] kasan_check_range+0x10c/0x1c0 [ 27.542725] __kasan_check_write+0x18/0x20 [ 27.542749] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 27.542776] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.542805] ? ret_from_fork_asm+0x1a/0x30 [ 27.542828] ? kthread+0x337/0x6f0 [ 27.542851] kasan_bitops_generic+0x121/0x1c0 [ 27.542875] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.542899] ? __pfx_read_tsc+0x10/0x10 [ 27.542921] ? ktime_get_ts64+0x86/0x230 [ 27.542946] kunit_try_run_case+0x1a5/0x480 [ 27.542971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.542994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.543020] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.543045] ? __kthread_parkme+0x82/0x180 [ 27.543066] ? preempt_count_sub+0x50/0x80 [ 27.543089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.543113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.543137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.543174] kthread+0x337/0x6f0 [ 27.543194] ? trace_preempt_on+0x20/0xc0 [ 27.543218] ? __pfx_kthread+0x10/0x10 [ 27.543239] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.543262] ? calculate_sigpending+0x7b/0xa0 [ 27.543287] ? __pfx_kthread+0x10/0x10 [ 27.543308] ret_from_fork+0x116/0x1d0 [ 27.543328] ? __pfx_kthread+0x10/0x10 [ 27.543349] ret_from_fork_asm+0x1a/0x30 [ 27.543380] </TASK> [ 27.543392] [ 27.551831] Allocated by task 310: [ 27.552025] kasan_save_stack+0x45/0x70 [ 27.552237] kasan_save_track+0x18/0x40 [ 27.552488] kasan_save_alloc_info+0x3b/0x50 [ 27.552692] __kasan_kmalloc+0xb7/0xc0 [ 27.552872] __kmalloc_cache_noprof+0x189/0x420 [ 27.553191] kasan_bitops_generic+0x92/0x1c0 [ 27.553342] kunit_try_run_case+0x1a5/0x480 [ 27.553735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.554066] kthread+0x337/0x6f0 [ 27.554223] ret_from_fork+0x116/0x1d0 [ 27.554463] ret_from_fork_asm+0x1a/0x30 [ 27.554625] [ 27.554716] The buggy address belongs to the object at ffff8881049630a0 [ 27.554716] which belongs to the cache kmalloc-16 of size 16 [ 27.555186] The buggy address is located 8 bytes inside of [ 27.555186] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.555654] [ 27.555733] The buggy address belongs to the physical page: [ 27.555911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.556288] flags: 0x200000000000000(node=0|zone=2) [ 27.556512] page_type: f5(slab) [ 27.556674] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.557022] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.557508] page dumped because: kasan: bad access detected [ 27.557701] [ 27.557788] Memory state around the buggy address: [ 27.558076] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.558363] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.558645] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.558918] ^ [ 27.559318] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.559843] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.560156] ================================================================== [ 27.521764] ================================================================== [ 27.522134] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.522768] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.523091] [ 27.523191] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.523239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.523252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.523273] Call Trace: [ 27.523288] <TASK> [ 27.523304] dump_stack_lvl+0x73/0xb0 [ 27.523330] print_report+0xd1/0x640 [ 27.523352] ? __virt_addr_valid+0x1db/0x2d0 [ 27.523389] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.523415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.523441] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.523468] kasan_report+0x141/0x180 [ 27.523490] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.523522] kasan_check_range+0x10c/0x1c0 [ 27.523545] __kasan_check_write+0x18/0x20 [ 27.523568] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 27.523596] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 27.523628] ? ret_from_fork_asm+0x1a/0x30 [ 27.523652] ? kthread+0x337/0x6f0 [ 27.523676] kasan_bitops_generic+0x121/0x1c0 [ 27.523700] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.523724] ? __pfx_read_tsc+0x10/0x10 [ 27.523747] ? ktime_get_ts64+0x86/0x230 [ 27.523772] kunit_try_run_case+0x1a5/0x480 [ 27.523797] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.523819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.523844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.523871] ? __kthread_parkme+0x82/0x180 [ 27.523891] ? preempt_count_sub+0x50/0x80 [ 27.523914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.523939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.524012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.524036] kthread+0x337/0x6f0 [ 27.524056] ? trace_preempt_on+0x20/0xc0 [ 27.524081] ? __pfx_kthread+0x10/0x10 [ 27.524102] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.524125] ? calculate_sigpending+0x7b/0xa0 [ 27.524159] ? __pfx_kthread+0x10/0x10 [ 27.524181] ret_from_fork+0x116/0x1d0 [ 27.524201] ? __pfx_kthread+0x10/0x10 [ 27.524222] ret_from_fork_asm+0x1a/0x30 [ 27.524253] </TASK> [ 27.524265] [ 27.532112] Allocated by task 310: [ 27.532254] kasan_save_stack+0x45/0x70 [ 27.532401] kasan_save_track+0x18/0x40 [ 27.532697] kasan_save_alloc_info+0x3b/0x50 [ 27.532903] __kasan_kmalloc+0xb7/0xc0 [ 27.533282] __kmalloc_cache_noprof+0x189/0x420 [ 27.533497] kasan_bitops_generic+0x92/0x1c0 [ 27.533698] kunit_try_run_case+0x1a5/0x480 [ 27.533899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.534119] kthread+0x337/0x6f0 [ 27.534248] ret_from_fork+0x116/0x1d0 [ 27.534381] ret_from_fork_asm+0x1a/0x30 [ 27.534516] [ 27.534580] The buggy address belongs to the object at ffff8881049630a0 [ 27.534580] which belongs to the cache kmalloc-16 of size 16 [ 27.535372] The buggy address is located 8 bytes inside of [ 27.535372] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.535947] [ 27.536040] The buggy address belongs to the physical page: [ 27.536312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.536650] flags: 0x200000000000000(node=0|zone=2) [ 27.536815] page_type: f5(slab) [ 27.536933] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.537285] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.537946] page dumped because: kasan: bad access detected [ 27.538124] [ 27.538199] Memory state around the buggy address: [ 27.538353] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.538620] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.538934] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.539740] ^ [ 27.539982] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.540285] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.540578] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.463115] ================================================================== [ 27.463396] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.463822] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.464070] [ 27.464200] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.464251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.464263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.464285] Call Trace: [ 27.464306] <TASK> [ 27.464324] dump_stack_lvl+0x73/0xb0 [ 27.464352] print_report+0xd1/0x640 [ 27.464375] ? __virt_addr_valid+0x1db/0x2d0 [ 27.464400] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.464425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.464452] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.464524] kasan_report+0x141/0x180 [ 27.464549] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.464579] kasan_check_range+0x10c/0x1c0 [ 27.464602] __kasan_check_write+0x18/0x20 [ 27.464625] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.464650] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.464678] ? ret_from_fork_asm+0x1a/0x30 [ 27.464702] ? kthread+0x337/0x6f0 [ 27.464728] kasan_bitops_generic+0x116/0x1c0 [ 27.464752] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.464779] ? __pfx_read_tsc+0x10/0x10 [ 27.464802] ? ktime_get_ts64+0x86/0x230 [ 27.464828] kunit_try_run_case+0x1a5/0x480 [ 27.464854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.464878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.464904] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.464930] ? __kthread_parkme+0x82/0x180 [ 27.464949] ? preempt_count_sub+0x50/0x80 [ 27.464972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.464996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.465020] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.465043] kthread+0x337/0x6f0 [ 27.465063] ? trace_preempt_on+0x20/0xc0 [ 27.465095] ? __pfx_kthread+0x10/0x10 [ 27.465116] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.465142] ? calculate_sigpending+0x7b/0xa0 [ 27.465180] ? __pfx_kthread+0x10/0x10 [ 27.465201] ret_from_fork+0x116/0x1d0 [ 27.465222] ? __pfx_kthread+0x10/0x10 [ 27.465243] ret_from_fork_asm+0x1a/0x30 [ 27.465274] </TASK> [ 27.465285] [ 27.473567] Allocated by task 310: [ 27.473747] kasan_save_stack+0x45/0x70 [ 27.473924] kasan_save_track+0x18/0x40 [ 27.474065] kasan_save_alloc_info+0x3b/0x50 [ 27.474221] __kasan_kmalloc+0xb7/0xc0 [ 27.474350] __kmalloc_cache_noprof+0x189/0x420 [ 27.474562] kasan_bitops_generic+0x92/0x1c0 [ 27.475040] kunit_try_run_case+0x1a5/0x480 [ 27.475269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.475599] kthread+0x337/0x6f0 [ 27.475784] ret_from_fork+0x116/0x1d0 [ 27.475953] ret_from_fork_asm+0x1a/0x30 [ 27.476125] [ 27.476234] The buggy address belongs to the object at ffff8881049630a0 [ 27.476234] which belongs to the cache kmalloc-16 of size 16 [ 27.476749] The buggy address is located 8 bytes inside of [ 27.476749] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.477557] [ 27.477662] The buggy address belongs to the physical page: [ 27.477896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.478248] flags: 0x200000000000000(node=0|zone=2) [ 27.478536] page_type: f5(slab) [ 27.478707] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.478952] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.479190] page dumped because: kasan: bad access detected [ 27.479361] [ 27.479426] Memory state around the buggy address: [ 27.479578] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.479828] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.480275] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.480581] ^ [ 27.480786] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.481480] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.481704] ================================================================== [ 27.364737] ================================================================== [ 27.365157] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.365745] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.366198] [ 27.366352] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.366410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.366474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.366499] Call Trace: [ 27.366558] <TASK> [ 27.366578] dump_stack_lvl+0x73/0xb0 [ 27.366610] print_report+0xd1/0x640 [ 27.366633] ? __virt_addr_valid+0x1db/0x2d0 [ 27.366658] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.366716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.366742] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.366769] kasan_report+0x141/0x180 [ 27.366791] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.366822] kasan_check_range+0x10c/0x1c0 [ 27.366877] __kasan_check_write+0x18/0x20 [ 27.366900] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.366927] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.366966] ? ret_from_fork_asm+0x1a/0x30 [ 27.366992] ? kthread+0x337/0x6f0 [ 27.367049] kasan_bitops_generic+0x116/0x1c0 [ 27.367073] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.367098] ? __pfx_read_tsc+0x10/0x10 [ 27.367122] ? ktime_get_ts64+0x86/0x230 [ 27.367159] kunit_try_run_case+0x1a5/0x480 [ 27.367217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.367263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.367290] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.367316] ? __kthread_parkme+0x82/0x180 [ 27.367336] ? preempt_count_sub+0x50/0x80 [ 27.367360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.367430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.367490] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.367538] kthread+0x337/0x6f0 [ 27.367583] ? trace_preempt_on+0x20/0xc0 [ 27.367609] ? __pfx_kthread+0x10/0x10 [ 27.367636] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.367659] ? calculate_sigpending+0x7b/0xa0 [ 27.367684] ? __pfx_kthread+0x10/0x10 [ 27.367705] ret_from_fork+0x116/0x1d0 [ 27.367726] ? __pfx_kthread+0x10/0x10 [ 27.367786] ret_from_fork_asm+0x1a/0x30 [ 27.367819] </TASK> [ 27.367830] [ 27.377357] Allocated by task 310: [ 27.377547] kasan_save_stack+0x45/0x70 [ 27.377699] kasan_save_track+0x18/0x40 [ 27.377837] kasan_save_alloc_info+0x3b/0x50 [ 27.378076] __kasan_kmalloc+0xb7/0xc0 [ 27.378307] __kmalloc_cache_noprof+0x189/0x420 [ 27.378558] kasan_bitops_generic+0x92/0x1c0 [ 27.378760] kunit_try_run_case+0x1a5/0x480 [ 27.378966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.379264] kthread+0x337/0x6f0 [ 27.379379] ret_from_fork+0x116/0x1d0 [ 27.379503] ret_from_fork_asm+0x1a/0x30 [ 27.379636] [ 27.379822] The buggy address belongs to the object at ffff8881049630a0 [ 27.379822] which belongs to the cache kmalloc-16 of size 16 [ 27.380474] The buggy address is located 8 bytes inside of [ 27.380474] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.381350] [ 27.381558] The buggy address belongs to the physical page: [ 27.381814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.382049] flags: 0x200000000000000(node=0|zone=2) [ 27.382313] page_type: f5(slab) [ 27.382544] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.383092] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.383567] page dumped because: kasan: bad access detected [ 27.383815] [ 27.383898] Memory state around the buggy address: [ 27.384274] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.384571] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.384958] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.385287] ^ [ 27.385661] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386022] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386352] ================================================================== [ 27.439573] ================================================================== [ 27.440296] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.441020] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.441528] [ 27.441645] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.441697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.441711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.441733] Call Trace: [ 27.441754] <TASK> [ 27.441772] dump_stack_lvl+0x73/0xb0 [ 27.441802] print_report+0xd1/0x640 [ 27.441825] ? __virt_addr_valid+0x1db/0x2d0 [ 27.441850] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.441876] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.441903] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.441929] kasan_report+0x141/0x180 [ 27.442078] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.442198] kasan_check_range+0x10c/0x1c0 [ 27.442225] __kasan_check_write+0x18/0x20 [ 27.442249] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.442275] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.442303] ? ret_from_fork_asm+0x1a/0x30 [ 27.442327] ? kthread+0x337/0x6f0 [ 27.442352] kasan_bitops_generic+0x116/0x1c0 [ 27.442425] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.442453] ? __pfx_read_tsc+0x10/0x10 [ 27.442476] ? ktime_get_ts64+0x86/0x230 [ 27.442501] kunit_try_run_case+0x1a5/0x480 [ 27.442526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.442549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.442575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.442601] ? __kthread_parkme+0x82/0x180 [ 27.442623] ? preempt_count_sub+0x50/0x80 [ 27.442647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.442671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.442694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.442718] kthread+0x337/0x6f0 [ 27.442738] ? trace_preempt_on+0x20/0xc0 [ 27.442762] ? __pfx_kthread+0x10/0x10 [ 27.442784] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.442807] ? calculate_sigpending+0x7b/0xa0 [ 27.442831] ? __pfx_kthread+0x10/0x10 [ 27.442853] ret_from_fork+0x116/0x1d0 [ 27.442874] ? __pfx_kthread+0x10/0x10 [ 27.442895] ret_from_fork_asm+0x1a/0x30 [ 27.442926] </TASK> [ 27.442937] [ 27.454023] Allocated by task 310: [ 27.454368] kasan_save_stack+0x45/0x70 [ 27.454578] kasan_save_track+0x18/0x40 [ 27.454750] kasan_save_alloc_info+0x3b/0x50 [ 27.454948] __kasan_kmalloc+0xb7/0xc0 [ 27.455608] __kmalloc_cache_noprof+0x189/0x420 [ 27.455819] kasan_bitops_generic+0x92/0x1c0 [ 27.456040] kunit_try_run_case+0x1a5/0x480 [ 27.456219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.456543] kthread+0x337/0x6f0 [ 27.456695] ret_from_fork+0x116/0x1d0 [ 27.456880] ret_from_fork_asm+0x1a/0x30 [ 27.457060] [ 27.457130] The buggy address belongs to the object at ffff8881049630a0 [ 27.457130] which belongs to the cache kmalloc-16 of size 16 [ 27.457576] The buggy address is located 8 bytes inside of [ 27.457576] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.458127] [ 27.458218] The buggy address belongs to the physical page: [ 27.458542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.458795] flags: 0x200000000000000(node=0|zone=2) [ 27.459115] page_type: f5(slab) [ 27.459290] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.459570] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.459797] page dumped because: kasan: bad access detected [ 27.460229] [ 27.460329] Memory state around the buggy address: [ 27.460803] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.461182] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.461433] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.461758] ^ [ 27.462053] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.462271] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.462607] ================================================================== [ 27.386963] ================================================================== [ 27.387225] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.387817] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.388214] [ 27.388439] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.388526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.388540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.388563] Call Trace: [ 27.388581] <TASK> [ 27.388598] dump_stack_lvl+0x73/0xb0 [ 27.388626] print_report+0xd1/0x640 [ 27.388649] ? __virt_addr_valid+0x1db/0x2d0 [ 27.388673] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.388699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.388725] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.388750] kasan_report+0x141/0x180 [ 27.388773] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.388803] kasan_check_range+0x10c/0x1c0 [ 27.388827] __kasan_check_write+0x18/0x20 [ 27.388882] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.388908] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.388935] ? ret_from_fork_asm+0x1a/0x30 [ 27.388968] ? kthread+0x337/0x6f0 [ 27.388992] kasan_bitops_generic+0x116/0x1c0 [ 27.389016] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.389041] ? __pfx_read_tsc+0x10/0x10 [ 27.389064] ? ktime_get_ts64+0x86/0x230 [ 27.389089] kunit_try_run_case+0x1a5/0x480 [ 27.389114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.389137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.389212] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.389238] ? __kthread_parkme+0x82/0x180 [ 27.389258] ? preempt_count_sub+0x50/0x80 [ 27.389282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.389306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.389360] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.389385] kthread+0x337/0x6f0 [ 27.389404] ? trace_preempt_on+0x20/0xc0 [ 27.389471] ? __pfx_kthread+0x10/0x10 [ 27.389495] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.389557] ? calculate_sigpending+0x7b/0xa0 [ 27.389581] ? __pfx_kthread+0x10/0x10 [ 27.389603] ret_from_fork+0x116/0x1d0 [ 27.389623] ? __pfx_kthread+0x10/0x10 [ 27.389644] ret_from_fork_asm+0x1a/0x30 [ 27.389703] </TASK> [ 27.389714] [ 27.399337] Allocated by task 310: [ 27.399604] kasan_save_stack+0x45/0x70 [ 27.399817] kasan_save_track+0x18/0x40 [ 27.400088] kasan_save_alloc_info+0x3b/0x50 [ 27.400337] __kasan_kmalloc+0xb7/0xc0 [ 27.400591] __kmalloc_cache_noprof+0x189/0x420 [ 27.400744] kasan_bitops_generic+0x92/0x1c0 [ 27.400886] kunit_try_run_case+0x1a5/0x480 [ 27.401022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.401198] kthread+0x337/0x6f0 [ 27.401312] ret_from_fork+0x116/0x1d0 [ 27.401438] ret_from_fork_asm+0x1a/0x30 [ 27.401666] [ 27.401758] The buggy address belongs to the object at ffff8881049630a0 [ 27.401758] which belongs to the cache kmalloc-16 of size 16 [ 27.402399] The buggy address is located 8 bytes inside of [ 27.402399] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.403325] [ 27.403518] The buggy address belongs to the physical page: [ 27.403786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.404519] flags: 0x200000000000000(node=0|zone=2) [ 27.404773] page_type: f5(slab) [ 27.404932] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.405196] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.405441] page dumped because: kasan: bad access detected [ 27.405690] [ 27.406000] Memory state around the buggy address: [ 27.406253] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.406716] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.406939] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.407274] ^ [ 27.407680] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.407898] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.408419] ================================================================== [ 27.322529] ================================================================== [ 27.323204] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.323704] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.325113] [ 27.325233] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.325289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.325303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.325327] Call Trace: [ 27.325341] <TASK> [ 27.325361] dump_stack_lvl+0x73/0xb0 [ 27.325464] print_report+0xd1/0x640 [ 27.325489] ? __virt_addr_valid+0x1db/0x2d0 [ 27.325513] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.325539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.325565] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.325590] kasan_report+0x141/0x180 [ 27.325613] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.325643] kasan_check_range+0x10c/0x1c0 [ 27.325667] __kasan_check_write+0x18/0x20 [ 27.325689] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.325715] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.325741] ? ret_from_fork_asm+0x1a/0x30 [ 27.325765] ? kthread+0x337/0x6f0 [ 27.325790] kasan_bitops_generic+0x116/0x1c0 [ 27.325814] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.325838] ? __pfx_read_tsc+0x10/0x10 [ 27.325860] ? ktime_get_ts64+0x86/0x230 [ 27.325885] kunit_try_run_case+0x1a5/0x480 [ 27.325911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.325934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.325961] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.325987] ? __kthread_parkme+0x82/0x180 [ 27.326007] ? preempt_count_sub+0x50/0x80 [ 27.326031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.326083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.326107] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.326130] kthread+0x337/0x6f0 [ 27.326160] ? trace_preempt_on+0x20/0xc0 [ 27.326185] ? __pfx_kthread+0x10/0x10 [ 27.326205] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.326230] ? calculate_sigpending+0x7b/0xa0 [ 27.326254] ? __pfx_kthread+0x10/0x10 [ 27.326275] ret_from_fork+0x116/0x1d0 [ 27.326295] ? __pfx_kthread+0x10/0x10 [ 27.326315] ret_from_fork_asm+0x1a/0x30 [ 27.326346] </TASK> [ 27.326357] [ 27.334964] Allocated by task 310: [ 27.335248] kasan_save_stack+0x45/0x70 [ 27.335448] kasan_save_track+0x18/0x40 [ 27.335751] kasan_save_alloc_info+0x3b/0x50 [ 27.336009] __kasan_kmalloc+0xb7/0xc0 [ 27.336137] __kmalloc_cache_noprof+0x189/0x420 [ 27.336298] kasan_bitops_generic+0x92/0x1c0 [ 27.336440] kunit_try_run_case+0x1a5/0x480 [ 27.336597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.336767] kthread+0x337/0x6f0 [ 27.336885] ret_from_fork+0x116/0x1d0 [ 27.337012] ret_from_fork_asm+0x1a/0x30 [ 27.337158] [ 27.337224] The buggy address belongs to the object at ffff8881049630a0 [ 27.337224] which belongs to the cache kmalloc-16 of size 16 [ 27.337807] The buggy address is located 8 bytes inside of [ 27.337807] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.338732] [ 27.338856] The buggy address belongs to the physical page: [ 27.339338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.339727] flags: 0x200000000000000(node=0|zone=2) [ 27.339936] page_type: f5(slab) [ 27.340116] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.340679] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.341048] page dumped because: kasan: bad access detected [ 27.341310] [ 27.341462] Memory state around the buggy address: [ 27.341627] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.341852] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.342477] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.342692] ^ [ 27.342837] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.343349] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.343670] ================================================================== [ 27.408928] ================================================================== [ 27.409262] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.409758] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.410170] [ 27.410273] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.410358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.410372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.410394] Call Trace: [ 27.410410] <TASK> [ 27.410476] dump_stack_lvl+0x73/0xb0 [ 27.410544] print_report+0xd1/0x640 [ 27.410568] ? __virt_addr_valid+0x1db/0x2d0 [ 27.410592] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.410617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.410669] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.410697] kasan_report+0x141/0x180 [ 27.410720] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.410751] kasan_check_range+0x10c/0x1c0 [ 27.410775] __kasan_check_write+0x18/0x20 [ 27.410799] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.410824] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.410853] ? ret_from_fork_asm+0x1a/0x30 [ 27.410876] ? kthread+0x337/0x6f0 [ 27.410900] kasan_bitops_generic+0x116/0x1c0 [ 27.410924] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.410993] ? __pfx_read_tsc+0x10/0x10 [ 27.411017] ? ktime_get_ts64+0x86/0x230 [ 27.411042] kunit_try_run_case+0x1a5/0x480 [ 27.411067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.411089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.411114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.411139] ? __kthread_parkme+0x82/0x180 [ 27.411171] ? preempt_count_sub+0x50/0x80 [ 27.411194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.411219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.411242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.411266] kthread+0x337/0x6f0 [ 27.411318] ? trace_preempt_on+0x20/0xc0 [ 27.411343] ? __pfx_kthread+0x10/0x10 [ 27.411364] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.411398] ? calculate_sigpending+0x7b/0xa0 [ 27.411423] ? __pfx_kthread+0x10/0x10 [ 27.411444] ret_from_fork+0x116/0x1d0 [ 27.411464] ? __pfx_kthread+0x10/0x10 [ 27.411550] ret_from_fork_asm+0x1a/0x30 [ 27.411582] </TASK> [ 27.411594] [ 27.425459] Allocated by task 310: [ 27.425933] kasan_save_stack+0x45/0x70 [ 27.426490] kasan_save_track+0x18/0x40 [ 27.427028] kasan_save_alloc_info+0x3b/0x50 [ 27.427716] __kasan_kmalloc+0xb7/0xc0 [ 27.428480] __kmalloc_cache_noprof+0x189/0x420 [ 27.428961] kasan_bitops_generic+0x92/0x1c0 [ 27.429765] kunit_try_run_case+0x1a5/0x480 [ 27.430275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.431114] kthread+0x337/0x6f0 [ 27.431278] ret_from_fork+0x116/0x1d0 [ 27.431901] ret_from_fork_asm+0x1a/0x30 [ 27.432615] [ 27.433054] The buggy address belongs to the object at ffff8881049630a0 [ 27.433054] which belongs to the cache kmalloc-16 of size 16 [ 27.433900] The buggy address is located 8 bytes inside of [ 27.433900] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.434438] [ 27.434537] The buggy address belongs to the physical page: [ 27.434741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.435099] flags: 0x200000000000000(node=0|zone=2) [ 27.435306] page_type: f5(slab) [ 27.435469] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.435846] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.436187] page dumped because: kasan: bad access detected [ 27.436462] [ 27.436575] Memory state around the buggy address: [ 27.436791] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.437132] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.437471] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.437980] ^ [ 27.438331] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.438720] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.439017] ================================================================== [ 27.482091] ================================================================== [ 27.482560] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.482947] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.483300] [ 27.483440] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.483492] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.483505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.483526] Call Trace: [ 27.483546] <TASK> [ 27.483563] dump_stack_lvl+0x73/0xb0 [ 27.483592] print_report+0xd1/0x640 [ 27.483613] ? __virt_addr_valid+0x1db/0x2d0 [ 27.483644] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.483670] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.483696] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.483721] kasan_report+0x141/0x180 [ 27.483743] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.483774] kasan_check_range+0x10c/0x1c0 [ 27.483797] __kasan_check_write+0x18/0x20 [ 27.483821] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 27.483848] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.483875] ? ret_from_fork_asm+0x1a/0x30 [ 27.483898] ? kthread+0x337/0x6f0 [ 27.483922] kasan_bitops_generic+0x116/0x1c0 [ 27.483957] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.483982] ? __pfx_read_tsc+0x10/0x10 [ 27.484004] ? ktime_get_ts64+0x86/0x230 [ 27.484029] kunit_try_run_case+0x1a5/0x480 [ 27.484053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.484076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.484102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.484127] ? __kthread_parkme+0x82/0x180 [ 27.484159] ? preempt_count_sub+0x50/0x80 [ 27.484183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.484207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.484230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.484255] kthread+0x337/0x6f0 [ 27.484276] ? trace_preempt_on+0x20/0xc0 [ 27.484301] ? __pfx_kthread+0x10/0x10 [ 27.484322] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.484345] ? calculate_sigpending+0x7b/0xa0 [ 27.484370] ? __pfx_kthread+0x10/0x10 [ 27.484432] ret_from_fork+0x116/0x1d0 [ 27.484453] ? __pfx_kthread+0x10/0x10 [ 27.484474] ret_from_fork_asm+0x1a/0x30 [ 27.484505] </TASK> [ 27.484517] [ 27.492398] Allocated by task 310: [ 27.492559] kasan_save_stack+0x45/0x70 [ 27.492747] kasan_save_track+0x18/0x40 [ 27.492895] kasan_save_alloc_info+0x3b/0x50 [ 27.493184] __kasan_kmalloc+0xb7/0xc0 [ 27.493315] __kmalloc_cache_noprof+0x189/0x420 [ 27.493466] kasan_bitops_generic+0x92/0x1c0 [ 27.493610] kunit_try_run_case+0x1a5/0x480 [ 27.493754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.493926] kthread+0x337/0x6f0 [ 27.494042] ret_from_fork+0x116/0x1d0 [ 27.495322] ret_from_fork_asm+0x1a/0x30 [ 27.495918] [ 27.496313] The buggy address belongs to the object at ffff8881049630a0 [ 27.496313] which belongs to the cache kmalloc-16 of size 16 [ 27.496927] The buggy address is located 8 bytes inside of [ 27.496927] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.497841] [ 27.497951] The buggy address belongs to the physical page: [ 27.498219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.498945] flags: 0x200000000000000(node=0|zone=2) [ 27.499232] page_type: f5(slab) [ 27.499401] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.499695] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.500039] page dumped because: kasan: bad access detected [ 27.500274] [ 27.500344] Memory state around the buggy address: [ 27.500495] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.500817] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.501172] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.501446] ^ [ 27.501660] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.501901] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.502314] ================================================================== [ 27.344280] ================================================================== [ 27.344679] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.344941] Write of size 8 at addr ffff8881049630a8 by task kunit_try_catch/310 [ 27.345280] [ 27.345454] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.345504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.345561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.345586] Call Trace: [ 27.345605] <TASK> [ 27.345660] dump_stack_lvl+0x73/0xb0 [ 27.345709] print_report+0xd1/0x640 [ 27.345732] ? __virt_addr_valid+0x1db/0x2d0 [ 27.345757] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.345783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.345809] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.345836] kasan_report+0x141/0x180 [ 27.345858] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.345903] kasan_check_range+0x10c/0x1c0 [ 27.345927] __kasan_check_write+0x18/0x20 [ 27.345951] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.345977] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.346005] ? ret_from_fork_asm+0x1a/0x30 [ 27.346029] ? kthread+0x337/0x6f0 [ 27.346054] kasan_bitops_generic+0x116/0x1c0 [ 27.346078] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.346103] ? __pfx_read_tsc+0x10/0x10 [ 27.346125] ? ktime_get_ts64+0x86/0x230 [ 27.346162] kunit_try_run_case+0x1a5/0x480 [ 27.346187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.346209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.346235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.346260] ? __kthread_parkme+0x82/0x180 [ 27.346280] ? preempt_count_sub+0x50/0x80 [ 27.346303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.346328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.346351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.346376] kthread+0x337/0x6f0 [ 27.346395] ? trace_preempt_on+0x20/0xc0 [ 27.346418] ? __pfx_kthread+0x10/0x10 [ 27.346439] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.346462] ? calculate_sigpending+0x7b/0xa0 [ 27.346486] ? __pfx_kthread+0x10/0x10 [ 27.346507] ret_from_fork+0x116/0x1d0 [ 27.346527] ? __pfx_kthread+0x10/0x10 [ 27.346548] ret_from_fork_asm+0x1a/0x30 [ 27.346578] </TASK> [ 27.346589] [ 27.355088] Allocated by task 310: [ 27.355300] kasan_save_stack+0x45/0x70 [ 27.355568] kasan_save_track+0x18/0x40 [ 27.355767] kasan_save_alloc_info+0x3b/0x50 [ 27.355994] __kasan_kmalloc+0xb7/0xc0 [ 27.356184] __kmalloc_cache_noprof+0x189/0x420 [ 27.356340] kasan_bitops_generic+0x92/0x1c0 [ 27.356484] kunit_try_run_case+0x1a5/0x480 [ 27.356622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.357239] kthread+0x337/0x6f0 [ 27.357492] ret_from_fork+0x116/0x1d0 [ 27.357680] ret_from_fork_asm+0x1a/0x30 [ 27.357870] [ 27.357983] The buggy address belongs to the object at ffff8881049630a0 [ 27.357983] which belongs to the cache kmalloc-16 of size 16 [ 27.358628] The buggy address is located 8 bytes inside of [ 27.358628] allocated 9-byte region [ffff8881049630a0, ffff8881049630a9) [ 27.359392] [ 27.359464] The buggy address belongs to the physical page: [ 27.359648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 27.359987] flags: 0x200000000000000(node=0|zone=2) [ 27.360324] page_type: f5(slab) [ 27.360548] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.360884] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.361242] page dumped because: kasan: bad access detected [ 27.361678] [ 27.361759] Memory state around the buggy address: [ 27.362059] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.362483] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.362774] >ffff888104963080: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.363110] ^ [ 27.363375] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.363771] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.364153] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.297735] ================================================================== [ 27.298183] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.298463] Read of size 1 at addr ffff8881060ae110 by task kunit_try_catch/308 [ 27.298777] [ 27.298881] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.298930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.298942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.298964] Call Trace: [ 27.298981] <TASK> [ 27.298998] dump_stack_lvl+0x73/0xb0 [ 27.299022] print_report+0xd1/0x640 [ 27.299045] ? __virt_addr_valid+0x1db/0x2d0 [ 27.299069] ? strnlen+0x73/0x80 [ 27.299089] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.299115] ? strnlen+0x73/0x80 [ 27.299134] kasan_report+0x141/0x180 [ 27.299167] ? strnlen+0x73/0x80 [ 27.299191] __asan_report_load1_noabort+0x18/0x20 [ 27.299215] strnlen+0x73/0x80 [ 27.299236] kasan_strings+0x615/0xe80 [ 27.299256] ? trace_hardirqs_on+0x37/0xe0 [ 27.299279] ? __pfx_kasan_strings+0x10/0x10 [ 27.299298] ? finish_task_switch.isra.0+0x153/0x700 [ 27.299320] ? __switch_to+0x47/0xf80 [ 27.299345] ? __schedule+0x10da/0x2b60 [ 27.299369] ? __pfx_read_tsc+0x10/0x10 [ 27.299391] ? ktime_get_ts64+0x86/0x230 [ 27.299414] kunit_try_run_case+0x1a5/0x480 [ 27.299438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.299461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.299500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.299526] ? __kthread_parkme+0x82/0x180 [ 27.299546] ? preempt_count_sub+0x50/0x80 [ 27.299569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.299593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.299616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.299644] kthread+0x337/0x6f0 [ 27.299664] ? trace_preempt_on+0x20/0xc0 [ 27.299687] ? __pfx_kthread+0x10/0x10 [ 27.299707] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.299731] ? calculate_sigpending+0x7b/0xa0 [ 27.299754] ? __pfx_kthread+0x10/0x10 [ 27.299776] ret_from_fork+0x116/0x1d0 [ 27.299795] ? __pfx_kthread+0x10/0x10 [ 27.299816] ret_from_fork_asm+0x1a/0x30 [ 27.299847] </TASK> [ 27.299858] [ 27.307864] Allocated by task 308: [ 27.308158] kasan_save_stack+0x45/0x70 [ 27.308334] kasan_save_track+0x18/0x40 [ 27.308618] kasan_save_alloc_info+0x3b/0x50 [ 27.308793] __kasan_kmalloc+0xb7/0xc0 [ 27.309003] __kmalloc_cache_noprof+0x189/0x420 [ 27.309202] kasan_strings+0xc0/0xe80 [ 27.309418] kunit_try_run_case+0x1a5/0x480 [ 27.309572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.309816] kthread+0x337/0x6f0 [ 27.309944] ret_from_fork+0x116/0x1d0 [ 27.310189] ret_from_fork_asm+0x1a/0x30 [ 27.310377] [ 27.310480] Freed by task 308: [ 27.310586] kasan_save_stack+0x45/0x70 [ 27.310716] kasan_save_track+0x18/0x40 [ 27.310843] kasan_save_free_info+0x3f/0x60 [ 27.310982] __kasan_slab_free+0x56/0x70 [ 27.311111] kfree+0x222/0x3f0 [ 27.311469] kasan_strings+0x2aa/0xe80 [ 27.311681] kunit_try_run_case+0x1a5/0x480 [ 27.311885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.312126] kthread+0x337/0x6f0 [ 27.312298] ret_from_fork+0x116/0x1d0 [ 27.312477] ret_from_fork_asm+0x1a/0x30 [ 27.312880] [ 27.313022] The buggy address belongs to the object at ffff8881060ae100 [ 27.313022] which belongs to the cache kmalloc-32 of size 32 [ 27.313567] The buggy address is located 16 bytes inside of [ 27.313567] freed 32-byte region [ffff8881060ae100, ffff8881060ae120) [ 27.314041] [ 27.314137] The buggy address belongs to the physical page: [ 27.314373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.314737] flags: 0x200000000000000(node=0|zone=2) [ 27.314955] page_type: f5(slab) [ 27.315100] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.315441] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.315726] page dumped because: kasan: bad access detected [ 27.315905] [ 27.316036] Memory state around the buggy address: [ 27.316432] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.316723] ffff8881060ae080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.317039] >ffff8881060ae100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.317299] ^ [ 27.317607] ffff8881060ae180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.317897] ffff8881060ae200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.318216] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.276595] ================================================================== [ 27.276900] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.277180] Read of size 1 at addr ffff8881060ae110 by task kunit_try_catch/308 [ 27.277642] [ 27.277737] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.277789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.277803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.277826] Call Trace: [ 27.277844] <TASK> [ 27.277863] dump_stack_lvl+0x73/0xb0 [ 27.277891] print_report+0xd1/0x640 [ 27.277914] ? __virt_addr_valid+0x1db/0x2d0 [ 27.277939] ? strlen+0x8f/0xb0 [ 27.277959] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.277987] ? strlen+0x8f/0xb0 [ 27.278007] kasan_report+0x141/0x180 [ 27.278030] ? strlen+0x8f/0xb0 [ 27.278055] __asan_report_load1_noabort+0x18/0x20 [ 27.278093] strlen+0x8f/0xb0 [ 27.278114] kasan_strings+0x57b/0xe80 [ 27.278134] ? trace_hardirqs_on+0x37/0xe0 [ 27.278173] ? __pfx_kasan_strings+0x10/0x10 [ 27.278194] ? finish_task_switch.isra.0+0x153/0x700 [ 27.278216] ? __switch_to+0x47/0xf80 [ 27.278242] ? __schedule+0x10da/0x2b60 [ 27.278268] ? __pfx_read_tsc+0x10/0x10 [ 27.278289] ? ktime_get_ts64+0x86/0x230 [ 27.278314] kunit_try_run_case+0x1a5/0x480 [ 27.278339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.278361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.278403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.278429] ? __kthread_parkme+0x82/0x180 [ 27.278449] ? preempt_count_sub+0x50/0x80 [ 27.278472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.278497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.278520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.278544] kthread+0x337/0x6f0 [ 27.278564] ? trace_preempt_on+0x20/0xc0 [ 27.278586] ? __pfx_kthread+0x10/0x10 [ 27.278607] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.278631] ? calculate_sigpending+0x7b/0xa0 [ 27.278655] ? __pfx_kthread+0x10/0x10 [ 27.278676] ret_from_fork+0x116/0x1d0 [ 27.278696] ? __pfx_kthread+0x10/0x10 [ 27.278717] ret_from_fork_asm+0x1a/0x30 [ 27.278749] </TASK> [ 27.278761] [ 27.286978] Allocated by task 308: [ 27.287155] kasan_save_stack+0x45/0x70 [ 27.287308] kasan_save_track+0x18/0x40 [ 27.287441] kasan_save_alloc_info+0x3b/0x50 [ 27.287590] __kasan_kmalloc+0xb7/0xc0 [ 27.287723] __kmalloc_cache_noprof+0x189/0x420 [ 27.287873] kasan_strings+0xc0/0xe80 [ 27.288055] kunit_try_run_case+0x1a5/0x480 [ 27.288265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.288506] kthread+0x337/0x6f0 [ 27.288662] ret_from_fork+0x116/0x1d0 [ 27.288841] ret_from_fork_asm+0x1a/0x30 [ 27.289130] [ 27.289331] Freed by task 308: [ 27.289630] kasan_save_stack+0x45/0x70 [ 27.289788] kasan_save_track+0x18/0x40 [ 27.289996] kasan_save_free_info+0x3f/0x60 [ 27.290213] __kasan_slab_free+0x56/0x70 [ 27.290365] kfree+0x222/0x3f0 [ 27.290589] kasan_strings+0x2aa/0xe80 [ 27.290741] kunit_try_run_case+0x1a5/0x480 [ 27.290921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.291181] kthread+0x337/0x6f0 [ 27.291339] ret_from_fork+0x116/0x1d0 [ 27.291602] ret_from_fork_asm+0x1a/0x30 [ 27.291780] [ 27.291845] The buggy address belongs to the object at ffff8881060ae100 [ 27.291845] which belongs to the cache kmalloc-32 of size 32 [ 27.292372] The buggy address is located 16 bytes inside of [ 27.292372] freed 32-byte region [ffff8881060ae100, ffff8881060ae120) [ 27.292833] [ 27.292902] The buggy address belongs to the physical page: [ 27.293383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.293854] flags: 0x200000000000000(node=0|zone=2) [ 27.294213] page_type: f5(slab) [ 27.294426] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.294709] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.295086] page dumped because: kasan: bad access detected [ 27.295336] [ 27.295510] Memory state around the buggy address: [ 27.295704] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.295972] ffff8881060ae080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.296312] >ffff8881060ae100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.296760] ^ [ 27.296917] ffff8881060ae180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.297132] ffff8881060ae200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.297355] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.245570] ================================================================== [ 27.246175] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.246778] Read of size 1 at addr ffff8881060ae110 by task kunit_try_catch/308 [ 27.247417] [ 27.247674] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.247744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.247758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.247781] Call Trace: [ 27.247802] <TASK> [ 27.247823] dump_stack_lvl+0x73/0xb0 [ 27.247856] print_report+0xd1/0x640 [ 27.247879] ? __virt_addr_valid+0x1db/0x2d0 [ 27.247904] ? kasan_strings+0xcbc/0xe80 [ 27.247925] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.247952] ? kasan_strings+0xcbc/0xe80 [ 27.247973] kasan_report+0x141/0x180 [ 27.247997] ? kasan_strings+0xcbc/0xe80 [ 27.248024] __asan_report_load1_noabort+0x18/0x20 [ 27.248048] kasan_strings+0xcbc/0xe80 [ 27.248068] ? trace_hardirqs_on+0x37/0xe0 [ 27.248092] ? __pfx_kasan_strings+0x10/0x10 [ 27.248114] ? finish_task_switch.isra.0+0x153/0x700 [ 27.248137] ? __switch_to+0x47/0xf80 [ 27.248175] ? __schedule+0x10da/0x2b60 [ 27.248200] ? __pfx_read_tsc+0x10/0x10 [ 27.248222] ? ktime_get_ts64+0x86/0x230 [ 27.248246] kunit_try_run_case+0x1a5/0x480 [ 27.248272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.248296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.248322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.248346] ? __kthread_parkme+0x82/0x180 [ 27.248367] ? preempt_count_sub+0x50/0x80 [ 27.248448] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.248471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.248496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.248519] kthread+0x337/0x6f0 [ 27.248540] ? trace_preempt_on+0x20/0xc0 [ 27.248563] ? __pfx_kthread+0x10/0x10 [ 27.248583] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.248609] ? calculate_sigpending+0x7b/0xa0 [ 27.248632] ? __pfx_kthread+0x10/0x10 [ 27.248655] ret_from_fork+0x116/0x1d0 [ 27.248675] ? __pfx_kthread+0x10/0x10 [ 27.248695] ret_from_fork_asm+0x1a/0x30 [ 27.248728] </TASK> [ 27.248739] [ 27.260907] Allocated by task 308: [ 27.261286] kasan_save_stack+0x45/0x70 [ 27.261666] kasan_save_track+0x18/0x40 [ 27.262159] kasan_save_alloc_info+0x3b/0x50 [ 27.262353] __kasan_kmalloc+0xb7/0xc0 [ 27.262736] __kmalloc_cache_noprof+0x189/0x420 [ 27.263094] kasan_strings+0xc0/0xe80 [ 27.263233] kunit_try_run_case+0x1a5/0x480 [ 27.263381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.263891] kthread+0x337/0x6f0 [ 27.264241] ret_from_fork+0x116/0x1d0 [ 27.264619] ret_from_fork_asm+0x1a/0x30 [ 27.265084] [ 27.265274] Freed by task 308: [ 27.265608] kasan_save_stack+0x45/0x70 [ 27.265750] kasan_save_track+0x18/0x40 [ 27.265875] kasan_save_free_info+0x3f/0x60 [ 27.266047] __kasan_slab_free+0x56/0x70 [ 27.266395] kfree+0x222/0x3f0 [ 27.266737] kasan_strings+0x2aa/0xe80 [ 27.267154] kunit_try_run_case+0x1a5/0x480 [ 27.267587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.268156] kthread+0x337/0x6f0 [ 27.268509] ret_from_fork+0x116/0x1d0 [ 27.268898] ret_from_fork_asm+0x1a/0x30 [ 27.269156] [ 27.269224] The buggy address belongs to the object at ffff8881060ae100 [ 27.269224] which belongs to the cache kmalloc-32 of size 32 [ 27.270102] The buggy address is located 16 bytes inside of [ 27.270102] freed 32-byte region [ffff8881060ae100, ffff8881060ae120) [ 27.271228] [ 27.271416] The buggy address belongs to the physical page: [ 27.271713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.271985] flags: 0x200000000000000(node=0|zone=2) [ 27.272527] page_type: f5(slab) [ 27.272874] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.273644] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.274236] page dumped because: kasan: bad access detected [ 27.274420] [ 27.274485] Memory state around the buggy address: [ 27.274631] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.274836] ffff8881060ae080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.275053] >ffff8881060ae100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.275272] ^ [ 27.275452] ffff8881060ae180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.275723] ffff8881060ae200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.275987] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.205689] ================================================================== [ 27.207192] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.207410] Read of size 1 at addr ffff8881060ae110 by task kunit_try_catch/308 [ 27.207930] [ 27.208382] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.208563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.208583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.208608] Call Trace: [ 27.208635] <TASK> [ 27.208655] dump_stack_lvl+0x73/0xb0 [ 27.208695] print_report+0xd1/0x640 [ 27.208720] ? __virt_addr_valid+0x1db/0x2d0 [ 27.208745] ? strcmp+0xb0/0xc0 [ 27.208766] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.208794] ? strcmp+0xb0/0xc0 [ 27.208814] kasan_report+0x141/0x180 [ 27.208835] ? strcmp+0xb0/0xc0 [ 27.208860] __asan_report_load1_noabort+0x18/0x20 [ 27.208886] strcmp+0xb0/0xc0 [ 27.208906] kasan_strings+0x431/0xe80 [ 27.208927] ? trace_hardirqs_on+0x37/0xe0 [ 27.208984] ? __pfx_kasan_strings+0x10/0x10 [ 27.209006] ? finish_task_switch.isra.0+0x153/0x700 [ 27.209027] ? __switch_to+0x47/0xf80 [ 27.209056] ? __schedule+0x10da/0x2b60 [ 27.209080] ? __pfx_read_tsc+0x10/0x10 [ 27.209103] ? ktime_get_ts64+0x86/0x230 [ 27.209128] kunit_try_run_case+0x1a5/0x480 [ 27.209165] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.209187] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.209213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.209238] ? __kthread_parkme+0x82/0x180 [ 27.209258] ? preempt_count_sub+0x50/0x80 [ 27.209281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.209304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.209328] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.209351] kthread+0x337/0x6f0 [ 27.209380] ? trace_preempt_on+0x20/0xc0 [ 27.209402] ? __pfx_kthread+0x10/0x10 [ 27.209423] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.209448] ? calculate_sigpending+0x7b/0xa0 [ 27.209472] ? __pfx_kthread+0x10/0x10 [ 27.209493] ret_from_fork+0x116/0x1d0 [ 27.209513] ? __pfx_kthread+0x10/0x10 [ 27.209533] ret_from_fork_asm+0x1a/0x30 [ 27.209565] </TASK> [ 27.209577] [ 27.226267] Allocated by task 308: [ 27.226642] kasan_save_stack+0x45/0x70 [ 27.227070] kasan_save_track+0x18/0x40 [ 27.227558] kasan_save_alloc_info+0x3b/0x50 [ 27.228000] __kasan_kmalloc+0xb7/0xc0 [ 27.228138] __kmalloc_cache_noprof+0x189/0x420 [ 27.228303] kasan_strings+0xc0/0xe80 [ 27.228641] kunit_try_run_case+0x1a5/0x480 [ 27.229071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.229610] kthread+0x337/0x6f0 [ 27.230110] ret_from_fork+0x116/0x1d0 [ 27.230540] ret_from_fork_asm+0x1a/0x30 [ 27.230780] [ 27.230847] Freed by task 308: [ 27.230958] kasan_save_stack+0x45/0x70 [ 27.231176] kasan_save_track+0x18/0x40 [ 27.231652] kasan_save_free_info+0x3f/0x60 [ 27.232073] __kasan_slab_free+0x56/0x70 [ 27.232439] kfree+0x222/0x3f0 [ 27.232786] kasan_strings+0x2aa/0xe80 [ 27.233226] kunit_try_run_case+0x1a5/0x480 [ 27.233370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.234100] kthread+0x337/0x6f0 [ 27.234441] ret_from_fork+0x116/0x1d0 [ 27.234891] ret_from_fork_asm+0x1a/0x30 [ 27.235221] [ 27.235322] The buggy address belongs to the object at ffff8881060ae100 [ 27.235322] which belongs to the cache kmalloc-32 of size 32 [ 27.236321] The buggy address is located 16 bytes inside of [ 27.236321] freed 32-byte region [ffff8881060ae100, ffff8881060ae120) [ 27.237099] [ 27.237266] The buggy address belongs to the physical page: [ 27.237654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.238159] flags: 0x200000000000000(node=0|zone=2) [ 27.238337] page_type: f5(slab) [ 27.238649] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.239401] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.240220] page dumped because: kasan: bad access detected [ 27.240734] [ 27.240884] Memory state around the buggy address: [ 27.241109] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.241915] ffff8881060ae080: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.242307] >ffff8881060ae100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.242644] ^ [ 27.243009] ffff8881060ae180: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.243799] ffff8881060ae200: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.244461] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.174703] ================================================================== [ 27.175292] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.175802] Read of size 1 at addr ffff8881060ae098 by task kunit_try_catch/306 [ 27.176175] [ 27.176269] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.176323] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.176337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.176360] Call Trace: [ 27.176373] <TASK> [ 27.176390] dump_stack_lvl+0x73/0xb0 [ 27.176419] print_report+0xd1/0x640 [ 27.176446] ? __virt_addr_valid+0x1db/0x2d0 [ 27.176474] ? memcmp+0x1b4/0x1d0 [ 27.176495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.176647] ? memcmp+0x1b4/0x1d0 [ 27.176674] kasan_report+0x141/0x180 [ 27.176698] ? memcmp+0x1b4/0x1d0 [ 27.176723] __asan_report_load1_noabort+0x18/0x20 [ 27.176748] memcmp+0x1b4/0x1d0 [ 27.176770] kasan_memcmp+0x18f/0x390 [ 27.176793] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.176814] ? __schedule+0x2070/0x2b60 [ 27.176838] ? schedule+0x7c/0x2e0 [ 27.176860] ? trace_hardirqs_on+0x37/0xe0 [ 27.176888] ? __pfx_read_tsc+0x10/0x10 [ 27.176911] ? ktime_get_ts64+0x86/0x230 [ 27.176937] kunit_try_run_case+0x1a5/0x480 [ 27.176963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.176986] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.177014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.177039] ? __kthread_parkme+0x82/0x180 [ 27.177060] ? preempt_count_sub+0x50/0x80 [ 27.177083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.177107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.177130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.177169] kthread+0x337/0x6f0 [ 27.177192] ? trace_preempt_on+0x20/0xc0 [ 27.177215] ? __pfx_kthread+0x10/0x10 [ 27.177237] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.177261] ? calculate_sigpending+0x7b/0xa0 [ 27.177285] ? __pfx_kthread+0x10/0x10 [ 27.177306] ret_from_fork+0x116/0x1d0 [ 27.177326] ? __pfx_kthread+0x10/0x10 [ 27.177346] ret_from_fork_asm+0x1a/0x30 [ 27.177377] </TASK> [ 27.177389] [ 27.185245] Allocated by task 306: [ 27.185465] kasan_save_stack+0x45/0x70 [ 27.185664] kasan_save_track+0x18/0x40 [ 27.185947] kasan_save_alloc_info+0x3b/0x50 [ 27.186173] __kasan_kmalloc+0xb7/0xc0 [ 27.186357] __kmalloc_cache_noprof+0x189/0x420 [ 27.186619] kasan_memcmp+0xb7/0x390 [ 27.186746] kunit_try_run_case+0x1a5/0x480 [ 27.186907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.187206] kthread+0x337/0x6f0 [ 27.187374] ret_from_fork+0x116/0x1d0 [ 27.187711] ret_from_fork_asm+0x1a/0x30 [ 27.187898] [ 27.187981] The buggy address belongs to the object at ffff8881060ae080 [ 27.187981] which belongs to the cache kmalloc-32 of size 32 [ 27.188785] The buggy address is located 0 bytes to the right of [ 27.188785] allocated 24-byte region [ffff8881060ae080, ffff8881060ae098) [ 27.189274] [ 27.189424] The buggy address belongs to the physical page: [ 27.189678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ae [ 27.189929] flags: 0x200000000000000(node=0|zone=2) [ 27.190356] page_type: f5(slab) [ 27.190577] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.190913] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.191284] page dumped because: kasan: bad access detected [ 27.191525] [ 27.191634] Memory state around the buggy address: [ 27.191854] ffff8881060adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192175] ffff8881060ae000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.192660] >ffff8881060ae080: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.192867] ^ [ 27.192999] ffff8881060ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.193503] ffff8881060ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.193862] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 27.142515] ================================================================== [ 27.143031] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 27.143305] Read of size 1 at addr ffff888106227c4a by task kunit_try_catch/302 [ 27.143740] [ 27.143903] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.143959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.143972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.143997] Call Trace: [ 27.144011] <TASK> [ 27.144292] dump_stack_lvl+0x73/0xb0 [ 27.144334] print_report+0xd1/0x640 [ 27.144360] ? __virt_addr_valid+0x1db/0x2d0 [ 27.144434] ? kasan_alloca_oob_right+0x329/0x390 [ 27.144476] ? kasan_addr_to_slab+0x11/0xa0 [ 27.144497] ? kasan_alloca_oob_right+0x329/0x390 [ 27.144521] kasan_report+0x141/0x180 [ 27.144543] ? kasan_alloca_oob_right+0x329/0x390 [ 27.144571] __asan_report_load1_noabort+0x18/0x20 [ 27.144596] kasan_alloca_oob_right+0x329/0x390 [ 27.144617] ? __kasan_check_write+0x18/0x20 [ 27.144641] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.144665] ? finish_task_switch.isra.0+0x153/0x700 [ 27.144689] ? __wait_for_common+0x1fe/0x440 [ 27.144711] ? trace_hardirqs_on+0x37/0xe0 [ 27.144738] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.144773] ? __schedule+0x10da/0x2b60 [ 27.144798] ? __pfx_read_tsc+0x10/0x10 [ 27.144831] ? ktime_get_ts64+0x86/0x230 [ 27.144856] kunit_try_run_case+0x1a5/0x480 [ 27.144884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.144906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.144931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.144968] ? __kthread_parkme+0x82/0x180 [ 27.144997] ? preempt_count_sub+0x50/0x80 [ 27.145021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.145045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.145079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.145103] kthread+0x337/0x6f0 [ 27.145123] ? trace_preempt_on+0x20/0xc0 [ 27.145155] ? __pfx_kthread+0x10/0x10 [ 27.145176] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.145199] ? calculate_sigpending+0x7b/0xa0 [ 27.145224] ? __pfx_kthread+0x10/0x10 [ 27.145245] ret_from_fork+0x116/0x1d0 [ 27.145265] ? __pfx_kthread+0x10/0x10 [ 27.145286] ret_from_fork_asm+0x1a/0x30 [ 27.145318] </TASK> [ 27.145329] [ 27.159578] The buggy address belongs to stack of task kunit_try_catch/302 [ 27.160367] [ 27.160447] The buggy address belongs to the physical page: [ 27.160927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106227 [ 27.161632] flags: 0x200000000000000(node=0|zone=2) [ 27.161818] raw: 0200000000000000 ffffea00041889c8 ffffea00041889c8 0000000000000000 [ 27.162308] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.163140] page dumped because: kasan: bad access detected [ 27.163677] [ 27.163868] Memory state around the buggy address: [ 27.164259] ffff888106227b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.164838] ffff888106227b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.165091] >ffff888106227c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.165679] ^ [ 27.166226] ffff888106227c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.166788] ffff888106227d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.167034] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 27.116809] ================================================================== [ 27.117417] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 27.117671] Read of size 1 at addr ffff8881061d7c3f by task kunit_try_catch/300 [ 27.117890] [ 27.117979] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.118032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.118045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.118068] Call Trace: [ 27.118083] <TASK> [ 27.118103] dump_stack_lvl+0x73/0xb0 [ 27.118135] print_report+0xd1/0x640 [ 27.118173] ? __virt_addr_valid+0x1db/0x2d0 [ 27.118198] ? kasan_alloca_oob_left+0x320/0x380 [ 27.118221] ? kasan_addr_to_slab+0x11/0xa0 [ 27.118242] ? kasan_alloca_oob_left+0x320/0x380 [ 27.118264] kasan_report+0x141/0x180 [ 27.118287] ? kasan_alloca_oob_left+0x320/0x380 [ 27.118410] __asan_report_load1_noabort+0x18/0x20 [ 27.118500] kasan_alloca_oob_left+0x320/0x380 [ 27.118528] ? finish_task_switch.isra.0+0x153/0x700 [ 27.118553] ? __wait_for_common+0x1fe/0x440 [ 27.118700] ? trace_hardirqs_on+0x37/0xe0 [ 27.118730] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 27.118756] ? __schedule+0x10da/0x2b60 [ 27.118781] ? __pfx_read_tsc+0x10/0x10 [ 27.118803] ? ktime_get_ts64+0x86/0x230 [ 27.118829] kunit_try_run_case+0x1a5/0x480 [ 27.118856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.118880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.118906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.119398] ? __kthread_parkme+0x82/0x180 [ 27.119429] ? preempt_count_sub+0x50/0x80 [ 27.119454] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.119482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.119510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.119535] kthread+0x337/0x6f0 [ 27.119556] ? trace_preempt_on+0x20/0xc0 [ 27.119581] ? __pfx_kthread+0x10/0x10 [ 27.119602] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.119632] ? calculate_sigpending+0x7b/0xa0 [ 27.119657] ? __pfx_kthread+0x10/0x10 [ 27.119679] ret_from_fork+0x116/0x1d0 [ 27.119700] ? __pfx_kthread+0x10/0x10 [ 27.119720] ret_from_fork_asm+0x1a/0x30 [ 27.119753] </TASK> [ 27.119765] [ 27.132006] The buggy address belongs to stack of task kunit_try_catch/300 [ 27.132506] [ 27.132671] The buggy address belongs to the physical page: [ 27.133081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061d7 [ 27.133434] flags: 0x200000000000000(node=0|zone=2) [ 27.133685] raw: 0200000000000000 ffffea00041875c8 ffffea00041875c8 0000000000000000 [ 27.134015] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.134334] page dumped because: kasan: bad access detected [ 27.134566] [ 27.134640] Memory state around the buggy address: [ 27.134855] ffff8881061d7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.135687] ffff8881061d7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.136125] >ffff8881061d7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.136666] ^ [ 27.137091] ffff8881061d7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.137589] ffff8881061d7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.138109] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 27.082253] ================================================================== [ 27.083597] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 27.083843] Read of size 1 at addr ffff888106227d02 by task kunit_try_catch/298 [ 27.084065] [ 27.084176] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.084233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.084246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.084270] Call Trace: [ 27.084284] <TASK> [ 27.084304] dump_stack_lvl+0x73/0xb0 [ 27.084335] print_report+0xd1/0x640 [ 27.084360] ? __virt_addr_valid+0x1db/0x2d0 [ 27.084385] ? kasan_stack_oob+0x2b5/0x300 [ 27.084405] ? kasan_addr_to_slab+0x11/0xa0 [ 27.084427] ? kasan_stack_oob+0x2b5/0x300 [ 27.084447] kasan_report+0x141/0x180 [ 27.084470] ? kasan_stack_oob+0x2b5/0x300 [ 27.084827] __asan_report_load1_noabort+0x18/0x20 [ 27.084870] kasan_stack_oob+0x2b5/0x300 [ 27.084910] ? __pfx_kasan_stack_oob+0x10/0x10 [ 27.084931] ? finish_task_switch.isra.0+0x153/0x700 [ 27.085062] ? __switch_to+0x47/0xf80 [ 27.085095] ? __schedule+0x10da/0x2b60 [ 27.085121] ? __pfx_read_tsc+0x10/0x10 [ 27.085153] ? ktime_get_ts64+0x86/0x230 [ 27.085180] kunit_try_run_case+0x1a5/0x480 [ 27.085207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.085231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.085256] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.085283] ? __kthread_parkme+0x82/0x180 [ 27.085304] ? preempt_count_sub+0x50/0x80 [ 27.085328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.085352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.085376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.085402] kthread+0x337/0x6f0 [ 27.085423] ? trace_preempt_on+0x20/0xc0 [ 27.085448] ? __pfx_kthread+0x10/0x10 [ 27.085468] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.085492] ? calculate_sigpending+0x7b/0xa0 [ 27.085517] ? __pfx_kthread+0x10/0x10 [ 27.085539] ret_from_fork+0x116/0x1d0 [ 27.085559] ? __pfx_kthread+0x10/0x10 [ 27.085580] ret_from_fork_asm+0x1a/0x30 [ 27.085612] </TASK> [ 27.085624] [ 27.102277] The buggy address belongs to stack of task kunit_try_catch/298 [ 27.103106] and is located at offset 138 in frame: [ 27.103730] kasan_stack_oob+0x0/0x300 [ 27.104190] [ 27.104281] This frame has 4 objects: [ 27.104555] [48, 49) '__assertion' [ 27.104583] [64, 72) 'array' [ 27.104939] [96, 112) '__assertion' [ 27.105302] [128, 138) 'stack_array' [ 27.105913] [ 27.106499] The buggy address belongs to the physical page: [ 27.106964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106227 [ 27.107346] flags: 0x200000000000000(node=0|zone=2) [ 27.107550] raw: 0200000000000000 ffffea00041889c8 ffffea00041889c8 0000000000000000 [ 27.108331] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.109198] page dumped because: kasan: bad access detected [ 27.109549] [ 27.109622] Memory state around the buggy address: [ 27.109776] ffff888106227c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.110101] ffff888106227c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 27.110948] >ffff888106227d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.111673] ^ [ 27.112030] ffff888106227d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 27.112773] ffff888106227e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.113238] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 27.053100] ================================================================== [ 27.054485] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 27.054827] Read of size 1 at addr ffffffff92acb00d by task kunit_try_catch/294 [ 27.055098] [ 27.055312] CPU: 0 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.055368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.055381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.055404] Call Trace: [ 27.055418] <TASK> [ 27.055437] dump_stack_lvl+0x73/0xb0 [ 27.055468] print_report+0xd1/0x640 [ 27.055492] ? __virt_addr_valid+0x1db/0x2d0 [ 27.055518] ? kasan_global_oob_right+0x286/0x2d0 [ 27.055540] ? kasan_addr_to_slab+0x11/0xa0 [ 27.055576] ? kasan_global_oob_right+0x286/0x2d0 [ 27.055599] kasan_report+0x141/0x180 [ 27.055628] ? kasan_global_oob_right+0x286/0x2d0 [ 27.055654] __asan_report_load1_noabort+0x18/0x20 [ 27.055679] kasan_global_oob_right+0x286/0x2d0 [ 27.055701] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 27.055722] ? __kasan_check_write+0x18/0x20 [ 27.055746] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.055774] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 27.055802] ? __pfx_read_tsc+0x10/0x10 [ 27.055825] ? ktime_get_ts64+0x86/0x230 [ 27.055851] kunit_try_run_case+0x1a5/0x480 [ 27.055877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.055899] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 27.055924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.056001] ? __kthread_parkme+0x82/0x180 [ 27.056025] ? preempt_count_sub+0x50/0x80 [ 27.056050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.056075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.056098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.056123] kthread+0x337/0x6f0 [ 27.056158] ? trace_preempt_on+0x20/0xc0 [ 27.056185] ? __pfx_kthread+0x10/0x10 [ 27.056206] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.056230] ? calculate_sigpending+0x7b/0xa0 [ 27.056255] ? __pfx_kthread+0x10/0x10 [ 27.056277] ret_from_fork+0x116/0x1d0 [ 27.056298] ? __pfx_kthread+0x10/0x10 [ 27.056319] ret_from_fork_asm+0x1a/0x30 [ 27.056352] </TASK> [ 27.056364] [ 27.069484] The buggy address belongs to the variable: [ 27.070023] global_array+0xd/0x40 [ 27.070196] [ 27.070284] The buggy address belongs to the physical page: [ 27.070465] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f6cb [ 27.070705] flags: 0x100000000002000(reserved|node=0|zone=1) [ 27.070908] raw: 0100000000002000 ffffea00007db2c8 ffffea00007db2c8 0000000000000000 [ 27.071634] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.072402] page dumped because: kasan: bad access detected [ 27.072895] [ 27.073057] Memory state around the buggy address: [ 27.073666] ffffffff92acaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.074350] ffffffff92acaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.075080] >ffffffff92acb000: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 27.075756] ^ [ 27.076141] ffffffff92acb080: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 27.076501] ffffffff92acb100: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 27.077104] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 27.019745] ================================================================== [ 27.020203] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.020711] Free of addr ffff888106228001 by task kunit_try_catch/292 [ 27.021351] [ 27.021601] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 27.021655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.021668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.021692] Call Trace: [ 27.021705] <TASK> [ 27.021723] dump_stack_lvl+0x73/0xb0 [ 27.021756] print_report+0xd1/0x640 [ 27.021780] ? __virt_addr_valid+0x1db/0x2d0 [ 27.021808] ? kasan_addr_to_slab+0x11/0xa0 [ 27.021828] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.021854] kasan_report_invalid_free+0x10a/0x130 [ 27.021880] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.021907] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.021930] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.021956] mempool_free+0x490/0x640 [ 27.021985] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.022010] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.022035] ? update_load_avg+0x1be/0x21b0 [ 27.022073] ? finish_task_switch.isra.0+0x153/0x700 [ 27.022100] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 27.022125] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.022167] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.022191] ? __pfx_mempool_kfree+0x10/0x10 [ 27.022216] ? __pfx_read_tsc+0x10/0x10 [ 27.022239] ? ktime_get_ts64+0x86/0x230 [ 27.022264] kunit_try_run_case+0x1a5/0x480 [ 27.022290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.022313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.022340] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.022366] ? __kthread_parkme+0x82/0x180 [ 27.022452] ? preempt_count_sub+0x50/0x80 [ 27.022476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.022501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.022526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.022550] kthread+0x337/0x6f0 [ 27.022571] ? trace_preempt_on+0x20/0xc0 [ 27.022597] ? __pfx_kthread+0x10/0x10 [ 27.022618] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.022642] ? calculate_sigpending+0x7b/0xa0 [ 27.022668] ? __pfx_kthread+0x10/0x10 [ 27.022691] ret_from_fork+0x116/0x1d0 [ 27.022711] ? __pfx_kthread+0x10/0x10 [ 27.022731] ret_from_fork_asm+0x1a/0x30 [ 27.022762] </TASK> [ 27.022774] [ 27.039717] The buggy address belongs to the physical page: [ 27.039917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 27.040856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.041635] flags: 0x200000000000040(head|node=0|zone=2) [ 27.041829] page_type: f8(unknown) [ 27.041959] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.042212] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.042778] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.043323] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.043916] head: 0200000000000002 ffffea0004188a01 00000000ffffffff 00000000ffffffff [ 27.044659] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.044910] page dumped because: kasan: bad access detected [ 27.045099] [ 27.045176] Memory state around the buggy address: [ 27.045332] ffff888106227f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.046162] ffff888106227f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.046816] >ffff888106228000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.047659] ^ [ 27.047994] ffff888106228080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.048626] ffff888106228100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.049205] ================================================================== [ 26.986257] ================================================================== [ 26.987220] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.987514] Free of addr ffff8881060ab201 by task kunit_try_catch/290 [ 26.987719] [ 26.987808] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.987861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.987874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.987897] Call Trace: [ 26.987910] <TASK> [ 26.987929] dump_stack_lvl+0x73/0xb0 [ 26.987957] print_report+0xd1/0x640 [ 26.987980] ? __virt_addr_valid+0x1db/0x2d0 [ 26.988006] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.988032] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.988057] kasan_report_invalid_free+0x10a/0x130 [ 26.988082] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.988109] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.988133] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.988167] check_slab_allocation+0x11f/0x130 [ 26.988189] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.988213] mempool_free+0x490/0x640 [ 26.988242] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 26.988268] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 26.988294] ? dequeue_entities+0x23f/0x1630 [ 26.988317] ? __kasan_check_write+0x18/0x20 [ 26.988341] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.988362] ? finish_task_switch.isra.0+0x153/0x700 [ 26.988387] mempool_kmalloc_invalid_free+0xed/0x140 [ 26.988542] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 26.988582] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.988606] ? __pfx_mempool_kfree+0x10/0x10 [ 26.988631] ? __pfx_read_tsc+0x10/0x10 [ 26.988654] ? ktime_get_ts64+0x86/0x230 [ 26.988678] kunit_try_run_case+0x1a5/0x480 [ 26.988705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.988728] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.988754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.989118] ? __kthread_parkme+0x82/0x180 [ 26.989141] ? preempt_count_sub+0x50/0x80 [ 26.989176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.989201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.989226] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.989249] kthread+0x337/0x6f0 [ 26.989269] ? trace_preempt_on+0x20/0xc0 [ 26.989296] ? __pfx_kthread+0x10/0x10 [ 26.989317] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.989341] ? calculate_sigpending+0x7b/0xa0 [ 26.989365] ? __pfx_kthread+0x10/0x10 [ 26.989461] ret_from_fork+0x116/0x1d0 [ 26.989483] ? __pfx_kthread+0x10/0x10 [ 26.989505] ret_from_fork_asm+0x1a/0x30 [ 26.989537] </TASK> [ 26.989548] [ 27.003852] Allocated by task 290: [ 27.004016] kasan_save_stack+0x45/0x70 [ 27.004783] kasan_save_track+0x18/0x40 [ 27.005052] kasan_save_alloc_info+0x3b/0x50 [ 27.005335] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.005732] remove_element+0x11e/0x190 [ 27.006041] mempool_alloc_preallocated+0x4d/0x90 [ 27.006346] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 27.006703] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.006949] kunit_try_run_case+0x1a5/0x480 [ 27.007517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.007901] kthread+0x337/0x6f0 [ 27.008080] ret_from_fork+0x116/0x1d0 [ 27.008493] ret_from_fork_asm+0x1a/0x30 [ 27.008793] [ 27.008901] The buggy address belongs to the object at ffff8881060ab200 [ 27.008901] which belongs to the cache kmalloc-128 of size 128 [ 27.009670] The buggy address is located 1 bytes inside of [ 27.009670] 128-byte region [ffff8881060ab200, ffff8881060ab280) [ 27.010604] [ 27.010691] The buggy address belongs to the physical page: [ 27.011113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060ab [ 27.011667] flags: 0x200000000000000(node=0|zone=2) [ 27.011895] page_type: f5(slab) [ 27.012170] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.012720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.013214] page dumped because: kasan: bad access detected [ 27.013605] [ 27.013807] Memory state around the buggy address: [ 27.014021] ffff8881060ab100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.014750] ffff8881060ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.015124] >ffff8881060ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.015585] ^ [ 27.015725] ffff8881060ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.016143] ffff8881060ab300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.016414] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 26.958604] ================================================================== [ 26.959183] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.959538] Free of addr ffff888106228000 by task kunit_try_catch/288 [ 26.959869] [ 26.960040] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.960094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.960106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.960129] Call Trace: [ 26.960153] <TASK> [ 26.960172] dump_stack_lvl+0x73/0xb0 [ 26.960203] print_report+0xd1/0x640 [ 26.960227] ? __virt_addr_valid+0x1db/0x2d0 [ 26.960252] ? kasan_addr_to_slab+0x11/0xa0 [ 26.960274] ? mempool_double_free_helper+0x184/0x370 [ 26.960299] kasan_report_invalid_free+0x10a/0x130 [ 26.960491] ? mempool_double_free_helper+0x184/0x370 [ 26.960528] ? mempool_double_free_helper+0x184/0x370 [ 26.960551] __kasan_mempool_poison_pages+0x115/0x130 [ 26.960576] mempool_free+0x430/0x640 [ 26.960605] mempool_double_free_helper+0x184/0x370 [ 26.960630] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.960655] ? dequeue_entities+0x23f/0x1630 [ 26.960704] ? __kasan_check_write+0x18/0x20 [ 26.960730] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.960751] ? finish_task_switch.isra.0+0x153/0x700 [ 26.960779] mempool_page_alloc_double_free+0xe8/0x140 [ 26.960805] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 26.960833] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.960858] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.960884] ? __pfx_read_tsc+0x10/0x10 [ 26.960906] ? ktime_get_ts64+0x86/0x230 [ 26.960931] kunit_try_run_case+0x1a5/0x480 [ 26.960969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.960992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.961019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.961045] ? __kthread_parkme+0x82/0x180 [ 26.961066] ? preempt_count_sub+0x50/0x80 [ 26.961089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.961113] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.961137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.961173] kthread+0x337/0x6f0 [ 26.961194] ? trace_preempt_on+0x20/0xc0 [ 26.961219] ? __pfx_kthread+0x10/0x10 [ 26.961239] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.961263] ? calculate_sigpending+0x7b/0xa0 [ 26.961288] ? __pfx_kthread+0x10/0x10 [ 26.961309] ret_from_fork+0x116/0x1d0 [ 26.961330] ? __pfx_kthread+0x10/0x10 [ 26.961351] ret_from_fork_asm+0x1a/0x30 [ 26.961437] </TASK> [ 26.961451] [ 26.976510] The buggy address belongs to the physical page: [ 26.976832] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 26.977403] flags: 0x200000000000000(node=0|zone=2) [ 26.977879] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.978527] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.978839] page dumped because: kasan: bad access detected [ 26.979043] [ 26.979207] Memory state around the buggy address: [ 26.979658] ffff888106227f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.980399] ffff888106227f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.981161] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.981759] ^ [ 26.981893] ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.982494] ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.982833] ================================================================== [ 26.931741] ================================================================== [ 26.932330] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.933135] Free of addr ffff8881060f0000 by task kunit_try_catch/286 [ 26.933756] [ 26.934014] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.934070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.934083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.934107] Call Trace: [ 26.934121] <TASK> [ 26.934142] dump_stack_lvl+0x73/0xb0 [ 26.934186] print_report+0xd1/0x640 [ 26.934210] ? __virt_addr_valid+0x1db/0x2d0 [ 26.934238] ? kasan_addr_to_slab+0x11/0xa0 [ 26.934259] ? mempool_double_free_helper+0x184/0x370 [ 26.934283] kasan_report_invalid_free+0x10a/0x130 [ 26.934308] ? mempool_double_free_helper+0x184/0x370 [ 26.934335] ? mempool_double_free_helper+0x184/0x370 [ 26.934358] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 26.934450] mempool_free+0x490/0x640 [ 26.934483] mempool_double_free_helper+0x184/0x370 [ 26.934508] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.934533] ? dequeue_entities+0x23f/0x1630 [ 26.934558] ? __kasan_check_write+0x18/0x20 [ 26.934582] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.934604] ? finish_task_switch.isra.0+0x153/0x700 [ 26.934632] mempool_kmalloc_large_double_free+0xed/0x140 [ 26.934657] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 26.934682] ? __kasan_check_write+0x18/0x20 [ 26.934708] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.934732] ? __pfx_mempool_kfree+0x10/0x10 [ 26.934758] ? __pfx_read_tsc+0x10/0x10 [ 26.934781] ? ktime_get_ts64+0x86/0x230 [ 26.934803] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.934830] kunit_try_run_case+0x1a5/0x480 [ 26.934857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.934882] ? queued_spin_lock_slowpath+0x116/0xb40 [ 26.934909] ? __kthread_parkme+0x82/0x180 [ 26.934930] ? preempt_count_sub+0x50/0x80 [ 26.934953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.934977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.935002] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.935025] kthread+0x337/0x6f0 [ 26.935046] ? trace_preempt_on+0x20/0xc0 [ 26.935071] ? __pfx_kthread+0x10/0x10 [ 26.935092] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.935115] ? calculate_sigpending+0x7b/0xa0 [ 26.935140] ? __pfx_kthread+0x10/0x10 [ 26.935174] ret_from_fork+0x116/0x1d0 [ 26.935196] ? __pfx_kthread+0x10/0x10 [ 26.935218] ret_from_fork_asm+0x1a/0x30 [ 26.935250] </TASK> [ 26.935262] [ 26.948766] The buggy address belongs to the physical page: [ 26.949082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f0 [ 26.949417] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.949759] flags: 0x200000000000040(head|node=0|zone=2) [ 26.950009] page_type: f8(unknown) [ 26.950255] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.950678] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.951052] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.951581] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.951943] head: 0200000000000002 ffffea0004183c01 00000000ffffffff 00000000ffffffff [ 26.952432] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.952777] page dumped because: kasan: bad access detected [ 26.953012] [ 26.953105] Memory state around the buggy address: [ 26.953353] ffff8881060eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.953759] ffff8881060eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.954040] >ffff8881060f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.954313] ^ [ 26.954475] ffff8881060f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.954788] ffff8881060f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.955115] ================================================================== [ 26.890678] ================================================================== [ 26.891674] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 26.892572] Free of addr ffff8881060a7100 by task kunit_try_catch/284 [ 26.892784] [ 26.892875] CPU: 0 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.892929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.892942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.892966] Call Trace: [ 26.892980] <TASK> [ 26.892998] dump_stack_lvl+0x73/0xb0 [ 26.893030] print_report+0xd1/0x640 [ 26.893053] ? __virt_addr_valid+0x1db/0x2d0 [ 26.893079] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.893104] ? mempool_double_free_helper+0x184/0x370 [ 26.893128] kasan_report_invalid_free+0x10a/0x130 [ 26.893170] ? mempool_double_free_helper+0x184/0x370 [ 26.893196] ? mempool_double_free_helper+0x184/0x370 [ 26.893218] ? mempool_double_free_helper+0x184/0x370 [ 26.893240] check_slab_allocation+0x101/0x130 [ 26.893263] __kasan_mempool_poison_object+0x91/0x1d0 [ 26.893286] mempool_free+0x490/0x640 [ 26.893315] mempool_double_free_helper+0x184/0x370 [ 26.893339] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 26.893365] ? finish_task_switch.isra.0+0x153/0x700 [ 26.893391] mempool_kmalloc_double_free+0xed/0x140 [ 26.893415] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 26.893441] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.893465] ? __pfx_mempool_kfree+0x10/0x10 [ 26.893490] ? __pfx_read_tsc+0x10/0x10 [ 26.893513] ? ktime_get_ts64+0x86/0x230 [ 26.893539] kunit_try_run_case+0x1a5/0x480 [ 26.893564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.893587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.893614] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.893639] ? __kthread_parkme+0x82/0x180 [ 26.893680] ? preempt_count_sub+0x50/0x80 [ 26.893705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.893729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.893753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.893777] kthread+0x337/0x6f0 [ 26.893798] ? trace_preempt_on+0x20/0xc0 [ 26.893823] ? __pfx_kthread+0x10/0x10 [ 26.893844] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.893868] ? calculate_sigpending+0x7b/0xa0 [ 26.893892] ? __pfx_kthread+0x10/0x10 [ 26.893914] ret_from_fork+0x116/0x1d0 [ 26.893935] ? __pfx_kthread+0x10/0x10 [ 26.893956] ret_from_fork_asm+0x1a/0x30 [ 26.893988] </TASK> [ 26.893999] [ 26.909286] Allocated by task 284: [ 26.909708] kasan_save_stack+0x45/0x70 [ 26.910127] kasan_save_track+0x18/0x40 [ 26.910528] kasan_save_alloc_info+0x3b/0x50 [ 26.910695] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.911183] remove_element+0x11e/0x190 [ 26.911543] mempool_alloc_preallocated+0x4d/0x90 [ 26.911915] mempool_double_free_helper+0x8a/0x370 [ 26.912187] mempool_kmalloc_double_free+0xed/0x140 [ 26.912347] kunit_try_run_case+0x1a5/0x480 [ 26.912491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.912699] kthread+0x337/0x6f0 [ 26.912820] ret_from_fork+0x116/0x1d0 [ 26.912949] ret_from_fork_asm+0x1a/0x30 [ 26.913106] [ 26.913182] Freed by task 284: [ 26.913291] kasan_save_stack+0x45/0x70 [ 26.913436] kasan_save_track+0x18/0x40 [ 26.913568] kasan_save_free_info+0x3f/0x60 [ 26.913712] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.913883] mempool_free+0x490/0x640 [ 26.914041] mempool_double_free_helper+0x109/0x370 [ 26.914384] mempool_kmalloc_double_free+0xed/0x140 [ 26.914855] kunit_try_run_case+0x1a5/0x480 [ 26.915316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.915789] kthread+0x337/0x6f0 [ 26.916094] ret_from_fork+0x116/0x1d0 [ 26.916519] ret_from_fork_asm+0x1a/0x30 [ 26.916928] [ 26.917089] The buggy address belongs to the object at ffff8881060a7100 [ 26.917089] which belongs to the cache kmalloc-128 of size 128 [ 26.918188] The buggy address is located 0 bytes inside of [ 26.918188] 128-byte region [ffff8881060a7100, ffff8881060a7180) [ 26.919342] [ 26.919498] The buggy address belongs to the physical page: [ 26.920057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 26.920757] flags: 0x200000000000000(node=0|zone=2) [ 26.920971] page_type: f5(slab) [ 26.921279] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.921978] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.922322] page dumped because: kasan: bad access detected [ 26.922813] [ 26.922878] Memory state around the buggy address: [ 26.923141] ffff8881060a7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.923834] ffff8881060a7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.924524] >ffff8881060a7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.924949] ^ [ 26.925070] ffff8881060a7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.925697] ffff8881060a7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.926357] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 26.864853] ================================================================== [ 26.865378] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.865945] Read of size 1 at addr ffff888106228000 by task kunit_try_catch/282 [ 26.866286] [ 26.866440] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.866499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.866548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.866572] Call Trace: [ 26.866587] <TASK> [ 26.866634] dump_stack_lvl+0x73/0xb0 [ 26.866693] print_report+0xd1/0x640 [ 26.866717] ? __virt_addr_valid+0x1db/0x2d0 [ 26.866756] ? mempool_uaf_helper+0x392/0x400 [ 26.866778] ? kasan_addr_to_slab+0x11/0xa0 [ 26.866800] ? mempool_uaf_helper+0x392/0x400 [ 26.866822] kasan_report+0x141/0x180 [ 26.866844] ? mempool_uaf_helper+0x392/0x400 [ 26.866871] __asan_report_load1_noabort+0x18/0x20 [ 26.866896] mempool_uaf_helper+0x392/0x400 [ 26.866919] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.866953] ? dequeue_entities+0x23f/0x1630 [ 26.866998] ? __kasan_check_write+0x18/0x20 [ 26.867033] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.867053] ? irqentry_exit+0x2a/0x60 [ 26.867086] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 26.867111] mempool_page_alloc_uaf+0xed/0x140 [ 26.867135] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.867172] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 26.867226] ? __pfx_mempool_free_pages+0x10/0x10 [ 26.867252] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.867278] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 26.867315] kunit_try_run_case+0x1a5/0x480 [ 26.867343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.867366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.867442] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.867468] ? __kthread_parkme+0x82/0x180 [ 26.867490] ? preempt_count_sub+0x50/0x80 [ 26.867515] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.867539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.867565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.867589] kthread+0x337/0x6f0 [ 26.867609] ? trace_preempt_on+0x20/0xc0 [ 26.867640] ? __pfx_kthread+0x10/0x10 [ 26.867661] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.867685] ? calculate_sigpending+0x7b/0xa0 [ 26.867710] ? __pfx_kthread+0x10/0x10 [ 26.867733] ret_from_fork+0x116/0x1d0 [ 26.867754] ? __pfx_kthread+0x10/0x10 [ 26.867775] ret_from_fork_asm+0x1a/0x30 [ 26.867808] </TASK> [ 26.867820] [ 26.881303] The buggy address belongs to the physical page: [ 26.881925] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106228 [ 26.882357] flags: 0x200000000000000(node=0|zone=2) [ 26.882683] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.883271] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.883643] page dumped because: kasan: bad access detected [ 26.884006] [ 26.884108] Memory state around the buggy address: [ 26.884535] ffff888106227f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.884883] ffff888106227f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.885412] >ffff888106228000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.885874] ^ [ 26.886103] ffff888106228080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.886872] ffff888106228100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.887284] ================================================================== [ 26.800328] ================================================================== [ 26.800948] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.801315] Read of size 1 at addr ffff8881060f0000 by task kunit_try_catch/278 [ 26.801857] [ 26.801982] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.802063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.802077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.802132] Call Trace: [ 26.802182] <TASK> [ 26.802205] dump_stack_lvl+0x73/0xb0 [ 26.802240] print_report+0xd1/0x640 [ 26.802275] ? __virt_addr_valid+0x1db/0x2d0 [ 26.802301] ? mempool_uaf_helper+0x392/0x400 [ 26.802324] ? kasan_addr_to_slab+0x11/0xa0 [ 26.802345] ? mempool_uaf_helper+0x392/0x400 [ 26.802453] kasan_report+0x141/0x180 [ 26.802481] ? mempool_uaf_helper+0x392/0x400 [ 26.802530] __asan_report_load1_noabort+0x18/0x20 [ 26.802556] mempool_uaf_helper+0x392/0x400 [ 26.802580] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.802602] ? update_load_avg+0x1be/0x21b0 [ 26.802650] ? finish_task_switch.isra.0+0x153/0x700 [ 26.802676] mempool_kmalloc_large_uaf+0xef/0x140 [ 26.802712] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 26.802739] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.802765] ? __pfx_mempool_kfree+0x10/0x10 [ 26.802800] ? __pfx_read_tsc+0x10/0x10 [ 26.802823] ? ktime_get_ts64+0x86/0x230 [ 26.802849] kunit_try_run_case+0x1a5/0x480 [ 26.802876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.802898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.802942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.802968] ? __kthread_parkme+0x82/0x180 [ 26.802988] ? preempt_count_sub+0x50/0x80 [ 26.803011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.803036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.803060] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.803084] kthread+0x337/0x6f0 [ 26.803104] ? trace_preempt_on+0x20/0xc0 [ 26.803129] ? __pfx_kthread+0x10/0x10 [ 26.803159] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.803183] ? calculate_sigpending+0x7b/0xa0 [ 26.803207] ? __pfx_kthread+0x10/0x10 [ 26.803229] ret_from_fork+0x116/0x1d0 [ 26.803250] ? __pfx_kthread+0x10/0x10 [ 26.803272] ret_from_fork_asm+0x1a/0x30 [ 26.803304] </TASK> [ 26.803317] [ 26.812658] The buggy address belongs to the physical page: [ 26.813009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060f0 [ 26.813473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.813855] flags: 0x200000000000040(head|node=0|zone=2) [ 26.814137] page_type: f8(unknown) [ 26.814332] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.814808] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.815156] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.815496] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.815836] head: 0200000000000002 ffffea0004183c01 00000000ffffffff 00000000ffffffff [ 26.816224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.816839] page dumped because: kasan: bad access detected [ 26.817064] [ 26.817167] Memory state around the buggy address: [ 26.817448] ffff8881060eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.817778] ffff8881060eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.818246] >ffff8881060f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.818656] ^ [ 26.818852] ffff8881060f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.819128] ffff8881060f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.819610] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 26.826001] ================================================================== [ 26.826627] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.827035] Read of size 1 at addr ffff8881060a7240 by task kunit_try_catch/280 [ 26.827433] [ 26.827559] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.827655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.827670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.827704] Call Trace: [ 26.827718] <TASK> [ 26.827739] dump_stack_lvl+0x73/0xb0 [ 26.827772] print_report+0xd1/0x640 [ 26.827825] ? __virt_addr_valid+0x1db/0x2d0 [ 26.827852] ? mempool_uaf_helper+0x392/0x400 [ 26.827874] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.827913] ? mempool_uaf_helper+0x392/0x400 [ 26.827952] kasan_report+0x141/0x180 [ 26.827975] ? mempool_uaf_helper+0x392/0x400 [ 26.828001] __asan_report_load1_noabort+0x18/0x20 [ 26.828026] mempool_uaf_helper+0x392/0x400 [ 26.828050] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.828104] ? finish_task_switch.isra.0+0x153/0x700 [ 26.828131] mempool_slab_uaf+0xea/0x140 [ 26.828170] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 26.828196] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.828224] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.828268] ? __pfx_read_tsc+0x10/0x10 [ 26.828300] ? ktime_get_ts64+0x86/0x230 [ 26.828325] kunit_try_run_case+0x1a5/0x480 [ 26.828547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.828581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.828610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.828636] ? __kthread_parkme+0x82/0x180 [ 26.828657] ? preempt_count_sub+0x50/0x80 [ 26.828681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.828707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.828732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.828757] kthread+0x337/0x6f0 [ 26.828778] ? trace_preempt_on+0x20/0xc0 [ 26.828803] ? __pfx_kthread+0x10/0x10 [ 26.828825] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.828849] ? calculate_sigpending+0x7b/0xa0 [ 26.828873] ? __pfx_kthread+0x10/0x10 [ 26.828894] ret_from_fork+0x116/0x1d0 [ 26.828915] ? __pfx_kthread+0x10/0x10 [ 26.828962] ret_from_fork_asm+0x1a/0x30 [ 26.828994] </TASK> [ 26.829007] [ 26.838225] Allocated by task 280: [ 26.838418] kasan_save_stack+0x45/0x70 [ 26.838761] kasan_save_track+0x18/0x40 [ 26.839000] kasan_save_alloc_info+0x3b/0x50 [ 26.839263] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.839542] remove_element+0x11e/0x190 [ 26.839753] mempool_alloc_preallocated+0x4d/0x90 [ 26.840036] mempool_uaf_helper+0x96/0x400 [ 26.840271] mempool_slab_uaf+0xea/0x140 [ 26.840661] kunit_try_run_case+0x1a5/0x480 [ 26.840904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.841183] kthread+0x337/0x6f0 [ 26.841354] ret_from_fork+0x116/0x1d0 [ 26.841506] ret_from_fork_asm+0x1a/0x30 [ 26.841678] [ 26.841772] Freed by task 280: [ 26.841921] kasan_save_stack+0x45/0x70 [ 26.842117] kasan_save_track+0x18/0x40 [ 26.842311] kasan_save_free_info+0x3f/0x60 [ 26.842472] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.842629] mempool_free+0x490/0x640 [ 26.842801] mempool_uaf_helper+0x11a/0x400 [ 26.843000] mempool_slab_uaf+0xea/0x140 [ 26.843337] kunit_try_run_case+0x1a5/0x480 [ 26.843653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.843909] kthread+0x337/0x6f0 [ 26.844089] ret_from_fork+0x116/0x1d0 [ 26.844228] ret_from_fork_asm+0x1a/0x30 [ 26.844509] [ 26.844608] The buggy address belongs to the object at ffff8881060a7240 [ 26.844608] which belongs to the cache test_cache of size 123 [ 26.845299] The buggy address is located 0 bytes inside of [ 26.845299] freed 123-byte region [ffff8881060a7240, ffff8881060a72bb) [ 26.845992] [ 26.846099] The buggy address belongs to the physical page: [ 26.846365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a7 [ 26.846713] flags: 0x200000000000000(node=0|zone=2) [ 26.846915] page_type: f5(slab) [ 26.847074] raw: 0200000000000000 ffff888101242dc0 dead000000000122 0000000000000000 [ 26.847455] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.847702] page dumped because: kasan: bad access detected [ 26.847930] [ 26.848018] Memory state around the buggy address: [ 26.848248] ffff8881060a7100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.848865] ffff8881060a7180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.849218] >ffff8881060a7200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 26.849664] ^ [ 26.849898] ffff8881060a7280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.850230] ffff8881060a7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.850678] ================================================================== [ 26.756311] ================================================================== [ 26.758052] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 26.758343] Read of size 1 at addr ffff888104964d00 by task kunit_try_catch/276 [ 26.758567] [ 26.758657] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.758713] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.758727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.758750] Call Trace: [ 26.758764] <TASK> [ 26.758784] dump_stack_lvl+0x73/0xb0 [ 26.758816] print_report+0xd1/0x640 [ 26.758840] ? __virt_addr_valid+0x1db/0x2d0 [ 26.758867] ? mempool_uaf_helper+0x392/0x400 [ 26.758889] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.758915] ? mempool_uaf_helper+0x392/0x400 [ 26.758994] kasan_report+0x141/0x180 [ 26.759022] ? mempool_uaf_helper+0x392/0x400 [ 26.759050] __asan_report_load1_noabort+0x18/0x20 [ 26.759075] mempool_uaf_helper+0x392/0x400 [ 26.759098] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 26.759286] ? dequeue_entities+0x23f/0x1630 [ 26.759455] ? __kasan_check_write+0x18/0x20 [ 26.759483] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.759506] ? finish_task_switch.isra.0+0x153/0x700 [ 26.759534] mempool_kmalloc_uaf+0xef/0x140 [ 26.759558] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 26.759584] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.759610] ? __pfx_mempool_kfree+0x10/0x10 [ 26.759640] ? __pfx_read_tsc+0x10/0x10 [ 26.759664] ? ktime_get_ts64+0x86/0x230 [ 26.759690] kunit_try_run_case+0x1a5/0x480 [ 26.759718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.759768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.759794] ? __kthread_parkme+0x82/0x180 [ 26.759814] ? preempt_count_sub+0x50/0x80 [ 26.759837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.759861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.759885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.759908] kthread+0x337/0x6f0 [ 26.759929] ? trace_preempt_on+0x20/0xc0 [ 26.760273] ? __pfx_kthread+0x10/0x10 [ 26.760298] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.760323] ? calculate_sigpending+0x7b/0xa0 [ 26.760348] ? __pfx_kthread+0x10/0x10 [ 26.760621] ret_from_fork+0x116/0x1d0 [ 26.760656] ? __pfx_kthread+0x10/0x10 [ 26.760681] ret_from_fork_asm+0x1a/0x30 [ 26.760714] </TASK> [ 26.760726] [ 26.778483] Allocated by task 276: [ 26.778711] kasan_save_stack+0x45/0x70 [ 26.778866] kasan_save_track+0x18/0x40 [ 26.779020] kasan_save_alloc_info+0x3b/0x50 [ 26.779405] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.779960] remove_element+0x11e/0x190 [ 26.780330] mempool_alloc_preallocated+0x4d/0x90 [ 26.780800] mempool_uaf_helper+0x96/0x400 [ 26.781249] mempool_kmalloc_uaf+0xef/0x140 [ 26.781611] kunit_try_run_case+0x1a5/0x480 [ 26.781921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.782278] kthread+0x337/0x6f0 [ 26.782395] ret_from_fork+0x116/0x1d0 [ 26.782736] ret_from_fork_asm+0x1a/0x30 [ 26.783161] [ 26.783332] Freed by task 276: [ 26.783711] kasan_save_stack+0x45/0x70 [ 26.784091] kasan_save_track+0x18/0x40 [ 26.784535] kasan_save_free_info+0x3f/0x60 [ 26.784720] __kasan_mempool_poison_object+0x131/0x1d0 [ 26.784883] mempool_free+0x490/0x640 [ 26.785031] mempool_uaf_helper+0x11a/0x400 [ 26.785179] mempool_kmalloc_uaf+0xef/0x140 [ 26.785317] kunit_try_run_case+0x1a5/0x480 [ 26.785653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.786166] kthread+0x337/0x6f0 [ 26.786454] ret_from_fork+0x116/0x1d0 [ 26.786885] ret_from_fork_asm+0x1a/0x30 [ 26.787270] [ 26.787430] The buggy address belongs to the object at ffff888104964d00 [ 26.787430] which belongs to the cache kmalloc-128 of size 128 [ 26.788225] The buggy address is located 0 bytes inside of [ 26.788225] freed 128-byte region [ffff888104964d00, ffff888104964d80) [ 26.788563] [ 26.788632] The buggy address belongs to the physical page: [ 26.788805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 26.789733] flags: 0x200000000000000(node=0|zone=2) [ 26.790230] page_type: f5(slab) [ 26.790555] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.791480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.792216] page dumped because: kasan: bad access detected [ 26.792736] [ 26.792945] Memory state around the buggy address: [ 26.793384] ffff888104964c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.794206] ffff888104964c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.794853] >ffff888104964d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.795264] ^ [ 26.795558] ffff888104964d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.796284] ffff888104964e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.796816] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 26.698198] ================================================================== [ 26.698667] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.699027] Read of size 1 at addr ffff888106146001 by task kunit_try_catch/272 [ 26.699288] [ 26.699382] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.699435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.699449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.699473] Call Trace: [ 26.699486] <TASK> [ 26.699506] dump_stack_lvl+0x73/0xb0 [ 26.699537] print_report+0xd1/0x640 [ 26.699562] ? __virt_addr_valid+0x1db/0x2d0 [ 26.699587] ? mempool_oob_right_helper+0x318/0x380 [ 26.699611] ? kasan_addr_to_slab+0x11/0xa0 [ 26.699639] ? mempool_oob_right_helper+0x318/0x380 [ 26.699663] kasan_report+0x141/0x180 [ 26.699687] ? mempool_oob_right_helper+0x318/0x380 [ 26.699714] __asan_report_load1_noabort+0x18/0x20 [ 26.699739] mempool_oob_right_helper+0x318/0x380 [ 26.699764] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.699789] ? dequeue_entities+0x23f/0x1630 [ 26.699815] ? __kasan_check_write+0x18/0x20 [ 26.699839] ? __pfx_sched_clock_cpu+0x10/0x10 [ 26.699860] ? finish_task_switch.isra.0+0x153/0x700 [ 26.699887] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 26.699912] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 26.700004] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.700038] ? __pfx_mempool_kfree+0x10/0x10 [ 26.700066] ? __pfx_read_tsc+0x10/0x10 [ 26.700090] ? ktime_get_ts64+0x86/0x230 [ 26.700115] kunit_try_run_case+0x1a5/0x480 [ 26.700142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.700178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.700206] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.700231] ? __kthread_parkme+0x82/0x180 [ 26.700252] ? preempt_count_sub+0x50/0x80 [ 26.700276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.700300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.700325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.700350] kthread+0x337/0x6f0 [ 26.700425] ? trace_preempt_on+0x20/0xc0 [ 26.700456] ? __pfx_kthread+0x10/0x10 [ 26.700478] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.700503] ? calculate_sigpending+0x7b/0xa0 [ 26.700527] ? __pfx_kthread+0x10/0x10 [ 26.700550] ret_from_fork+0x116/0x1d0 [ 26.700572] ? __pfx_kthread+0x10/0x10 [ 26.700592] ret_from_fork_asm+0x1a/0x30 [ 26.700625] </TASK> [ 26.700637] [ 26.709198] The buggy address belongs to the physical page: [ 26.709518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106144 [ 26.709801] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.710282] flags: 0x200000000000040(head|node=0|zone=2) [ 26.710972] page_type: f8(unknown) [ 26.711163] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.711569] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.711866] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.712232] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.712583] head: 0200000000000002 ffffea0004185101 00000000ffffffff 00000000ffffffff [ 26.712849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.713316] page dumped because: kasan: bad access detected [ 26.713537] [ 26.713678] Memory state around the buggy address: [ 26.713876] ffff888106145f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.714236] ffff888106145f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.714564] >ffff888106146000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.714832] ^ [ 26.714992] ffff888106146080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.715292] ffff888106146100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.715725] ================================================================== [ 26.722058] ================================================================== [ 26.722572] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.722907] Read of size 1 at addr ffff8881060a62bb by task kunit_try_catch/274 [ 26.723198] [ 26.723297] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.723352] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.723366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.723390] Call Trace: [ 26.723403] <TASK> [ 26.723423] dump_stack_lvl+0x73/0xb0 [ 26.723456] print_report+0xd1/0x640 [ 26.723481] ? __virt_addr_valid+0x1db/0x2d0 [ 26.723518] ? mempool_oob_right_helper+0x318/0x380 [ 26.723541] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.723568] ? mempool_oob_right_helper+0x318/0x380 [ 26.723591] kasan_report+0x141/0x180 [ 26.723614] ? mempool_oob_right_helper+0x318/0x380 [ 26.723647] __asan_report_load1_noabort+0x18/0x20 [ 26.723672] mempool_oob_right_helper+0x318/0x380 [ 26.723697] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.723724] ? finish_task_switch.isra.0+0x153/0x700 [ 26.723750] mempool_slab_oob_right+0xed/0x140 [ 26.723774] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 26.723800] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 26.723827] ? __pfx_mempool_free_slab+0x10/0x10 [ 26.723853] ? __pfx_read_tsc+0x10/0x10 [ 26.723876] ? ktime_get_ts64+0x86/0x230 [ 26.723903] kunit_try_run_case+0x1a5/0x480 [ 26.723930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.723953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.723991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.724016] ? __kthread_parkme+0x82/0x180 [ 26.724037] ? preempt_count_sub+0x50/0x80 [ 26.724060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.724085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.724109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.724132] kthread+0x337/0x6f0 [ 26.724164] ? trace_preempt_on+0x20/0xc0 [ 26.724190] ? __pfx_kthread+0x10/0x10 [ 26.724210] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.724234] ? calculate_sigpending+0x7b/0xa0 [ 26.724260] ? __pfx_kthread+0x10/0x10 [ 26.724282] ret_from_fork+0x116/0x1d0 [ 26.724301] ? __pfx_kthread+0x10/0x10 [ 26.724322] ret_from_fork_asm+0x1a/0x30 [ 26.724355] </TASK> [ 26.724367] [ 26.732762] Allocated by task 274: [ 26.732909] kasan_save_stack+0x45/0x70 [ 26.733128] kasan_save_track+0x18/0x40 [ 26.733305] kasan_save_alloc_info+0x3b/0x50 [ 26.733494] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 26.733716] remove_element+0x11e/0x190 [ 26.733889] mempool_alloc_preallocated+0x4d/0x90 [ 26.734046] mempool_oob_right_helper+0x8a/0x380 [ 26.734208] mempool_slab_oob_right+0xed/0x140 [ 26.734382] kunit_try_run_case+0x1a5/0x480 [ 26.734581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.734830] kthread+0x337/0x6f0 [ 26.734995] ret_from_fork+0x116/0x1d0 [ 26.735143] ret_from_fork_asm+0x1a/0x30 [ 26.735355] [ 26.735552] The buggy address belongs to the object at ffff8881060a6240 [ 26.735552] which belongs to the cache test_cache of size 123 [ 26.736234] The buggy address is located 0 bytes to the right of [ 26.736234] allocated 123-byte region [ffff8881060a6240, ffff8881060a62bb) [ 26.736880] [ 26.737024] The buggy address belongs to the physical page: [ 26.737240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a6 [ 26.737675] flags: 0x200000000000000(node=0|zone=2) [ 26.737884] page_type: f5(slab) [ 26.738127] raw: 0200000000000000 ffff888101242c80 dead000000000122 0000000000000000 [ 26.738511] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 26.738798] page dumped because: kasan: bad access detected [ 26.739059] [ 26.739158] Memory state around the buggy address: [ 26.739356] ffff8881060a6180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.739639] ffff8881060a6200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 26.739920] >ffff8881060a6280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 26.740287] ^ [ 26.740732] ffff8881060a6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.741027] ffff8881060a6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.741320] ================================================================== [ 26.669553] ================================================================== [ 26.669984] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 26.670730] Read of size 1 at addr ffff888104964973 by task kunit_try_catch/270 [ 26.671023] [ 26.671118] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.671190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.671204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.671228] Call Trace: [ 26.671243] <TASK> [ 26.671264] dump_stack_lvl+0x73/0xb0 [ 26.671300] print_report+0xd1/0x640 [ 26.671325] ? __virt_addr_valid+0x1db/0x2d0 [ 26.671353] ? mempool_oob_right_helper+0x318/0x380 [ 26.671762] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.671804] ? mempool_oob_right_helper+0x318/0x380 [ 26.671829] kasan_report+0x141/0x180 [ 26.671853] ? mempool_oob_right_helper+0x318/0x380 [ 26.671883] __asan_report_load1_noabort+0x18/0x20 [ 26.671909] mempool_oob_right_helper+0x318/0x380 [ 26.671934] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 26.671974] ? ret_from_fork+0x116/0x1d0 [ 26.671994] ? kthread+0x337/0x6f0 [ 26.672017] ? ret_from_fork_asm+0x1a/0x30 [ 26.672046] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.672070] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 26.672097] ? __pfx_mempool_kmalloc+0x10/0x10 [ 26.672125] ? __pfx_mempool_kfree+0x10/0x10 [ 26.672163] ? __pfx_read_tsc+0x10/0x10 [ 26.672186] ? ktime_get_ts64+0x86/0x230 [ 26.672212] kunit_try_run_case+0x1a5/0x480 [ 26.672241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.672264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.672292] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.672317] ? __kthread_parkme+0x82/0x180 [ 26.672337] ? preempt_count_sub+0x50/0x80 [ 26.672362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.672445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.672470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.672494] kthread+0x337/0x6f0 [ 26.672514] ? trace_preempt_on+0x20/0xc0 [ 26.672540] ? __pfx_kthread+0x10/0x10 [ 26.672561] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.672586] ? calculate_sigpending+0x7b/0xa0 [ 26.672612] ? __pfx_kthread+0x10/0x10 [ 26.672634] ret_from_fork+0x116/0x1d0 [ 26.672653] ? __pfx_kthread+0x10/0x10 [ 26.672675] ret_from_fork_asm+0x1a/0x30 [ 26.672705] </TASK> [ 26.672718] [ 26.684465] Allocated by task 270: [ 26.684613] kasan_save_stack+0x45/0x70 [ 26.684782] kasan_save_track+0x18/0x40 [ 26.684994] kasan_save_alloc_info+0x3b/0x50 [ 26.685211] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 26.685437] remove_element+0x11e/0x190 [ 26.685617] mempool_alloc_preallocated+0x4d/0x90 [ 26.685847] mempool_oob_right_helper+0x8a/0x380 [ 26.686093] mempool_kmalloc_oob_right+0xf2/0x150 [ 26.686303] kunit_try_run_case+0x1a5/0x480 [ 26.686797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.687052] kthread+0x337/0x6f0 [ 26.687188] ret_from_fork+0x116/0x1d0 [ 26.687324] ret_from_fork_asm+0x1a/0x30 [ 26.687592] [ 26.687700] The buggy address belongs to the object at ffff888104964900 [ 26.687700] which belongs to the cache kmalloc-128 of size 128 [ 26.688283] The buggy address is located 0 bytes to the right of [ 26.688283] allocated 115-byte region [ffff888104964900, ffff888104964973) [ 26.688892] [ 26.688986] The buggy address belongs to the physical page: [ 26.689188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 26.689491] flags: 0x200000000000000(node=0|zone=2) [ 26.689697] page_type: f5(slab) [ 26.689833] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.690133] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.690555] page dumped because: kasan: bad access detected [ 26.690810] [ 26.690901] Memory state around the buggy address: [ 26.691114] ffff888104964800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.691630] ffff888104964880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.691930] >ffff888104964900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.692257] ^ [ 26.692593] ffff888104964980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.692865] ffff888104964a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.693184] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 26.074602] ================================================================== [ 26.075163] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 26.075558] Read of size 1 at addr ffff888101dc6500 by task kunit_try_catch/264 [ 26.076632] [ 26.076873] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.076948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.077138] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.077176] Call Trace: [ 26.077191] <TASK> [ 26.077234] dump_stack_lvl+0x73/0xb0 [ 26.077280] print_report+0xd1/0x640 [ 26.077305] ? __virt_addr_valid+0x1db/0x2d0 [ 26.077460] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.077488] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.077514] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.077538] kasan_report+0x141/0x180 [ 26.077561] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.077588] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.077612] __kasan_check_byte+0x3d/0x50 [ 26.077634] kmem_cache_destroy+0x25/0x1d0 [ 26.077663] kmem_cache_double_destroy+0x1bf/0x380 [ 26.077687] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 26.077710] ? finish_task_switch.isra.0+0x153/0x700 [ 26.077734] ? __switch_to+0x47/0xf80 [ 26.077763] ? __pfx_read_tsc+0x10/0x10 [ 26.077786] ? ktime_get_ts64+0x86/0x230 [ 26.077812] kunit_try_run_case+0x1a5/0x480 [ 26.077839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.077860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.077888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.077914] ? __kthread_parkme+0x82/0x180 [ 26.077934] ? preempt_count_sub+0x50/0x80 [ 26.077965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.077988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.078013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.078038] kthread+0x337/0x6f0 [ 26.078058] ? trace_preempt_on+0x20/0xc0 [ 26.078083] ? __pfx_kthread+0x10/0x10 [ 26.078104] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.078127] ? calculate_sigpending+0x7b/0xa0 [ 26.078163] ? __pfx_kthread+0x10/0x10 [ 26.078185] ret_from_fork+0x116/0x1d0 [ 26.078205] ? __pfx_kthread+0x10/0x10 [ 26.078225] ret_from_fork_asm+0x1a/0x30 [ 26.078257] </TASK> [ 26.078269] [ 26.094045] Allocated by task 264: [ 26.094411] kasan_save_stack+0x45/0x70 [ 26.094900] kasan_save_track+0x18/0x40 [ 26.095324] kasan_save_alloc_info+0x3b/0x50 [ 26.095718] __kasan_slab_alloc+0x91/0xa0 [ 26.095863] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.096345] __kmem_cache_create_args+0x169/0x240 [ 26.096890] kmem_cache_double_destroy+0xd5/0x380 [ 26.097116] kunit_try_run_case+0x1a5/0x480 [ 26.097271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.097437] kthread+0x337/0x6f0 [ 26.097548] ret_from_fork+0x116/0x1d0 [ 26.097673] ret_from_fork_asm+0x1a/0x30 [ 26.098186] [ 26.098340] Freed by task 264: [ 26.098802] kasan_save_stack+0x45/0x70 [ 26.099254] kasan_save_track+0x18/0x40 [ 26.099754] kasan_save_free_info+0x3f/0x60 [ 26.100218] __kasan_slab_free+0x56/0x70 [ 26.100703] kmem_cache_free+0x249/0x420 [ 26.101127] slab_kmem_cache_release+0x2e/0x40 [ 26.101663] kmem_cache_release+0x16/0x20 [ 26.102123] kobject_put+0x181/0x450 [ 26.102395] sysfs_slab_release+0x16/0x20 [ 26.102815] kmem_cache_destroy+0xf0/0x1d0 [ 26.103204] kmem_cache_double_destroy+0x14e/0x380 [ 26.103388] kunit_try_run_case+0x1a5/0x480 [ 26.103527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.103746] kthread+0x337/0x6f0 [ 26.104183] ret_from_fork+0x116/0x1d0 [ 26.104660] ret_from_fork_asm+0x1a/0x30 [ 26.105082] [ 26.105291] The buggy address belongs to the object at ffff888101dc6500 [ 26.105291] which belongs to the cache kmem_cache of size 208 [ 26.106613] The buggy address is located 0 bytes inside of [ 26.106613] freed 208-byte region [ffff888101dc6500, ffff888101dc65d0) [ 26.106983] [ 26.107254] The buggy address belongs to the physical page: [ 26.107818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101dc6 [ 26.108812] flags: 0x200000000000000(node=0|zone=2) [ 26.109419] page_type: f5(slab) [ 26.109554] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 26.109773] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 26.110107] page dumped because: kasan: bad access detected [ 26.110808] [ 26.111042] Memory state around the buggy address: [ 26.111553] ffff888101dc6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.112326] ffff888101dc6480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.113086] >ffff888101dc6500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.113593] ^ [ 26.113716] ffff888101dc6580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 26.113923] ffff888101dc6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.114761] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 26.015538] ================================================================== [ 26.016038] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.016614] Read of size 1 at addr ffff8881060a0000 by task kunit_try_catch/262 [ 26.016881] [ 26.016971] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 26.017026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.017038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.017062] Call Trace: [ 26.017076] <TASK> [ 26.017096] dump_stack_lvl+0x73/0xb0 [ 26.017128] print_report+0xd1/0x640 [ 26.017162] ? __virt_addr_valid+0x1db/0x2d0 [ 26.017213] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.017237] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.017264] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.017303] kasan_report+0x141/0x180 [ 26.017325] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.017367] __asan_report_load1_noabort+0x18/0x20 [ 26.017417] kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.017441] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 26.017464] ? finish_task_switch.isra.0+0x153/0x700 [ 26.017488] ? __switch_to+0x47/0xf80 [ 26.017519] ? __pfx_read_tsc+0x10/0x10 [ 26.017541] ? ktime_get_ts64+0x86/0x230 [ 26.017569] kunit_try_run_case+0x1a5/0x480 [ 26.017596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.017619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.017646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.017670] ? __kthread_parkme+0x82/0x180 [ 26.017692] ? preempt_count_sub+0x50/0x80 [ 26.017715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.017739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.017763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.017786] kthread+0x337/0x6f0 [ 26.017807] ? trace_preempt_on+0x20/0xc0 [ 26.017832] ? __pfx_kthread+0x10/0x10 [ 26.017853] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.017876] ? calculate_sigpending+0x7b/0xa0 [ 26.017901] ? __pfx_kthread+0x10/0x10 [ 26.017924] ret_from_fork+0x116/0x1d0 [ 26.017944] ? __pfx_kthread+0x10/0x10 [ 26.017983] ret_from_fork_asm+0x1a/0x30 [ 26.018016] </TASK> [ 26.018028] [ 26.027866] Allocated by task 262: [ 26.027995] kasan_save_stack+0x45/0x70 [ 26.028323] kasan_save_track+0x18/0x40 [ 26.028609] kasan_save_alloc_info+0x3b/0x50 [ 26.028778] __kasan_slab_alloc+0x91/0xa0 [ 26.028913] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.029267] kmem_cache_rcu_uaf+0x155/0x510 [ 26.029503] kunit_try_run_case+0x1a5/0x480 [ 26.029849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.030557] kthread+0x337/0x6f0 [ 26.030749] ret_from_fork+0x116/0x1d0 [ 26.030917] ret_from_fork_asm+0x1a/0x30 [ 26.031594] [ 26.031689] Freed by task 0: [ 26.031798] kasan_save_stack+0x45/0x70 [ 26.031954] kasan_save_track+0x18/0x40 [ 26.032275] kasan_save_free_info+0x3f/0x60 [ 26.032856] __kasan_slab_free+0x56/0x70 [ 26.033031] slab_free_after_rcu_debug+0xe4/0x310 [ 26.033344] rcu_core+0x66f/0x1c40 [ 26.033611] rcu_core_si+0x12/0x20 [ 26.033774] handle_softirqs+0x209/0x730 [ 26.033939] __irq_exit_rcu+0xc9/0x110 [ 26.034354] irq_exit_rcu+0x12/0x20 [ 26.034746] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.034924] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.035335] [ 26.035695] Last potentially related work creation: [ 26.035918] kasan_save_stack+0x45/0x70 [ 26.036088] kasan_record_aux_stack+0xb2/0xc0 [ 26.036293] kmem_cache_free+0x131/0x420 [ 26.036507] kmem_cache_rcu_uaf+0x194/0x510 [ 26.036719] kunit_try_run_case+0x1a5/0x480 [ 26.036912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.037630] kthread+0x337/0x6f0 [ 26.037773] ret_from_fork+0x116/0x1d0 [ 26.038114] ret_from_fork_asm+0x1a/0x30 [ 26.038585] [ 26.038681] The buggy address belongs to the object at ffff8881060a0000 [ 26.038681] which belongs to the cache test_cache of size 200 [ 26.039474] The buggy address is located 0 bytes inside of [ 26.039474] freed 200-byte region [ffff8881060a0000, ffff8881060a00c8) [ 26.039991] [ 26.040077] The buggy address belongs to the physical page: [ 26.040326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060a0 [ 26.040678] flags: 0x200000000000000(node=0|zone=2) [ 26.040896] page_type: f5(slab) [ 26.041524] raw: 0200000000000000 ffff888101242a00 dead000000000122 0000000000000000 [ 26.041808] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.042394] page dumped because: kasan: bad access detected [ 26.042735] [ 26.042834] Memory state around the buggy address: [ 26.043027] ffff88810609ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.043542] ffff88810609ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.043854] >ffff8881060a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.044357] ^ [ 26.044547] ffff8881060a0080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.045056] ffff8881060a0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.045569] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 25.948791] ================================================================== [ 25.950069] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 25.951109] Free of addr ffff888106118001 by task kunit_try_catch/260 [ 25.951463] [ 25.951586] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.951653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.951668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.951692] Call Trace: [ 25.951708] <TASK> [ 25.951730] dump_stack_lvl+0x73/0xb0 [ 25.951766] print_report+0xd1/0x640 [ 25.951792] ? __virt_addr_valid+0x1db/0x2d0 [ 25.951819] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.951845] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.951870] kasan_report_invalid_free+0x10a/0x130 [ 25.951893] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.951919] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.951944] check_slab_allocation+0x11f/0x130 [ 25.951966] __kasan_slab_pre_free+0x28/0x40 [ 25.951987] kmem_cache_free+0xed/0x420 [ 25.952007] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.952033] ? kmem_cache_invalid_free+0x1d8/0x460 [ 25.952059] kmem_cache_invalid_free+0x1d8/0x460 [ 25.952083] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 25.952107] ? finish_task_switch.isra.0+0x153/0x700 [ 25.952129] ? __switch_to+0x47/0xf80 [ 25.952181] ? __pfx_read_tsc+0x10/0x10 [ 25.952203] ? ktime_get_ts64+0x86/0x230 [ 25.952241] kunit_try_run_case+0x1a5/0x480 [ 25.952268] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.952290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.952316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.952341] ? __kthread_parkme+0x82/0x180 [ 25.952361] ? preempt_count_sub+0x50/0x80 [ 25.952384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.952416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.952516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.952541] kthread+0x337/0x6f0 [ 25.952564] ? trace_preempt_on+0x20/0xc0 [ 25.952596] ? __pfx_kthread+0x10/0x10 [ 25.952619] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.952644] ? calculate_sigpending+0x7b/0xa0 [ 25.952669] ? __pfx_kthread+0x10/0x10 [ 25.952691] ret_from_fork+0x116/0x1d0 [ 25.952711] ? __pfx_kthread+0x10/0x10 [ 25.952732] ret_from_fork_asm+0x1a/0x30 [ 25.952763] </TASK> [ 25.952775] [ 25.965405] Allocated by task 260: [ 25.965761] kasan_save_stack+0x45/0x70 [ 25.966117] kasan_save_track+0x18/0x40 [ 25.966578] kasan_save_alloc_info+0x3b/0x50 [ 25.967040] __kasan_slab_alloc+0x91/0xa0 [ 25.967467] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.967872] kmem_cache_invalid_free+0x157/0x460 [ 25.968036] kunit_try_run_case+0x1a5/0x480 [ 25.968189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.968362] kthread+0x337/0x6f0 [ 25.969062] ret_from_fork+0x116/0x1d0 [ 25.969488] ret_from_fork_asm+0x1a/0x30 [ 25.969885] [ 25.970066] The buggy address belongs to the object at ffff888106118000 [ 25.970066] which belongs to the cache test_cache of size 200 [ 25.971164] The buggy address is located 1 bytes inside of [ 25.971164] 200-byte region [ffff888106118000, ffff8881061180c8) [ 25.971911] [ 25.971984] The buggy address belongs to the physical page: [ 25.972232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106118 [ 25.972962] flags: 0x200000000000000(node=0|zone=2) [ 25.973624] page_type: f5(slab) [ 25.973942] raw: 0200000000000000 ffff888101dc63c0 dead000000000122 0000000000000000 [ 25.974691] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.975091] page dumped because: kasan: bad access detected [ 25.975271] [ 25.975338] Memory state around the buggy address: [ 25.975699] ffff888106117f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.976361] ffff888106117f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.977039] >ffff888106118000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.977727] ^ [ 25.978079] ffff888106118080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.978368] ffff888106118100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.979232] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 25.901002] ================================================================== [ 25.901453] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 25.902345] Free of addr ffff88810609e000 by task kunit_try_catch/258 [ 25.902634] [ 25.902774] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.902829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.902842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.902864] Call Trace: [ 25.902879] <TASK> [ 25.902897] dump_stack_lvl+0x73/0xb0 [ 25.902932] print_report+0xd1/0x640 [ 25.903303] ? __virt_addr_valid+0x1db/0x2d0 [ 25.903338] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.903364] ? kmem_cache_double_free+0x1e5/0x480 [ 25.903390] kasan_report_invalid_free+0x10a/0x130 [ 25.903415] ? kmem_cache_double_free+0x1e5/0x480 [ 25.903441] ? kmem_cache_double_free+0x1e5/0x480 [ 25.903464] check_slab_allocation+0x101/0x130 [ 25.903486] __kasan_slab_pre_free+0x28/0x40 [ 25.903506] kmem_cache_free+0xed/0x420 [ 25.903527] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.903552] ? kmem_cache_double_free+0x1e5/0x480 [ 25.903578] kmem_cache_double_free+0x1e5/0x480 [ 25.903602] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 25.903631] ? finish_task_switch.isra.0+0x153/0x700 [ 25.903654] ? __switch_to+0x47/0xf80 [ 25.903684] ? __pfx_read_tsc+0x10/0x10 [ 25.903706] ? ktime_get_ts64+0x86/0x230 [ 25.903732] kunit_try_run_case+0x1a5/0x480 [ 25.903759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.903781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.903807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.903832] ? __kthread_parkme+0x82/0x180 [ 25.903853] ? preempt_count_sub+0x50/0x80 [ 25.903876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.903899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.903923] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.903945] kthread+0x337/0x6f0 [ 25.903965] ? trace_preempt_on+0x20/0xc0 [ 25.903990] ? __pfx_kthread+0x10/0x10 [ 25.904011] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.904034] ? calculate_sigpending+0x7b/0xa0 [ 25.904058] ? __pfx_kthread+0x10/0x10 [ 25.904079] ret_from_fork+0x116/0x1d0 [ 25.904099] ? __pfx_kthread+0x10/0x10 [ 25.904119] ret_from_fork_asm+0x1a/0x30 [ 25.904160] </TASK> [ 25.904172] [ 25.918115] Allocated by task 258: [ 25.918337] kasan_save_stack+0x45/0x70 [ 25.918715] kasan_save_track+0x18/0x40 [ 25.918898] kasan_save_alloc_info+0x3b/0x50 [ 25.919367] __kasan_slab_alloc+0x91/0xa0 [ 25.919716] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.920044] kmem_cache_double_free+0x14f/0x480 [ 25.920356] kunit_try_run_case+0x1a5/0x480 [ 25.920748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.921171] kthread+0x337/0x6f0 [ 25.921477] ret_from_fork+0x116/0x1d0 [ 25.921770] ret_from_fork_asm+0x1a/0x30 [ 25.922311] [ 25.922601] Freed by task 258: [ 25.922935] kasan_save_stack+0x45/0x70 [ 25.923080] kasan_save_track+0x18/0x40 [ 25.923226] kasan_save_free_info+0x3f/0x60 [ 25.923363] __kasan_slab_free+0x56/0x70 [ 25.924132] kmem_cache_free+0x249/0x420 [ 25.924714] kmem_cache_double_free+0x16a/0x480 [ 25.925216] kunit_try_run_case+0x1a5/0x480 [ 25.925683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.926104] kthread+0x337/0x6f0 [ 25.926234] ret_from_fork+0x116/0x1d0 [ 25.926359] ret_from_fork_asm+0x1a/0x30 [ 25.926830] [ 25.927003] The buggy address belongs to the object at ffff88810609e000 [ 25.927003] which belongs to the cache test_cache of size 200 [ 25.928081] The buggy address is located 0 bytes inside of [ 25.928081] 200-byte region [ffff88810609e000, ffff88810609e0c8) [ 25.928854] [ 25.928934] The buggy address belongs to the physical page: [ 25.929470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10609e [ 25.930255] flags: 0x200000000000000(node=0|zone=2) [ 25.930592] page_type: f5(slab) [ 25.930718] raw: 0200000000000000 ffff8881012428c0 dead000000000122 0000000000000000 [ 25.930935] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.931701] page dumped because: kasan: bad access detected [ 25.932296] [ 25.932481] Memory state around the buggy address: [ 25.932955] ffff88810609df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.933689] ffff88810609df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.933910] >ffff88810609e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.934141] ^ [ 25.934264] ffff88810609e080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 25.934742] ffff88810609e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.935433] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 25.855277] ================================================================== [ 25.856068] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 25.856534] Read of size 1 at addr ffff88810609c0c8 by task kunit_try_catch/256 [ 25.856753] [ 25.856864] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.856917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.856930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.857053] Call Trace: [ 25.857071] <TASK> [ 25.857092] dump_stack_lvl+0x73/0xb0 [ 25.857125] print_report+0xd1/0x640 [ 25.857190] ? __virt_addr_valid+0x1db/0x2d0 [ 25.857247] ? kmem_cache_oob+0x402/0x530 [ 25.857270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.857317] ? kmem_cache_oob+0x402/0x530 [ 25.857340] kasan_report+0x141/0x180 [ 25.857363] ? kmem_cache_oob+0x402/0x530 [ 25.857444] __asan_report_load1_noabort+0x18/0x20 [ 25.857471] kmem_cache_oob+0x402/0x530 [ 25.857492] ? trace_hardirqs_on+0x37/0xe0 [ 25.857518] ? __pfx_kmem_cache_oob+0x10/0x10 [ 25.857540] ? finish_task_switch.isra.0+0x153/0x700 [ 25.857583] ? __switch_to+0x47/0xf80 [ 25.857613] ? __pfx_read_tsc+0x10/0x10 [ 25.857649] ? ktime_get_ts64+0x86/0x230 [ 25.857675] kunit_try_run_case+0x1a5/0x480 [ 25.857702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.857734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.857761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.857797] ? __kthread_parkme+0x82/0x180 [ 25.857818] ? preempt_count_sub+0x50/0x80 [ 25.857840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.857864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.857887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.857910] kthread+0x337/0x6f0 [ 25.857931] ? trace_preempt_on+0x20/0xc0 [ 25.857962] ? __pfx_kthread+0x10/0x10 [ 25.857983] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.858006] ? calculate_sigpending+0x7b/0xa0 [ 25.858031] ? __pfx_kthread+0x10/0x10 [ 25.858052] ret_from_fork+0x116/0x1d0 [ 25.858072] ? __pfx_kthread+0x10/0x10 [ 25.858092] ret_from_fork_asm+0x1a/0x30 [ 25.858124] </TASK> [ 25.858135] [ 25.868135] Allocated by task 256: [ 25.868454] kasan_save_stack+0x45/0x70 [ 25.868820] kasan_save_track+0x18/0x40 [ 25.868979] kasan_save_alloc_info+0x3b/0x50 [ 25.869118] __kasan_slab_alloc+0x91/0xa0 [ 25.869439] kmem_cache_alloc_noprof+0x123/0x3f0 [ 25.869673] kmem_cache_oob+0x157/0x530 [ 25.870031] kunit_try_run_case+0x1a5/0x480 [ 25.870298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.870571] kthread+0x337/0x6f0 [ 25.871027] ret_from_fork+0x116/0x1d0 [ 25.871182] ret_from_fork_asm+0x1a/0x30 [ 25.871490] [ 25.871731] The buggy address belongs to the object at ffff88810609c000 [ 25.871731] which belongs to the cache test_cache of size 200 [ 25.872330] The buggy address is located 0 bytes to the right of [ 25.872330] allocated 200-byte region [ffff88810609c000, ffff88810609c0c8) [ 25.872966] [ 25.873205] The buggy address belongs to the physical page: [ 25.873418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10609c [ 25.873735] flags: 0x200000000000000(node=0|zone=2) [ 25.873980] page_type: f5(slab) [ 25.874297] raw: 0200000000000000 ffff888101242780 dead000000000122 0000000000000000 [ 25.874816] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 25.875191] page dumped because: kasan: bad access detected [ 25.875562] [ 25.875722] Memory state around the buggy address: [ 25.876237] ffff88810609bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.876621] ffff88810609c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.876969] >ffff88810609c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.877287] ^ [ 25.877672] ffff88810609c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.878056] ffff88810609c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.878367] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 25.811447] ================================================================== [ 25.812532] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 25.812777] Read of size 8 at addr ffff888106110ac0 by task kunit_try_catch/249 [ 25.813020] [ 25.813110] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.813172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.813229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.813252] Call Trace: [ 25.813290] <TASK> [ 25.813350] dump_stack_lvl+0x73/0xb0 [ 25.813383] print_report+0xd1/0x640 [ 25.813419] ? __virt_addr_valid+0x1db/0x2d0 [ 25.813445] ? workqueue_uaf+0x4d6/0x560 [ 25.813466] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.813492] ? workqueue_uaf+0x4d6/0x560 [ 25.813513] kasan_report+0x141/0x180 [ 25.813534] ? workqueue_uaf+0x4d6/0x560 [ 25.813560] __asan_report_load8_noabort+0x18/0x20 [ 25.813584] workqueue_uaf+0x4d6/0x560 [ 25.813606] ? __pfx_workqueue_uaf+0x10/0x10 [ 25.813628] ? __schedule+0x10da/0x2b60 [ 25.813654] ? __pfx_read_tsc+0x10/0x10 [ 25.813676] ? ktime_get_ts64+0x86/0x230 [ 25.813702] kunit_try_run_case+0x1a5/0x480 [ 25.813729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.813785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.813825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.813875] ? __kthread_parkme+0x82/0x180 [ 25.813896] ? preempt_count_sub+0x50/0x80 [ 25.813920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.813965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.813989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.814012] kthread+0x337/0x6f0 [ 25.814032] ? trace_preempt_on+0x20/0xc0 [ 25.814057] ? __pfx_kthread+0x10/0x10 [ 25.814078] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.814101] ? calculate_sigpending+0x7b/0xa0 [ 25.814126] ? __pfx_kthread+0x10/0x10 [ 25.814156] ret_from_fork+0x116/0x1d0 [ 25.814176] ? __pfx_kthread+0x10/0x10 [ 25.814197] ret_from_fork_asm+0x1a/0x30 [ 25.814229] </TASK> [ 25.814241] [ 25.825110] Allocated by task 249: [ 25.825307] kasan_save_stack+0x45/0x70 [ 25.825894] kasan_save_track+0x18/0x40 [ 25.826100] kasan_save_alloc_info+0x3b/0x50 [ 25.826424] __kasan_kmalloc+0xb7/0xc0 [ 25.826717] __kmalloc_cache_noprof+0x189/0x420 [ 25.827038] workqueue_uaf+0x152/0x560 [ 25.827340] kunit_try_run_case+0x1a5/0x480 [ 25.827895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.828309] kthread+0x337/0x6f0 [ 25.828628] ret_from_fork+0x116/0x1d0 [ 25.828822] ret_from_fork_asm+0x1a/0x30 [ 25.829031] [ 25.829484] Freed by task 9: [ 25.829619] kasan_save_stack+0x45/0x70 [ 25.829845] kasan_save_track+0x18/0x40 [ 25.830082] kasan_save_free_info+0x3f/0x60 [ 25.830597] __kasan_slab_free+0x56/0x70 [ 25.830764] kfree+0x222/0x3f0 [ 25.831089] workqueue_uaf_work+0x12/0x20 [ 25.831401] process_one_work+0x5ee/0xf60 [ 25.831794] worker_thread+0x758/0x1220 [ 25.832192] kthread+0x337/0x6f0 [ 25.832664] ret_from_fork+0x116/0x1d0 [ 25.832853] ret_from_fork_asm+0x1a/0x30 [ 25.833251] [ 25.833333] Last potentially related work creation: [ 25.833767] kasan_save_stack+0x45/0x70 [ 25.834129] kasan_record_aux_stack+0xb2/0xc0 [ 25.834557] __queue_work+0x61a/0xe70 [ 25.834857] queue_work_on+0xb6/0xc0 [ 25.835162] workqueue_uaf+0x26d/0x560 [ 25.835355] kunit_try_run_case+0x1a5/0x480 [ 25.835662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.835914] kthread+0x337/0x6f0 [ 25.836310] ret_from_fork+0x116/0x1d0 [ 25.836461] ret_from_fork_asm+0x1a/0x30 [ 25.836824] [ 25.836923] The buggy address belongs to the object at ffff888106110ac0 [ 25.836923] which belongs to the cache kmalloc-32 of size 32 [ 25.837958] The buggy address is located 0 bytes inside of [ 25.837958] freed 32-byte region [ffff888106110ac0, ffff888106110ae0) [ 25.838580] [ 25.838712] The buggy address belongs to the physical page: [ 25.839223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106110 [ 25.839772] flags: 0x200000000000000(node=0|zone=2) [ 25.840053] page_type: f5(slab) [ 25.840457] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.840858] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.841324] page dumped because: kasan: bad access detected [ 25.841704] [ 25.841805] Memory state around the buggy address: [ 25.842065] ffff888106110980: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.842342] ffff888106110a00: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.843312] >ffff888106110a80: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 25.843647] ^ [ 25.844105] ffff888106110b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.844511] ffff888106110b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.845014] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 25.764484] ================================================================== [ 25.764951] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 25.765331] Read of size 4 at addr ffff8881055e4900 by task swapper/1/0 [ 25.765654] [ 25.765802] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.765852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.765864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.765886] Call Trace: [ 25.765914] <IRQ> [ 25.765934] dump_stack_lvl+0x73/0xb0 [ 25.765968] print_report+0xd1/0x640 [ 25.766015] ? __virt_addr_valid+0x1db/0x2d0 [ 25.766042] ? rcu_uaf_reclaim+0x50/0x60 [ 25.766063] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.766089] ? rcu_uaf_reclaim+0x50/0x60 [ 25.766109] kasan_report+0x141/0x180 [ 25.766131] ? rcu_uaf_reclaim+0x50/0x60 [ 25.766166] __asan_report_load4_noabort+0x18/0x20 [ 25.766211] rcu_uaf_reclaim+0x50/0x60 [ 25.766232] rcu_core+0x66f/0x1c40 [ 25.766262] ? __pfx_rcu_core+0x10/0x10 [ 25.766283] ? ktime_get+0x6b/0x150 [ 25.766307] ? handle_softirqs+0x18e/0x730 [ 25.766332] rcu_core_si+0x12/0x20 [ 25.766352] handle_softirqs+0x209/0x730 [ 25.766455] ? hrtimer_interrupt+0x2fe/0x780 [ 25.766491] ? __pfx_handle_softirqs+0x10/0x10 [ 25.766517] __irq_exit_rcu+0xc9/0x110 [ 25.766538] irq_exit_rcu+0x12/0x20 [ 25.766581] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.766607] </IRQ> [ 25.766637] <TASK> [ 25.766648] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.766741] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 25.766990] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 93 15 00 fb f4 <e9> bc 2a 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 25.767073] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010212 [ 25.767176] RAX: ffff8881c870d000 RBX: ffff88810085b000 RCX: ffffffff905329a5 [ 25.767224] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001dd4c [ 25.767268] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 25.767312] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 25.767356] R13: ffffed102010b600 R14: ffffffff921ff2d0 R15: 0000000000000000 [ 25.767416] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 25.767471] ? default_idle+0xd/0x20 [ 25.767493] arch_cpu_idle+0xd/0x20 [ 25.767514] default_idle_call+0x48/0x80 [ 25.767535] do_idle+0x379/0x4f0 [ 25.767561] ? __pfx_do_idle+0x10/0x10 [ 25.767583] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 25.767609] ? complete+0x15b/0x1d0 [ 25.767640] cpu_startup_entry+0x5c/0x70 [ 25.767664] start_secondary+0x211/0x290 [ 25.767687] ? __pfx_start_secondary+0x10/0x10 [ 25.767713] common_startup_64+0x13e/0x148 [ 25.767746] </TASK> [ 25.767757] [ 25.783736] Allocated by task 247: [ 25.783913] kasan_save_stack+0x45/0x70 [ 25.784526] kasan_save_track+0x18/0x40 [ 25.784833] kasan_save_alloc_info+0x3b/0x50 [ 25.785209] __kasan_kmalloc+0xb7/0xc0 [ 25.785599] __kmalloc_cache_noprof+0x189/0x420 [ 25.785818] rcu_uaf+0xb0/0x330 [ 25.786188] kunit_try_run_case+0x1a5/0x480 [ 25.786622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.786880] kthread+0x337/0x6f0 [ 25.787261] ret_from_fork+0x116/0x1d0 [ 25.787448] ret_from_fork_asm+0x1a/0x30 [ 25.787641] [ 25.787726] Freed by task 0: [ 25.787857] kasan_save_stack+0x45/0x70 [ 25.788612] kasan_save_track+0x18/0x40 [ 25.788807] kasan_save_free_info+0x3f/0x60 [ 25.789071] __kasan_slab_free+0x56/0x70 [ 25.789258] kfree+0x222/0x3f0 [ 25.789752] rcu_uaf_reclaim+0x1f/0x60 [ 25.790085] rcu_core+0x66f/0x1c40 [ 25.790280] rcu_core_si+0x12/0x20 [ 25.790522] handle_softirqs+0x209/0x730 [ 25.790709] __irq_exit_rcu+0xc9/0x110 [ 25.790872] irq_exit_rcu+0x12/0x20 [ 25.791165] sysvec_apic_timer_interrupt+0x81/0x90 [ 25.791914] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 25.792246] [ 25.792640] Last potentially related work creation: [ 25.792948] kasan_save_stack+0x45/0x70 [ 25.793277] kasan_record_aux_stack+0xb2/0xc0 [ 25.793703] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 25.793921] call_rcu+0x12/0x20 [ 25.794353] rcu_uaf+0x168/0x330 [ 25.794755] kunit_try_run_case+0x1a5/0x480 [ 25.795107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.795361] kthread+0x337/0x6f0 [ 25.795874] ret_from_fork+0x116/0x1d0 [ 25.796200] ret_from_fork_asm+0x1a/0x30 [ 25.796680] [ 25.796809] The buggy address belongs to the object at ffff8881055e4900 [ 25.796809] which belongs to the cache kmalloc-32 of size 32 [ 25.797699] The buggy address is located 0 bytes inside of [ 25.797699] freed 32-byte region [ffff8881055e4900, ffff8881055e4920) [ 25.798762] [ 25.799044] The buggy address belongs to the physical page: [ 25.799842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e4 [ 25.800214] flags: 0x200000000000000(node=0|zone=2) [ 25.800509] page_type: f5(slab) [ 25.800663] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 25.801256] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 25.801939] page dumped because: kasan: bad access detected [ 25.802338] [ 25.802524] Memory state around the buggy address: [ 25.802738] ffff8881055e4800: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 25.803308] ffff8881055e4880: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 25.804376] >ffff8881055e4900: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.804737] ^ [ 25.804896] ffff8881055e4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.805691] ffff8881055e4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.806278] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 25.690357] ================================================================== [ 25.690797] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 25.691211] Read of size 1 at addr ffff888104657f00 by task kunit_try_catch/245 [ 25.691458] [ 25.691572] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.691735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.691748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.691770] Call Trace: [ 25.691783] <TASK> [ 25.691801] dump_stack_lvl+0x73/0xb0 [ 25.691832] print_report+0xd1/0x640 [ 25.691856] ? __virt_addr_valid+0x1db/0x2d0 [ 25.691880] ? ksize_uaf+0x19d/0x6c0 [ 25.691900] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.691926] ? ksize_uaf+0x19d/0x6c0 [ 25.691947] kasan_report+0x141/0x180 [ 25.691969] ? ksize_uaf+0x19d/0x6c0 [ 25.691992] ? ksize_uaf+0x19d/0x6c0 [ 25.692013] __kasan_check_byte+0x3d/0x50 [ 25.692045] ksize+0x20/0x60 [ 25.692067] ksize_uaf+0x19d/0x6c0 [ 25.692088] ? __pfx_ksize_uaf+0x10/0x10 [ 25.692109] ? __schedule+0x10da/0x2b60 [ 25.692134] ? __pfx_read_tsc+0x10/0x10 [ 25.692168] ? ktime_get_ts64+0x86/0x230 [ 25.692193] kunit_try_run_case+0x1a5/0x480 [ 25.692218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.692241] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.692266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.692291] ? __kthread_parkme+0x82/0x180 [ 25.692311] ? preempt_count_sub+0x50/0x80 [ 25.692334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.692358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.692432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.692457] kthread+0x337/0x6f0 [ 25.692477] ? trace_preempt_on+0x20/0xc0 [ 25.692501] ? __pfx_kthread+0x10/0x10 [ 25.692521] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.692545] ? calculate_sigpending+0x7b/0xa0 [ 25.692569] ? __pfx_kthread+0x10/0x10 [ 25.692590] ret_from_fork+0x116/0x1d0 [ 25.692610] ? __pfx_kthread+0x10/0x10 [ 25.692630] ret_from_fork_asm+0x1a/0x30 [ 25.692662] </TASK> [ 25.692673] [ 25.700373] Allocated by task 245: [ 25.700600] kasan_save_stack+0x45/0x70 [ 25.700771] kasan_save_track+0x18/0x40 [ 25.700903] kasan_save_alloc_info+0x3b/0x50 [ 25.701053] __kasan_kmalloc+0xb7/0xc0 [ 25.701194] __kmalloc_cache_noprof+0x189/0x420 [ 25.701349] ksize_uaf+0xaa/0x6c0 [ 25.701512] kunit_try_run_case+0x1a5/0x480 [ 25.701714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.702081] kthread+0x337/0x6f0 [ 25.702251] ret_from_fork+0x116/0x1d0 [ 25.702432] ret_from_fork_asm+0x1a/0x30 [ 25.702622] [ 25.702965] Freed by task 245: [ 25.703121] kasan_save_stack+0x45/0x70 [ 25.703273] kasan_save_track+0x18/0x40 [ 25.703585] kasan_save_free_info+0x3f/0x60 [ 25.703777] __kasan_slab_free+0x56/0x70 [ 25.704055] kfree+0x222/0x3f0 [ 25.704200] ksize_uaf+0x12c/0x6c0 [ 25.704418] kunit_try_run_case+0x1a5/0x480 [ 25.704614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.704842] kthread+0x337/0x6f0 [ 25.705014] ret_from_fork+0x116/0x1d0 [ 25.705182] ret_from_fork_asm+0x1a/0x30 [ 25.705357] [ 25.705493] The buggy address belongs to the object at ffff888104657f00 [ 25.705493] which belongs to the cache kmalloc-128 of size 128 [ 25.705941] The buggy address is located 0 bytes inside of [ 25.705941] freed 128-byte region [ffff888104657f00, ffff888104657f80) [ 25.706496] [ 25.706607] The buggy address belongs to the physical page: [ 25.706867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.707229] flags: 0x200000000000000(node=0|zone=2) [ 25.707532] page_type: f5(slab) [ 25.707690] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.708031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.708264] page dumped because: kasan: bad access detected [ 25.708432] [ 25.708495] Memory state around the buggy address: [ 25.708647] ffff888104657e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.708860] ffff888104657e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709071] >ffff888104657f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.709386] ^ [ 25.709660] ffff888104657f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.709996] ffff888104658000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.710320] ================================================================== [ 25.733404] ================================================================== [ 25.734333] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 25.734652] Read of size 1 at addr ffff888104657f78 by task kunit_try_catch/245 [ 25.734983] [ 25.735091] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.735141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.735165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.735186] Call Trace: [ 25.735206] <TASK> [ 25.735225] dump_stack_lvl+0x73/0xb0 [ 25.735253] print_report+0xd1/0x640 [ 25.735276] ? __virt_addr_valid+0x1db/0x2d0 [ 25.735300] ? ksize_uaf+0x5e4/0x6c0 [ 25.735320] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.735346] ? ksize_uaf+0x5e4/0x6c0 [ 25.735366] kasan_report+0x141/0x180 [ 25.735388] ? ksize_uaf+0x5e4/0x6c0 [ 25.735413] __asan_report_load1_noabort+0x18/0x20 [ 25.735436] ksize_uaf+0x5e4/0x6c0 [ 25.735457] ? __pfx_ksize_uaf+0x10/0x10 [ 25.735478] ? __schedule+0x10da/0x2b60 [ 25.735502] ? __pfx_read_tsc+0x10/0x10 [ 25.735524] ? ktime_get_ts64+0x86/0x230 [ 25.735548] kunit_try_run_case+0x1a5/0x480 [ 25.735572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.735594] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.735622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.735647] ? __kthread_parkme+0x82/0x180 [ 25.735668] ? preempt_count_sub+0x50/0x80 [ 25.735691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.735715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.735738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.735761] kthread+0x337/0x6f0 [ 25.735781] ? trace_preempt_on+0x20/0xc0 [ 25.735806] ? __pfx_kthread+0x10/0x10 [ 25.735899] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.735928] ? calculate_sigpending+0x7b/0xa0 [ 25.735952] ? __pfx_kthread+0x10/0x10 [ 25.735974] ret_from_fork+0x116/0x1d0 [ 25.735994] ? __pfx_kthread+0x10/0x10 [ 25.736015] ret_from_fork_asm+0x1a/0x30 [ 25.736046] </TASK> [ 25.736057] [ 25.744351] Allocated by task 245: [ 25.744554] kasan_save_stack+0x45/0x70 [ 25.744699] kasan_save_track+0x18/0x40 [ 25.744828] kasan_save_alloc_info+0x3b/0x50 [ 25.745287] __kasan_kmalloc+0xb7/0xc0 [ 25.745707] __kmalloc_cache_noprof+0x189/0x420 [ 25.745968] ksize_uaf+0xaa/0x6c0 [ 25.746129] kunit_try_run_case+0x1a5/0x480 [ 25.746283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.746764] kthread+0x337/0x6f0 [ 25.746919] ret_from_fork+0x116/0x1d0 [ 25.747050] ret_from_fork_asm+0x1a/0x30 [ 25.747196] [ 25.747262] Freed by task 245: [ 25.747369] kasan_save_stack+0x45/0x70 [ 25.747500] kasan_save_track+0x18/0x40 [ 25.747807] kasan_save_free_info+0x3f/0x60 [ 25.748106] __kasan_slab_free+0x56/0x70 [ 25.748310] kfree+0x222/0x3f0 [ 25.748465] ksize_uaf+0x12c/0x6c0 [ 25.748634] kunit_try_run_case+0x1a5/0x480 [ 25.748835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.749455] kthread+0x337/0x6f0 [ 25.749611] ret_from_fork+0x116/0x1d0 [ 25.749742] ret_from_fork_asm+0x1a/0x30 [ 25.749877] [ 25.749942] The buggy address belongs to the object at ffff888104657f00 [ 25.749942] which belongs to the cache kmalloc-128 of size 128 [ 25.750794] The buggy address is located 120 bytes inside of [ 25.750794] freed 128-byte region [ffff888104657f00, ffff888104657f80) [ 25.751354] [ 25.751424] The buggy address belongs to the physical page: [ 25.751598] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.751838] flags: 0x200000000000000(node=0|zone=2) [ 25.751996] page_type: f5(slab) [ 25.752111] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.752344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.752783] page dumped because: kasan: bad access detected [ 25.753023] [ 25.753109] Memory state around the buggy address: [ 25.753336] ffff888104657e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.753640] ffff888104657e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.753940] >ffff888104657f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.754255] ^ [ 25.754555] ffff888104657f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.754828] ffff888104658000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.755028] ================================================================== [ 25.710980] ================================================================== [ 25.711725] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 25.712136] Read of size 1 at addr ffff888104657f00 by task kunit_try_catch/245 [ 25.712545] [ 25.712641] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.712690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.712703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.712725] Call Trace: [ 25.712740] <TASK> [ 25.712758] dump_stack_lvl+0x73/0xb0 [ 25.712787] print_report+0xd1/0x640 [ 25.712809] ? __virt_addr_valid+0x1db/0x2d0 [ 25.712833] ? ksize_uaf+0x5fe/0x6c0 [ 25.712853] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.712879] ? ksize_uaf+0x5fe/0x6c0 [ 25.712900] kasan_report+0x141/0x180 [ 25.712922] ? ksize_uaf+0x5fe/0x6c0 [ 25.712947] __asan_report_load1_noabort+0x18/0x20 [ 25.712972] ksize_uaf+0x5fe/0x6c0 [ 25.712993] ? __pfx_ksize_uaf+0x10/0x10 [ 25.713014] ? __schedule+0x10da/0x2b60 [ 25.713038] ? __pfx_read_tsc+0x10/0x10 [ 25.713061] ? ktime_get_ts64+0x86/0x230 [ 25.713085] kunit_try_run_case+0x1a5/0x480 [ 25.713109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.713131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.713168] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.713193] ? __kthread_parkme+0x82/0x180 [ 25.713212] ? preempt_count_sub+0x50/0x80 [ 25.713235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.713259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.713282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.713305] kthread+0x337/0x6f0 [ 25.713325] ? trace_preempt_on+0x20/0xc0 [ 25.713350] ? __pfx_kthread+0x10/0x10 [ 25.713370] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.713443] ? calculate_sigpending+0x7b/0xa0 [ 25.713467] ? __pfx_kthread+0x10/0x10 [ 25.713489] ret_from_fork+0x116/0x1d0 [ 25.713509] ? __pfx_kthread+0x10/0x10 [ 25.713529] ret_from_fork_asm+0x1a/0x30 [ 25.713560] </TASK> [ 25.713572] [ 25.721095] Allocated by task 245: [ 25.721269] kasan_save_stack+0x45/0x70 [ 25.721417] kasan_save_track+0x18/0x40 [ 25.721801] kasan_save_alloc_info+0x3b/0x50 [ 25.722008] __kasan_kmalloc+0xb7/0xc0 [ 25.722171] __kmalloc_cache_noprof+0x189/0x420 [ 25.722390] ksize_uaf+0xaa/0x6c0 [ 25.722518] kunit_try_run_case+0x1a5/0x480 [ 25.722712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.722934] kthread+0x337/0x6f0 [ 25.723102] ret_from_fork+0x116/0x1d0 [ 25.723271] ret_from_fork_asm+0x1a/0x30 [ 25.723440] [ 25.723530] Freed by task 245: [ 25.723644] kasan_save_stack+0x45/0x70 [ 25.723775] kasan_save_track+0x18/0x40 [ 25.723904] kasan_save_free_info+0x3f/0x60 [ 25.724044] __kasan_slab_free+0x56/0x70 [ 25.724185] kfree+0x222/0x3f0 [ 25.724298] ksize_uaf+0x12c/0x6c0 [ 25.724417] kunit_try_run_case+0x1a5/0x480 [ 25.724556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.724724] kthread+0x337/0x6f0 [ 25.724839] ret_from_fork+0x116/0x1d0 [ 25.724964] ret_from_fork_asm+0x1a/0x30 [ 25.725098] [ 25.725470] The buggy address belongs to the object at ffff888104657f00 [ 25.725470] which belongs to the cache kmalloc-128 of size 128 [ 25.726102] The buggy address is located 0 bytes inside of [ 25.726102] freed 128-byte region [ffff888104657f00, ffff888104657f80) [ 25.726973] [ 25.727122] The buggy address belongs to the physical page: [ 25.727381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.728063] flags: 0x200000000000000(node=0|zone=2) [ 25.728311] page_type: f5(slab) [ 25.728762] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.729121] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.729589] page dumped because: kasan: bad access detected [ 25.729849] [ 25.729916] Memory state around the buggy address: [ 25.730263] ffff888104657e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.730680] ffff888104657e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.730896] >ffff888104657f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.731574] ^ [ 25.731716] ffff888104657f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.732077] ffff888104658000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.732840] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 25.631472] ================================================================== [ 25.631811] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.632832] Read of size 1 at addr ffff888104964678 by task kunit_try_catch/243 [ 25.633218] [ 25.633350] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.633399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.633413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.633435] Call Trace: [ 25.633449] <TASK> [ 25.633468] dump_stack_lvl+0x73/0xb0 [ 25.633497] print_report+0xd1/0x640 [ 25.633519] ? __virt_addr_valid+0x1db/0x2d0 [ 25.633564] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.633586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.633627] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.633650] kasan_report+0x141/0x180 [ 25.633672] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.633699] __asan_report_load1_noabort+0x18/0x20 [ 25.633723] ksize_unpoisons_memory+0x7e9/0x9b0 [ 25.633746] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.633768] ? finish_task_switch.isra.0+0x153/0x700 [ 25.634385] ? __switch_to+0x47/0xf80 [ 25.634425] ? __schedule+0x10da/0x2b60 [ 25.634451] ? __pfx_read_tsc+0x10/0x10 [ 25.634472] ? ktime_get_ts64+0x86/0x230 [ 25.634754] kunit_try_run_case+0x1a5/0x480 [ 25.634787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.634810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.634836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.634881] ? __kthread_parkme+0x82/0x180 [ 25.634915] ? preempt_count_sub+0x50/0x80 [ 25.634947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.635248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.635276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.635300] kthread+0x337/0x6f0 [ 25.635320] ? trace_preempt_on+0x20/0xc0 [ 25.635345] ? __pfx_kthread+0x10/0x10 [ 25.635365] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.635408] ? calculate_sigpending+0x7b/0xa0 [ 25.635432] ? __pfx_kthread+0x10/0x10 [ 25.635453] ret_from_fork+0x116/0x1d0 [ 25.635473] ? __pfx_kthread+0x10/0x10 [ 25.635493] ret_from_fork_asm+0x1a/0x30 [ 25.635525] </TASK> [ 25.635537] [ 25.646546] Allocated by task 243: [ 25.646684] kasan_save_stack+0x45/0x70 [ 25.646827] kasan_save_track+0x18/0x40 [ 25.646957] kasan_save_alloc_info+0x3b/0x50 [ 25.647102] __kasan_kmalloc+0xb7/0xc0 [ 25.647253] __kmalloc_cache_noprof+0x189/0x420 [ 25.647472] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.647720] kunit_try_run_case+0x1a5/0x480 [ 25.648396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.648627] kthread+0x337/0x6f0 [ 25.648979] ret_from_fork+0x116/0x1d0 [ 25.649660] ret_from_fork_asm+0x1a/0x30 [ 25.649887] [ 25.650077] The buggy address belongs to the object at ffff888104964600 [ 25.650077] which belongs to the cache kmalloc-128 of size 128 [ 25.650837] The buggy address is located 5 bytes to the right of [ 25.650837] allocated 115-byte region [ffff888104964600, ffff888104964673) [ 25.651589] [ 25.651733] The buggy address belongs to the physical page: [ 25.651908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 25.652178] flags: 0x200000000000000(node=0|zone=2) [ 25.652407] page_type: f5(slab) [ 25.652544] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.653353] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.653845] page dumped because: kasan: bad access detected [ 25.654025] [ 25.654089] Memory state around the buggy address: [ 25.654249] ffff888104964500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.654527] ffff888104964580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.655277] >ffff888104964600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.655686] ^ [ 25.656222] ffff888104964680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.656760] ffff888104964700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.657098] ================================================================== [ 25.607913] ================================================================== [ 25.608492] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 25.609167] Read of size 1 at addr ffff888104964673 by task kunit_try_catch/243 [ 25.609626] [ 25.609768] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.609823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.610081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.610107] Call Trace: [ 25.610122] <TASK> [ 25.610252] dump_stack_lvl+0x73/0xb0 [ 25.610302] print_report+0xd1/0x640 [ 25.610327] ? __virt_addr_valid+0x1db/0x2d0 [ 25.610353] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.610376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.610405] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.610428] kasan_report+0x141/0x180 [ 25.610450] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 25.610480] __asan_report_load1_noabort+0x18/0x20 [ 25.610504] ksize_unpoisons_memory+0x81c/0x9b0 [ 25.610527] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.610549] ? finish_task_switch.isra.0+0x153/0x700 [ 25.610575] ? __switch_to+0x47/0xf80 [ 25.610602] ? __schedule+0x10da/0x2b60 [ 25.610628] ? __pfx_read_tsc+0x10/0x10 [ 25.610649] ? ktime_get_ts64+0x86/0x230 [ 25.610676] kunit_try_run_case+0x1a5/0x480 [ 25.610702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.610725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.610750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.610774] ? __kthread_parkme+0x82/0x180 [ 25.610795] ? preempt_count_sub+0x50/0x80 [ 25.610817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.610841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.610864] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.610886] kthread+0x337/0x6f0 [ 25.610906] ? trace_preempt_on+0x20/0xc0 [ 25.610932] ? __pfx_kthread+0x10/0x10 [ 25.610954] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.610978] ? calculate_sigpending+0x7b/0xa0 [ 25.611002] ? __pfx_kthread+0x10/0x10 [ 25.611023] ret_from_fork+0x116/0x1d0 [ 25.611042] ? __pfx_kthread+0x10/0x10 [ 25.611062] ret_from_fork_asm+0x1a/0x30 [ 25.611119] </TASK> [ 25.611131] [ 25.621014] Allocated by task 243: [ 25.621165] kasan_save_stack+0x45/0x70 [ 25.621310] kasan_save_track+0x18/0x40 [ 25.621435] kasan_save_alloc_info+0x3b/0x50 [ 25.621573] __kasan_kmalloc+0xb7/0xc0 [ 25.621695] __kmalloc_cache_noprof+0x189/0x420 [ 25.622157] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.623098] kunit_try_run_case+0x1a5/0x480 [ 25.623312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.623525] kthread+0x337/0x6f0 [ 25.624034] ret_from_fork+0x116/0x1d0 [ 25.624343] ret_from_fork_asm+0x1a/0x30 [ 25.624525] [ 25.624618] The buggy address belongs to the object at ffff888104964600 [ 25.624618] which belongs to the cache kmalloc-128 of size 128 [ 25.625250] The buggy address is located 0 bytes to the right of [ 25.625250] allocated 115-byte region [ffff888104964600, ffff888104964673) [ 25.625957] [ 25.626228] The buggy address belongs to the physical page: [ 25.626679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 25.627236] flags: 0x200000000000000(node=0|zone=2) [ 25.627654] page_type: f5(slab) [ 25.627847] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.628395] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.628840] page dumped because: kasan: bad access detected [ 25.629115] [ 25.629431] Memory state around the buggy address: [ 25.629588] ffff888104964500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.629790] ffff888104964580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.629995] >ffff888104964600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.630209] ^ [ 25.630410] ffff888104964680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.630613] ffff888104964700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.630810] ================================================================== [ 25.657974] ================================================================== [ 25.658277] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.658511] Read of size 1 at addr ffff88810496467f by task kunit_try_catch/243 [ 25.658793] [ 25.658974] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.659333] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.659348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.659381] Call Trace: [ 25.659400] <TASK> [ 25.659419] dump_stack_lvl+0x73/0xb0 [ 25.659450] print_report+0xd1/0x640 [ 25.659472] ? __virt_addr_valid+0x1db/0x2d0 [ 25.659496] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.659539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.659565] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.659601] kasan_report+0x141/0x180 [ 25.659628] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.659784] __asan_report_load1_noabort+0x18/0x20 [ 25.659809] ksize_unpoisons_memory+0x7b6/0x9b0 [ 25.659833] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 25.659855] ? finish_task_switch.isra.0+0x153/0x700 [ 25.659877] ? __switch_to+0x47/0xf80 [ 25.659903] ? __schedule+0x10da/0x2b60 [ 25.659928] ? __pfx_read_tsc+0x10/0x10 [ 25.659957] ? ktime_get_ts64+0x86/0x230 [ 25.659982] kunit_try_run_case+0x1a5/0x480 [ 25.660005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.660027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.660051] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.660076] ? __kthread_parkme+0x82/0x180 [ 25.660096] ? preempt_count_sub+0x50/0x80 [ 25.660118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.660141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.660175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.660197] kthread+0x337/0x6f0 [ 25.660217] ? trace_preempt_on+0x20/0xc0 [ 25.660241] ? __pfx_kthread+0x10/0x10 [ 25.660261] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.660284] ? calculate_sigpending+0x7b/0xa0 [ 25.660307] ? __pfx_kthread+0x10/0x10 [ 25.660328] ret_from_fork+0x116/0x1d0 [ 25.660347] ? __pfx_kthread+0x10/0x10 [ 25.660376] ret_from_fork_asm+0x1a/0x30 [ 25.660408] </TASK> [ 25.660419] [ 25.671942] Allocated by task 243: [ 25.672729] kasan_save_stack+0x45/0x70 [ 25.672911] kasan_save_track+0x18/0x40 [ 25.673369] kasan_save_alloc_info+0x3b/0x50 [ 25.673708] __kasan_kmalloc+0xb7/0xc0 [ 25.674058] __kmalloc_cache_noprof+0x189/0x420 [ 25.674454] ksize_unpoisons_memory+0xc7/0x9b0 [ 25.674646] kunit_try_run_case+0x1a5/0x480 [ 25.674855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.675390] kthread+0x337/0x6f0 [ 25.675645] ret_from_fork+0x116/0x1d0 [ 25.675825] ret_from_fork_asm+0x1a/0x30 [ 25.676204] [ 25.676298] The buggy address belongs to the object at ffff888104964600 [ 25.676298] which belongs to the cache kmalloc-128 of size 128 [ 25.677047] The buggy address is located 12 bytes to the right of [ 25.677047] allocated 115-byte region [ffff888104964600, ffff888104964673) [ 25.677881] [ 25.678128] The buggy address belongs to the physical page: [ 25.678346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 25.678990] flags: 0x200000000000000(node=0|zone=2) [ 25.679183] page_type: f5(slab) [ 25.679439] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.679778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.680330] page dumped because: kasan: bad access detected [ 25.680630] [ 25.680957] Memory state around the buggy address: [ 25.681169] ffff888104964500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.681579] ffff888104964580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.681863] >ffff888104964600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.682416] ^ [ 25.682798] ffff888104964680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.683272] ffff888104964700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.683706] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 25.567965] ================================================================== [ 25.568385] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 25.569109] Free of addr ffff8881046316c0 by task kunit_try_catch/241 [ 25.570080] [ 25.570278] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.570332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.570345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.570367] Call Trace: [ 25.570390] <TASK> [ 25.570413] dump_stack_lvl+0x73/0xb0 [ 25.570507] print_report+0xd1/0x640 [ 25.570532] ? __virt_addr_valid+0x1db/0x2d0 [ 25.570569] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.570594] ? kfree_sensitive+0x2e/0x90 [ 25.570617] kasan_report_invalid_free+0x10a/0x130 [ 25.570641] ? kfree_sensitive+0x2e/0x90 [ 25.570662] ? kfree_sensitive+0x2e/0x90 [ 25.570682] check_slab_allocation+0x101/0x130 [ 25.570703] __kasan_slab_pre_free+0x28/0x40 [ 25.570724] kfree+0xf0/0x3f0 [ 25.570746] ? kfree_sensitive+0x2e/0x90 [ 25.570767] kfree_sensitive+0x2e/0x90 [ 25.570787] kmalloc_double_kzfree+0x19c/0x350 [ 25.570810] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.570833] ? __schedule+0x10da/0x2b60 [ 25.570858] ? __pfx_read_tsc+0x10/0x10 [ 25.570880] ? ktime_get_ts64+0x86/0x230 [ 25.570904] kunit_try_run_case+0x1a5/0x480 [ 25.570946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.570969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.570993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.571017] ? __kthread_parkme+0x82/0x180 [ 25.571037] ? preempt_count_sub+0x50/0x80 [ 25.571060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.571083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.571106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.571129] kthread+0x337/0x6f0 [ 25.571157] ? trace_preempt_on+0x20/0xc0 [ 25.571180] ? __pfx_kthread+0x10/0x10 [ 25.571200] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.571223] ? calculate_sigpending+0x7b/0xa0 [ 25.571247] ? __pfx_kthread+0x10/0x10 [ 25.571268] ret_from_fork+0x116/0x1d0 [ 25.571287] ? __pfx_kthread+0x10/0x10 [ 25.571307] ret_from_fork_asm+0x1a/0x30 [ 25.571338] </TASK> [ 25.571349] [ 25.585617] Allocated by task 241: [ 25.586218] kasan_save_stack+0x45/0x70 [ 25.586842] kasan_save_track+0x18/0x40 [ 25.587381] kasan_save_alloc_info+0x3b/0x50 [ 25.587963] __kasan_kmalloc+0xb7/0xc0 [ 25.588336] __kmalloc_cache_noprof+0x189/0x420 [ 25.588510] kmalloc_double_kzfree+0xa9/0x350 [ 25.588659] kunit_try_run_case+0x1a5/0x480 [ 25.588802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.588975] kthread+0x337/0x6f0 [ 25.589092] ret_from_fork+0x116/0x1d0 [ 25.589286] ret_from_fork_asm+0x1a/0x30 [ 25.589443] [ 25.589510] Freed by task 241: [ 25.589617] kasan_save_stack+0x45/0x70 [ 25.589795] kasan_save_track+0x18/0x40 [ 25.589983] kasan_save_free_info+0x3f/0x60 [ 25.590221] __kasan_slab_free+0x56/0x70 [ 25.590849] kfree+0x222/0x3f0 [ 25.591295] kfree_sensitive+0x67/0x90 [ 25.591790] kmalloc_double_kzfree+0x12b/0x350 [ 25.592232] kunit_try_run_case+0x1a5/0x480 [ 25.592612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.592855] kthread+0x337/0x6f0 [ 25.593235] ret_from_fork+0x116/0x1d0 [ 25.593553] ret_from_fork_asm+0x1a/0x30 [ 25.593712] [ 25.593781] The buggy address belongs to the object at ffff8881046316c0 [ 25.593781] which belongs to the cache kmalloc-16 of size 16 [ 25.594215] The buggy address is located 0 bytes inside of [ 25.594215] 16-byte region [ffff8881046316c0, ffff8881046316d0) [ 25.595267] [ 25.595405] The buggy address belongs to the physical page: [ 25.595899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104631 [ 25.596845] flags: 0x200000000000000(node=0|zone=2) [ 25.597296] page_type: f5(slab) [ 25.597609] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.597847] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.598102] page dumped because: kasan: bad access detected [ 25.598279] [ 25.598353] Memory state around the buggy address: [ 25.599051] ffff888104631580: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 25.600179] ffff888104631600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.601099] >ffff888104631680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 25.602235] ^ [ 25.602776] ffff888104631700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.603649] ffff888104631780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.604144] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 25.533017] ================================================================== [ 25.534559] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 25.535594] Read of size 1 at addr ffff8881046316c0 by task kunit_try_catch/241 [ 25.536239] [ 25.536343] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.536396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.536410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.536433] Call Trace: [ 25.536447] <TASK> [ 25.536467] dump_stack_lvl+0x73/0xb0 [ 25.536499] print_report+0xd1/0x640 [ 25.536524] ? __virt_addr_valid+0x1db/0x2d0 [ 25.536551] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.536833] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.536968] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.536994] kasan_report+0x141/0x180 [ 25.537016] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.537042] ? kmalloc_double_kzfree+0x19c/0x350 [ 25.537064] __kasan_check_byte+0x3d/0x50 [ 25.537085] kfree_sensitive+0x22/0x90 [ 25.537110] kmalloc_double_kzfree+0x19c/0x350 [ 25.537133] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 25.537168] ? __schedule+0x10da/0x2b60 [ 25.537194] ? __pfx_read_tsc+0x10/0x10 [ 25.537216] ? ktime_get_ts64+0x86/0x230 [ 25.537241] kunit_try_run_case+0x1a5/0x480 [ 25.537267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.537289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.537313] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.537338] ? __kthread_parkme+0x82/0x180 [ 25.537371] ? preempt_count_sub+0x50/0x80 [ 25.537396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.537419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.537442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.537465] kthread+0x337/0x6f0 [ 25.537484] ? trace_preempt_on+0x20/0xc0 [ 25.537509] ? __pfx_kthread+0x10/0x10 [ 25.537529] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.537552] ? calculate_sigpending+0x7b/0xa0 [ 25.537576] ? __pfx_kthread+0x10/0x10 [ 25.537597] ret_from_fork+0x116/0x1d0 [ 25.537616] ? __pfx_kthread+0x10/0x10 [ 25.537636] ret_from_fork_asm+0x1a/0x30 [ 25.537667] </TASK> [ 25.537678] [ 25.549776] Allocated by task 241: [ 25.549938] kasan_save_stack+0x45/0x70 [ 25.550295] kasan_save_track+0x18/0x40 [ 25.550622] kasan_save_alloc_info+0x3b/0x50 [ 25.551030] __kasan_kmalloc+0xb7/0xc0 [ 25.551731] __kmalloc_cache_noprof+0x189/0x420 [ 25.552135] kmalloc_double_kzfree+0xa9/0x350 [ 25.552349] kunit_try_run_case+0x1a5/0x480 [ 25.552765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.553013] kthread+0x337/0x6f0 [ 25.553132] ret_from_fork+0x116/0x1d0 [ 25.553271] ret_from_fork_asm+0x1a/0x30 [ 25.553407] [ 25.553472] Freed by task 241: [ 25.553578] kasan_save_stack+0x45/0x70 [ 25.554098] kasan_save_track+0x18/0x40 [ 25.554262] kasan_save_free_info+0x3f/0x60 [ 25.554398] __kasan_slab_free+0x56/0x70 [ 25.554571] kfree+0x222/0x3f0 [ 25.554738] kfree_sensitive+0x67/0x90 [ 25.554924] kmalloc_double_kzfree+0x12b/0x350 [ 25.555162] kunit_try_run_case+0x1a5/0x480 [ 25.555337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.555501] kthread+0x337/0x6f0 [ 25.555615] ret_from_fork+0x116/0x1d0 [ 25.555751] ret_from_fork_asm+0x1a/0x30 [ 25.555881] [ 25.555952] The buggy address belongs to the object at ffff8881046316c0 [ 25.555952] which belongs to the cache kmalloc-16 of size 16 [ 25.556878] The buggy address is located 0 bytes inside of [ 25.556878] freed 16-byte region [ffff8881046316c0, ffff8881046316d0) [ 25.558293] [ 25.558396] The buggy address belongs to the physical page: [ 25.558591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104631 [ 25.558830] flags: 0x200000000000000(node=0|zone=2) [ 25.558989] page_type: f5(slab) [ 25.559112] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.560393] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.561246] page dumped because: kasan: bad access detected [ 25.561785] [ 25.561950] Memory state around the buggy address: [ 25.562787] ffff888104631580: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 25.563530] ffff888104631600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.564301] >ffff888104631680: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 25.565272] ^ [ 25.566314] ffff888104631700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.566537] ffff888104631780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.567084] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 25.495319] ================================================================== [ 25.496596] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 25.497246] Read of size 1 at addr ffff8881055e70a8 by task kunit_try_catch/237 [ 25.497942] [ 25.498128] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.498188] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.498200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.498221] Call Trace: [ 25.498235] <TASK> [ 25.498252] dump_stack_lvl+0x73/0xb0 [ 25.498281] print_report+0xd1/0x640 [ 25.498304] ? __virt_addr_valid+0x1db/0x2d0 [ 25.498329] ? kmalloc_uaf2+0x4a8/0x520 [ 25.498358] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.498384] ? kmalloc_uaf2+0x4a8/0x520 [ 25.498404] kasan_report+0x141/0x180 [ 25.498426] ? kmalloc_uaf2+0x4a8/0x520 [ 25.498450] __asan_report_load1_noabort+0x18/0x20 [ 25.498474] kmalloc_uaf2+0x4a8/0x520 [ 25.498495] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 25.498514] ? finish_task_switch.isra.0+0x153/0x700 [ 25.498537] ? __switch_to+0x47/0xf80 [ 25.498563] ? __schedule+0x10da/0x2b60 [ 25.498588] ? __pfx_read_tsc+0x10/0x10 [ 25.498610] ? ktime_get_ts64+0x86/0x230 [ 25.498636] kunit_try_run_case+0x1a5/0x480 [ 25.498660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.498683] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.498708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.498735] ? __kthread_parkme+0x82/0x180 [ 25.498756] ? preempt_count_sub+0x50/0x80 [ 25.498779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.498803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.498826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.498849] kthread+0x337/0x6f0 [ 25.498869] ? trace_preempt_on+0x20/0xc0 [ 25.498893] ? __pfx_kthread+0x10/0x10 [ 25.498914] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.498937] ? calculate_sigpending+0x7b/0xa0 [ 25.498970] ? __pfx_kthread+0x10/0x10 [ 25.498991] ret_from_fork+0x116/0x1d0 [ 25.499011] ? __pfx_kthread+0x10/0x10 [ 25.499031] ret_from_fork_asm+0x1a/0x30 [ 25.499061] </TASK> [ 25.499072] [ 25.510421] Allocated by task 237: [ 25.510783] kasan_save_stack+0x45/0x70 [ 25.511166] kasan_save_track+0x18/0x40 [ 25.511554] kasan_save_alloc_info+0x3b/0x50 [ 25.512043] __kasan_kmalloc+0xb7/0xc0 [ 25.512180] __kmalloc_cache_noprof+0x189/0x420 [ 25.512331] kmalloc_uaf2+0xc6/0x520 [ 25.512497] kunit_try_run_case+0x1a5/0x480 [ 25.512642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.512812] kthread+0x337/0x6f0 [ 25.512927] ret_from_fork+0x116/0x1d0 [ 25.513054] ret_from_fork_asm+0x1a/0x30 [ 25.513340] [ 25.513527] Freed by task 237: [ 25.513831] kasan_save_stack+0x45/0x70 [ 25.514195] kasan_save_track+0x18/0x40 [ 25.514598] kasan_save_free_info+0x3f/0x60 [ 25.515026] __kasan_slab_free+0x56/0x70 [ 25.515382] kfree+0x222/0x3f0 [ 25.515668] kmalloc_uaf2+0x14c/0x520 [ 25.516063] kunit_try_run_case+0x1a5/0x480 [ 25.516464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.517015] kthread+0x337/0x6f0 [ 25.517310] ret_from_fork+0x116/0x1d0 [ 25.517634] ret_from_fork_asm+0x1a/0x30 [ 25.518019] [ 25.518367] The buggy address belongs to the object at ffff8881055e7080 [ 25.518367] which belongs to the cache kmalloc-64 of size 64 [ 25.519236] The buggy address is located 40 bytes inside of [ 25.519236] freed 64-byte region [ffff8881055e7080, ffff8881055e70c0) [ 25.520301] [ 25.520545] The buggy address belongs to the physical page: [ 25.520771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e7 [ 25.521530] flags: 0x200000000000000(node=0|zone=2) [ 25.522080] page_type: f5(slab) [ 25.522414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.523154] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.523610] page dumped because: kasan: bad access detected [ 25.523930] [ 25.524117] Memory state around the buggy address: [ 25.524287] ffff8881055e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.524806] ffff8881055e7000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.525474] >ffff8881055e7080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.526162] ^ [ 25.526648] ffff8881055e7100: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 25.526940] ffff8881055e7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.527685] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 25.457713] ================================================================== [ 25.458523] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 25.458940] Write of size 33 at addr ffff8881055e7000 by task kunit_try_catch/235 [ 25.459460] [ 25.459567] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.459628] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.459641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.459663] Call Trace: [ 25.459676] <TASK> [ 25.459694] dump_stack_lvl+0x73/0xb0 [ 25.459725] print_report+0xd1/0x640 [ 25.459749] ? __virt_addr_valid+0x1db/0x2d0 [ 25.459774] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.459795] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.459820] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.459841] kasan_report+0x141/0x180 [ 25.459863] ? kmalloc_uaf_memset+0x1a3/0x360 [ 25.459888] kasan_check_range+0x10c/0x1c0 [ 25.459911] __asan_memset+0x27/0x50 [ 25.459935] kmalloc_uaf_memset+0x1a3/0x360 [ 25.460166] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 25.460191] ? __schedule+0x10da/0x2b60 [ 25.460217] ? __pfx_read_tsc+0x10/0x10 [ 25.460240] ? ktime_get_ts64+0x86/0x230 [ 25.460265] kunit_try_run_case+0x1a5/0x480 [ 25.460290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460312] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.460337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.460361] ? __kthread_parkme+0x82/0x180 [ 25.460383] ? preempt_count_sub+0x50/0x80 [ 25.460406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.460503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.460530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.460553] kthread+0x337/0x6f0 [ 25.460574] ? trace_preempt_on+0x20/0xc0 [ 25.460598] ? __pfx_kthread+0x10/0x10 [ 25.460619] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.460642] ? calculate_sigpending+0x7b/0xa0 [ 25.460666] ? __pfx_kthread+0x10/0x10 [ 25.460687] ret_from_fork+0x116/0x1d0 [ 25.460707] ? __pfx_kthread+0x10/0x10 [ 25.460728] ret_from_fork_asm+0x1a/0x30 [ 25.460759] </TASK> [ 25.460770] [ 25.474643] Allocated by task 235: [ 25.474855] kasan_save_stack+0x45/0x70 [ 25.475169] kasan_save_track+0x18/0x40 [ 25.475548] kasan_save_alloc_info+0x3b/0x50 [ 25.476175] __kasan_kmalloc+0xb7/0xc0 [ 25.476320] __kmalloc_cache_noprof+0x189/0x420 [ 25.476513] kmalloc_uaf_memset+0xa9/0x360 [ 25.476923] kunit_try_run_case+0x1a5/0x480 [ 25.477302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.477869] kthread+0x337/0x6f0 [ 25.478227] ret_from_fork+0x116/0x1d0 [ 25.478572] ret_from_fork_asm+0x1a/0x30 [ 25.478832] [ 25.478901] Freed by task 235: [ 25.479131] kasan_save_stack+0x45/0x70 [ 25.479471] kasan_save_track+0x18/0x40 [ 25.479950] kasan_save_free_info+0x3f/0x60 [ 25.480258] __kasan_slab_free+0x56/0x70 [ 25.480414] kfree+0x222/0x3f0 [ 25.480758] kmalloc_uaf_memset+0x12b/0x360 [ 25.481189] kunit_try_run_case+0x1a5/0x480 [ 25.481606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.481860] kthread+0x337/0x6f0 [ 25.482041] ret_from_fork+0x116/0x1d0 [ 25.482386] ret_from_fork_asm+0x1a/0x30 [ 25.482786] [ 25.482948] The buggy address belongs to the object at ffff8881055e7000 [ 25.482948] which belongs to the cache kmalloc-64 of size 64 [ 25.483784] The buggy address is located 0 bytes inside of [ 25.483784] freed 64-byte region [ffff8881055e7000, ffff8881055e7040) [ 25.484862] [ 25.484937] The buggy address belongs to the physical page: [ 25.485114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e7 [ 25.485365] flags: 0x200000000000000(node=0|zone=2) [ 25.485859] page_type: f5(slab) [ 25.486169] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.486997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.487878] page dumped because: kasan: bad access detected [ 25.488407] [ 25.488562] Memory state around the buggy address: [ 25.489021] ffff8881055e6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.489249] ffff8881055e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.489674] >ffff8881055e7000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.490298] ^ [ 25.490630] ffff8881055e7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.491318] ffff8881055e7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.492015] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 25.421703] ================================================================== [ 25.422236] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 25.422662] Read of size 1 at addr ffff888104963088 by task kunit_try_catch/233 [ 25.422971] [ 25.423258] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.423315] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.423328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.423351] Call Trace: [ 25.423364] <TASK> [ 25.423383] dump_stack_lvl+0x73/0xb0 [ 25.423415] print_report+0xd1/0x640 [ 25.423438] ? __virt_addr_valid+0x1db/0x2d0 [ 25.423463] ? kmalloc_uaf+0x320/0x380 [ 25.423483] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.423508] ? kmalloc_uaf+0x320/0x380 [ 25.423528] kasan_report+0x141/0x180 [ 25.423550] ? kmalloc_uaf+0x320/0x380 [ 25.423574] __asan_report_load1_noabort+0x18/0x20 [ 25.423652] kmalloc_uaf+0x320/0x380 [ 25.423675] ? __pfx_kmalloc_uaf+0x10/0x10 [ 25.423696] ? __schedule+0x10da/0x2b60 [ 25.423722] ? __pfx_read_tsc+0x10/0x10 [ 25.423744] ? ktime_get_ts64+0x86/0x230 [ 25.423769] kunit_try_run_case+0x1a5/0x480 [ 25.423795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.423817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.423842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.423867] ? __kthread_parkme+0x82/0x180 [ 25.423888] ? preempt_count_sub+0x50/0x80 [ 25.423912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.423936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.424011] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.424034] kthread+0x337/0x6f0 [ 25.424055] ? trace_preempt_on+0x20/0xc0 [ 25.424092] ? __pfx_kthread+0x10/0x10 [ 25.424114] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.424138] ? calculate_sigpending+0x7b/0xa0 [ 25.424175] ? __pfx_kthread+0x10/0x10 [ 25.424197] ret_from_fork+0x116/0x1d0 [ 25.424217] ? __pfx_kthread+0x10/0x10 [ 25.424238] ret_from_fork_asm+0x1a/0x30 [ 25.424269] </TASK> [ 25.424280] [ 25.436637] Allocated by task 233: [ 25.437005] kasan_save_stack+0x45/0x70 [ 25.437463] kasan_save_track+0x18/0x40 [ 25.437964] kasan_save_alloc_info+0x3b/0x50 [ 25.438410] __kasan_kmalloc+0xb7/0xc0 [ 25.438624] __kmalloc_cache_noprof+0x189/0x420 [ 25.438779] kmalloc_uaf+0xaa/0x380 [ 25.438901] kunit_try_run_case+0x1a5/0x480 [ 25.439484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.440175] kthread+0x337/0x6f0 [ 25.440529] ret_from_fork+0x116/0x1d0 [ 25.440931] ret_from_fork_asm+0x1a/0x30 [ 25.441417] [ 25.441586] Freed by task 233: [ 25.441897] kasan_save_stack+0x45/0x70 [ 25.442119] kasan_save_track+0x18/0x40 [ 25.442457] kasan_save_free_info+0x3f/0x60 [ 25.442950] __kasan_slab_free+0x56/0x70 [ 25.443261] kfree+0x222/0x3f0 [ 25.443574] kmalloc_uaf+0x12c/0x380 [ 25.443707] kunit_try_run_case+0x1a5/0x480 [ 25.444132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.444806] kthread+0x337/0x6f0 [ 25.444987] ret_from_fork+0x116/0x1d0 [ 25.445425] ret_from_fork_asm+0x1a/0x30 [ 25.445794] [ 25.445863] The buggy address belongs to the object at ffff888104963080 [ 25.445863] which belongs to the cache kmalloc-16 of size 16 [ 25.446740] The buggy address is located 8 bytes inside of [ 25.446740] freed 16-byte region [ffff888104963080, ffff888104963090) [ 25.447970] [ 25.448141] The buggy address belongs to the physical page: [ 25.448457] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 25.449227] flags: 0x200000000000000(node=0|zone=2) [ 25.449510] page_type: f5(slab) [ 25.449735] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.450464] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.450681] page dumped because: kasan: bad access detected [ 25.450845] [ 25.450910] Memory state around the buggy address: [ 25.451074] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.451410] ffff888104963000: 00 04 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.451952] >ffff888104963080: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.452238] ^ [ 25.452418] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.453243] ffff888104963180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.453687] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.393236] ================================================================== [ 25.393889] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.394290] Read of size 64 at addr ffff88810610f784 by task kunit_try_catch/231 [ 25.394977] [ 25.395108] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.395174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.395188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.395210] Call Trace: [ 25.395224] <TASK> [ 25.395244] dump_stack_lvl+0x73/0xb0 [ 25.395278] print_report+0xd1/0x640 [ 25.395303] ? __virt_addr_valid+0x1db/0x2d0 [ 25.395328] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.395352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.395438] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.395473] kasan_report+0x141/0x180 [ 25.395496] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.395524] kasan_check_range+0x10c/0x1c0 [ 25.395547] __asan_memmove+0x27/0x70 [ 25.395570] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.395594] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.395624] ? __schedule+0x10da/0x2b60 [ 25.395650] ? __pfx_read_tsc+0x10/0x10 [ 25.395691] ? ktime_get_ts64+0x86/0x230 [ 25.395716] kunit_try_run_case+0x1a5/0x480 [ 25.395743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.395766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.395791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.395816] ? __kthread_parkme+0x82/0x180 [ 25.395837] ? preempt_count_sub+0x50/0x80 [ 25.395861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.395884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.395908] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.395931] kthread+0x337/0x6f0 [ 25.395967] ? trace_preempt_on+0x20/0xc0 [ 25.395992] ? __pfx_kthread+0x10/0x10 [ 25.396013] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.396036] ? calculate_sigpending+0x7b/0xa0 [ 25.396060] ? __pfx_kthread+0x10/0x10 [ 25.396081] ret_from_fork+0x116/0x1d0 [ 25.396101] ? __pfx_kthread+0x10/0x10 [ 25.396122] ret_from_fork_asm+0x1a/0x30 [ 25.396163] </TASK> [ 25.396174] [ 25.406753] Allocated by task 231: [ 25.407184] kasan_save_stack+0x45/0x70 [ 25.407421] kasan_save_track+0x18/0x40 [ 25.407570] kasan_save_alloc_info+0x3b/0x50 [ 25.407784] __kasan_kmalloc+0xb7/0xc0 [ 25.408263] __kmalloc_cache_noprof+0x189/0x420 [ 25.408722] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.409017] kunit_try_run_case+0x1a5/0x480 [ 25.409470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.409678] kthread+0x337/0x6f0 [ 25.409836] ret_from_fork+0x116/0x1d0 [ 25.410235] ret_from_fork_asm+0x1a/0x30 [ 25.410588] [ 25.410692] The buggy address belongs to the object at ffff88810610f780 [ 25.410692] which belongs to the cache kmalloc-64 of size 64 [ 25.411491] The buggy address is located 4 bytes inside of [ 25.411491] allocated 64-byte region [ffff88810610f780, ffff88810610f7c0) [ 25.412132] [ 25.412233] The buggy address belongs to the physical page: [ 25.412794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10610f [ 25.413203] flags: 0x200000000000000(node=0|zone=2) [ 25.413723] page_type: f5(slab) [ 25.414117] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.414457] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.415007] page dumped because: kasan: bad access detected [ 25.415211] [ 25.415322] Memory state around the buggy address: [ 25.415746] ffff88810610f680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.416288] ffff88810610f700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.416700] >ffff88810610f780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.417141] ^ [ 25.417538] ffff88810610f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.417814] ffff88810610f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.418140] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.361347] ================================================================== [ 25.361838] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.362235] Read of size 18446744073709551614 at addr ffff888104793d04 by task kunit_try_catch/229 [ 25.362750] [ 25.362860] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.362915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.362927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.363192] Call Trace: [ 25.363214] <TASK> [ 25.363234] dump_stack_lvl+0x73/0xb0 [ 25.363283] print_report+0xd1/0x640 [ 25.363307] ? __virt_addr_valid+0x1db/0x2d0 [ 25.363333] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.363359] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.363409] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.363456] kasan_report+0x141/0x180 [ 25.363479] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.363508] kasan_check_range+0x10c/0x1c0 [ 25.363670] __asan_memmove+0x27/0x70 [ 25.363701] kmalloc_memmove_negative_size+0x171/0x330 [ 25.363836] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.363864] ? __schedule+0x10da/0x2b60 [ 25.363892] ? __pfx_read_tsc+0x10/0x10 [ 25.363915] ? ktime_get_ts64+0x86/0x230 [ 25.363941] kunit_try_run_case+0x1a5/0x480 [ 25.363968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.363990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.364015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.364040] ? __kthread_parkme+0x82/0x180 [ 25.364061] ? preempt_count_sub+0x50/0x80 [ 25.364084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.364108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.364132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.364169] kthread+0x337/0x6f0 [ 25.364190] ? trace_preempt_on+0x20/0xc0 [ 25.364215] ? __pfx_kthread+0x10/0x10 [ 25.364235] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.364258] ? calculate_sigpending+0x7b/0xa0 [ 25.364283] ? __pfx_kthread+0x10/0x10 [ 25.364304] ret_from_fork+0x116/0x1d0 [ 25.364325] ? __pfx_kthread+0x10/0x10 [ 25.364346] ret_from_fork_asm+0x1a/0x30 [ 25.364378] </TASK> [ 25.364392] [ 25.374207] Allocated by task 229: [ 25.374533] kasan_save_stack+0x45/0x70 [ 25.374887] kasan_save_track+0x18/0x40 [ 25.375283] kasan_save_alloc_info+0x3b/0x50 [ 25.376122] __kasan_kmalloc+0xb7/0xc0 [ 25.376549] __kmalloc_cache_noprof+0x189/0x420 [ 25.377040] kmalloc_memmove_negative_size+0xac/0x330 [ 25.377642] kunit_try_run_case+0x1a5/0x480 [ 25.378133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.378707] kthread+0x337/0x6f0 [ 25.379023] ret_from_fork+0x116/0x1d0 [ 25.379529] ret_from_fork_asm+0x1a/0x30 [ 25.380028] [ 25.380485] The buggy address belongs to the object at ffff888104793d00 [ 25.380485] which belongs to the cache kmalloc-64 of size 64 [ 25.381630] The buggy address is located 4 bytes inside of [ 25.381630] 64-byte region [ffff888104793d00, ffff888104793d40) [ 25.382292] [ 25.382453] The buggy address belongs to the physical page: [ 25.382918] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104793 [ 25.383178] flags: 0x200000000000000(node=0|zone=2) [ 25.383340] page_type: f5(slab) [ 25.383796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.384592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.385352] page dumped because: kasan: bad access detected [ 25.385915] [ 25.386080] Memory state around the buggy address: [ 25.386563] ffff888104793c00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 25.386890] ffff888104793c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.387479] >ffff888104793d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.388260] ^ [ 25.388405] ffff888104793d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.389088] ffff888104793e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.389726] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.328736] ================================================================== [ 25.330163] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.330957] Write of size 16 at addr ffff888104964569 by task kunit_try_catch/227 [ 25.331535] [ 25.331651] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.331711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.331724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.331748] Call Trace: [ 25.331764] <TASK> [ 25.331786] dump_stack_lvl+0x73/0xb0 [ 25.331822] print_report+0xd1/0x640 [ 25.331847] ? __virt_addr_valid+0x1db/0x2d0 [ 25.331874] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.331896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.331922] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.331944] kasan_report+0x141/0x180 [ 25.331967] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.331993] kasan_check_range+0x10c/0x1c0 [ 25.332017] __asan_memset+0x27/0x50 [ 25.332077] kmalloc_oob_memset_16+0x166/0x330 [ 25.332101] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.332124] ? __schedule+0x10da/0x2b60 [ 25.332170] ? __pfx_read_tsc+0x10/0x10 [ 25.332193] ? ktime_get_ts64+0x86/0x230 [ 25.332220] kunit_try_run_case+0x1a5/0x480 [ 25.332277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.332300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.332325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.332362] ? __kthread_parkme+0x82/0x180 [ 25.332395] ? preempt_count_sub+0x50/0x80 [ 25.332420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.332444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.332468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.332491] kthread+0x337/0x6f0 [ 25.332512] ? trace_preempt_on+0x20/0xc0 [ 25.332538] ? __pfx_kthread+0x10/0x10 [ 25.332558] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.332582] ? calculate_sigpending+0x7b/0xa0 [ 25.332608] ? __pfx_kthread+0x10/0x10 [ 25.332629] ret_from_fork+0x116/0x1d0 [ 25.332650] ? __pfx_kthread+0x10/0x10 [ 25.332671] ret_from_fork_asm+0x1a/0x30 [ 25.332709] </TASK> [ 25.332721] [ 25.346632] Allocated by task 227: [ 25.346921] kasan_save_stack+0x45/0x70 [ 25.347251] kasan_save_track+0x18/0x40 [ 25.347388] kasan_save_alloc_info+0x3b/0x50 [ 25.347899] __kasan_kmalloc+0xb7/0xc0 [ 25.348311] __kmalloc_cache_noprof+0x189/0x420 [ 25.348572] kmalloc_oob_memset_16+0xac/0x330 [ 25.349296] kunit_try_run_case+0x1a5/0x480 [ 25.349638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.349819] kthread+0x337/0x6f0 [ 25.349940] ret_from_fork+0x116/0x1d0 [ 25.350070] ret_from_fork_asm+0x1a/0x30 [ 25.350229] [ 25.350298] The buggy address belongs to the object at ffff888104964500 [ 25.350298] which belongs to the cache kmalloc-128 of size 128 [ 25.351029] The buggy address is located 105 bytes inside of [ 25.351029] allocated 120-byte region [ffff888104964500, ffff888104964578) [ 25.351869] [ 25.352036] The buggy address belongs to the physical page: [ 25.352362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 25.352747] flags: 0x200000000000000(node=0|zone=2) [ 25.352908] page_type: f5(slab) [ 25.353027] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.353509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.353962] page dumped because: kasan: bad access detected [ 25.354331] [ 25.354551] Memory state around the buggy address: [ 25.354960] ffff888104964400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.355300] ffff888104964480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.355744] >ffff888104964500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.356228] ^ [ 25.356619] ffff888104964580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.356939] ffff888104964600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.357243] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.288783] ================================================================== [ 25.289345] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.290678] Write of size 8 at addr ffff888104657e71 by task kunit_try_catch/225 [ 25.291286] [ 25.291422] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.291602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.291625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.291649] Call Trace: [ 25.291664] <TASK> [ 25.291685] dump_stack_lvl+0x73/0xb0 [ 25.291719] print_report+0xd1/0x640 [ 25.291742] ? __virt_addr_valid+0x1db/0x2d0 [ 25.291766] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.291788] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.291813] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.291834] kasan_report+0x141/0x180 [ 25.291856] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.291881] kasan_check_range+0x10c/0x1c0 [ 25.291904] __asan_memset+0x27/0x50 [ 25.291934] kmalloc_oob_memset_8+0x166/0x330 [ 25.291956] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.291978] ? __schedule+0x10da/0x2b60 [ 25.292003] ? __pfx_read_tsc+0x10/0x10 [ 25.292025] ? ktime_get_ts64+0x86/0x230 [ 25.292049] kunit_try_run_case+0x1a5/0x480 [ 25.292075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.292096] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.292121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.292157] ? __kthread_parkme+0x82/0x180 [ 25.292177] ? preempt_count_sub+0x50/0x80 [ 25.292200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.292224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.292247] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.292269] kthread+0x337/0x6f0 [ 25.292289] ? trace_preempt_on+0x20/0xc0 [ 25.292314] ? __pfx_kthread+0x10/0x10 [ 25.292334] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.292357] ? calculate_sigpending+0x7b/0xa0 [ 25.292380] ? __pfx_kthread+0x10/0x10 [ 25.292401] ret_from_fork+0x116/0x1d0 [ 25.292421] ? __pfx_kthread+0x10/0x10 [ 25.292441] ret_from_fork_asm+0x1a/0x30 [ 25.292472] </TASK> [ 25.292484] [ 25.308539] Allocated by task 225: [ 25.308688] kasan_save_stack+0x45/0x70 [ 25.308962] kasan_save_track+0x18/0x40 [ 25.309710] kasan_save_alloc_info+0x3b/0x50 [ 25.310386] __kasan_kmalloc+0xb7/0xc0 [ 25.310870] __kmalloc_cache_noprof+0x189/0x420 [ 25.311485] kmalloc_oob_memset_8+0xac/0x330 [ 25.311992] kunit_try_run_case+0x1a5/0x480 [ 25.312161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.312338] kthread+0x337/0x6f0 [ 25.312802] ret_from_fork+0x116/0x1d0 [ 25.313162] ret_from_fork_asm+0x1a/0x30 [ 25.313659] [ 25.313836] The buggy address belongs to the object at ffff888104657e00 [ 25.313836] which belongs to the cache kmalloc-128 of size 128 [ 25.314746] The buggy address is located 113 bytes inside of [ 25.314746] allocated 120-byte region [ffff888104657e00, ffff888104657e78) [ 25.315872] [ 25.316053] The buggy address belongs to the physical page: [ 25.316278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.316863] flags: 0x200000000000000(node=0|zone=2) [ 25.317430] page_type: f5(slab) [ 25.317795] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.318587] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.319217] page dumped because: kasan: bad access detected [ 25.319629] [ 25.319707] Memory state around the buggy address: [ 25.320272] ffff888104657d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.320676] ffff888104657d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.321057] >ffff888104657e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.321381] ^ [ 25.321596] ffff888104657e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.321808] ffff888104657f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.322341] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.262897] ================================================================== [ 25.263362] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.263911] Write of size 4 at addr ffff888104657d75 by task kunit_try_catch/223 [ 25.264219] [ 25.264308] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.264360] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.264373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.264394] Call Trace: [ 25.264408] <TASK> [ 25.264438] dump_stack_lvl+0x73/0xb0 [ 25.264469] print_report+0xd1/0x640 [ 25.264492] ? __virt_addr_valid+0x1db/0x2d0 [ 25.264516] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.264537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.264563] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.264584] kasan_report+0x141/0x180 [ 25.264606] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.264632] kasan_check_range+0x10c/0x1c0 [ 25.264655] __asan_memset+0x27/0x50 [ 25.264679] kmalloc_oob_memset_4+0x166/0x330 [ 25.264701] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.264723] ? __schedule+0x10da/0x2b60 [ 25.264748] ? __pfx_read_tsc+0x10/0x10 [ 25.264770] ? ktime_get_ts64+0x86/0x230 [ 25.264795] kunit_try_run_case+0x1a5/0x480 [ 25.264821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.264843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.264867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.264892] ? __kthread_parkme+0x82/0x180 [ 25.264912] ? preempt_count_sub+0x50/0x80 [ 25.264936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.264978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.265001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.265024] kthread+0x337/0x6f0 [ 25.265044] ? trace_preempt_on+0x20/0xc0 [ 25.265069] ? __pfx_kthread+0x10/0x10 [ 25.265089] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.265113] ? calculate_sigpending+0x7b/0xa0 [ 25.265136] ? __pfx_kthread+0x10/0x10 [ 25.265170] ret_from_fork+0x116/0x1d0 [ 25.265189] ? __pfx_kthread+0x10/0x10 [ 25.265209] ret_from_fork_asm+0x1a/0x30 [ 25.265241] </TASK> [ 25.265252] [ 25.272483] Allocated by task 223: [ 25.272626] kasan_save_stack+0x45/0x70 [ 25.272843] kasan_save_track+0x18/0x40 [ 25.273025] kasan_save_alloc_info+0x3b/0x50 [ 25.273321] __kasan_kmalloc+0xb7/0xc0 [ 25.273503] __kmalloc_cache_noprof+0x189/0x420 [ 25.273720] kmalloc_oob_memset_4+0xac/0x330 [ 25.273923] kunit_try_run_case+0x1a5/0x480 [ 25.274201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.274437] kthread+0x337/0x6f0 [ 25.274616] ret_from_fork+0x116/0x1d0 [ 25.274802] ret_from_fork_asm+0x1a/0x30 [ 25.274964] [ 25.275052] The buggy address belongs to the object at ffff888104657d00 [ 25.275052] which belongs to the cache kmalloc-128 of size 128 [ 25.275719] The buggy address is located 117 bytes inside of [ 25.275719] allocated 120-byte region [ffff888104657d00, ffff888104657d78) [ 25.276530] [ 25.276621] The buggy address belongs to the physical page: [ 25.276857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.277232] flags: 0x200000000000000(node=0|zone=2) [ 25.277517] page_type: f5(slab) [ 25.277680] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.277940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.278171] page dumped because: kasan: bad access detected [ 25.278336] [ 25.278401] Memory state around the buggy address: [ 25.278552] ffff888104657c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.278850] ffff888104657c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.279163] >ffff888104657d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.279876] ^ [ 25.280099] ffff888104657d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.280327] ffff888104657e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.280637] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.231678] ================================================================== [ 25.232776] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 25.233506] Write of size 2 at addr ffff888104657c77 by task kunit_try_catch/221 [ 25.233894] [ 25.234021] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.234331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.234345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.234366] Call Trace: [ 25.234401] <TASK> [ 25.234420] dump_stack_lvl+0x73/0xb0 [ 25.234451] print_report+0xd1/0x640 [ 25.234474] ? __virt_addr_valid+0x1db/0x2d0 [ 25.234499] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.234521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.234547] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.234568] kasan_report+0x141/0x180 [ 25.234590] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.234616] kasan_check_range+0x10c/0x1c0 [ 25.234639] __asan_memset+0x27/0x50 [ 25.234662] kmalloc_oob_memset_2+0x166/0x330 [ 25.234685] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.234707] ? __schedule+0x10da/0x2b60 [ 25.234733] ? __pfx_read_tsc+0x10/0x10 [ 25.234755] ? ktime_get_ts64+0x86/0x230 [ 25.234782] kunit_try_run_case+0x1a5/0x480 [ 25.234807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.234832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.234857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.234883] ? __kthread_parkme+0x82/0x180 [ 25.234903] ? preempt_count_sub+0x50/0x80 [ 25.234926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.234950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.234974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.234997] kthread+0x337/0x6f0 [ 25.235017] ? trace_preempt_on+0x20/0xc0 [ 25.235042] ? __pfx_kthread+0x10/0x10 [ 25.235062] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.235085] ? calculate_sigpending+0x7b/0xa0 [ 25.235109] ? __pfx_kthread+0x10/0x10 [ 25.235130] ret_from_fork+0x116/0x1d0 [ 25.235160] ? __pfx_kthread+0x10/0x10 [ 25.235181] ret_from_fork_asm+0x1a/0x30 [ 25.235213] </TASK> [ 25.235224] [ 25.245647] Allocated by task 221: [ 25.245954] kasan_save_stack+0x45/0x70 [ 25.246385] kasan_save_track+0x18/0x40 [ 25.246789] kasan_save_alloc_info+0x3b/0x50 [ 25.247192] __kasan_kmalloc+0xb7/0xc0 [ 25.247653] __kmalloc_cache_noprof+0x189/0x420 [ 25.248105] kmalloc_oob_memset_2+0xac/0x330 [ 25.248587] kunit_try_run_case+0x1a5/0x480 [ 25.248984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.249479] kthread+0x337/0x6f0 [ 25.249802] ret_from_fork+0x116/0x1d0 [ 25.250182] ret_from_fork_asm+0x1a/0x30 [ 25.250604] [ 25.250704] The buggy address belongs to the object at ffff888104657c00 [ 25.250704] which belongs to the cache kmalloc-128 of size 128 [ 25.251233] The buggy address is located 119 bytes inside of [ 25.251233] allocated 120-byte region [ffff888104657c00, ffff888104657c78) [ 25.252351] [ 25.252554] The buggy address belongs to the physical page: [ 25.253059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.253360] flags: 0x200000000000000(node=0|zone=2) [ 25.253835] page_type: f5(slab) [ 25.254134] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.254706] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.254933] page dumped because: kasan: bad access detected [ 25.255100] [ 25.255179] Memory state around the buggy address: [ 25.255371] ffff888104657b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.255687] ffff888104657b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.255965] >ffff888104657c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.256341] ^ [ 25.256593] ffff888104657c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.256907] ffff888104657d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.257303] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.197328] ================================================================== [ 25.197720] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.197974] Write of size 128 at addr ffff888104657b00 by task kunit_try_catch/219 [ 25.198578] [ 25.198694] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.198749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.198762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.198784] Call Trace: [ 25.198796] <TASK> [ 25.198816] dump_stack_lvl+0x73/0xb0 [ 25.198848] print_report+0xd1/0x640 [ 25.198871] ? __virt_addr_valid+0x1db/0x2d0 [ 25.198896] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.198917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.199299] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.199338] kasan_report+0x141/0x180 [ 25.199363] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.199496] kasan_check_range+0x10c/0x1c0 [ 25.199522] __asan_memset+0x27/0x50 [ 25.199545] kmalloc_oob_in_memset+0x15f/0x320 [ 25.199568] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.199590] ? __schedule+0x10da/0x2b60 [ 25.199615] ? __pfx_read_tsc+0x10/0x10 [ 25.199644] ? ktime_get_ts64+0x86/0x230 [ 25.199669] kunit_try_run_case+0x1a5/0x480 [ 25.199695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.199716] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.199741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.199765] ? __kthread_parkme+0x82/0x180 [ 25.199786] ? preempt_count_sub+0x50/0x80 [ 25.199810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.199834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.199857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.199880] kthread+0x337/0x6f0 [ 25.199900] ? trace_preempt_on+0x20/0xc0 [ 25.199927] ? __pfx_kthread+0x10/0x10 [ 25.199956] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.199980] ? calculate_sigpending+0x7b/0xa0 [ 25.200004] ? __pfx_kthread+0x10/0x10 [ 25.200025] ret_from_fork+0x116/0x1d0 [ 25.200045] ? __pfx_kthread+0x10/0x10 [ 25.200065] ret_from_fork_asm+0x1a/0x30 [ 25.200096] </TASK> [ 25.200108] [ 25.213252] Allocated by task 219: [ 25.213415] kasan_save_stack+0x45/0x70 [ 25.213813] kasan_save_track+0x18/0x40 [ 25.214177] kasan_save_alloc_info+0x3b/0x50 [ 25.214641] __kasan_kmalloc+0xb7/0xc0 [ 25.214982] __kmalloc_cache_noprof+0x189/0x420 [ 25.215178] kmalloc_oob_in_memset+0xac/0x320 [ 25.215325] kunit_try_run_case+0x1a5/0x480 [ 25.215860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.216532] kthread+0x337/0x6f0 [ 25.216845] ret_from_fork+0x116/0x1d0 [ 25.217203] ret_from_fork_asm+0x1a/0x30 [ 25.217609] [ 25.217820] The buggy address belongs to the object at ffff888104657b00 [ 25.217820] which belongs to the cache kmalloc-128 of size 128 [ 25.218421] The buggy address is located 0 bytes inside of [ 25.218421] allocated 120-byte region [ffff888104657b00, ffff888104657b78) [ 25.219703] [ 25.219875] The buggy address belongs to the physical page: [ 25.220285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 25.220852] flags: 0x200000000000000(node=0|zone=2) [ 25.221323] page_type: f5(slab) [ 25.221688] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.222200] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.222927] page dumped because: kasan: bad access detected [ 25.223360] [ 25.223668] Memory state around the buggy address: [ 25.223855] ffff888104657a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.224341] ffff888104657a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.225018] >ffff888104657b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.225414] ^ [ 25.226220] ffff888104657b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.226683] ffff888104657c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.226897] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.159789] ================================================================== [ 25.160218] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.160477] Read of size 16 at addr ffff8881046316a0 by task kunit_try_catch/217 [ 25.160922] [ 25.161038] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.161092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.161104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.161126] Call Trace: [ 25.161312] <TASK> [ 25.161342] dump_stack_lvl+0x73/0xb0 [ 25.161391] print_report+0xd1/0x640 [ 25.161416] ? __virt_addr_valid+0x1db/0x2d0 [ 25.161443] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.161464] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.161489] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.161509] kasan_report+0x141/0x180 [ 25.161531] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.161555] __asan_report_load16_noabort+0x18/0x20 [ 25.161579] kmalloc_uaf_16+0x47b/0x4c0 [ 25.161600] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.161621] ? __schedule+0x10da/0x2b60 [ 25.161646] ? __pfx_read_tsc+0x10/0x10 [ 25.161669] ? ktime_get_ts64+0x86/0x230 [ 25.161695] kunit_try_run_case+0x1a5/0x480 [ 25.161721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.161743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.161767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.161792] ? __kthread_parkme+0x82/0x180 [ 25.161813] ? preempt_count_sub+0x50/0x80 [ 25.161837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.161860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.161883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.161907] kthread+0x337/0x6f0 [ 25.161927] ? trace_preempt_on+0x20/0xc0 [ 25.162134] ? __pfx_kthread+0x10/0x10 [ 25.162175] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.162199] ? calculate_sigpending+0x7b/0xa0 [ 25.162225] ? __pfx_kthread+0x10/0x10 [ 25.162492] ret_from_fork+0x116/0x1d0 [ 25.162530] ? __pfx_kthread+0x10/0x10 [ 25.162555] ret_from_fork_asm+0x1a/0x30 [ 25.162587] </TASK> [ 25.162599] [ 25.174763] Allocated by task 217: [ 25.175277] kasan_save_stack+0x45/0x70 [ 25.175631] kasan_save_track+0x18/0x40 [ 25.175808] kasan_save_alloc_info+0x3b/0x50 [ 25.176314] __kasan_kmalloc+0xb7/0xc0 [ 25.176727] __kmalloc_cache_noprof+0x189/0x420 [ 25.177223] kmalloc_uaf_16+0x15b/0x4c0 [ 25.177687] kunit_try_run_case+0x1a5/0x480 [ 25.178056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.178316] kthread+0x337/0x6f0 [ 25.178789] ret_from_fork+0x116/0x1d0 [ 25.178995] ret_from_fork_asm+0x1a/0x30 [ 25.179182] [ 25.179264] Freed by task 217: [ 25.179825] kasan_save_stack+0x45/0x70 [ 25.180136] kasan_save_track+0x18/0x40 [ 25.180351] kasan_save_free_info+0x3f/0x60 [ 25.180629] __kasan_slab_free+0x56/0x70 [ 25.180810] kfree+0x222/0x3f0 [ 25.181201] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.181764] kunit_try_run_case+0x1a5/0x480 [ 25.182038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.182287] kthread+0x337/0x6f0 [ 25.182921] ret_from_fork+0x116/0x1d0 [ 25.183088] ret_from_fork_asm+0x1a/0x30 [ 25.183672] [ 25.183781] The buggy address belongs to the object at ffff8881046316a0 [ 25.183781] which belongs to the cache kmalloc-16 of size 16 [ 25.184711] The buggy address is located 0 bytes inside of [ 25.184711] freed 16-byte region [ffff8881046316a0, ffff8881046316b0) [ 25.185540] [ 25.185899] The buggy address belongs to the physical page: [ 25.186709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104631 [ 25.187178] flags: 0x200000000000000(node=0|zone=2) [ 25.187392] page_type: f5(slab) [ 25.187552] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.187869] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.188526] page dumped because: kasan: bad access detected [ 25.189166] [ 25.189458] Memory state around the buggy address: [ 25.189914] ffff888104631580: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 25.190224] ffff888104631600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.190863] >ffff888104631680: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.191656] ^ [ 25.192075] ffff888104631700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.192369] ffff888104631780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.193140] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.121199] ================================================================== [ 25.121676] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.121900] Write of size 16 at addr ffff888104963040 by task kunit_try_catch/215 [ 25.122113] [ 25.122210] CPU: 0 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.122260] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.122272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.122292] Call Trace: [ 25.122306] <TASK> [ 25.122324] dump_stack_lvl+0x73/0xb0 [ 25.122351] print_report+0xd1/0x640 [ 25.122374] ? __virt_addr_valid+0x1db/0x2d0 [ 25.122397] ? kmalloc_oob_16+0x452/0x4a0 [ 25.122416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.122440] ? kmalloc_oob_16+0x452/0x4a0 [ 25.122460] kasan_report+0x141/0x180 [ 25.122481] ? kmalloc_oob_16+0x452/0x4a0 [ 25.122505] __asan_report_store16_noabort+0x1b/0x30 [ 25.122528] kmalloc_oob_16+0x452/0x4a0 [ 25.122548] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.122569] ? __schedule+0x10da/0x2b60 [ 25.122593] ? __pfx_read_tsc+0x10/0x10 [ 25.122614] ? ktime_get_ts64+0x86/0x230 [ 25.122639] kunit_try_run_case+0x1a5/0x480 [ 25.122663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.122709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.122733] ? __kthread_parkme+0x82/0x180 [ 25.122753] ? preempt_count_sub+0x50/0x80 [ 25.122779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.122827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.122849] kthread+0x337/0x6f0 [ 25.122869] ? trace_preempt_on+0x20/0xc0 [ 25.122892] ? __pfx_kthread+0x10/0x10 [ 25.122912] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.122934] ? calculate_sigpending+0x7b/0xa0 [ 25.122957] ? __pfx_kthread+0x10/0x10 [ 25.122978] ret_from_fork+0x116/0x1d0 [ 25.122996] ? __pfx_kthread+0x10/0x10 [ 25.123016] ret_from_fork_asm+0x1a/0x30 [ 25.123046] </TASK> [ 25.123057] [ 25.141758] Allocated by task 215: [ 25.141916] kasan_save_stack+0x45/0x70 [ 25.142336] kasan_save_track+0x18/0x40 [ 25.142736] kasan_save_alloc_info+0x3b/0x50 [ 25.143218] __kasan_kmalloc+0xb7/0xc0 [ 25.143352] __kmalloc_cache_noprof+0x189/0x420 [ 25.143530] kmalloc_oob_16+0xa8/0x4a0 [ 25.143684] kunit_try_run_case+0x1a5/0x480 [ 25.143821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.144111] kthread+0x337/0x6f0 [ 25.144433] ret_from_fork+0x116/0x1d0 [ 25.144866] ret_from_fork_asm+0x1a/0x30 [ 25.145362] [ 25.145721] The buggy address belongs to the object at ffff888104963040 [ 25.145721] which belongs to the cache kmalloc-16 of size 16 [ 25.147032] The buggy address is located 0 bytes inside of [ 25.147032] allocated 13-byte region [ffff888104963040, ffff88810496304d) [ 25.148234] [ 25.148419] The buggy address belongs to the physical page: [ 25.148967] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104963 [ 25.149293] flags: 0x200000000000000(node=0|zone=2) [ 25.149799] page_type: f5(slab) [ 25.150142] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.151024] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.151295] page dumped because: kasan: bad access detected [ 25.151454] [ 25.151516] Memory state around the buggy address: [ 25.151669] ffff888104962f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.151872] ffff888104962f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.152930] >ffff888104963000: 00 04 fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 25.153803] ^ [ 25.154467] ffff888104963080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.155124] ffff888104963100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.155986] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.086493] ================================================================== [ 25.087656] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 25.088763] Read of size 1 at addr ffff888104815200 by task kunit_try_catch/213 [ 25.089143] [ 25.089254] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.089307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.089320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.089343] Call Trace: [ 25.089364] <TASK> [ 25.089386] dump_stack_lvl+0x73/0xb0 [ 25.089416] print_report+0xd1/0x640 [ 25.089439] ? __virt_addr_valid+0x1db/0x2d0 [ 25.089463] ? krealloc_uaf+0x53c/0x5e0 [ 25.089484] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.089509] ? krealloc_uaf+0x53c/0x5e0 [ 25.089530] kasan_report+0x141/0x180 [ 25.089551] ? krealloc_uaf+0x53c/0x5e0 [ 25.089576] __asan_report_load1_noabort+0x18/0x20 [ 25.089599] krealloc_uaf+0x53c/0x5e0 [ 25.089620] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.089640] ? finish_task_switch.isra.0+0x153/0x700 [ 25.089662] ? __switch_to+0x47/0xf80 [ 25.089688] ? __schedule+0x10da/0x2b60 [ 25.089713] ? __pfx_read_tsc+0x10/0x10 [ 25.089734] ? ktime_get_ts64+0x86/0x230 [ 25.089758] kunit_try_run_case+0x1a5/0x480 [ 25.089783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.089805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.089829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.089854] ? __kthread_parkme+0x82/0x180 [ 25.089874] ? preempt_count_sub+0x50/0x80 [ 25.089896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.089919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.089942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.089964] kthread+0x337/0x6f0 [ 25.089984] ? trace_preempt_on+0x20/0xc0 [ 25.090009] ? __pfx_kthread+0x10/0x10 [ 25.090028] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.090051] ? calculate_sigpending+0x7b/0xa0 [ 25.090075] ? __pfx_kthread+0x10/0x10 [ 25.090095] ret_from_fork+0x116/0x1d0 [ 25.090115] ? __pfx_kthread+0x10/0x10 [ 25.090135] ret_from_fork_asm+0x1a/0x30 [ 25.090176] </TASK> [ 25.090187] [ 25.103291] Allocated by task 213: [ 25.103668] kasan_save_stack+0x45/0x70 [ 25.104088] kasan_save_track+0x18/0x40 [ 25.104475] kasan_save_alloc_info+0x3b/0x50 [ 25.104731] __kasan_kmalloc+0xb7/0xc0 [ 25.104861] __kmalloc_cache_noprof+0x189/0x420 [ 25.105122] krealloc_uaf+0xbb/0x5e0 [ 25.105558] kunit_try_run_case+0x1a5/0x480 [ 25.105939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.106437] kthread+0x337/0x6f0 [ 25.106785] ret_from_fork+0x116/0x1d0 [ 25.107127] ret_from_fork_asm+0x1a/0x30 [ 25.107380] [ 25.107586] Freed by task 213: [ 25.107862] kasan_save_stack+0x45/0x70 [ 25.108004] kasan_save_track+0x18/0x40 [ 25.108133] kasan_save_free_info+0x3f/0x60 [ 25.108284] __kasan_slab_free+0x56/0x70 [ 25.108640] kfree+0x222/0x3f0 [ 25.108776] krealloc_uaf+0x13d/0x5e0 [ 25.108959] kunit_try_run_case+0x1a5/0x480 [ 25.109140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.109356] kthread+0x337/0x6f0 [ 25.109517] ret_from_fork+0x116/0x1d0 [ 25.109711] ret_from_fork_asm+0x1a/0x30 [ 25.109993] [ 25.110087] The buggy address belongs to the object at ffff888104815200 [ 25.110087] which belongs to the cache kmalloc-256 of size 256 [ 25.110554] The buggy address is located 0 bytes inside of [ 25.110554] freed 256-byte region [ffff888104815200, ffff888104815300) [ 25.111002] [ 25.111139] The buggy address belongs to the physical page: [ 25.111334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814 [ 25.111603] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.112044] flags: 0x200000000000040(head|node=0|zone=2) [ 25.112250] page_type: f5(slab) [ 25.112370] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.112755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.113169] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.113415] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.113797] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff [ 25.114189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.114814] page dumped because: kasan: bad access detected [ 25.115130] [ 25.115242] Memory state around the buggy address: [ 25.115459] ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.115746] ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.116113] >ffff888104815200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.116402] ^ [ 25.116524] ffff888104815280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.116733] ffff888104815300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.117035] ================================================================== [ 25.059181] ================================================================== [ 25.059726] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 25.060050] Read of size 1 at addr ffff888104815200 by task kunit_try_catch/213 [ 25.060955] [ 25.061087] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.061191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.061204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.061226] Call Trace: [ 25.061239] <TASK> [ 25.061258] dump_stack_lvl+0x73/0xb0 [ 25.061293] print_report+0xd1/0x640 [ 25.061318] ? __virt_addr_valid+0x1db/0x2d0 [ 25.061344] ? krealloc_uaf+0x1b8/0x5e0 [ 25.061437] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.061465] ? krealloc_uaf+0x1b8/0x5e0 [ 25.061487] kasan_report+0x141/0x180 [ 25.061509] ? krealloc_uaf+0x1b8/0x5e0 [ 25.061533] ? krealloc_uaf+0x1b8/0x5e0 [ 25.061554] __kasan_check_byte+0x3d/0x50 [ 25.061576] krealloc_noprof+0x3f/0x340 [ 25.061603] krealloc_uaf+0x1b8/0x5e0 [ 25.061625] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.061645] ? finish_task_switch.isra.0+0x153/0x700 [ 25.061668] ? __switch_to+0x47/0xf80 [ 25.061695] ? __schedule+0x10da/0x2b60 [ 25.061721] ? __pfx_read_tsc+0x10/0x10 [ 25.061743] ? ktime_get_ts64+0x86/0x230 [ 25.061770] kunit_try_run_case+0x1a5/0x480 [ 25.061796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.061819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.061844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.061869] ? __kthread_parkme+0x82/0x180 [ 25.061889] ? preempt_count_sub+0x50/0x80 [ 25.061912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.061955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.061978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.062001] kthread+0x337/0x6f0 [ 25.062022] ? trace_preempt_on+0x20/0xc0 [ 25.062047] ? __pfx_kthread+0x10/0x10 [ 25.062068] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.062091] ? calculate_sigpending+0x7b/0xa0 [ 25.062116] ? __pfx_kthread+0x10/0x10 [ 25.062138] ret_from_fork+0x116/0x1d0 [ 25.062166] ? __pfx_kthread+0x10/0x10 [ 25.062187] ret_from_fork_asm+0x1a/0x30 [ 25.062218] </TASK> [ 25.062230] [ 25.070911] Allocated by task 213: [ 25.071122] kasan_save_stack+0x45/0x70 [ 25.071461] kasan_save_track+0x18/0x40 [ 25.071694] kasan_save_alloc_info+0x3b/0x50 [ 25.071920] __kasan_kmalloc+0xb7/0xc0 [ 25.072137] __kmalloc_cache_noprof+0x189/0x420 [ 25.072436] krealloc_uaf+0xbb/0x5e0 [ 25.072600] kunit_try_run_case+0x1a5/0x480 [ 25.072824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.073083] kthread+0x337/0x6f0 [ 25.073253] ret_from_fork+0x116/0x1d0 [ 25.073440] ret_from_fork_asm+0x1a/0x30 [ 25.073583] [ 25.073649] Freed by task 213: [ 25.073755] kasan_save_stack+0x45/0x70 [ 25.073885] kasan_save_track+0x18/0x40 [ 25.074039] kasan_save_free_info+0x3f/0x60 [ 25.074249] __kasan_slab_free+0x56/0x70 [ 25.074721] kfree+0x222/0x3f0 [ 25.074948] krealloc_uaf+0x13d/0x5e0 [ 25.075187] kunit_try_run_case+0x1a5/0x480 [ 25.075414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.075769] kthread+0x337/0x6f0 [ 25.075965] ret_from_fork+0x116/0x1d0 [ 25.076158] ret_from_fork_asm+0x1a/0x30 [ 25.076423] [ 25.076552] The buggy address belongs to the object at ffff888104815200 [ 25.076552] which belongs to the cache kmalloc-256 of size 256 [ 25.077014] The buggy address is located 0 bytes inside of [ 25.077014] freed 256-byte region [ffff888104815200, ffff888104815300) [ 25.077533] [ 25.077626] The buggy address belongs to the physical page: [ 25.077881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814 [ 25.078280] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.078668] flags: 0x200000000000040(head|node=0|zone=2) [ 25.078961] page_type: f5(slab) [ 25.079098] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.079336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.079900] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 25.080288] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.080717] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff [ 25.081110] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.081556] page dumped because: kasan: bad access detected [ 25.081813] [ 25.081905] Memory state around the buggy address: [ 25.082141] ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.082469] ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.082682] >ffff888104815200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.083028] ^ [ 25.083206] ffff888104815280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.083648] ffff888104815300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.083994] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 24.767210] ================================================================== [ 24.767910] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.768934] Write of size 1 at addr ffff8881055e3cc9 by task kunit_try_catch/207 [ 24.769828] [ 24.770098] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.770166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.770179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.770202] Call Trace: [ 24.770216] <TASK> [ 24.770235] dump_stack_lvl+0x73/0xb0 [ 24.770271] print_report+0xd1/0x640 [ 24.770295] ? __virt_addr_valid+0x1db/0x2d0 [ 24.770319] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.770343] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.770376] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.770400] kasan_report+0x141/0x180 [ 24.770421] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.770449] __asan_report_store1_noabort+0x1b/0x30 [ 24.770473] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.770498] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.770522] ? finish_task_switch.isra.0+0x153/0x700 [ 24.770543] ? __switch_to+0x47/0xf80 [ 24.770570] ? __schedule+0x10da/0x2b60 [ 24.770595] ? __pfx_read_tsc+0x10/0x10 [ 24.770619] krealloc_less_oob+0x1c/0x30 [ 24.770641] kunit_try_run_case+0x1a5/0x480 [ 24.770667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.770689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.770714] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.770739] ? __kthread_parkme+0x82/0x180 [ 24.770759] ? preempt_count_sub+0x50/0x80 [ 24.770781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.770805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.770828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.770854] kthread+0x337/0x6f0 [ 24.770877] ? trace_preempt_on+0x20/0xc0 [ 24.770902] ? __pfx_kthread+0x10/0x10 [ 24.770922] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.770946] ? calculate_sigpending+0x7b/0xa0 [ 24.770969] ? __pfx_kthread+0x10/0x10 [ 24.770990] ret_from_fork+0x116/0x1d0 [ 24.771010] ? __pfx_kthread+0x10/0x10 [ 24.771030] ret_from_fork_asm+0x1a/0x30 [ 24.771061] </TASK> [ 24.771072] [ 24.781811] Allocated by task 207: [ 24.782103] kasan_save_stack+0x45/0x70 [ 24.782359] kasan_save_track+0x18/0x40 [ 24.782489] kasan_save_alloc_info+0x3b/0x50 [ 24.782822] __kasan_krealloc+0x190/0x1f0 [ 24.783017] krealloc_noprof+0xf3/0x340 [ 24.783223] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.783534] krealloc_less_oob+0x1c/0x30 [ 24.783692] kunit_try_run_case+0x1a5/0x480 [ 24.783854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.784170] kthread+0x337/0x6f0 [ 24.784341] ret_from_fork+0x116/0x1d0 [ 24.784640] ret_from_fork_asm+0x1a/0x30 [ 24.784786] [ 24.784852] The buggy address belongs to the object at ffff8881055e3c00 [ 24.784852] which belongs to the cache kmalloc-256 of size 256 [ 24.785666] The buggy address is located 0 bytes to the right of [ 24.785666] allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9) [ 24.786030] [ 24.786188] The buggy address belongs to the physical page: [ 24.786530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2 [ 24.786916] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.787323] flags: 0x200000000000040(head|node=0|zone=2) [ 24.787668] page_type: f5(slab) [ 24.787796] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.788295] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.788515] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.789191] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.789717] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff [ 24.790072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.790507] page dumped because: kasan: bad access detected [ 24.790751] [ 24.790820] Memory state around the buggy address: [ 24.790972] ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.791273] ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.791767] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.792100] ^ [ 24.792312] ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.792761] ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.793068] ================================================================== [ 24.818292] ================================================================== [ 24.818896] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 24.819254] Write of size 1 at addr ffff8881055e3cda by task kunit_try_catch/207 [ 24.819675] [ 24.819809] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.819874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.819886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.819908] Call Trace: [ 24.819924] <TASK> [ 24.819954] dump_stack_lvl+0x73/0xb0 [ 24.819997] print_report+0xd1/0x640 [ 24.820021] ? __virt_addr_valid+0x1db/0x2d0 [ 24.820056] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820080] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.820106] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820129] kasan_report+0x141/0x180 [ 24.820173] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820201] __asan_report_store1_noabort+0x1b/0x30 [ 24.820225] krealloc_less_oob_helper+0xec6/0x11d0 [ 24.820261] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.820284] ? finish_task_switch.isra.0+0x153/0x700 [ 24.820306] ? __switch_to+0x47/0xf80 [ 24.820333] ? __schedule+0x10da/0x2b60 [ 24.820366] ? __pfx_read_tsc+0x10/0x10 [ 24.820391] krealloc_less_oob+0x1c/0x30 [ 24.820412] kunit_try_run_case+0x1a5/0x480 [ 24.820443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.820473] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.820497] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.820522] ? __kthread_parkme+0x82/0x180 [ 24.820542] ? preempt_count_sub+0x50/0x80 [ 24.820565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.820588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.820611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.820634] kthread+0x337/0x6f0 [ 24.820654] ? trace_preempt_on+0x20/0xc0 [ 24.820678] ? __pfx_kthread+0x10/0x10 [ 24.820699] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.820722] ? calculate_sigpending+0x7b/0xa0 [ 24.820745] ? __pfx_kthread+0x10/0x10 [ 24.820766] ret_from_fork+0x116/0x1d0 [ 24.820786] ? __pfx_kthread+0x10/0x10 [ 24.820806] ret_from_fork_asm+0x1a/0x30 [ 24.820837] </TASK> [ 24.820849] [ 24.829031] Allocated by task 207: [ 24.829267] kasan_save_stack+0x45/0x70 [ 24.829739] kasan_save_track+0x18/0x40 [ 24.829947] kasan_save_alloc_info+0x3b/0x50 [ 24.830185] __kasan_krealloc+0x190/0x1f0 [ 24.830648] krealloc_noprof+0xf3/0x340 [ 24.830870] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.831265] krealloc_less_oob+0x1c/0x30 [ 24.831497] kunit_try_run_case+0x1a5/0x480 [ 24.831712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.831953] kthread+0x337/0x6f0 [ 24.832117] ret_from_fork+0x116/0x1d0 [ 24.832324] ret_from_fork_asm+0x1a/0x30 [ 24.832629] [ 24.832731] The buggy address belongs to the object at ffff8881055e3c00 [ 24.832731] which belongs to the cache kmalloc-256 of size 256 [ 24.833303] The buggy address is located 17 bytes to the right of [ 24.833303] allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9) [ 24.833906] [ 24.833991] The buggy address belongs to the physical page: [ 24.834176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2 [ 24.834416] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.834635] flags: 0x200000000000040(head|node=0|zone=2) [ 24.834807] page_type: f5(slab) [ 24.834924] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.835576] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.836446] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.836747] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.837095] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff [ 24.837576] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.837926] page dumped because: kasan: bad access detected [ 24.838134] [ 24.838207] Memory state around the buggy address: [ 24.838360] ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.838571] ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.838958] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.839303] ^ [ 24.839815] ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.840288] ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.840498] ================================================================== [ 25.040846] ================================================================== [ 25.041131] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.041516] Write of size 1 at addr ffff8881060da0eb by task kunit_try_catch/211 [ 25.041802] [ 25.041914] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.042122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.042140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.042178] Call Trace: [ 25.042198] <TASK> [ 25.042217] dump_stack_lvl+0x73/0xb0 [ 25.042248] print_report+0xd1/0x640 [ 25.042271] ? __virt_addr_valid+0x1db/0x2d0 [ 25.042295] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.042319] ? kasan_addr_to_slab+0x11/0xa0 [ 25.042339] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.042363] kasan_report+0x141/0x180 [ 25.042385] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.042412] __asan_report_store1_noabort+0x1b/0x30 [ 25.042437] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.042462] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.042486] ? finish_task_switch.isra.0+0x153/0x700 [ 25.042508] ? __switch_to+0x47/0xf80 [ 25.042534] ? __schedule+0x10da/0x2b60 [ 25.042560] ? __pfx_read_tsc+0x10/0x10 [ 25.042586] krealloc_large_less_oob+0x1c/0x30 [ 25.042608] kunit_try_run_case+0x1a5/0x480 [ 25.042633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.042655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.042680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.042705] ? __kthread_parkme+0x82/0x180 [ 25.042725] ? preempt_count_sub+0x50/0x80 [ 25.042747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.042771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.042794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.042817] kthread+0x337/0x6f0 [ 25.042837] ? trace_preempt_on+0x20/0xc0 [ 25.042861] ? __pfx_kthread+0x10/0x10 [ 25.042882] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.042905] ? calculate_sigpending+0x7b/0xa0 [ 25.042928] ? __pfx_kthread+0x10/0x10 [ 25.042949] ret_from_fork+0x116/0x1d0 [ 25.042969] ? __pfx_kthread+0x10/0x10 [ 25.042989] ret_from_fork_asm+0x1a/0x30 [ 25.043022] </TASK> [ 25.043034] [ 25.050575] The buggy address belongs to the physical page: [ 25.050799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 25.051087] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.051443] flags: 0x200000000000040(head|node=0|zone=2) [ 25.051694] page_type: f8(unknown) [ 25.051868] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.052368] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.052755] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.053187] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.053527] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 25.053834] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.054202] page dumped because: kasan: bad access detected [ 25.054472] [ 25.054559] Memory state around the buggy address: [ 25.054750] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.055106] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.055406] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.055632] ^ [ 25.055832] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.056042] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.056257] ================================================================== [ 24.872049] ================================================================== [ 24.872813] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 24.873362] Write of size 1 at addr ffff8881055e3ceb by task kunit_try_catch/207 [ 24.874092] [ 24.874285] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.874338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.874350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.874373] Call Trace: [ 24.874394] <TASK> [ 24.874416] dump_stack_lvl+0x73/0xb0 [ 24.874448] print_report+0xd1/0x640 [ 24.874525] ? __virt_addr_valid+0x1db/0x2d0 [ 24.874551] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.874574] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.874600] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.874624] kasan_report+0x141/0x180 [ 24.874645] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 24.874673] __asan_report_store1_noabort+0x1b/0x30 [ 24.874697] krealloc_less_oob_helper+0xd47/0x11d0 [ 24.874722] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.874745] ? finish_task_switch.isra.0+0x153/0x700 [ 24.874767] ? __switch_to+0x47/0xf80 [ 24.874793] ? __schedule+0x10da/0x2b60 [ 24.874818] ? __pfx_read_tsc+0x10/0x10 [ 24.874843] krealloc_less_oob+0x1c/0x30 [ 24.874865] kunit_try_run_case+0x1a5/0x480 [ 24.874890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.874912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.874936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.874968] ? __kthread_parkme+0x82/0x180 [ 24.874988] ? preempt_count_sub+0x50/0x80 [ 24.875011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.875034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.875057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.875080] kthread+0x337/0x6f0 [ 24.875100] ? trace_preempt_on+0x20/0xc0 [ 24.875124] ? __pfx_kthread+0x10/0x10 [ 24.875144] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.875181] ? calculate_sigpending+0x7b/0xa0 [ 24.875204] ? __pfx_kthread+0x10/0x10 [ 24.875226] ret_from_fork+0x116/0x1d0 [ 24.875246] ? __pfx_kthread+0x10/0x10 [ 24.875266] ret_from_fork_asm+0x1a/0x30 [ 24.875299] </TASK> [ 24.875310] [ 24.888998] Allocated by task 207: [ 24.889410] kasan_save_stack+0x45/0x70 [ 24.889795] kasan_save_track+0x18/0x40 [ 24.890165] kasan_save_alloc_info+0x3b/0x50 [ 24.890320] __kasan_krealloc+0x190/0x1f0 [ 24.890627] krealloc_noprof+0xf3/0x340 [ 24.891004] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.891455] krealloc_less_oob+0x1c/0x30 [ 24.891939] kunit_try_run_case+0x1a5/0x480 [ 24.892100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.892284] kthread+0x337/0x6f0 [ 24.892428] ret_from_fork+0x116/0x1d0 [ 24.892556] ret_from_fork_asm+0x1a/0x30 [ 24.892777] [ 24.892941] The buggy address belongs to the object at ffff8881055e3c00 [ 24.892941] which belongs to the cache kmalloc-256 of size 256 [ 24.893398] The buggy address is located 34 bytes to the right of [ 24.893398] allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9) [ 24.894060] [ 24.894132] The buggy address belongs to the physical page: [ 24.894334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2 [ 24.894975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.895320] flags: 0x200000000000040(head|node=0|zone=2) [ 24.895794] page_type: f5(slab) [ 24.895953] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.896274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.896768] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.897071] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.897348] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff [ 24.897616] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.897943] page dumped because: kasan: bad access detected [ 24.898274] [ 24.898343] Memory state around the buggy address: [ 24.898743] ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.899047] ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.899314] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.899911] ^ [ 24.900190] ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900494] ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900818] ================================================================== [ 24.795180] ================================================================== [ 24.795499] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.796072] Write of size 1 at addr ffff8881055e3cd0 by task kunit_try_catch/207 [ 24.796400] [ 24.796514] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.796641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.796654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.796687] Call Trace: [ 24.796708] <TASK> [ 24.796729] dump_stack_lvl+0x73/0xb0 [ 24.796774] print_report+0xd1/0x640 [ 24.796798] ? __virt_addr_valid+0x1db/0x2d0 [ 24.796822] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.796846] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.796872] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.796904] kasan_report+0x141/0x180 [ 24.796926] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.796954] __asan_report_store1_noabort+0x1b/0x30 [ 24.796998] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.797024] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.797048] ? finish_task_switch.isra.0+0x153/0x700 [ 24.797070] ? __switch_to+0x47/0xf80 [ 24.797097] ? __schedule+0x10da/0x2b60 [ 24.797129] ? __pfx_read_tsc+0x10/0x10 [ 24.797170] krealloc_less_oob+0x1c/0x30 [ 24.797192] kunit_try_run_case+0x1a5/0x480 [ 24.797217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.797264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.797288] ? __kthread_parkme+0x82/0x180 [ 24.797317] ? preempt_count_sub+0x50/0x80 [ 24.797339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.797363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.797407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.797431] kthread+0x337/0x6f0 [ 24.797451] ? trace_preempt_on+0x20/0xc0 [ 24.797476] ? __pfx_kthread+0x10/0x10 [ 24.797497] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.797520] ? calculate_sigpending+0x7b/0xa0 [ 24.797544] ? __pfx_kthread+0x10/0x10 [ 24.797565] ret_from_fork+0x116/0x1d0 [ 24.797585] ? __pfx_kthread+0x10/0x10 [ 24.797606] ret_from_fork_asm+0x1a/0x30 [ 24.797638] </TASK> [ 24.797649] [ 24.806086] Allocated by task 207: [ 24.806307] kasan_save_stack+0x45/0x70 [ 24.806584] kasan_save_track+0x18/0x40 [ 24.806782] kasan_save_alloc_info+0x3b/0x50 [ 24.807056] __kasan_krealloc+0x190/0x1f0 [ 24.807264] krealloc_noprof+0xf3/0x340 [ 24.807455] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.807758] krealloc_less_oob+0x1c/0x30 [ 24.807901] kunit_try_run_case+0x1a5/0x480 [ 24.808226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.808424] kthread+0x337/0x6f0 [ 24.808559] ret_from_fork+0x116/0x1d0 [ 24.808837] ret_from_fork_asm+0x1a/0x30 [ 24.809232] [ 24.809326] The buggy address belongs to the object at ffff8881055e3c00 [ 24.809326] which belongs to the cache kmalloc-256 of size 256 [ 24.809956] The buggy address is located 7 bytes to the right of [ 24.809956] allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9) [ 24.810564] [ 24.810678] The buggy address belongs to the physical page: [ 24.810911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2 [ 24.811296] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.811722] flags: 0x200000000000040(head|node=0|zone=2) [ 24.812002] page_type: f5(slab) [ 24.812206] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.812726] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.813063] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.813558] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.813901] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff [ 24.814236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.814586] page dumped because: kasan: bad access detected [ 24.814840] [ 24.814909] Memory state around the buggy address: [ 24.815061] ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.815285] ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.815548] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.816082] ^ [ 24.816439] ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.816773] ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.817312] ================================================================== [ 24.956130] ================================================================== [ 24.956758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 24.957138] Write of size 1 at addr ffff8881060da0c9 by task kunit_try_catch/211 [ 24.957462] [ 24.957744] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.957840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.957854] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.957876] Call Trace: [ 24.957890] <TASK> [ 24.957909] dump_stack_lvl+0x73/0xb0 [ 24.957944] print_report+0xd1/0x640 [ 24.957968] ? __virt_addr_valid+0x1db/0x2d0 [ 24.957992] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.958016] ? kasan_addr_to_slab+0x11/0xa0 [ 24.958037] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.958075] kasan_report+0x141/0x180 [ 24.958098] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 24.958126] __asan_report_store1_noabort+0x1b/0x30 [ 24.958163] krealloc_less_oob_helper+0xd70/0x11d0 [ 24.958209] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.958233] ? finish_task_switch.isra.0+0x153/0x700 [ 24.958255] ? __switch_to+0x47/0xf80 [ 24.958282] ? __schedule+0x10da/0x2b60 [ 24.958326] ? __pfx_read_tsc+0x10/0x10 [ 24.958351] krealloc_large_less_oob+0x1c/0x30 [ 24.958374] kunit_try_run_case+0x1a5/0x480 [ 24.958483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.958506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.958532] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.958558] ? __kthread_parkme+0x82/0x180 [ 24.958578] ? preempt_count_sub+0x50/0x80 [ 24.958601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.958626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.958649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.958672] kthread+0x337/0x6f0 [ 24.958693] ? trace_preempt_on+0x20/0xc0 [ 24.958718] ? __pfx_kthread+0x10/0x10 [ 24.958739] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.958763] ? calculate_sigpending+0x7b/0xa0 [ 24.958787] ? __pfx_kthread+0x10/0x10 [ 24.958809] ret_from_fork+0x116/0x1d0 [ 24.958829] ? __pfx_kthread+0x10/0x10 [ 24.958849] ret_from_fork_asm+0x1a/0x30 [ 24.958881] </TASK> [ 24.958893] [ 24.968478] The buggy address belongs to the physical page: [ 24.968893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.969489] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.969802] flags: 0x200000000000040(head|node=0|zone=2) [ 24.970693] page_type: f8(unknown) [ 24.970886] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.971655] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.972020] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.972330] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.973581] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 24.974307] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.974736] page dumped because: kasan: bad access detected [ 24.975183] [ 24.975471] Memory state around the buggy address: [ 24.975964] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.976307] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.976793] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 24.977252] ^ [ 24.977616] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.977894] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.978837] ================================================================== [ 25.006610] ================================================================== [ 25.006853] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.007253] Write of size 1 at addr ffff8881060da0da by task kunit_try_catch/211 [ 25.007646] [ 25.007764] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.007815] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.007827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.007848] Call Trace: [ 25.007869] <TASK> [ 25.007888] dump_stack_lvl+0x73/0xb0 [ 25.007917] print_report+0xd1/0x640 [ 25.007941] ? __virt_addr_valid+0x1db/0x2d0 [ 25.007965] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.007988] ? kasan_addr_to_slab+0x11/0xa0 [ 25.008008] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.008032] kasan_report+0x141/0x180 [ 25.008053] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.008080] __asan_report_store1_noabort+0x1b/0x30 [ 25.008104] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.008129] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.008165] ? finish_task_switch.isra.0+0x153/0x700 [ 25.008186] ? __switch_to+0x47/0xf80 [ 25.008213] ? __schedule+0x10da/0x2b60 [ 25.008238] ? __pfx_read_tsc+0x10/0x10 [ 25.008262] krealloc_large_less_oob+0x1c/0x30 [ 25.008285] kunit_try_run_case+0x1a5/0x480 [ 25.008310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.008331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.008355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.008426] ? __kthread_parkme+0x82/0x180 [ 25.008450] ? preempt_count_sub+0x50/0x80 [ 25.008472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.008495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.008518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.008541] kthread+0x337/0x6f0 [ 25.008562] ? trace_preempt_on+0x20/0xc0 [ 25.008586] ? __pfx_kthread+0x10/0x10 [ 25.008606] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.008629] ? calculate_sigpending+0x7b/0xa0 [ 25.008653] ? __pfx_kthread+0x10/0x10 [ 25.008674] ret_from_fork+0x116/0x1d0 [ 25.008694] ? __pfx_kthread+0x10/0x10 [ 25.008714] ret_from_fork_asm+0x1a/0x30 [ 25.008746] </TASK> [ 25.008758] [ 25.016695] The buggy address belongs to the physical page: [ 25.016924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 25.017304] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.017667] flags: 0x200000000000040(head|node=0|zone=2) [ 25.017921] page_type: f8(unknown) [ 25.018105] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.018434] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.018717] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.018945] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.019280] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 25.019757] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.020038] page dumped because: kasan: bad access detected [ 25.020571] [ 25.020678] Memory state around the buggy address: [ 25.020910] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.021399] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.021672] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.022014] ^ [ 25.022245] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.022764] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.023046] ================================================================== [ 25.023390] ================================================================== [ 25.023644] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.023883] Write of size 1 at addr ffff8881060da0ea by task kunit_try_catch/211 [ 25.024099] [ 25.024191] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 25.024237] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.024249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.024270] Call Trace: [ 25.024288] <TASK> [ 25.024305] dump_stack_lvl+0x73/0xb0 [ 25.024330] print_report+0xd1/0x640 [ 25.024352] ? __virt_addr_valid+0x1db/0x2d0 [ 25.024374] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.024396] ? kasan_addr_to_slab+0x11/0xa0 [ 25.024416] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.024438] kasan_report+0x141/0x180 [ 25.024637] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.024670] __asan_report_store1_noabort+0x1b/0x30 [ 25.024696] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.024722] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.024746] ? finish_task_switch.isra.0+0x153/0x700 [ 25.024768] ? __switch_to+0x47/0xf80 [ 25.024794] ? __schedule+0x10da/0x2b60 [ 25.024820] ? __pfx_read_tsc+0x10/0x10 [ 25.024845] krealloc_large_less_oob+0x1c/0x30 [ 25.024868] kunit_try_run_case+0x1a5/0x480 [ 25.024893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.024915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.024940] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.024966] ? __kthread_parkme+0x82/0x180 [ 25.024987] ? preempt_count_sub+0x50/0x80 [ 25.025009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.025032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.025056] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.025079] kthread+0x337/0x6f0 [ 25.025099] ? trace_preempt_on+0x20/0xc0 [ 25.025123] ? __pfx_kthread+0x10/0x10 [ 25.025144] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.025182] ? calculate_sigpending+0x7b/0xa0 [ 25.025206] ? __pfx_kthread+0x10/0x10 [ 25.025228] ret_from_fork+0x116/0x1d0 [ 25.025248] ? __pfx_kthread+0x10/0x10 [ 25.025269] ret_from_fork_asm+0x1a/0x30 [ 25.025302] </TASK> [ 25.025314] [ 25.034070] The buggy address belongs to the physical page: [ 25.034341] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 25.034775] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.035099] flags: 0x200000000000040(head|node=0|zone=2) [ 25.035320] page_type: f8(unknown) [ 25.035498] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.035780] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.036117] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.036434] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.036690] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 25.036917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.037249] page dumped because: kasan: bad access detected [ 25.037583] [ 25.037672] Memory state around the buggy address: [ 25.037890] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.038633] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.038953] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.039306] ^ [ 25.039646] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.040139] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.040411] ================================================================== [ 24.980189] ================================================================== [ 24.980638] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 24.981599] Write of size 1 at addr ffff8881060da0d0 by task kunit_try_catch/211 [ 24.981916] [ 24.982193] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.982358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.982373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.982396] Call Trace: [ 24.982410] <TASK> [ 24.982455] dump_stack_lvl+0x73/0xb0 [ 24.982495] print_report+0xd1/0x640 [ 24.982519] ? __virt_addr_valid+0x1db/0x2d0 [ 24.982543] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.982567] ? kasan_addr_to_slab+0x11/0xa0 [ 24.982589] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.982613] kasan_report+0x141/0x180 [ 24.982635] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 24.982662] __asan_report_store1_noabort+0x1b/0x30 [ 24.982686] krealloc_less_oob_helper+0xe23/0x11d0 [ 24.982711] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.982734] ? finish_task_switch.isra.0+0x153/0x700 [ 24.982755] ? __switch_to+0x47/0xf80 [ 24.982782] ? __schedule+0x10da/0x2b60 [ 24.982806] ? __pfx_read_tsc+0x10/0x10 [ 24.982830] krealloc_large_less_oob+0x1c/0x30 [ 24.982852] kunit_try_run_case+0x1a5/0x480 [ 24.982877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.982899] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.982922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.983203] ? __kthread_parkme+0x82/0x180 [ 24.983242] ? preempt_count_sub+0x50/0x80 [ 24.983265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.983290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.983315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.983337] kthread+0x337/0x6f0 [ 24.983358] ? trace_preempt_on+0x20/0xc0 [ 24.983441] ? __pfx_kthread+0x10/0x10 [ 24.983462] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.983486] ? calculate_sigpending+0x7b/0xa0 [ 24.983510] ? __pfx_kthread+0x10/0x10 [ 24.983530] ret_from_fork+0x116/0x1d0 [ 24.983550] ? __pfx_kthread+0x10/0x10 [ 24.983570] ret_from_fork_asm+0x1a/0x30 [ 24.983602] </TASK> [ 24.983613] [ 24.996507] The buggy address belongs to the physical page: [ 24.996839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.997420] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.997920] flags: 0x200000000000040(head|node=0|zone=2) [ 24.998362] page_type: f8(unknown) [ 24.998840] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.999453] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.000070] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.000414] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.000728] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 25.001414] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.001775] page dumped because: kasan: bad access detected [ 25.002221] [ 25.002478] Memory state around the buggy address: [ 25.003160] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.003769] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.004422] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.004708] ^ [ 25.004954] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.005241] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.005909] ================================================================== [ 24.841295] ================================================================== [ 24.841725] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 24.842015] Write of size 1 at addr ffff8881055e3cea by task kunit_try_catch/207 [ 24.842370] [ 24.842489] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.842599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.842611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.842632] Call Trace: [ 24.842653] <TASK> [ 24.842673] dump_stack_lvl+0x73/0xb0 [ 24.842713] print_report+0xd1/0x640 [ 24.842736] ? __virt_addr_valid+0x1db/0x2d0 [ 24.842761] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.842795] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.842821] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.842845] kasan_report+0x141/0x180 [ 24.842875] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 24.842903] __asan_report_store1_noabort+0x1b/0x30 [ 24.842927] krealloc_less_oob_helper+0xe90/0x11d0 [ 24.842976] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 24.843000] ? finish_task_switch.isra.0+0x153/0x700 [ 24.843022] ? __switch_to+0x47/0xf80 [ 24.843049] ? __schedule+0x10da/0x2b60 [ 24.843082] ? __pfx_read_tsc+0x10/0x10 [ 24.843108] krealloc_less_oob+0x1c/0x30 [ 24.843129] kunit_try_run_case+0x1a5/0x480 [ 24.843174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.843196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.843220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.843246] ? __kthread_parkme+0x82/0x180 [ 24.843274] ? preempt_count_sub+0x50/0x80 [ 24.843297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.843320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.843353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.843477] kthread+0x337/0x6f0 [ 24.843506] ? trace_preempt_on+0x20/0xc0 [ 24.843531] ? __pfx_kthread+0x10/0x10 [ 24.843564] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.843588] ? calculate_sigpending+0x7b/0xa0 [ 24.843611] ? __pfx_kthread+0x10/0x10 [ 24.843637] ret_from_fork+0x116/0x1d0 [ 24.843793] ? __pfx_kthread+0x10/0x10 [ 24.843819] ret_from_fork_asm+0x1a/0x30 [ 24.843862] </TASK> [ 24.843873] [ 24.852810] Allocated by task 207: [ 24.852951] kasan_save_stack+0x45/0x70 [ 24.853286] kasan_save_track+0x18/0x40 [ 24.853776] kasan_save_alloc_info+0x3b/0x50 [ 24.854209] __kasan_krealloc+0x190/0x1f0 [ 24.854559] krealloc_noprof+0xf3/0x340 [ 24.854932] krealloc_less_oob_helper+0x1aa/0x11d0 [ 24.855633] krealloc_less_oob+0x1c/0x30 [ 24.856006] kunit_try_run_case+0x1a5/0x480 [ 24.856396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.856905] kthread+0x337/0x6f0 [ 24.857058] ret_from_fork+0x116/0x1d0 [ 24.857201] ret_from_fork_asm+0x1a/0x30 [ 24.857338] [ 24.857456] The buggy address belongs to the object at ffff8881055e3c00 [ 24.857456] which belongs to the cache kmalloc-256 of size 256 [ 24.858548] The buggy address is located 33 bytes to the right of [ 24.858548] allocated 201-byte region [ffff8881055e3c00, ffff8881055e3cc9) [ 24.859853] [ 24.860204] The buggy address belongs to the physical page: [ 24.860754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1055e2 [ 24.861280] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.861841] flags: 0x200000000000040(head|node=0|zone=2) [ 24.862210] page_type: f5(slab) [ 24.862550] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.863234] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.863491] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 24.863724] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.864171] head: 0200000000000001 ffffea0004157881 00000000ffffffff 00000000ffffffff [ 24.864916] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.865678] page dumped because: kasan: bad access detected [ 24.866189] [ 24.866341] Memory state around the buggy address: [ 24.866898] ffff8881055e3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.867706] ffff8881055e3c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.868608] >ffff8881055e3c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 24.869326] ^ [ 24.869618] ffff8881055e3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.870196] ffff8881055e3d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.870919] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 24.726592] ================================================================== [ 24.727554] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.728038] Write of size 1 at addr ffff8881048150f0 by task kunit_try_catch/205 [ 24.728886] [ 24.729093] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.729144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.729168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.729190] Call Trace: [ 24.729203] <TASK> [ 24.729222] dump_stack_lvl+0x73/0xb0 [ 24.729254] print_report+0xd1/0x640 [ 24.729277] ? __virt_addr_valid+0x1db/0x2d0 [ 24.729302] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.729325] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.729350] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.729374] kasan_report+0x141/0x180 [ 24.729519] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.729548] __asan_report_store1_noabort+0x1b/0x30 [ 24.729574] krealloc_more_oob_helper+0x7eb/0x930 [ 24.729597] ? __schedule+0x10da/0x2b60 [ 24.729623] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.729646] ? finish_task_switch.isra.0+0x153/0x700 [ 24.729668] ? __switch_to+0x47/0xf80 [ 24.729694] ? __schedule+0x10da/0x2b60 [ 24.729718] ? __pfx_read_tsc+0x10/0x10 [ 24.729743] krealloc_more_oob+0x1c/0x30 [ 24.729764] kunit_try_run_case+0x1a5/0x480 [ 24.729790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729812] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.729836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.729861] ? __kthread_parkme+0x82/0x180 [ 24.729881] ? preempt_count_sub+0x50/0x80 [ 24.729904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.729927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.729958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.729981] kthread+0x337/0x6f0 [ 24.730001] ? trace_preempt_on+0x20/0xc0 [ 24.730026] ? __pfx_kthread+0x10/0x10 [ 24.730047] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.730070] ? calculate_sigpending+0x7b/0xa0 [ 24.730094] ? __pfx_kthread+0x10/0x10 [ 24.730115] ret_from_fork+0x116/0x1d0 [ 24.730134] ? __pfx_kthread+0x10/0x10 [ 24.730167] ret_from_fork_asm+0x1a/0x30 [ 24.730198] </TASK> [ 24.730210] [ 24.745683] Allocated by task 205: [ 24.746098] kasan_save_stack+0x45/0x70 [ 24.746278] kasan_save_track+0x18/0x40 [ 24.746422] kasan_save_alloc_info+0x3b/0x50 [ 24.746792] __kasan_krealloc+0x190/0x1f0 [ 24.747459] krealloc_noprof+0xf3/0x340 [ 24.747825] krealloc_more_oob_helper+0x1a9/0x930 [ 24.748379] krealloc_more_oob+0x1c/0x30 [ 24.748730] kunit_try_run_case+0x1a5/0x480 [ 24.749167] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.749347] kthread+0x337/0x6f0 [ 24.749670] ret_from_fork+0x116/0x1d0 [ 24.750069] ret_from_fork_asm+0x1a/0x30 [ 24.750528] [ 24.750710] The buggy address belongs to the object at ffff888104815000 [ 24.750710] which belongs to the cache kmalloc-256 of size 256 [ 24.751530] The buggy address is located 5 bytes to the right of [ 24.751530] allocated 235-byte region [ffff888104815000, ffff8881048150eb) [ 24.752572] [ 24.752763] The buggy address belongs to the physical page: [ 24.753309] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814 [ 24.754164] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.754472] flags: 0x200000000000040(head|node=0|zone=2) [ 24.754643] page_type: f5(slab) [ 24.754790] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.755553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.756295] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.757179] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.758067] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff [ 24.758367] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.759141] page dumped because: kasan: bad access detected [ 24.759718] [ 24.759784] Memory state around the buggy address: [ 24.759932] ffff888104814f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.760137] ffff888104815000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.760358] >ffff888104815080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.760845] ^ [ 24.761548] ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.762299] ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.763040] ================================================================== [ 24.932553] ================================================================== [ 24.932903] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 24.933222] Write of size 1 at addr ffff8881060da0f0 by task kunit_try_catch/209 [ 24.933820] [ 24.933924] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.933974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.933986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.934006] Call Trace: [ 24.934019] <TASK> [ 24.934037] dump_stack_lvl+0x73/0xb0 [ 24.934069] print_report+0xd1/0x640 [ 24.934091] ? __virt_addr_valid+0x1db/0x2d0 [ 24.934116] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.934139] ? kasan_addr_to_slab+0x11/0xa0 [ 24.934174] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.934198] kasan_report+0x141/0x180 [ 24.934219] ? krealloc_more_oob_helper+0x7eb/0x930 [ 24.934247] __asan_report_store1_noabort+0x1b/0x30 [ 24.934271] krealloc_more_oob_helper+0x7eb/0x930 [ 24.934293] ? __schedule+0x10da/0x2b60 [ 24.934318] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.934341] ? finish_task_switch.isra.0+0x153/0x700 [ 24.934362] ? __switch_to+0x47/0xf80 [ 24.934606] ? __schedule+0x10da/0x2b60 [ 24.934636] ? __pfx_read_tsc+0x10/0x10 [ 24.934661] krealloc_large_more_oob+0x1c/0x30 [ 24.934685] kunit_try_run_case+0x1a5/0x480 [ 24.934711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.934733] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.934757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.934782] ? __kthread_parkme+0x82/0x180 [ 24.934802] ? preempt_count_sub+0x50/0x80 [ 24.934825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.934848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.934872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.934894] kthread+0x337/0x6f0 [ 24.934915] ? trace_preempt_on+0x20/0xc0 [ 24.934939] ? __pfx_kthread+0x10/0x10 [ 24.934975] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.934998] ? calculate_sigpending+0x7b/0xa0 [ 24.935022] ? __pfx_kthread+0x10/0x10 [ 24.935043] ret_from_fork+0x116/0x1d0 [ 24.935063] ? __pfx_kthread+0x10/0x10 [ 24.935083] ret_from_fork_asm+0x1a/0x30 [ 24.935115] </TASK> [ 24.935126] [ 24.943984] The buggy address belongs to the physical page: [ 24.944277] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.944646] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.945020] flags: 0x200000000000040(head|node=0|zone=2) [ 24.945589] page_type: f8(unknown) [ 24.945764] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.946119] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.946435] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.946805] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.947252] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 24.947610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.947964] page dumped because: kasan: bad access detected [ 24.948250] [ 24.948607] Memory state around the buggy address: [ 24.948869] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.949111] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.949491] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.949812] ^ [ 24.950234] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.950576] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.950910] ================================================================== [ 24.904834] ================================================================== [ 24.906091] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.906494] Write of size 1 at addr ffff8881060da0eb by task kunit_try_catch/209 [ 24.906906] [ 24.907900] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.907965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.907978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.908000] Call Trace: [ 24.908017] <TASK> [ 24.908038] dump_stack_lvl+0x73/0xb0 [ 24.908072] print_report+0xd1/0x640 [ 24.908096] ? __virt_addr_valid+0x1db/0x2d0 [ 24.908121] ? krealloc_more_oob_helper+0x821/0x930 [ 24.908158] ? kasan_addr_to_slab+0x11/0xa0 [ 24.908179] ? krealloc_more_oob_helper+0x821/0x930 [ 24.908202] kasan_report+0x141/0x180 [ 24.908224] ? krealloc_more_oob_helper+0x821/0x930 [ 24.908252] __asan_report_store1_noabort+0x1b/0x30 [ 24.908276] krealloc_more_oob_helper+0x821/0x930 [ 24.908298] ? __schedule+0x10da/0x2b60 [ 24.908323] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.908346] ? finish_task_switch.isra.0+0x153/0x700 [ 24.908423] ? __switch_to+0x47/0xf80 [ 24.908457] ? __schedule+0x10da/0x2b60 [ 24.908481] ? __pfx_read_tsc+0x10/0x10 [ 24.908505] krealloc_large_more_oob+0x1c/0x30 [ 24.908528] kunit_try_run_case+0x1a5/0x480 [ 24.908554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.908600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.908625] ? __kthread_parkme+0x82/0x180 [ 24.908645] ? preempt_count_sub+0x50/0x80 [ 24.908668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.908691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.908714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908736] kthread+0x337/0x6f0 [ 24.908757] ? trace_preempt_on+0x20/0xc0 [ 24.908781] ? __pfx_kthread+0x10/0x10 [ 24.908801] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908824] ? calculate_sigpending+0x7b/0xa0 [ 24.908848] ? __pfx_kthread+0x10/0x10 [ 24.908868] ret_from_fork+0x116/0x1d0 [ 24.908888] ? __pfx_kthread+0x10/0x10 [ 24.908908] ret_from_fork_asm+0x1a/0x30 [ 24.908941] </TASK> [ 24.908952] [ 24.922637] The buggy address belongs to the physical page: [ 24.923121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.923947] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.924623] flags: 0x200000000000040(head|node=0|zone=2) [ 24.925074] page_type: f8(unknown) [ 24.925214] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.925525] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.926181] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.926901] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.927729] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 24.928224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.928627] page dumped because: kasan: bad access detected [ 24.929186] [ 24.929337] Memory state around the buggy address: [ 24.929807] ffff8881060d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.930486] ffff8881060da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.930699] >ffff8881060da080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 24.930902] ^ [ 24.931228] ffff8881060da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.931497] ffff8881060da180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.931847] ================================================================== [ 24.685561] ================================================================== [ 24.686058] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 24.686616] Write of size 1 at addr ffff8881048150eb by task kunit_try_catch/205 [ 24.687634] [ 24.687880] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.687937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.687950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.687972] Call Trace: [ 24.687986] <TASK> [ 24.688005] dump_stack_lvl+0x73/0xb0 [ 24.688039] print_report+0xd1/0x640 [ 24.688064] ? __virt_addr_valid+0x1db/0x2d0 [ 24.688088] ? krealloc_more_oob_helper+0x821/0x930 [ 24.688111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.688136] ? krealloc_more_oob_helper+0x821/0x930 [ 24.688171] kasan_report+0x141/0x180 [ 24.688193] ? krealloc_more_oob_helper+0x821/0x930 [ 24.688220] __asan_report_store1_noabort+0x1b/0x30 [ 24.688244] krealloc_more_oob_helper+0x821/0x930 [ 24.688266] ? __schedule+0x10da/0x2b60 [ 24.688405] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 24.688525] ? finish_task_switch.isra.0+0x153/0x700 [ 24.688550] ? __switch_to+0x47/0xf80 [ 24.688591] ? __schedule+0x10da/0x2b60 [ 24.688616] ? __pfx_read_tsc+0x10/0x10 [ 24.688640] krealloc_more_oob+0x1c/0x30 [ 24.688662] kunit_try_run_case+0x1a5/0x480 [ 24.688688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.688710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.688734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.688759] ? __kthread_parkme+0x82/0x180 [ 24.688778] ? preempt_count_sub+0x50/0x80 [ 24.688801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.688824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.688846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.688869] kthread+0x337/0x6f0 [ 24.688888] ? trace_preempt_on+0x20/0xc0 [ 24.688914] ? __pfx_kthread+0x10/0x10 [ 24.688934] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.688967] ? calculate_sigpending+0x7b/0xa0 [ 24.688992] ? __pfx_kthread+0x10/0x10 [ 24.689012] ret_from_fork+0x116/0x1d0 [ 24.689032] ? __pfx_kthread+0x10/0x10 [ 24.689052] ret_from_fork_asm+0x1a/0x30 [ 24.689083] </TASK> [ 24.689094] [ 24.705645] Allocated by task 205: [ 24.705885] kasan_save_stack+0x45/0x70 [ 24.706319] kasan_save_track+0x18/0x40 [ 24.706693] kasan_save_alloc_info+0x3b/0x50 [ 24.707253] __kasan_krealloc+0x190/0x1f0 [ 24.707716] krealloc_noprof+0xf3/0x340 [ 24.708170] krealloc_more_oob_helper+0x1a9/0x930 [ 24.708635] krealloc_more_oob+0x1c/0x30 [ 24.709100] kunit_try_run_case+0x1a5/0x480 [ 24.709504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.710034] kthread+0x337/0x6f0 [ 24.710330] ret_from_fork+0x116/0x1d0 [ 24.710466] ret_from_fork_asm+0x1a/0x30 [ 24.711033] [ 24.711253] The buggy address belongs to the object at ffff888104815000 [ 24.711253] which belongs to the cache kmalloc-256 of size 256 [ 24.712686] The buggy address is located 0 bytes to the right of [ 24.712686] allocated 235-byte region [ffff888104815000, ffff8881048150eb) [ 24.713414] [ 24.713507] The buggy address belongs to the physical page: [ 24.713691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104814 [ 24.713937] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.714953] flags: 0x200000000000040(head|node=0|zone=2) [ 24.715460] page_type: f5(slab) [ 24.715818] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.716745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.717567] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 24.718448] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.719212] head: 0200000000000001 ffffea0004120501 00000000ffffffff 00000000ffffffff [ 24.719798] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 24.720074] page dumped because: kasan: bad access detected [ 24.720785] [ 24.720954] Memory state around the buggy address: [ 24.721551] ffff888104814f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.722275] ffff888104815000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.723074] >ffff888104815080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 24.723312] ^ [ 24.723979] ffff888104815100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.724729] ffff888104815180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.725274] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 24.629915] ================================================================== [ 24.630424] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 24.630878] Free of addr ffff8881060d8001 by task kunit_try_catch/199 [ 24.631389] [ 24.631517] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.631572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.631585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.631606] Call Trace: [ 24.631626] <TASK> [ 24.631645] dump_stack_lvl+0x73/0xb0 [ 24.631676] print_report+0xd1/0x640 [ 24.631700] ? __virt_addr_valid+0x1db/0x2d0 [ 24.631727] ? kasan_addr_to_slab+0x11/0xa0 [ 24.631760] ? kfree+0x274/0x3f0 [ 24.631783] kasan_report_invalid_free+0x10a/0x130 [ 24.631807] ? kfree+0x274/0x3f0 [ 24.631830] ? kfree+0x274/0x3f0 [ 24.631851] __kasan_kfree_large+0x86/0xd0 [ 24.631872] free_large_kmalloc+0x52/0x110 [ 24.631896] kfree+0x274/0x3f0 [ 24.631921] kmalloc_large_invalid_free+0x120/0x2b0 [ 24.631953] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 24.631976] ? __schedule+0x10da/0x2b60 [ 24.632001] ? __pfx_read_tsc+0x10/0x10 [ 24.632023] ? ktime_get_ts64+0x86/0x230 [ 24.632048] kunit_try_run_case+0x1a5/0x480 [ 24.632074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.632096] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.632122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.632162] ? __kthread_parkme+0x82/0x180 [ 24.632182] ? preempt_count_sub+0x50/0x80 [ 24.632206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.632229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.632253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.632276] kthread+0x337/0x6f0 [ 24.632296] ? trace_preempt_on+0x20/0xc0 [ 24.632321] ? __pfx_kthread+0x10/0x10 [ 24.632341] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.632365] ? calculate_sigpending+0x7b/0xa0 [ 24.632389] ? __pfx_kthread+0x10/0x10 [ 24.632410] ret_from_fork+0x116/0x1d0 [ 24.632430] ? __pfx_kthread+0x10/0x10 [ 24.632450] ret_from_fork_asm+0x1a/0x30 [ 24.632481] </TASK> [ 24.632493] [ 24.643508] The buggy address belongs to the physical page: [ 24.643867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.644370] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.644681] flags: 0x200000000000040(head|node=0|zone=2) [ 24.644918] page_type: f8(unknown) [ 24.645062] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.645392] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.645699] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.646649] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.647163] head: 0200000000000002 ffffea0004183601 00000000ffffffff 00000000ffffffff [ 24.647661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.647986] page dumped because: kasan: bad access detected [ 24.648356] [ 24.648525] Memory state around the buggy address: [ 24.648881] ffff8881060d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.649331] ffff8881060d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.649732] >ffff8881060d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.650036] ^ [ 24.650610] ffff8881060d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.650867] ffff8881060d8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.651476] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 24.604358] ================================================================== [ 24.605062] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 24.605308] Read of size 1 at addr ffff8881060d8000 by task kunit_try_catch/197 [ 24.605962] [ 24.606144] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.606211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.606223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.606245] Call Trace: [ 24.606258] <TASK> [ 24.606278] dump_stack_lvl+0x73/0xb0 [ 24.606311] print_report+0xd1/0x640 [ 24.606335] ? __virt_addr_valid+0x1db/0x2d0 [ 24.606359] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.606380] ? kasan_addr_to_slab+0x11/0xa0 [ 24.606400] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.606421] kasan_report+0x141/0x180 [ 24.606442] ? kmalloc_large_uaf+0x2f1/0x340 [ 24.606467] __asan_report_load1_noabort+0x18/0x20 [ 24.606491] kmalloc_large_uaf+0x2f1/0x340 [ 24.606512] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 24.606534] ? __schedule+0x10da/0x2b60 [ 24.606559] ? __pfx_read_tsc+0x10/0x10 [ 24.606582] ? ktime_get_ts64+0x86/0x230 [ 24.606607] kunit_try_run_case+0x1a5/0x480 [ 24.606633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.606655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.606679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.606705] ? __kthread_parkme+0x82/0x180 [ 24.606737] ? preempt_count_sub+0x50/0x80 [ 24.606760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.606784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.606807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.606830] kthread+0x337/0x6f0 [ 24.606850] ? trace_preempt_on+0x20/0xc0 [ 24.606875] ? __pfx_kthread+0x10/0x10 [ 24.606896] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.606919] ? calculate_sigpending+0x7b/0xa0 [ 24.606943] ? __pfx_kthread+0x10/0x10 [ 24.607101] ret_from_fork+0x116/0x1d0 [ 24.607123] ? __pfx_kthread+0x10/0x10 [ 24.607143] ret_from_fork_asm+0x1a/0x30 [ 24.607189] </TASK> [ 24.607201] [ 24.619361] The buggy address belongs to the physical page: [ 24.619574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060d8 [ 24.619833] flags: 0x200000000000000(node=0|zone=2) [ 24.620124] raw: 0200000000000000 ffffea0004183708 ffff88815b139fc0 0000000000000000 [ 24.620741] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 24.621277] page dumped because: kasan: bad access detected [ 24.621445] [ 24.621509] Memory state around the buggy address: [ 24.621663] ffff8881060d7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.621874] ffff8881060d7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.622481] >ffff8881060d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.623407] ^ [ 24.623781] ffff8881060d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.624643] ffff8881060d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.625429] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 24.575205] ================================================================== [ 24.576496] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 24.576777] Write of size 1 at addr ffff88810592e00a by task kunit_try_catch/195 [ 24.577089] [ 24.577413] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.577471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.577484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.577505] Call Trace: [ 24.577519] <TASK> [ 24.577539] dump_stack_lvl+0x73/0xb0 [ 24.577569] print_report+0xd1/0x640 [ 24.577593] ? __virt_addr_valid+0x1db/0x2d0 [ 24.577617] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.577767] ? kasan_addr_to_slab+0x11/0xa0 [ 24.577788] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.577810] kasan_report+0x141/0x180 [ 24.577832] ? kmalloc_large_oob_right+0x2e9/0x330 [ 24.577857] __asan_report_store1_noabort+0x1b/0x30 [ 24.577881] kmalloc_large_oob_right+0x2e9/0x330 [ 24.577903] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 24.577926] ? __schedule+0x10da/0x2b60 [ 24.578062] ? __pfx_read_tsc+0x10/0x10 [ 24.578089] ? ktime_get_ts64+0x86/0x230 [ 24.578125] kunit_try_run_case+0x1a5/0x480 [ 24.578160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.578182] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.578207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.578232] ? __kthread_parkme+0x82/0x180 [ 24.578252] ? preempt_count_sub+0x50/0x80 [ 24.578275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.578299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.578321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.578345] kthread+0x337/0x6f0 [ 24.578365] ? trace_preempt_on+0x20/0xc0 [ 24.578401] ? __pfx_kthread+0x10/0x10 [ 24.578421] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.578444] ? calculate_sigpending+0x7b/0xa0 [ 24.578467] ? __pfx_kthread+0x10/0x10 [ 24.578488] ret_from_fork+0x116/0x1d0 [ 24.578507] ? __pfx_kthread+0x10/0x10 [ 24.578527] ret_from_fork_asm+0x1a/0x30 [ 24.578558] </TASK> [ 24.578570] [ 24.591515] The buggy address belongs to the physical page: [ 24.591736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10592c [ 24.592214] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.592873] flags: 0x200000000000040(head|node=0|zone=2) [ 24.593368] page_type: f8(unknown) [ 24.593692] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.593924] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.594724] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 24.595427] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 24.595863] head: 0200000000000002 ffffea0004164b01 00000000ffffffff 00000000ffffffff [ 24.596323] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 24.597234] page dumped because: kasan: bad access detected [ 24.597833] [ 24.597968] Memory state around the buggy address: [ 24.598315] ffff88810592df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.598841] ffff88810592df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.599076] >ffff88810592e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.599298] ^ [ 24.599494] ffff88810592e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.600200] ffff88810592e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.600885] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 24.537809] ================================================================== [ 24.538871] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 24.539610] Write of size 1 at addr ffff88810299df00 by task kunit_try_catch/193 [ 24.540671] [ 24.540772] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.540823] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.540836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.540857] Call Trace: [ 24.540873] <TASK> [ 24.540893] dump_stack_lvl+0x73/0xb0 [ 24.540931] print_report+0xd1/0x640 [ 24.540969] ? __virt_addr_valid+0x1db/0x2d0 [ 24.540995] ? kmalloc_big_oob_right+0x316/0x370 [ 24.541018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.541193] ? kmalloc_big_oob_right+0x316/0x370 [ 24.541216] kasan_report+0x141/0x180 [ 24.541238] ? kmalloc_big_oob_right+0x316/0x370 [ 24.541265] __asan_report_store1_noabort+0x1b/0x30 [ 24.541290] kmalloc_big_oob_right+0x316/0x370 [ 24.541312] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 24.541335] ? __schedule+0x10da/0x2b60 [ 24.541360] ? __pfx_read_tsc+0x10/0x10 [ 24.541523] ? ktime_get_ts64+0x86/0x230 [ 24.541555] kunit_try_run_case+0x1a5/0x480 [ 24.541580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.541627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.541652] ? __kthread_parkme+0x82/0x180 [ 24.541673] ? preempt_count_sub+0x50/0x80 [ 24.541696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.541719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.541742] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.541765] kthread+0x337/0x6f0 [ 24.541785] ? trace_preempt_on+0x20/0xc0 [ 24.541810] ? __pfx_kthread+0x10/0x10 [ 24.541830] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.541853] ? calculate_sigpending+0x7b/0xa0 [ 24.541877] ? __pfx_kthread+0x10/0x10 [ 24.541898] ret_from_fork+0x116/0x1d0 [ 24.541917] ? __pfx_kthread+0x10/0x10 [ 24.541937] ret_from_fork_asm+0x1a/0x30 [ 24.541979] </TASK> [ 24.541991] [ 24.557605] Allocated by task 193: [ 24.558041] kasan_save_stack+0x45/0x70 [ 24.558504] kasan_save_track+0x18/0x40 [ 24.558638] kasan_save_alloc_info+0x3b/0x50 [ 24.558777] __kasan_kmalloc+0xb7/0xc0 [ 24.558900] __kmalloc_cache_noprof+0x189/0x420 [ 24.559295] kmalloc_big_oob_right+0xa9/0x370 [ 24.559724] kunit_try_run_case+0x1a5/0x480 [ 24.560248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.560858] kthread+0x337/0x6f0 [ 24.561257] ret_from_fork+0x116/0x1d0 [ 24.561706] ret_from_fork_asm+0x1a/0x30 [ 24.562114] [ 24.562293] The buggy address belongs to the object at ffff88810299c000 [ 24.562293] which belongs to the cache kmalloc-8k of size 8192 [ 24.563387] The buggy address is located 0 bytes to the right of [ 24.563387] allocated 7936-byte region [ffff88810299c000, ffff88810299df00) [ 24.564232] [ 24.564447] The buggy address belongs to the physical page: [ 24.564927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102998 [ 24.565490] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.565711] flags: 0x200000000000040(head|node=0|zone=2) [ 24.565882] page_type: f5(slab) [ 24.566004] raw: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 24.566527] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.566883] head: 0200000000000040 ffff888100042280 dead000000000100 dead000000000122 [ 24.567594] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 24.568406] head: 0200000000000003 ffffea00040a6601 00000000ffffffff 00000000ffffffff [ 24.569189] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.569415] page dumped because: kasan: bad access detected [ 24.569591] [ 24.569652] Memory state around the buggy address: [ 24.569799] ffff88810299de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.570026] ffff88810299de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.570304] >ffff88810299df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.570570] ^ [ 24.570727] ffff88810299df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.570986] ffff88810299e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.571297] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 24.494307] ================================================================== [ 24.494812] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.495464] Write of size 1 at addr ffff888104657978 by task kunit_try_catch/191 [ 24.496066] [ 24.496178] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.496450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.496466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.496488] Call Trace: [ 24.496502] <TASK> [ 24.496521] dump_stack_lvl+0x73/0xb0 [ 24.496555] print_report+0xd1/0x640 [ 24.496665] ? __virt_addr_valid+0x1db/0x2d0 [ 24.496691] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.496715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.496741] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.496765] kasan_report+0x141/0x180 [ 24.496787] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.496815] __asan_report_store1_noabort+0x1b/0x30 [ 24.496840] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 24.496864] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 24.496890] ? __schedule+0x10da/0x2b60 [ 24.496915] ? __pfx_read_tsc+0x10/0x10 [ 24.496948] ? ktime_get_ts64+0x86/0x230 [ 24.496977] kunit_try_run_case+0x1a5/0x480 [ 24.497005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.497027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.497052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.497077] ? __kthread_parkme+0x82/0x180 [ 24.497097] ? preempt_count_sub+0x50/0x80 [ 24.497120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.497144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.497176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.497200] kthread+0x337/0x6f0 [ 24.497220] ? trace_preempt_on+0x20/0xc0 [ 24.497244] ? __pfx_kthread+0x10/0x10 [ 24.497265] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.497288] ? calculate_sigpending+0x7b/0xa0 [ 24.497312] ? __pfx_kthread+0x10/0x10 [ 24.497333] ret_from_fork+0x116/0x1d0 [ 24.497352] ? __pfx_kthread+0x10/0x10 [ 24.497445] ret_from_fork_asm+0x1a/0x30 [ 24.497481] </TASK> [ 24.497493] [ 24.508157] Allocated by task 191: [ 24.508383] kasan_save_stack+0x45/0x70 [ 24.508821] kasan_save_track+0x18/0x40 [ 24.509002] kasan_save_alloc_info+0x3b/0x50 [ 24.509359] __kasan_kmalloc+0xb7/0xc0 [ 24.509747] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 24.510008] kmalloc_track_caller_oob_right+0x99/0x520 [ 24.510542] kunit_try_run_case+0x1a5/0x480 [ 24.510710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.510962] kthread+0x337/0x6f0 [ 24.511403] ret_from_fork+0x116/0x1d0 [ 24.511678] ret_from_fork_asm+0x1a/0x30 [ 24.512051] [ 24.512160] The buggy address belongs to the object at ffff888104657900 [ 24.512160] which belongs to the cache kmalloc-128 of size 128 [ 24.512802] The buggy address is located 0 bytes to the right of [ 24.512802] allocated 120-byte region [ffff888104657900, ffff888104657978) [ 24.513867] [ 24.513955] The buggy address belongs to the physical page: [ 24.514188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104657 [ 24.514838] flags: 0x200000000000000(node=0|zone=2) [ 24.515157] page_type: f5(slab) [ 24.515323] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.515873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.516300] page dumped because: kasan: bad access detected [ 24.516700] [ 24.516789] Memory state around the buggy address: [ 24.516973] ffff888104657800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.517949] ffff888104657880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.518317] >ffff888104657900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.518984] ^ [ 24.519393] ffff888104657980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519741] ffff888104657a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.520274] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 24.453586] ================================================================== [ 24.454876] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 24.455986] Read of size 1 at addr ffff888105fb9000 by task kunit_try_catch/189 [ 24.456499] [ 24.456862] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.456922] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.456936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.456960] Call Trace: [ 24.456979] <TASK> [ 24.456999] dump_stack_lvl+0x73/0xb0 [ 24.457040] print_report+0xd1/0x640 [ 24.457069] ? __virt_addr_valid+0x1db/0x2d0 [ 24.457097] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.457123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.457162] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.457187] kasan_report+0x141/0x180 [ 24.457337] ? kmalloc_node_oob_right+0x369/0x3c0 [ 24.457370] __asan_report_load1_noabort+0x18/0x20 [ 24.457436] kmalloc_node_oob_right+0x369/0x3c0 [ 24.457461] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 24.457485] ? __schedule+0x10da/0x2b60 [ 24.457512] ? __pfx_read_tsc+0x10/0x10 [ 24.457535] ? ktime_get_ts64+0x86/0x230 [ 24.457559] kunit_try_run_case+0x1a5/0x480 [ 24.457585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.457607] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.457633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.457657] ? __kthread_parkme+0x82/0x180 [ 24.457678] ? preempt_count_sub+0x50/0x80 [ 24.457701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.457724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.457747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.457770] kthread+0x337/0x6f0 [ 24.457790] ? trace_preempt_on+0x20/0xc0 [ 24.457815] ? __pfx_kthread+0x10/0x10 [ 24.457835] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.457858] ? calculate_sigpending+0x7b/0xa0 [ 24.457881] ? __pfx_kthread+0x10/0x10 [ 24.457902] ret_from_fork+0x116/0x1d0 [ 24.457922] ? __pfx_kthread+0x10/0x10 [ 24.457942] ret_from_fork_asm+0x1a/0x30 [ 24.457973] </TASK> [ 24.457985] [ 24.472069] Allocated by task 189: [ 24.472249] kasan_save_stack+0x45/0x70 [ 24.472647] kasan_save_track+0x18/0x40 [ 24.473074] kasan_save_alloc_info+0x3b/0x50 [ 24.473723] __kasan_kmalloc+0xb7/0xc0 [ 24.474226] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.474754] kmalloc_node_oob_right+0xab/0x3c0 [ 24.475091] kunit_try_run_case+0x1a5/0x480 [ 24.475253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.475423] kthread+0x337/0x6f0 [ 24.475541] ret_from_fork+0x116/0x1d0 [ 24.475674] ret_from_fork_asm+0x1a/0x30 [ 24.475809] [ 24.475878] The buggy address belongs to the object at ffff888105fb8000 [ 24.475878] which belongs to the cache kmalloc-4k of size 4096 [ 24.477260] The buggy address is located 0 bytes to the right of [ 24.477260] allocated 4096-byte region [ffff888105fb8000, ffff888105fb9000) [ 24.478638] [ 24.478912] The buggy address belongs to the physical page: [ 24.479676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105fb8 [ 24.480784] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 24.481568] flags: 0x200000000000040(head|node=0|zone=2) [ 24.482234] page_type: f5(slab) [ 24.482361] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.483124] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.483780] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122 [ 24.484403] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 24.484934] head: 0200000000000003 ffffea000417ee01 00000000ffffffff 00000000ffffffff [ 24.485165] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 24.485394] page dumped because: kasan: bad access detected [ 24.485653] [ 24.485808] Memory state around the buggy address: [ 24.486570] ffff888105fb8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.487264] ffff888105fb8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.487990] >ffff888105fb9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.488728] ^ [ 24.489210] ffff888105fb9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.489987] ffff888105fb9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.490358] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 24.422748] ================================================================== [ 24.423293] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 24.423607] Read of size 1 at addr ffff88810463165f by task kunit_try_catch/187 [ 24.423945] [ 24.424050] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.424106] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.424119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.424412] Call Trace: [ 24.424428] <TASK> [ 24.424450] dump_stack_lvl+0x73/0xb0 [ 24.424485] print_report+0xd1/0x640 [ 24.424509] ? __virt_addr_valid+0x1db/0x2d0 [ 24.424535] ? kmalloc_oob_left+0x361/0x3c0 [ 24.424555] ? kasan_complete_mode_report_info+0x64/0x200 [ 24.424599] ? kmalloc_oob_left+0x361/0x3c0 [ 24.424620] kasan_report+0x141/0x180 [ 24.424642] ? kmalloc_oob_left+0x361/0x3c0 [ 24.424667] __asan_report_load1_noabort+0x18/0x20 [ 24.424691] kmalloc_oob_left+0x361/0x3c0 [ 24.424713] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 24.424735] ? __schedule+0x10da/0x2b60 [ 24.424760] ? __pfx_read_tsc+0x10/0x10 [ 24.424782] ? ktime_get_ts64+0x86/0x230 [ 24.424809] kunit_try_run_case+0x1a5/0x480 [ 24.424835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.424857] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.424884] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.424910] ? __kthread_parkme+0x82/0x180 [ 24.424931] ? preempt_count_sub+0x50/0x80 [ 24.424970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.424995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.425018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.425041] kthread+0x337/0x6f0 [ 24.425061] ? trace_preempt_on+0x20/0xc0 [ 24.425086] ? __pfx_kthread+0x10/0x10 [ 24.425107] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.425130] ? calculate_sigpending+0x7b/0xa0 [ 24.425164] ? __pfx_kthread+0x10/0x10 [ 24.425185] ret_from_fork+0x116/0x1d0 [ 24.425205] ? __pfx_kthread+0x10/0x10 [ 24.425226] ret_from_fork_asm+0x1a/0x30 [ 24.425257] </TASK> [ 24.425268] [ 24.432239] Allocated by task 21: [ 24.432377] kasan_save_stack+0x45/0x70 [ 24.432524] kasan_save_track+0x18/0x40 [ 24.432656] kasan_save_alloc_info+0x3b/0x50 [ 24.432996] __kasan_kmalloc+0xb7/0xc0 [ 24.433371] __kmalloc_cache_node_noprof+0x188/0x420 [ 24.433554] build_sched_domains+0x38c/0x5d80 [ 24.433804] partition_sched_domains+0x471/0x9c0 [ 24.433966] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.434289] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.434596] sched_cpu_activate+0x2bf/0x330 [ 24.434770] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.434991] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.435165] smpboot_thread_fn+0x2bc/0x730 [ 24.435338] kthread+0x337/0x6f0 [ 24.435542] ret_from_fork+0x116/0x1d0 [ 24.435709] ret_from_fork_asm+0x1a/0x30 [ 24.435901] [ 24.436060] Freed by task 21: [ 24.436208] kasan_save_stack+0x45/0x70 [ 24.436376] kasan_save_track+0x18/0x40 [ 24.436502] kasan_save_free_info+0x3f/0x60 [ 24.436683] __kasan_slab_free+0x56/0x70 [ 24.437071] kfree+0x222/0x3f0 [ 24.437245] build_sched_domains+0x2072/0x5d80 [ 24.437388] partition_sched_domains+0x471/0x9c0 [ 24.437535] rebuild_sched_domains_locked+0x97d/0xd50 [ 24.437692] cpuset_update_active_cpus+0x80f/0x1a90 [ 24.437972] sched_cpu_activate+0x2bf/0x330 [ 24.438282] cpuhp_invoke_callback+0x2a1/0xf00 [ 24.438496] cpuhp_thread_fun+0x2ce/0x5c0 [ 24.438691] smpboot_thread_fn+0x2bc/0x730 [ 24.438891] kthread+0x337/0x6f0 [ 24.439056] ret_from_fork+0x116/0x1d0 [ 24.439304] ret_from_fork_asm+0x1a/0x30 [ 24.439729] [ 24.439826] The buggy address belongs to the object at ffff888104631640 [ 24.439826] which belongs to the cache kmalloc-16 of size 16 [ 24.440290] The buggy address is located 15 bytes to the right of [ 24.440290] allocated 16-byte region [ffff888104631640, ffff888104631650) [ 24.440644] [ 24.440714] The buggy address belongs to the physical page: [ 24.440888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104631 [ 24.441119] flags: 0x200000000000000(node=0|zone=2) [ 24.441363] page_type: f5(slab) [ 24.441530] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 24.441860] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 24.442308] page dumped because: kasan: bad access detected [ 24.442480] [ 24.442543] Memory state around the buggy address: [ 24.442758] ffff888104631500: 00 00 fc fc fa fb fc fc fa fb fc fc 00 06 fc fc [ 24.443101] ffff888104631580: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 24.443315] >ffff888104631600: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 24.443517] ^ [ 24.443701] ffff888104631680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.443906] ffff888104631700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.444828] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.398543] ================================================================== [ 24.399290] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 24.399524] Read of size 1 at addr ffff888104964480 by task kunit_try_catch/185 [ 24.399902] [ 24.400056] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.400121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.400134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.400180] Call Trace: [ 24.400200] <TASK> [ 24.400234] dump_stack_lvl+0x73/0xb0 [ 24.400279] print_report+0xd1/0x640 [ 24.400304] ? __virt_addr_valid+0x1db/0x2d0 [ 24.400329] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.400350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.400421] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.400447] kasan_report+0x141/0x180 [ 24.400469] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.400496] __asan_report_load1_noabort+0x18/0x20 [ 24.400520] kmalloc_oob_right+0x68a/0x7f0 [ 24.400542] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.400564] ? __schedule+0x10da/0x2b60 [ 24.400589] ? __pfx_read_tsc+0x10/0x10 [ 24.400611] ? ktime_get_ts64+0x86/0x230 [ 24.400636] kunit_try_run_case+0x1a5/0x480 [ 24.400661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.400683] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.400707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.400754] ? __kthread_parkme+0x82/0x180 [ 24.400775] ? preempt_count_sub+0x50/0x80 [ 24.400800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.400824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.400847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.400870] kthread+0x337/0x6f0 [ 24.400889] ? trace_preempt_on+0x20/0xc0 [ 24.400930] ? __pfx_kthread+0x10/0x10 [ 24.400959] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.400996] ? calculate_sigpending+0x7b/0xa0 [ 24.401020] ? __pfx_kthread+0x10/0x10 [ 24.401054] ret_from_fork+0x116/0x1d0 [ 24.401086] ? __pfx_kthread+0x10/0x10 [ 24.401107] ret_from_fork_asm+0x1a/0x30 [ 24.401177] </TASK> [ 24.401189] [ 24.408772] Allocated by task 185: [ 24.408957] kasan_save_stack+0x45/0x70 [ 24.409174] kasan_save_track+0x18/0x40 [ 24.409335] kasan_save_alloc_info+0x3b/0x50 [ 24.409531] __kasan_kmalloc+0xb7/0xc0 [ 24.409721] __kmalloc_cache_noprof+0x189/0x420 [ 24.409951] kmalloc_oob_right+0xa9/0x7f0 [ 24.410177] kunit_try_run_case+0x1a5/0x480 [ 24.410378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.410615] kthread+0x337/0x6f0 [ 24.410772] ret_from_fork+0x116/0x1d0 [ 24.410947] ret_from_fork_asm+0x1a/0x30 [ 24.411171] [ 24.411595] The buggy address belongs to the object at ffff888104964400 [ 24.411595] which belongs to the cache kmalloc-128 of size 128 [ 24.412221] The buggy address is located 13 bytes to the right of [ 24.412221] allocated 115-byte region [ffff888104964400, ffff888104964473) [ 24.412794] [ 24.412890] The buggy address belongs to the physical page: [ 24.413421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 24.413803] flags: 0x200000000000000(node=0|zone=2) [ 24.414038] page_type: f5(slab) [ 24.414234] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.414633] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.414978] page dumped because: kasan: bad access detected [ 24.415226] [ 24.415311] Memory state around the buggy address: [ 24.415521] ffff888104964380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.415817] ffff888104964400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.416119] >ffff888104964480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.416532] ^ [ 24.416695] ffff888104964500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.417293] ffff888104964580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.417622] ================================================================== [ 24.352474] ================================================================== [ 24.353324] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.354047] Write of size 1 at addr ffff888104964473 by task kunit_try_catch/185 [ 24.354690] [ 24.355792] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.356160] Tainted: [N]=TEST [ 24.356194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.356438] Call Trace: [ 24.356510] <TASK> [ 24.356655] dump_stack_lvl+0x73/0xb0 [ 24.356750] print_report+0xd1/0x640 [ 24.356781] ? __virt_addr_valid+0x1db/0x2d0 [ 24.356807] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.356829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.356854] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.356876] kasan_report+0x141/0x180 [ 24.356897] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.356923] __asan_report_store1_noabort+0x1b/0x30 [ 24.356949] kmalloc_oob_right+0x6f0/0x7f0 [ 24.356971] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.356993] ? __schedule+0x10da/0x2b60 [ 24.357019] ? __pfx_read_tsc+0x10/0x10 [ 24.357041] ? ktime_get_ts64+0x86/0x230 [ 24.357068] kunit_try_run_case+0x1a5/0x480 [ 24.357095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.357117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.357142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.357180] ? __kthread_parkme+0x82/0x180 [ 24.357202] ? preempt_count_sub+0x50/0x80 [ 24.357227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.357250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.357274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.357297] kthread+0x337/0x6f0 [ 24.357317] ? trace_preempt_on+0x20/0xc0 [ 24.357342] ? __pfx_kthread+0x10/0x10 [ 24.357362] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.357397] ? calculate_sigpending+0x7b/0xa0 [ 24.357423] ? __pfx_kthread+0x10/0x10 [ 24.357445] ret_from_fork+0x116/0x1d0 [ 24.357464] ? __pfx_kthread+0x10/0x10 [ 24.357485] ret_from_fork_asm+0x1a/0x30 [ 24.357545] </TASK> [ 24.357611] [ 24.365087] Allocated by task 185: [ 24.365406] kasan_save_stack+0x45/0x70 [ 24.365654] kasan_save_track+0x18/0x40 [ 24.365900] kasan_save_alloc_info+0x3b/0x50 [ 24.366136] __kasan_kmalloc+0xb7/0xc0 [ 24.366330] __kmalloc_cache_noprof+0x189/0x420 [ 24.366622] kmalloc_oob_right+0xa9/0x7f0 [ 24.366814] kunit_try_run_case+0x1a5/0x480 [ 24.367068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.367294] kthread+0x337/0x6f0 [ 24.367506] ret_from_fork+0x116/0x1d0 [ 24.367664] ret_from_fork_asm+0x1a/0x30 [ 24.368178] [ 24.368330] The buggy address belongs to the object at ffff888104964400 [ 24.368330] which belongs to the cache kmalloc-128 of size 128 [ 24.368978] The buggy address is located 0 bytes to the right of [ 24.368978] allocated 115-byte region [ffff888104964400, ffff888104964473) [ 24.369596] [ 24.369829] The buggy address belongs to the physical page: [ 24.370650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 24.371396] flags: 0x200000000000000(node=0|zone=2) [ 24.372130] page_type: f5(slab) [ 24.372769] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.373356] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.373669] page dumped because: kasan: bad access detected [ 24.373850] [ 24.374043] Memory state around the buggy address: [ 24.374693] ffff888104964300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.375118] ffff888104964380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.375564] >ffff888104964400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.375940] ^ [ 24.376334] ffff888104964480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.376742] ffff888104964500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.377088] ================================================================== [ 24.379049] ================================================================== [ 24.379464] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.379794] Write of size 1 at addr ffff888104964478 by task kunit_try_catch/185 [ 24.380166] [ 24.380295] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 24.380345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.380357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.380398] Call Trace: [ 24.380412] <TASK> [ 24.380431] dump_stack_lvl+0x73/0xb0 [ 24.380462] print_report+0xd1/0x640 [ 24.380485] ? __virt_addr_valid+0x1db/0x2d0 [ 24.380510] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.380531] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.380556] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.380577] kasan_report+0x141/0x180 [ 24.380599] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.380624] __asan_report_store1_noabort+0x1b/0x30 [ 24.380649] kmalloc_oob_right+0x6bd/0x7f0 [ 24.380671] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.380693] ? __schedule+0x10da/0x2b60 [ 24.380717] ? __pfx_read_tsc+0x10/0x10 [ 24.380739] ? ktime_get_ts64+0x86/0x230 [ 24.380763] kunit_try_run_case+0x1a5/0x480 [ 24.380788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.380810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.380835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.380861] ? __kthread_parkme+0x82/0x180 [ 24.380884] ? preempt_count_sub+0x50/0x80 [ 24.380908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.380931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.380971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.380995] kthread+0x337/0x6f0 [ 24.381015] ? trace_preempt_on+0x20/0xc0 [ 24.381039] ? __pfx_kthread+0x10/0x10 [ 24.381059] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.381082] ? calculate_sigpending+0x7b/0xa0 [ 24.381106] ? __pfx_kthread+0x10/0x10 [ 24.381127] ret_from_fork+0x116/0x1d0 [ 24.381158] ? __pfx_kthread+0x10/0x10 [ 24.381178] ret_from_fork_asm+0x1a/0x30 [ 24.381222] </TASK> [ 24.381253] [ 24.388948] Allocated by task 185: [ 24.389155] kasan_save_stack+0x45/0x70 [ 24.389368] kasan_save_track+0x18/0x40 [ 24.389565] kasan_save_alloc_info+0x3b/0x50 [ 24.390019] __kasan_kmalloc+0xb7/0xc0 [ 24.390226] __kmalloc_cache_noprof+0x189/0x420 [ 24.390698] kmalloc_oob_right+0xa9/0x7f0 [ 24.390913] kunit_try_run_case+0x1a5/0x480 [ 24.391125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.391433] kthread+0x337/0x6f0 [ 24.391597] ret_from_fork+0x116/0x1d0 [ 24.391731] ret_from_fork_asm+0x1a/0x30 [ 24.391904] [ 24.392026] The buggy address belongs to the object at ffff888104964400 [ 24.392026] which belongs to the cache kmalloc-128 of size 128 [ 24.392656] The buggy address is located 5 bytes to the right of [ 24.392656] allocated 115-byte region [ffff888104964400, ffff888104964473) [ 24.393222] [ 24.393301] The buggy address belongs to the physical page: [ 24.393642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104964 [ 24.393999] flags: 0x200000000000000(node=0|zone=2) [ 24.394211] page_type: f5(slab) [ 24.394428] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.394749] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.395130] page dumped because: kasan: bad access detected [ 24.395318] [ 24.395636] Memory state around the buggy address: [ 24.395875] ffff888104964300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.396271] ffff888104964380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.396546] >ffff888104964400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.396980] ^ [ 24.397294] ffff888104964480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.397603] ffff888104964500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.397939] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 199.249371] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2963 [ 199.250253] Modules linked in: [ 199.250992] CPU: 1 UID: 0 PID: 2963 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 199.252314] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.252888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.253621] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.254192] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 90 f2 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.255328] RSP: 0000:ffff88810314fc78 EFLAGS: 00010286 [ 199.255626] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.256208] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff90a64df4 [ 199.257017] RBP: ffff88810314fca0 R08: 0000000000000000 R09: ffffed1020d887c0 [ 199.257328] R10: ffff888106c43e07 R11: 0000000000000000 R12: ffffffff90a64de0 [ 199.257964] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810314fd38 [ 199.258353] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 199.258720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.259313] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 199.259868] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 199.260358] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.260710] Call Trace: [ 199.260832] <TASK> [ 199.260946] drm_test_rect_calc_vscale+0x108/0x270 [ 199.261155] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.261505] ? __schedule+0x10da/0x2b60 [ 199.261727] ? __pfx_read_tsc+0x10/0x10 [ 199.261946] ? ktime_get_ts64+0x86/0x230 [ 199.262212] kunit_try_run_case+0x1a5/0x480 [ 199.262389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.262620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.262838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.263161] ? __kthread_parkme+0x82/0x180 [ 199.263450] ? preempt_count_sub+0x50/0x80 [ 199.263627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.263949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.264189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.264799] kthread+0x337/0x6f0 [ 199.265031] ? trace_preempt_on+0x20/0xc0 [ 199.265235] ? __pfx_kthread+0x10/0x10 [ 199.265626] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.265906] ? calculate_sigpending+0x7b/0xa0 [ 199.266130] ? __pfx_kthread+0x10/0x10 [ 199.266322] ret_from_fork+0x116/0x1d0 [ 199.266483] ? __pfx_kthread+0x10/0x10 [ 199.266680] ret_from_fork_asm+0x1a/0x30 [ 199.266915] </TASK> [ 199.267242] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.225839] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2961 [ 199.226863] Modules linked in: [ 199.227072] CPU: 1 UID: 0 PID: 2961 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 199.227894] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.228320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.228993] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.229379] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 90 f2 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.230925] RSP: 0000:ffff888102f97c78 EFLAGS: 00010286 [ 199.231181] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.231759] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff90a64dbc [ 199.232241] RBP: ffff888102f97ca0 R08: 0000000000000000 R09: ffffed102087be40 [ 199.232746] R10: ffff8881043df207 R11: 0000000000000000 R12: ffffffff90a64da8 [ 199.233262] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102f97d38 [ 199.233786] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 199.234245] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.234877] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 199.235310] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 199.235873] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.236172] Call Trace: [ 199.236304] <TASK> [ 199.236423] drm_test_rect_calc_vscale+0x108/0x270 [ 199.237154] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.237579] ? __schedule+0x10da/0x2b60 [ 199.238002] ? __pfx_read_tsc+0x10/0x10 [ 199.238211] ? ktime_get_ts64+0x86/0x230 [ 199.238483] kunit_try_run_case+0x1a5/0x480 [ 199.238629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.239316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.239691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.239976] ? __kthread_parkme+0x82/0x180 [ 199.240157] ? preempt_count_sub+0x50/0x80 [ 199.240357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.240701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.241021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.241322] kthread+0x337/0x6f0 [ 199.241576] ? trace_preempt_on+0x20/0xc0 [ 199.241797] ? __pfx_kthread+0x10/0x10 [ 199.242003] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.242184] ? calculate_sigpending+0x7b/0xa0 [ 199.242514] ? __pfx_kthread+0x10/0x10 [ 199.242692] ret_from_fork+0x116/0x1d0 [ 199.242876] ? __pfx_kthread+0x10/0x10 [ 199.243025] ret_from_fork_asm+0x1a/0x30 [ 199.243379] </TASK> [ 199.243550] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 199.194900] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2951 [ 199.195543] Modules linked in: [ 199.195851] CPU: 0 UID: 0 PID: 2951 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 199.196366] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.196584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.197328] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.197648] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.199085] RSP: 0000:ffff888103a6fc78 EFLAGS: 00010286 [ 199.199378] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.199950] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90a64df8 [ 199.200590] RBP: ffff888103a6fca0 R08: 0000000000000000 R09: ffffed102087b5c0 [ 199.200934] R10: ffff8881043dae07 R11: 0000000000000000 R12: ffffffff90a64de0 [ 199.201485] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103a6fd38 [ 199.201872] FS: 0000000000000000(0000) GS:ffff8881c860d000(0000) knlGS:0000000000000000 [ 199.202329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.202776] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 199.203373] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9582 [ 199.203722] DR3: ffffffff92ab9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.204351] Call Trace: [ 199.204513] <TASK> [ 199.204718] drm_test_rect_calc_hscale+0x108/0x270 [ 199.205081] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.205401] ? __schedule+0x10da/0x2b60 [ 199.205747] ? __pfx_read_tsc+0x10/0x10 [ 199.205990] ? ktime_get_ts64+0x86/0x230 [ 199.206326] kunit_try_run_case+0x1a5/0x480 [ 199.206581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.207087] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.207412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.207733] ? __kthread_parkme+0x82/0x180 [ 199.207989] ? preempt_count_sub+0x50/0x80 [ 199.208214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.208555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.208857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.209144] kthread+0x337/0x6f0 [ 199.209320] ? trace_preempt_on+0x20/0xc0 [ 199.209622] ? __pfx_kthread+0x10/0x10 [ 199.209856] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.210024] ? calculate_sigpending+0x7b/0xa0 [ 199.210389] ? __pfx_kthread+0x10/0x10 [ 199.210863] ret_from_fork+0x116/0x1d0 [ 199.211186] ? __pfx_kthread+0x10/0x10 [ 199.211624] ret_from_fork_asm+0x1a/0x30 [ 199.211813] </TASK> [ 199.211971] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.174194] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2949 [ 199.175432] Modules linked in: [ 199.175681] CPU: 1 UID: 0 PID: 2949 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 199.176230] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.176481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.177107] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.177531] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.178565] RSP: 0000:ffff888102f97c78 EFLAGS: 00010286 [ 199.179001] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.179347] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff90a64dc0 [ 199.179893] RBP: ffff888102f97ca0 R08: 0000000000000000 R09: ffffed102087b580 [ 199.180298] R10: ffff8881043dac07 R11: 0000000000000000 R12: ffffffff90a64da8 [ 199.180818] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102f97d38 [ 199.181174] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 199.181659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.181877] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 199.182213] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 199.182771] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.183168] Call Trace: [ 199.183285] <TASK> [ 199.183625] drm_test_rect_calc_hscale+0x108/0x270 [ 199.183911] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.184166] ? __schedule+0x10da/0x2b60 [ 199.184463] ? __pfx_read_tsc+0x10/0x10 [ 199.184665] ? ktime_get_ts64+0x86/0x230 [ 199.184925] kunit_try_run_case+0x1a5/0x480 [ 199.185159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.185347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.185700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.185927] ? __kthread_parkme+0x82/0x180 [ 199.186144] ? preempt_count_sub+0x50/0x80 [ 199.186372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.186658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.187171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.187454] kthread+0x337/0x6f0 [ 199.187754] ? trace_preempt_on+0x20/0xc0 [ 199.187995] ? __pfx_kthread+0x10/0x10 [ 199.188272] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.188544] ? calculate_sigpending+0x7b/0xa0 [ 199.188950] ? __pfx_kthread+0x10/0x10 [ 199.189146] ret_from_fork+0x116/0x1d0 [ 199.189574] ? __pfx_kthread+0x10/0x10 [ 199.189786] ret_from_fork_asm+0x1a/0x30 [ 199.190201] </TASK> [ 199.190346] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 198.353558] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 198.354163] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#1: kunit_try_catch/2754 [ 198.356111] Modules linked in: [ 198.356687] CPU: 1 UID: 0 PID: 2754 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 198.357639] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.358454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.359041] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 198.359243] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 2d c8 81 00 48 c7 c1 20 8d a1 90 4c 89 f2 48 c7 c7 40 89 a1 90 48 89 c6 e8 74 0b 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 198.361167] RSP: 0000:ffff8881037ffd18 EFLAGS: 00010286 [ 198.361963] RAX: 0000000000000000 RBX: ffff888108a96400 RCX: 1ffffffff22e4aac [ 198.362210] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.362544] RBP: ffff8881037ffd48 R08: 0000000000000000 R09: fffffbfff22e4aac [ 198.362890] R10: 0000000000000003 R11: 000000000004a958 R12: ffff888103900800 [ 198.363214] R13: ffff888108a964f8 R14: ffff888107009400 R15: ffff8881003c7b48 [ 198.363513] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 198.363829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.364647] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 198.365281] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 198.366063] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.366899] Call Trace: [ 198.367184] <TASK> [ 198.367515] ? trace_preempt_on+0x20/0xc0 [ 198.367986] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 198.368591] drm_gem_shmem_free_wrapper+0x12/0x20 [ 198.369072] __kunit_action_free+0x57/0x70 [ 198.369248] kunit_remove_resource+0x133/0x200 [ 198.369492] ? preempt_count_sub+0x50/0x80 [ 198.369789] kunit_cleanup+0x7a/0x120 [ 198.370023] kunit_try_run_case_cleanup+0xbd/0xf0 [ 198.370268] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 198.370528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.370976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.371278] kthread+0x337/0x6f0 [ 198.371562] ? trace_preempt_on+0x20/0xc0 [ 198.371772] ? __pfx_kthread+0x10/0x10 [ 198.372004] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.372247] ? calculate_sigpending+0x7b/0xa0 [ 198.372559] ? __pfx_kthread+0x10/0x10 [ 198.372771] ret_from_fork+0x116/0x1d0 [ 198.372969] ? __pfx_kthread+0x10/0x10 [ 198.373192] ret_from_fork_asm+0x1a/0x30 [ 198.373494] </TASK> [ 198.373629] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 198.198971] WARNING: drivers/gpu/drm/drm_framebuffer.c:870 at drm_framebuffer_init+0x49/0x8d0, CPU#1: kunit_try_catch/2735 [ 198.199742] Modules linked in: [ 198.200330] CPU: 1 UID: 0 PID: 2735 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 198.201043] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.201349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.202000] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 198.202256] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 198.203454] RSP: 0000:ffff888103bcfb20 EFLAGS: 00010246 [ 198.203783] RAX: ffff888103bcfba8 RBX: ffff888103bcfc28 RCX: 1ffff11020779f8e [ 198.204035] RDX: dffffc0000000000 RSI: ffff88810370f000 RDI: ffff88810370f000 [ 198.204792] RBP: ffff888103bcfb70 R08: ffff88810370f000 R09: ffffffff90a08b40 [ 198.205283] R10: 0000000000000003 R11: 0000000022f52dcc R12: 1ffff11020779f71 [ 198.205775] R13: ffff888103bcfc70 R14: ffff888103bcfdb8 R15: 0000000000000000 [ 198.206287] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 198.206987] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.207187] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 198.207507] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 198.208140] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.209020] Call Trace: [ 198.209359] <TASK> [ 198.209566] ? trace_preempt_on+0x20/0xc0 [ 198.209949] ? add_dr+0xc1/0x1d0 [ 198.210101] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 198.210299] ? add_dr+0x148/0x1d0 [ 198.210439] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 198.210733] ? __drmm_add_action+0x1a4/0x280 [ 198.211184] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.211457] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.211935] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.212695] ? __schedule+0x10da/0x2b60 [ 198.212947] ? __pfx_read_tsc+0x10/0x10 [ 198.213129] ? ktime_get_ts64+0x86/0x230 [ 198.213329] kunit_try_run_case+0x1a5/0x480 [ 198.213820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.214071] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.214558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.214769] ? __kthread_parkme+0x82/0x180 [ 198.215026] ? preempt_count_sub+0x50/0x80 [ 198.215246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.215549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.215795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.216016] kthread+0x337/0x6f0 [ 198.216193] ? trace_preempt_on+0x20/0xc0 [ 198.216550] ? __pfx_kthread+0x10/0x10 [ 198.216737] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.216958] ? calculate_sigpending+0x7b/0xa0 [ 198.217145] ? __pfx_kthread+0x10/0x10 [ 198.217337] ret_from_fork+0x116/0x1d0 [ 198.217601] ? __pfx_kthread+0x10/0x10 [ 198.217747] ret_from_fork_asm+0x1a/0x30 [ 198.217907] </TASK> [ 198.218026] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 198.163736] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 198.163877] WARNING: drivers/gpu/drm/drm_framebuffer.c:833 at drm_framebuffer_free+0x13f/0x1c0, CPU#1: kunit_try_catch/2731 [ 198.164888] Modules linked in: [ 198.165266] CPU: 1 UID: 0 PID: 2731 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 198.165910] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.166192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.166612] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 198.167066] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 1b 06 89 00 48 c7 c1 e0 35 a0 90 4c 89 fa 48 c7 c7 40 36 a0 90 48 89 c6 e8 62 49 77 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 198.167837] RSP: 0000:ffff888103b0fb68 EFLAGS: 00010282 [ 198.168048] RAX: 0000000000000000 RBX: ffff888103b0fc40 RCX: 1ffffffff22e4aac [ 198.168354] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.168602] RBP: ffff888103b0fb90 R08: 0000000000000000 R09: fffffbfff22e4aac [ 198.168915] R10: 0000000000000003 R11: 00000000000490d0 R12: ffff888103b0fc18 [ 198.169294] R13: ffff8881061a9800 R14: ffff88810370d000 R15: ffff8881077e4f80 [ 198.169815] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 198.170190] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.170422] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 198.170818] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 198.171115] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.171526] Call Trace: [ 198.171639] <TASK> [ 198.171740] drm_test_framebuffer_free+0x1ab/0x610 [ 198.172026] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 198.172419] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.172783] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.172960] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.173911] ? __schedule+0x10da/0x2b60 [ 198.174123] ? __pfx_read_tsc+0x10/0x10 [ 198.174304] ? ktime_get_ts64+0x86/0x230 [ 198.174487] kunit_try_run_case+0x1a5/0x480 [ 198.174800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.175089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.175253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.175667] ? __kthread_parkme+0x82/0x180 [ 198.175951] ? preempt_count_sub+0x50/0x80 [ 198.176178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.176560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.176810] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.177233] kthread+0x337/0x6f0 [ 198.177414] ? trace_preempt_on+0x20/0xc0 [ 198.177904] ? __pfx_kthread+0x10/0x10 [ 198.178091] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.178341] ? calculate_sigpending+0x7b/0xa0 [ 198.178653] ? __pfx_kthread+0x10/0x10 [ 198.179003] ret_from_fork+0x116/0x1d0 [ 198.179265] ? __pfx_kthread+0x10/0x10 [ 198.179513] ret_from_fork_asm+0x1a/0x30 [ 198.180008] </TASK> [ 198.180145] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 196.768898] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2171 [ 196.770429] Modules linked in: [ 196.770600] CPU: 0 UID: 0 PID: 2171 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 196.770985] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.771898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.772295] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 196.773036] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 50 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 196.774103] RSP: 0000:ffff8881059dfc90 EFLAGS: 00010246 [ 196.774380] RAX: dffffc0000000000 RBX: ffff88810586a000 RCX: 0000000000000000 [ 196.774785] RDX: 1ffff11020b0d434 RSI: ffffffff8dc0fdb8 RDI: ffff88810586a1a0 [ 196.775128] RBP: ffff8881059dfca0 R08: 1ffff11020078f6a R09: ffffed1020b3bf65 [ 196.775608] R10: 0000000000000003 R11: ffffffff8d186af8 R12: 0000000000000000 [ 196.775950] R13: ffff8881059dfd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 196.776251] FS: 0000000000000000(0000) GS:ffff8881c860d000(0000) knlGS:0000000000000000 [ 196.776611] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.777098] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 196.777521] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9582 [ 196.777846] DR3: ffffffff92ab9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.778161] Call Trace: [ 196.778320] <TASK> [ 196.778444] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 196.778758] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 196.779274] ? __schedule+0x10da/0x2b60 [ 196.779650] ? __pfx_read_tsc+0x10/0x10 [ 196.779849] ? ktime_get_ts64+0x86/0x230 [ 196.780076] kunit_try_run_case+0x1a5/0x480 [ 196.780225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.780374] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.780598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 196.780830] ? __kthread_parkme+0x82/0x180 [ 196.781021] ? preempt_count_sub+0x50/0x80 [ 196.781171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.781613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.781816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.782157] kthread+0x337/0x6f0 [ 196.782304] ? trace_preempt_on+0x20/0xc0 [ 196.782589] ? __pfx_kthread+0x10/0x10 [ 196.782767] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.783587] ? calculate_sigpending+0x7b/0xa0 [ 196.783776] ? __pfx_kthread+0x10/0x10 [ 196.783944] ret_from_fork+0x116/0x1d0 [ 196.784142] ? __pfx_kthread+0x10/0x10 [ 196.784555] ret_from_fork_asm+0x1a/0x30 [ 196.784911] </TASK> [ 196.785026] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 196.851601] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2179 [ 196.852415] Modules linked in: [ 196.852956] CPU: 0 UID: 0 PID: 2179 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 196.853709] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 196.854435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.855032] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 196.855667] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 50 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 196.856600] RSP: 0000:ffff888105c8fc90 EFLAGS: 00010246 [ 196.856813] RAX: dffffc0000000000 RBX: ffff888105b12000 RCX: 0000000000000000 [ 196.857120] RDX: 1ffff11020b62434 RSI: ffffffff8dc0fdb8 RDI: ffff888105b121a0 [ 196.857607] RBP: ffff888105c8fca0 R08: 1ffff11020078f6a R09: ffffed1020b91f65 [ 196.857955] R10: 0000000000000003 R11: ffffffff8d186af8 R12: 0000000000000000 [ 196.858234] R13: ffff888105c8fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 196.858545] FS: 0000000000000000(0000) GS:ffff8881c860d000(0000) knlGS:0000000000000000 [ 196.859250] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 196.859793] CR2: 00007ffff7ffe000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 196.860140] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9582 [ 196.860464] DR3: ffffffff92ab9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 196.860916] Call Trace: [ 196.861108] <TASK> [ 196.861234] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 196.861521] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 196.862115] ? __schedule+0x10da/0x2b60 [ 196.862334] ? __pfx_read_tsc+0x10/0x10 [ 196.862680] ? ktime_get_ts64+0x86/0x230 [ 196.862839] kunit_try_run_case+0x1a5/0x480 [ 196.863132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.863453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 196.863681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 196.863973] ? __kthread_parkme+0x82/0x180 [ 196.864340] ? preempt_count_sub+0x50/0x80 [ 196.864619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 196.864867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 196.865196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 196.865740] kthread+0x337/0x6f0 [ 196.866023] ? trace_preempt_on+0x20/0xc0 [ 196.866290] ? __pfx_kthread+0x10/0x10 [ 196.866709] ? _raw_spin_unlock_irq+0x47/0x80 [ 196.866946] ? calculate_sigpending+0x7b/0xa0 [ 196.867190] ? __pfx_kthread+0x10/0x10 [ 196.867376] ret_from_fork+0x116/0x1d0 [ 196.867749] ? __pfx_kthread+0x10/0x10 [ 196.867943] ret_from_fork_asm+0x1a/0x30 [ 196.868229] </TASK> [ 196.868332] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 124.788316] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/707 [ 124.788618] Modules linked in: [ 124.788768] CPU: 1 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 124.789607] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 124.790669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.792070] RIP: 0010:intlog10+0x2a/0x40 [ 124.792738] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 124.794217] RSP: 0000:ffff8881020a7cb0 EFLAGS: 00010246 [ 124.794748] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020414fb4 [ 124.794997] RDX: 1ffffffff2113478 RSI: 1ffff11020414fb3 RDI: 0000000000000000 [ 124.795220] RBP: ffff8881020a7d60 R08: 0000000000000000 R09: ffffed102040b0e0 [ 124.795604] R10: ffff888102058707 R11: 0000000000000000 R12: 1ffff11020414f97 [ 124.796500] R13: ffffffff9089a3c0 R14: 0000000000000000 R15: ffff8881020a7d38 [ 124.797195] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 124.798156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.798774] CR2: dffffc0000000000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 124.799554] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 124.800111] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 124.800322] Call Trace: [ 124.800627] <TASK> [ 124.800860] ? intlog10_test+0xf2/0x220 [ 124.801326] ? __pfx_intlog10_test+0x10/0x10 [ 124.801977] ? __schedule+0x10da/0x2b60 [ 124.802372] ? __pfx_read_tsc+0x10/0x10 [ 124.802900] ? ktime_get_ts64+0x86/0x230 [ 124.803059] kunit_try_run_case+0x1a5/0x480 [ 124.803223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.803400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 124.803760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 124.803954] ? __kthread_parkme+0x82/0x180 [ 124.804185] ? preempt_count_sub+0x50/0x80 [ 124.804478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.804882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 124.805138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 124.806049] kthread+0x337/0x6f0 [ 124.806219] ? trace_preempt_on+0x20/0xc0 [ 124.806380] ? __pfx_kthread+0x10/0x10 [ 124.806517] ? _raw_spin_unlock_irq+0x47/0x80 [ 124.806669] ? calculate_sigpending+0x7b/0xa0 [ 124.806821] ? __pfx_kthread+0x10/0x10 [ 124.806956] ret_from_fork+0x116/0x1d0 [ 124.807090] ? __pfx_kthread+0x10/0x10 [ 124.807233] ret_from_fork_asm+0x1a/0x30 [ 124.807382] </TASK> [ 124.807469] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 124.748043] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/689 [ 124.749012] Modules linked in: [ 124.749297] CPU: 1 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc7-next-20250723 #1 PREEMPT(voluntary) [ 124.750182] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 124.750677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.751066] RIP: 0010:intlog2+0xdf/0x110 [ 124.751235] Code: 89 90 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 d7 ed 91 02 89 45 e4 e8 0f 47 55 ff 8b 45 e4 eb [ 124.752848] RSP: 0000:ffff8881067afcb0 EFLAGS: 00010246 [ 124.753500] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020cf5fb4 [ 124.753762] RDX: 1ffffffff21134cc RSI: 1ffff11020cf5fb3 RDI: 0000000000000000 [ 124.754085] RBP: ffff8881067afd60 R08: 0000000000000000 R09: ffffed102040b020 [ 124.754315] R10: ffff888102058107 R11: 0000000000000000 R12: 1ffff11020cf5f97 [ 124.754888] R13: ffffffff9089a660 R14: 0000000000000000 R15: ffff8881067afd38 [ 124.755893] FS: 0000000000000000(0000) GS:ffff8881c870d000(0000) knlGS:0000000000000000 [ 124.757057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.757268] CR2: dffffc0000000000 CR3: 000000001e2bc000 CR4: 00000000000006f0 [ 124.757496] DR0: ffffffff92ab9580 DR1: ffffffff92ab9581 DR2: ffffffff92ab9583 [ 124.757849] DR3: ffffffff92ab9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 124.758404] Call Trace: [ 124.758509] <TASK> [ 124.758630] ? intlog2_test+0xf2/0x220 [ 124.759051] ? __pfx_intlog2_test+0x10/0x10 [ 124.759257] ? __schedule+0x10da/0x2b60 [ 124.759587] ? __pfx_read_tsc+0x10/0x10 [ 124.759741] ? ktime_get_ts64+0x86/0x230 [ 124.759956] kunit_try_run_case+0x1a5/0x480 [ 124.760205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.760685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 124.760960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 124.761220] ? __kthread_parkme+0x82/0x180 [ 124.761369] ? preempt_count_sub+0x50/0x80 [ 124.761550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.761799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 124.761999] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 124.762745] kthread+0x337/0x6f0 [ 124.763178] ? trace_preempt_on+0x20/0xc0 [ 124.763430] ? __pfx_kthread+0x10/0x10 [ 124.763620] ? _raw_spin_unlock_irq+0x47/0x80 [ 124.763815] ? calculate_sigpending+0x7b/0xa0 [ 124.764312] ? __pfx_kthread+0x10/0x10 [ 124.764733] ret_from_fork+0x116/0x1d0 [ 124.765072] ? __pfx_kthread+0x10/0x10 [ 124.765282] ret_from_fork_asm+0x1a/0x30 [ 124.765845] </TASK> [ 124.766055] ---[ end trace 0000000000000000 ]---
Failure - kunit/test_mb_mark_used_cost_ext4_mballoc_test
<8>[ 257.024526] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_ext4_mballoc_test RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_test_mb_mark_used_cost
<8>[ 256.913329] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_test_mb_mark_used_cost RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.797835] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.682940] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.569095] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/_test_mark_diskspace_used
_test_mark_diskspace_used fail
Failure - kunit/_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.349203] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.102181] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 61.956501] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#2] SMP KASAN PTI [ 93.059634] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#19] SMP KASAN PTI [ 123.808740] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#20] SMP KASAN PTI [ 62.395181] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#15] SMP KASAN PTI [ 62.036429] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#4] SMP KASAN PTI [ 124.106959] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#22] SMP KASAN PTI [ 62.094785] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#6] SMP KASAN PTI [ 62.457517] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#17] SMP KASAN PTI [ 62.302961] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#12] SMP KASAN PTI [ 62.127238] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#7] SMP KASAN PTI [ 62.191595] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#9] SMP KASAN PTI [ 62.338534] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#13] SMP KASAN PTI [ 62.267264] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#11] SMP KASAN PTI [ 123.831281] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#21] SMP KASAN PTI [ 61.996221] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#3] SMP KASAN PTI [ 62.231667] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#10] SMP KASAN PTI [ 62.490090] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#18] SMP KASAN PTI [ 62.367596] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#14] SMP KASAN PTI [ 61.927968] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 62.156478] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#8] SMP KASAN PTI [ 62.425932] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#16] SMP KASAN PTI [ 62.062311] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#5] SMP KASAN PTI