Date
July 24, 2025, 4:41 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 31.074156] ================================================================== [ 31.075464] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 31.076335] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.077045] [ 31.077339] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.077407] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.077423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.077559] Call Trace: [ 31.077588] <TASK> [ 31.077614] dump_stack_lvl+0x73/0xb0 [ 31.077655] print_report+0xd1/0x640 [ 31.077683] ? __virt_addr_valid+0x1db/0x2d0 [ 31.077741] ? _copy_from_user+0x32/0x90 [ 31.077792] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.077819] ? _copy_from_user+0x32/0x90 [ 31.077839] kasan_report+0x141/0x180 [ 31.077863] ? _copy_from_user+0x32/0x90 [ 31.077887] kasan_check_range+0x10c/0x1c0 [ 31.077917] __kasan_check_write+0x18/0x20 [ 31.077942] _copy_from_user+0x32/0x90 [ 31.077963] copy_user_test_oob+0x2be/0x10f0 [ 31.077992] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.078016] ? finish_task_switch.isra.0+0x153/0x700 [ 31.078040] ? __switch_to+0x47/0xf80 [ 31.078069] ? __schedule+0x10da/0x2b60 [ 31.078096] ? __pfx_read_tsc+0x10/0x10 [ 31.078119] ? ktime_get_ts64+0x86/0x230 [ 31.078147] kunit_try_run_case+0x1a5/0x480 [ 31.078172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.078195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.078221] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.078248] ? __kthread_parkme+0x82/0x180 [ 31.078269] ? preempt_count_sub+0x50/0x80 [ 31.078293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.078318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.078343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.078367] kthread+0x337/0x6f0 [ 31.078388] ? trace_preempt_on+0x20/0xc0 [ 31.078414] ? __pfx_kthread+0x10/0x10 [ 31.078435] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.078460] ? calculate_sigpending+0x7b/0xa0 [ 31.078485] ? __pfx_kthread+0x10/0x10 [ 31.078507] ret_from_fork+0x116/0x1d0 [ 31.078528] ? __pfx_kthread+0x10/0x10 [ 31.078549] ret_from_fork_asm+0x1a/0x30 [ 31.078591] </TASK> [ 31.078615] [ 31.092431] Allocated by task 333: [ 31.092611] kasan_save_stack+0x45/0x70 [ 31.092898] kasan_save_track+0x18/0x40 [ 31.093598] kasan_save_alloc_info+0x3b/0x50 [ 31.094132] __kasan_kmalloc+0xb7/0xc0 [ 31.094295] __kmalloc_noprof+0x1ca/0x510 [ 31.094475] kunit_kmalloc_array+0x25/0x60 [ 31.094679] copy_user_test_oob+0xab/0x10f0 [ 31.094908] kunit_try_run_case+0x1a5/0x480 [ 31.095373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.095796] kthread+0x337/0x6f0 [ 31.096114] ret_from_fork+0x116/0x1d0 [ 31.096264] ret_from_fork_asm+0x1a/0x30 [ 31.096680] [ 31.096781] The buggy address belongs to the object at ffff888105635400 [ 31.096781] which belongs to the cache kmalloc-128 of size 128 [ 31.097502] The buggy address is located 0 bytes inside of [ 31.097502] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.098475] [ 31.098764] The buggy address belongs to the physical page: [ 31.099181] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.099831] flags: 0x200000000000000(node=0|zone=2) [ 31.100003] page_type: f5(slab) [ 31.100171] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.100618] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.101212] page dumped because: kasan: bad access detected [ 31.101565] [ 31.101678] Memory state around the buggy address: [ 31.101965] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.102461] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.102911] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.103212] ^ [ 31.103673] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.104159] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.104567] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 31.033943] ================================================================== [ 31.034664] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 31.035449] Write of size 8 at addr ffff888105635378 by task kunit_try_catch/329 [ 31.036340] [ 31.036497] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.036560] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.036585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.036609] Call Trace: [ 31.036623] <TASK> [ 31.036643] dump_stack_lvl+0x73/0xb0 [ 31.036673] print_report+0xd1/0x640 [ 31.036718] ? __virt_addr_valid+0x1db/0x2d0 [ 31.036744] ? copy_to_kernel_nofault+0x99/0x260 [ 31.036770] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.036846] ? copy_to_kernel_nofault+0x99/0x260 [ 31.036874] kasan_report+0x141/0x180 [ 31.036898] ? copy_to_kernel_nofault+0x99/0x260 [ 31.036942] kasan_check_range+0x10c/0x1c0 [ 31.036966] __kasan_check_write+0x18/0x20 [ 31.036990] copy_to_kernel_nofault+0x99/0x260 [ 31.037016] copy_to_kernel_nofault_oob+0x288/0x560 [ 31.037041] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 31.037066] ? finish_task_switch.isra.0+0x153/0x700 [ 31.037092] ? __schedule+0x10da/0x2b60 [ 31.037117] ? trace_hardirqs_on+0x37/0xe0 [ 31.037149] ? __pfx_read_tsc+0x10/0x10 [ 31.037172] ? ktime_get_ts64+0x86/0x230 [ 31.037198] kunit_try_run_case+0x1a5/0x480 [ 31.037224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.037248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.037273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.037299] ? __kthread_parkme+0x82/0x180 [ 31.037321] ? preempt_count_sub+0x50/0x80 [ 31.037345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.037368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.037393] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.037417] kthread+0x337/0x6f0 [ 31.037439] ? trace_preempt_on+0x20/0xc0 [ 31.037462] ? __pfx_kthread+0x10/0x10 [ 31.037484] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.037507] ? calculate_sigpending+0x7b/0xa0 [ 31.037532] ? __pfx_kthread+0x10/0x10 [ 31.037554] ret_from_fork+0x116/0x1d0 [ 31.037585] ? __pfx_kthread+0x10/0x10 [ 31.037607] ret_from_fork_asm+0x1a/0x30 [ 31.037639] </TASK> [ 31.037651] [ 31.049848] Allocated by task 329: [ 31.050247] kasan_save_stack+0x45/0x70 [ 31.050480] kasan_save_track+0x18/0x40 [ 31.050685] kasan_save_alloc_info+0x3b/0x50 [ 31.051039] __kasan_kmalloc+0xb7/0xc0 [ 31.051189] __kmalloc_cache_noprof+0x189/0x420 [ 31.051351] copy_to_kernel_nofault_oob+0x12f/0x560 [ 31.051555] kunit_try_run_case+0x1a5/0x480 [ 31.051802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.052146] kthread+0x337/0x6f0 [ 31.052326] ret_from_fork+0x116/0x1d0 [ 31.052584] ret_from_fork_asm+0x1a/0x30 [ 31.053023] [ 31.053120] The buggy address belongs to the object at ffff888105635300 [ 31.053120] which belongs to the cache kmalloc-128 of size 128 [ 31.054178] The buggy address is located 0 bytes to the right of [ 31.054178] allocated 120-byte region [ffff888105635300, ffff888105635378) [ 31.054766] [ 31.054899] The buggy address belongs to the physical page: [ 31.055152] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.055539] flags: 0x200000000000000(node=0|zone=2) [ 31.055868] page_type: f5(slab) [ 31.056041] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.056364] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.056651] page dumped because: kasan: bad access detected [ 31.056971] [ 31.057077] Memory state around the buggy address: [ 31.057287] ffff888105635200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.057622] ffff888105635280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.057960] >ffff888105635300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.058288] ^ [ 31.058648] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.058963] ffff888105635400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.059427] ================================================================== [ 31.000567] ================================================================== [ 31.001451] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 31.001731] Read of size 8 at addr ffff888105635378 by task kunit_try_catch/329 [ 31.001961] [ 31.002055] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.002115] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.002132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.002157] Call Trace: [ 31.002173] <TASK> [ 31.002196] dump_stack_lvl+0x73/0xb0 [ 31.002229] print_report+0xd1/0x640 [ 31.002256] ? __virt_addr_valid+0x1db/0x2d0 [ 31.002284] ? copy_to_kernel_nofault+0x225/0x260 [ 31.002312] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.002340] ? copy_to_kernel_nofault+0x225/0x260 [ 31.002364] kasan_report+0x141/0x180 [ 31.002388] ? copy_to_kernel_nofault+0x225/0x260 [ 31.002417] __asan_report_load8_noabort+0x18/0x20 [ 31.002442] copy_to_kernel_nofault+0x225/0x260 [ 31.002467] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 31.002492] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 31.002515] ? finish_task_switch.isra.0+0x153/0x700 [ 31.002541] ? __schedule+0x10da/0x2b60 [ 31.002566] ? trace_hardirqs_on+0x37/0xe0 [ 31.002623] ? __pfx_read_tsc+0x10/0x10 [ 31.002646] ? ktime_get_ts64+0x86/0x230 [ 31.002674] kunit_try_run_case+0x1a5/0x480 [ 31.002703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.002726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.002751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.002777] ? __kthread_parkme+0x82/0x180 [ 31.002800] ? preempt_count_sub+0x50/0x80 [ 31.002823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.002848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.002874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.002898] kthread+0x337/0x6f0 [ 31.002919] ? trace_preempt_on+0x20/0xc0 [ 31.002942] ? __pfx_kthread+0x10/0x10 [ 31.002963] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.002987] ? calculate_sigpending+0x7b/0xa0 [ 31.003013] ? __pfx_kthread+0x10/0x10 [ 31.003035] ret_from_fork+0x116/0x1d0 [ 31.003056] ? __pfx_kthread+0x10/0x10 [ 31.003077] ret_from_fork_asm+0x1a/0x30 [ 31.003110] </TASK> [ 31.003122] [ 31.018274] Allocated by task 329: [ 31.018696] kasan_save_stack+0x45/0x70 [ 31.018973] kasan_save_track+0x18/0x40 [ 31.019430] kasan_save_alloc_info+0x3b/0x50 [ 31.019761] __kasan_kmalloc+0xb7/0xc0 [ 31.020435] __kmalloc_cache_noprof+0x189/0x420 [ 31.020609] copy_to_kernel_nofault_oob+0x12f/0x560 [ 31.020766] kunit_try_run_case+0x1a5/0x480 [ 31.020904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.021428] kthread+0x337/0x6f0 [ 31.021880] ret_from_fork+0x116/0x1d0 [ 31.022257] ret_from_fork_asm+0x1a/0x30 [ 31.022635] [ 31.022790] The buggy address belongs to the object at ffff888105635300 [ 31.022790] which belongs to the cache kmalloc-128 of size 128 [ 31.024126] The buggy address is located 0 bytes to the right of [ 31.024126] allocated 120-byte region [ffff888105635300, ffff888105635378) [ 31.025043] [ 31.025216] The buggy address belongs to the physical page: [ 31.025752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.026326] flags: 0x200000000000000(node=0|zone=2) [ 31.026493] page_type: f5(slab) [ 31.026623] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.027071] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.027727] page dumped because: kasan: bad access detected [ 31.028307] [ 31.028557] Memory state around the buggy address: [ 31.029040] ffff888105635200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.029792] ffff888105635280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.030487] >ffff888105635300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.030721] ^ [ 31.031260] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.031976] ffff888105635400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.032741] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 29.986034] ================================================================== [ 29.986525] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 29.987263] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.987742] [ 29.987871] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.987940] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.987957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.987982] Call Trace: [ 29.988002] <TASK> [ 29.988021] dump_stack_lvl+0x73/0xb0 [ 29.988052] print_report+0xd1/0x640 [ 29.988075] ? __virt_addr_valid+0x1db/0x2d0 [ 29.988101] ? kasan_atomics_helper+0x1079/0x5450 [ 29.988123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.988149] ? kasan_atomics_helper+0x1079/0x5450 [ 29.988172] kasan_report+0x141/0x180 [ 29.988194] ? kasan_atomics_helper+0x1079/0x5450 [ 29.988221] kasan_check_range+0x10c/0x1c0 [ 29.988246] __kasan_check_write+0x18/0x20 [ 29.988271] kasan_atomics_helper+0x1079/0x5450 [ 29.988295] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.988318] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.988345] ? kasan_atomics+0x152/0x310 [ 29.988372] kasan_atomics+0x1dc/0x310 [ 29.988395] ? __pfx_kasan_atomics+0x10/0x10 [ 29.988419] ? __pfx_read_tsc+0x10/0x10 [ 29.988445] ? ktime_get_ts64+0x86/0x230 [ 29.988471] kunit_try_run_case+0x1a5/0x480 [ 29.988497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.988520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.988547] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.988583] ? __kthread_parkme+0x82/0x180 [ 29.988603] ? preempt_count_sub+0x50/0x80 [ 29.988628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.988653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.988677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.988702] kthread+0x337/0x6f0 [ 29.988721] ? trace_preempt_on+0x20/0xc0 [ 29.988747] ? __pfx_kthread+0x10/0x10 [ 29.988768] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.988892] ? calculate_sigpending+0x7b/0xa0 [ 29.988919] ? __pfx_kthread+0x10/0x10 [ 29.988941] ret_from_fork+0x116/0x1d0 [ 29.988962] ? __pfx_kthread+0x10/0x10 [ 29.988982] ret_from_fork_asm+0x1a/0x30 [ 29.989015] </TASK> [ 29.989027] [ 30.001649] Allocated by task 313: [ 30.002176] kasan_save_stack+0x45/0x70 [ 30.002460] kasan_save_track+0x18/0x40 [ 30.002775] kasan_save_alloc_info+0x3b/0x50 [ 30.003153] __kasan_kmalloc+0xb7/0xc0 [ 30.003329] __kmalloc_cache_noprof+0x189/0x420 [ 30.003909] kasan_atomics+0x95/0x310 [ 30.004197] kunit_try_run_case+0x1a5/0x480 [ 30.004517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.004779] kthread+0x337/0x6f0 [ 30.005106] ret_from_fork+0x116/0x1d0 [ 30.005476] ret_from_fork_asm+0x1a/0x30 [ 30.005676] [ 30.005771] The buggy address belongs to the object at ffff888106038600 [ 30.005771] which belongs to the cache kmalloc-64 of size 64 [ 30.006680] The buggy address is located 0 bytes to the right of [ 30.006680] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.007633] [ 30.007738] The buggy address belongs to the physical page: [ 30.008263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.008743] flags: 0x200000000000000(node=0|zone=2) [ 30.009193] page_type: f5(slab) [ 30.009492] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.009991] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.010540] page dumped because: kasan: bad access detected [ 30.010970] [ 30.011104] Memory state around the buggy address: [ 30.011449] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.011753] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.012318] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.012818] ^ [ 30.013299] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.013634] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.014311] ================================================================== [ 30.696819] ================================================================== [ 30.697496] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 30.698041] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.698334] [ 30.698686] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.698909] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.699027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.699052] Call Trace: [ 30.699074] <TASK> [ 30.699193] dump_stack_lvl+0x73/0xb0 [ 30.699225] print_report+0xd1/0x640 [ 30.699249] ? __virt_addr_valid+0x1db/0x2d0 [ 30.699280] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.699303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.699329] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.699352] kasan_report+0x141/0x180 [ 30.699375] ? kasan_atomics_helper+0x1e12/0x5450 [ 30.699402] kasan_check_range+0x10c/0x1c0 [ 30.699426] __kasan_check_write+0x18/0x20 [ 30.699450] kasan_atomics_helper+0x1e12/0x5450 [ 30.699474] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.699497] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.699524] ? kasan_atomics+0x152/0x310 [ 30.699550] kasan_atomics+0x1dc/0x310 [ 30.699584] ? __pfx_kasan_atomics+0x10/0x10 [ 30.699609] ? __pfx_read_tsc+0x10/0x10 [ 30.699633] ? ktime_get_ts64+0x86/0x230 [ 30.699658] kunit_try_run_case+0x1a5/0x480 [ 30.699684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.699708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.699734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.699759] ? __kthread_parkme+0x82/0x180 [ 30.699791] ? preempt_count_sub+0x50/0x80 [ 30.699817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.699841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.699865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.699891] kthread+0x337/0x6f0 [ 30.699911] ? trace_preempt_on+0x20/0xc0 [ 30.699947] ? __pfx_kthread+0x10/0x10 [ 30.699968] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.699992] ? calculate_sigpending+0x7b/0xa0 [ 30.700017] ? __pfx_kthread+0x10/0x10 [ 30.700038] ret_from_fork+0x116/0x1d0 [ 30.700059] ? __pfx_kthread+0x10/0x10 [ 30.700079] ret_from_fork_asm+0x1a/0x30 [ 30.700113] </TASK> [ 30.700125] [ 30.712276] Allocated by task 313: [ 30.712502] kasan_save_stack+0x45/0x70 [ 30.712958] kasan_save_track+0x18/0x40 [ 30.713207] kasan_save_alloc_info+0x3b/0x50 [ 30.713671] __kasan_kmalloc+0xb7/0xc0 [ 30.714026] __kmalloc_cache_noprof+0x189/0x420 [ 30.714329] kasan_atomics+0x95/0x310 [ 30.714518] kunit_try_run_case+0x1a5/0x480 [ 30.714701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.714996] kthread+0x337/0x6f0 [ 30.715505] ret_from_fork+0x116/0x1d0 [ 30.715669] ret_from_fork_asm+0x1a/0x30 [ 30.716199] [ 30.716360] The buggy address belongs to the object at ffff888106038600 [ 30.716360] which belongs to the cache kmalloc-64 of size 64 [ 30.716858] The buggy address is located 0 bytes to the right of [ 30.716858] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.717757] [ 30.717878] The buggy address belongs to the physical page: [ 30.718345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.718911] flags: 0x200000000000000(node=0|zone=2) [ 30.719258] page_type: f5(slab) [ 30.719428] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.719813] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.720166] page dumped because: kasan: bad access detected [ 30.720505] [ 30.720584] Memory state around the buggy address: [ 30.720797] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.721188] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.721601] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.721894] ^ [ 30.722072] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.722511] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.722988] ================================================================== [ 29.346478] ================================================================== [ 29.347092] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 29.347480] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.347818] [ 29.347948] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.348033] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.348048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.348071] Call Trace: [ 29.348089] <TASK> [ 29.348109] dump_stack_lvl+0x73/0xb0 [ 29.348137] print_report+0xd1/0x640 [ 29.348160] ? __virt_addr_valid+0x1db/0x2d0 [ 29.348185] ? kasan_atomics_helper+0x4ba2/0x5450 [ 29.348208] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.348236] ? kasan_atomics_helper+0x4ba2/0x5450 [ 29.348258] kasan_report+0x141/0x180 [ 29.348281] ? kasan_atomics_helper+0x4ba2/0x5450 [ 29.348309] __asan_report_store4_noabort+0x1b/0x30 [ 29.348334] kasan_atomics_helper+0x4ba2/0x5450 [ 29.348358] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.348381] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.348407] ? kasan_atomics+0x152/0x310 [ 29.348433] kasan_atomics+0x1dc/0x310 [ 29.348456] ? __pfx_kasan_atomics+0x10/0x10 [ 29.348481] ? __pfx_read_tsc+0x10/0x10 [ 29.348504] ? ktime_get_ts64+0x86/0x230 [ 29.348529] kunit_try_run_case+0x1a5/0x480 [ 29.348555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.348589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.348616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.348641] ? __kthread_parkme+0x82/0x180 [ 29.348663] ? preempt_count_sub+0x50/0x80 [ 29.348689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.348713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.348738] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.348762] kthread+0x337/0x6f0 [ 29.348783] ? trace_preempt_on+0x20/0xc0 [ 29.348807] ? __pfx_kthread+0x10/0x10 [ 29.348829] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.348852] ? calculate_sigpending+0x7b/0xa0 [ 29.348877] ? __pfx_kthread+0x10/0x10 [ 29.348899] ret_from_fork+0x116/0x1d0 [ 29.348956] ? __pfx_kthread+0x10/0x10 [ 29.348978] ret_from_fork_asm+0x1a/0x30 [ 29.349012] </TASK> [ 29.349024] [ 29.357437] Allocated by task 313: [ 29.357623] kasan_save_stack+0x45/0x70 [ 29.357855] kasan_save_track+0x18/0x40 [ 29.358119] kasan_save_alloc_info+0x3b/0x50 [ 29.358280] __kasan_kmalloc+0xb7/0xc0 [ 29.358409] __kmalloc_cache_noprof+0x189/0x420 [ 29.358561] kasan_atomics+0x95/0x310 [ 29.358702] kunit_try_run_case+0x1a5/0x480 [ 29.359022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.359274] kthread+0x337/0x6f0 [ 29.359439] ret_from_fork+0x116/0x1d0 [ 29.359634] ret_from_fork_asm+0x1a/0x30 [ 29.359775] [ 29.359842] The buggy address belongs to the object at ffff888106038600 [ 29.359842] which belongs to the cache kmalloc-64 of size 64 [ 29.360456] The buggy address is located 0 bytes to the right of [ 29.360456] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.361154] [ 29.361284] The buggy address belongs to the physical page: [ 29.361599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.362011] flags: 0x200000000000000(node=0|zone=2) [ 29.362169] page_type: f5(slab) [ 29.362420] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.362774] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.363360] page dumped because: kasan: bad access detected [ 29.363526] [ 29.363607] Memory state around the buggy address: [ 29.364106] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.365004] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.365419] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.365770] ^ [ 29.366037] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366330] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.366536] ================================================================== [ 29.545674] ================================================================== [ 29.545922] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 29.546632] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.547078] [ 29.547236] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.547311] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.547327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.547350] Call Trace: [ 29.547370] <TASK> [ 29.547390] dump_stack_lvl+0x73/0xb0 [ 29.547419] print_report+0xd1/0x640 [ 29.547471] ? __virt_addr_valid+0x1db/0x2d0 [ 29.547496] ? kasan_atomics_helper+0x5fe/0x5450 [ 29.547517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.547545] ? kasan_atomics_helper+0x5fe/0x5450 [ 29.547566] kasan_report+0x141/0x180 [ 29.547601] ? kasan_atomics_helper+0x5fe/0x5450 [ 29.547627] kasan_check_range+0x10c/0x1c0 [ 29.547651] __kasan_check_write+0x18/0x20 [ 29.547676] kasan_atomics_helper+0x5fe/0x5450 [ 29.547699] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.547723] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.547748] ? kasan_atomics+0x152/0x310 [ 29.547774] kasan_atomics+0x1dc/0x310 [ 29.547797] ? __pfx_kasan_atomics+0x10/0x10 [ 29.547850] ? __pfx_read_tsc+0x10/0x10 [ 29.547873] ? ktime_get_ts64+0x86/0x230 [ 29.547898] kunit_try_run_case+0x1a5/0x480 [ 29.547936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.547961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.547988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.548015] ? __kthread_parkme+0x82/0x180 [ 29.548036] ? preempt_count_sub+0x50/0x80 [ 29.548060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.548101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.548127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.548151] kthread+0x337/0x6f0 [ 29.548172] ? trace_preempt_on+0x20/0xc0 [ 29.548197] ? __pfx_kthread+0x10/0x10 [ 29.548218] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.548241] ? calculate_sigpending+0x7b/0xa0 [ 29.548266] ? __pfx_kthread+0x10/0x10 [ 29.548289] ret_from_fork+0x116/0x1d0 [ 29.548310] ? __pfx_kthread+0x10/0x10 [ 29.548331] ret_from_fork_asm+0x1a/0x30 [ 29.548364] </TASK> [ 29.548376] [ 29.556275] Allocated by task 313: [ 29.556462] kasan_save_stack+0x45/0x70 [ 29.556666] kasan_save_track+0x18/0x40 [ 29.556800] kasan_save_alloc_info+0x3b/0x50 [ 29.556972] __kasan_kmalloc+0xb7/0xc0 [ 29.557102] __kmalloc_cache_noprof+0x189/0x420 [ 29.557323] kasan_atomics+0x95/0x310 [ 29.557529] kunit_try_run_case+0x1a5/0x480 [ 29.557748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.558057] kthread+0x337/0x6f0 [ 29.558230] ret_from_fork+0x116/0x1d0 [ 29.558375] ret_from_fork_asm+0x1a/0x30 [ 29.558510] [ 29.558633] The buggy address belongs to the object at ffff888106038600 [ 29.558633] which belongs to the cache kmalloc-64 of size 64 [ 29.559008] The buggy address is located 0 bytes to the right of [ 29.559008] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.559374] [ 29.559442] The buggy address belongs to the physical page: [ 29.559643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.560001] flags: 0x200000000000000(node=0|zone=2) [ 29.560234] page_type: f5(slab) [ 29.560399] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.560864] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.561228] page dumped because: kasan: bad access detected [ 29.561487] [ 29.561584] Memory state around the buggy address: [ 29.561802] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.562140] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.562368] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.562584] ^ [ 29.562740] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.562980] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.563522] ================================================================== [ 30.357007] ================================================================== [ 30.357260] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 30.357775] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.358091] [ 30.358510] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.358567] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.358594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.358618] Call Trace: [ 30.358633] <TASK> [ 30.358652] dump_stack_lvl+0x73/0xb0 [ 30.358683] print_report+0xd1/0x640 [ 30.358708] ? __virt_addr_valid+0x1db/0x2d0 [ 30.358733] ? kasan_atomics_helper+0x16e7/0x5450 [ 30.358755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.358900] ? kasan_atomics_helper+0x16e7/0x5450 [ 30.358945] kasan_report+0x141/0x180 [ 30.359025] ? kasan_atomics_helper+0x16e7/0x5450 [ 30.359053] kasan_check_range+0x10c/0x1c0 [ 30.359078] __kasan_check_write+0x18/0x20 [ 30.359102] kasan_atomics_helper+0x16e7/0x5450 [ 30.359126] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.359149] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.359175] ? kasan_atomics+0x152/0x310 [ 30.359203] kasan_atomics+0x1dc/0x310 [ 30.359226] ? __pfx_kasan_atomics+0x10/0x10 [ 30.359259] ? __pfx_read_tsc+0x10/0x10 [ 30.359281] ? ktime_get_ts64+0x86/0x230 [ 30.359307] kunit_try_run_case+0x1a5/0x480 [ 30.359334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.359357] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.359383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.359409] ? __kthread_parkme+0x82/0x180 [ 30.359431] ? preempt_count_sub+0x50/0x80 [ 30.359456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.359481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.359505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.359530] kthread+0x337/0x6f0 [ 30.359551] ? trace_preempt_on+0x20/0xc0 [ 30.359586] ? __pfx_kthread+0x10/0x10 [ 30.359610] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.359635] ? calculate_sigpending+0x7b/0xa0 [ 30.359660] ? __pfx_kthread+0x10/0x10 [ 30.359683] ret_from_fork+0x116/0x1d0 [ 30.359704] ? __pfx_kthread+0x10/0x10 [ 30.359726] ret_from_fork_asm+0x1a/0x30 [ 30.359758] </TASK> [ 30.359771] [ 30.368199] Allocated by task 313: [ 30.368390] kasan_save_stack+0x45/0x70 [ 30.368558] kasan_save_track+0x18/0x40 [ 30.368760] kasan_save_alloc_info+0x3b/0x50 [ 30.368944] __kasan_kmalloc+0xb7/0xc0 [ 30.369167] __kmalloc_cache_noprof+0x189/0x420 [ 30.369354] kasan_atomics+0x95/0x310 [ 30.370006] kunit_try_run_case+0x1a5/0x480 [ 30.370150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.370319] kthread+0x337/0x6f0 [ 30.370431] ret_from_fork+0x116/0x1d0 [ 30.370556] ret_from_fork_asm+0x1a/0x30 [ 30.370756] [ 30.370847] The buggy address belongs to the object at ffff888106038600 [ 30.370847] which belongs to the cache kmalloc-64 of size 64 [ 30.371372] The buggy address is located 0 bytes to the right of [ 30.371372] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.373303] [ 30.373394] The buggy address belongs to the physical page: [ 30.373585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.373827] flags: 0x200000000000000(node=0|zone=2) [ 30.374065] page_type: f5(slab) [ 30.374232] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.375260] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.376247] page dumped because: kasan: bad access detected [ 30.376533] [ 30.376614] Memory state around the buggy address: [ 30.377480] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.378033] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.378657] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.379387] ^ [ 30.379627] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.380064] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.381159] ================================================================== [ 30.723569] ================================================================== [ 30.723847] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 30.724352] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.724730] [ 30.724933] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.724987] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.725003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.725026] Call Trace: [ 30.725044] <TASK> [ 30.725061] dump_stack_lvl+0x73/0xb0 [ 30.725159] print_report+0xd1/0x640 [ 30.725229] ? __virt_addr_valid+0x1db/0x2d0 [ 30.725255] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.725276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.725353] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.725376] kasan_report+0x141/0x180 [ 30.725463] ? kasan_atomics_helper+0x1eaa/0x5450 [ 30.725502] kasan_check_range+0x10c/0x1c0 [ 30.725538] __kasan_check_write+0x18/0x20 [ 30.725563] kasan_atomics_helper+0x1eaa/0x5450 [ 30.725595] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.725618] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.725644] ? kasan_atomics+0x152/0x310 [ 30.725671] kasan_atomics+0x1dc/0x310 [ 30.725695] ? __pfx_kasan_atomics+0x10/0x10 [ 30.725720] ? __pfx_read_tsc+0x10/0x10 [ 30.725743] ? ktime_get_ts64+0x86/0x230 [ 30.725769] kunit_try_run_case+0x1a5/0x480 [ 30.725795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.725818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.725845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.725887] ? __kthread_parkme+0x82/0x180 [ 30.725909] ? preempt_count_sub+0x50/0x80 [ 30.725940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.725965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.725990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.726014] kthread+0x337/0x6f0 [ 30.726080] ? trace_preempt_on+0x20/0xc0 [ 30.726106] ? __pfx_kthread+0x10/0x10 [ 30.726126] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.726162] ? calculate_sigpending+0x7b/0xa0 [ 30.726229] ? __pfx_kthread+0x10/0x10 [ 30.726253] ret_from_fork+0x116/0x1d0 [ 30.726273] ? __pfx_kthread+0x10/0x10 [ 30.726306] ret_from_fork_asm+0x1a/0x30 [ 30.726339] </TASK> [ 30.726350] [ 30.738781] Allocated by task 313: [ 30.738996] kasan_save_stack+0x45/0x70 [ 30.739321] kasan_save_track+0x18/0x40 [ 30.739491] kasan_save_alloc_info+0x3b/0x50 [ 30.739696] __kasan_kmalloc+0xb7/0xc0 [ 30.740198] __kmalloc_cache_noprof+0x189/0x420 [ 30.740678] kasan_atomics+0x95/0x310 [ 30.741101] kunit_try_run_case+0x1a5/0x480 [ 30.741458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.741734] kthread+0x337/0x6f0 [ 30.742108] ret_from_fork+0x116/0x1d0 [ 30.742445] ret_from_fork_asm+0x1a/0x30 [ 30.742637] [ 30.742724] The buggy address belongs to the object at ffff888106038600 [ 30.742724] which belongs to the cache kmalloc-64 of size 64 [ 30.743691] The buggy address is located 0 bytes to the right of [ 30.743691] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.744817] [ 30.745094] The buggy address belongs to the physical page: [ 30.745723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.746310] flags: 0x200000000000000(node=0|zone=2) [ 30.746769] page_type: f5(slab) [ 30.747228] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.747641] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.748435] page dumped because: kasan: bad access detected [ 30.748922] [ 30.749086] Memory state around the buggy address: [ 30.749534] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.749835] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.750533] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.751225] ^ [ 30.751661] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.752294] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.752800] ================================================================== [ 29.729174] ================================================================== [ 29.729487] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 29.729775] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.730231] [ 29.730318] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.730380] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.730394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.730419] Call Trace: [ 29.730434] <TASK> [ 29.730454] dump_stack_lvl+0x73/0xb0 [ 29.730485] print_report+0xd1/0x640 [ 29.730510] ? __virt_addr_valid+0x1db/0x2d0 [ 29.730535] ? kasan_atomics_helper+0xac7/0x5450 [ 29.730557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.730598] ? kasan_atomics_helper+0xac7/0x5450 [ 29.730629] kasan_report+0x141/0x180 [ 29.730663] ? kasan_atomics_helper+0xac7/0x5450 [ 29.730690] kasan_check_range+0x10c/0x1c0 [ 29.730728] __kasan_check_write+0x18/0x20 [ 29.730753] kasan_atomics_helper+0xac7/0x5450 [ 29.730777] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.730801] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.730831] ? kasan_atomics+0x152/0x310 [ 29.730857] kasan_atomics+0x1dc/0x310 [ 29.730881] ? __pfx_kasan_atomics+0x10/0x10 [ 29.730906] ? __pfx_read_tsc+0x10/0x10 [ 29.730928] ? ktime_get_ts64+0x86/0x230 [ 29.730972] kunit_try_run_case+0x1a5/0x480 [ 29.730999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.731033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.731060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.731097] ? __kthread_parkme+0x82/0x180 [ 29.731119] ? preempt_count_sub+0x50/0x80 [ 29.731168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.731193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.731218] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.731242] kthread+0x337/0x6f0 [ 29.731268] ? trace_preempt_on+0x20/0xc0 [ 29.731293] ? __pfx_kthread+0x10/0x10 [ 29.731314] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.731347] ? calculate_sigpending+0x7b/0xa0 [ 29.731372] ? __pfx_kthread+0x10/0x10 [ 29.731395] ret_from_fork+0x116/0x1d0 [ 29.731427] ? __pfx_kthread+0x10/0x10 [ 29.731449] ret_from_fork_asm+0x1a/0x30 [ 29.731493] </TASK> [ 29.731505] [ 29.740342] Allocated by task 313: [ 29.740599] kasan_save_stack+0x45/0x70 [ 29.740813] kasan_save_track+0x18/0x40 [ 29.741051] kasan_save_alloc_info+0x3b/0x50 [ 29.741438] __kasan_kmalloc+0xb7/0xc0 [ 29.741757] __kmalloc_cache_noprof+0x189/0x420 [ 29.742097] kasan_atomics+0x95/0x310 [ 29.742420] kunit_try_run_case+0x1a5/0x480 [ 29.742622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.742794] kthread+0x337/0x6f0 [ 29.743029] ret_from_fork+0x116/0x1d0 [ 29.743404] ret_from_fork_asm+0x1a/0x30 [ 29.743599] [ 29.743665] The buggy address belongs to the object at ffff888106038600 [ 29.743665] which belongs to the cache kmalloc-64 of size 64 [ 29.744328] The buggy address is located 0 bytes to the right of [ 29.744328] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.745061] [ 29.745310] The buggy address belongs to the physical page: [ 29.745506] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.745932] flags: 0x200000000000000(node=0|zone=2) [ 29.746199] page_type: f5(slab) [ 29.746331] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.746664] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.746931] page dumped because: kasan: bad access detected [ 29.747095] [ 29.747157] Memory state around the buggy address: [ 29.747313] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.747520] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.747745] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.747954] ^ [ 29.748307] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.748876] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.749455] ================================================================== [ 29.564269] ================================================================== [ 29.564650] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 29.565226] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.565501] [ 29.565615] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.565666] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.565681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.565706] Call Trace: [ 29.565724] <TASK> [ 29.565741] dump_stack_lvl+0x73/0xb0 [ 29.565771] print_report+0xd1/0x640 [ 29.565794] ? __virt_addr_valid+0x1db/0x2d0 [ 29.565820] ? kasan_atomics_helper+0x697/0x5450 [ 29.565841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.565868] ? kasan_atomics_helper+0x697/0x5450 [ 29.565891] kasan_report+0x141/0x180 [ 29.565934] ? kasan_atomics_helper+0x697/0x5450 [ 29.565961] kasan_check_range+0x10c/0x1c0 [ 29.565985] __kasan_check_write+0x18/0x20 [ 29.566009] kasan_atomics_helper+0x697/0x5450 [ 29.566051] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.566076] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.566120] ? kasan_atomics+0x152/0x310 [ 29.566170] kasan_atomics+0x1dc/0x310 [ 29.566193] ? __pfx_kasan_atomics+0x10/0x10 [ 29.566218] ? __pfx_read_tsc+0x10/0x10 [ 29.566241] ? ktime_get_ts64+0x86/0x230 [ 29.566266] kunit_try_run_case+0x1a5/0x480 [ 29.566292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.566316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.566343] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.566368] ? __kthread_parkme+0x82/0x180 [ 29.566389] ? preempt_count_sub+0x50/0x80 [ 29.566414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.566439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.566463] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.566488] kthread+0x337/0x6f0 [ 29.566508] ? trace_preempt_on+0x20/0xc0 [ 29.566533] ? __pfx_kthread+0x10/0x10 [ 29.566554] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.566587] ? calculate_sigpending+0x7b/0xa0 [ 29.566612] ? __pfx_kthread+0x10/0x10 [ 29.566633] ret_from_fork+0x116/0x1d0 [ 29.566653] ? __pfx_kthread+0x10/0x10 [ 29.566674] ret_from_fork_asm+0x1a/0x30 [ 29.566708] </TASK> [ 29.566719] [ 29.574629] Allocated by task 313: [ 29.574762] kasan_save_stack+0x45/0x70 [ 29.574906] kasan_save_track+0x18/0x40 [ 29.575037] kasan_save_alloc_info+0x3b/0x50 [ 29.575178] __kasan_kmalloc+0xb7/0xc0 [ 29.575312] __kmalloc_cache_noprof+0x189/0x420 [ 29.575531] kasan_atomics+0x95/0x310 [ 29.575932] kunit_try_run_case+0x1a5/0x480 [ 29.576159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.576432] kthread+0x337/0x6f0 [ 29.576623] ret_from_fork+0x116/0x1d0 [ 29.576873] ret_from_fork_asm+0x1a/0x30 [ 29.577081] [ 29.577175] The buggy address belongs to the object at ffff888106038600 [ 29.577175] which belongs to the cache kmalloc-64 of size 64 [ 29.577718] The buggy address is located 0 bytes to the right of [ 29.577718] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.578318] [ 29.578411] The buggy address belongs to the physical page: [ 29.580739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.581011] flags: 0x200000000000000(node=0|zone=2) [ 29.581177] page_type: f5(slab) [ 29.581332] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.581685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.582022] page dumped because: kasan: bad access detected [ 29.582273] [ 29.582363] Memory state around the buggy address: [ 29.582626] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.582915] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.583229] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.583487] ^ [ 29.583703] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.583912] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.584118] ================================================================== [ 29.526565] ================================================================== [ 29.527263] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 29.527753] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.528182] [ 29.528285] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.528338] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.528354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.528376] Call Trace: [ 29.528395] <TASK> [ 29.528438] dump_stack_lvl+0x73/0xb0 [ 29.528467] print_report+0xd1/0x640 [ 29.528490] ? __virt_addr_valid+0x1db/0x2d0 [ 29.528515] ? kasan_atomics_helper+0x565/0x5450 [ 29.528537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.528565] ? kasan_atomics_helper+0x565/0x5450 [ 29.528598] kasan_report+0x141/0x180 [ 29.528621] ? kasan_atomics_helper+0x565/0x5450 [ 29.528652] kasan_check_range+0x10c/0x1c0 [ 29.528678] __kasan_check_write+0x18/0x20 [ 29.528703] kasan_atomics_helper+0x565/0x5450 [ 29.528728] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.528751] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.528777] ? kasan_atomics+0x152/0x310 [ 29.528804] kasan_atomics+0x1dc/0x310 [ 29.528827] ? __pfx_kasan_atomics+0x10/0x10 [ 29.528870] ? __pfx_read_tsc+0x10/0x10 [ 29.528892] ? ktime_get_ts64+0x86/0x230 [ 29.528918] kunit_try_run_case+0x1a5/0x480 [ 29.528957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.528981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.529007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.529058] ? __kthread_parkme+0x82/0x180 [ 29.529089] ? preempt_count_sub+0x50/0x80 [ 29.529121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.529146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.529170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.529195] kthread+0x337/0x6f0 [ 29.529215] ? trace_preempt_on+0x20/0xc0 [ 29.529240] ? __pfx_kthread+0x10/0x10 [ 29.529261] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.529285] ? calculate_sigpending+0x7b/0xa0 [ 29.529310] ? __pfx_kthread+0x10/0x10 [ 29.529333] ret_from_fork+0x116/0x1d0 [ 29.529352] ? __pfx_kthread+0x10/0x10 [ 29.529374] ret_from_fork_asm+0x1a/0x30 [ 29.529407] </TASK> [ 29.529419] [ 29.537109] Allocated by task 313: [ 29.537306] kasan_save_stack+0x45/0x70 [ 29.537517] kasan_save_track+0x18/0x40 [ 29.537741] kasan_save_alloc_info+0x3b/0x50 [ 29.538123] __kasan_kmalloc+0xb7/0xc0 [ 29.538396] __kmalloc_cache_noprof+0x189/0x420 [ 29.538701] kasan_atomics+0x95/0x310 [ 29.539003] kunit_try_run_case+0x1a5/0x480 [ 29.539199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.539424] kthread+0x337/0x6f0 [ 29.539539] ret_from_fork+0x116/0x1d0 [ 29.539731] ret_from_fork_asm+0x1a/0x30 [ 29.540084] [ 29.540246] The buggy address belongs to the object at ffff888106038600 [ 29.540246] which belongs to the cache kmalloc-64 of size 64 [ 29.540881] The buggy address is located 0 bytes to the right of [ 29.540881] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.541406] [ 29.541480] The buggy address belongs to the physical page: [ 29.541768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.542161] flags: 0x200000000000000(node=0|zone=2) [ 29.542379] page_type: f5(slab) [ 29.542498] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.542733] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.542953] page dumped because: kasan: bad access detected [ 29.543117] [ 29.543180] Memory state around the buggy address: [ 29.543334] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.543615] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.543921] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.544609] ^ [ 29.544829] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.545039] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.545246] ================================================================== [ 30.923748] ================================================================== [ 30.924084] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 30.924424] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.924738] [ 30.924841] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.924897] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.924912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.924936] Call Trace: [ 30.924959] <TASK> [ 30.924980] dump_stack_lvl+0x73/0xb0 [ 30.925010] print_report+0xd1/0x640 [ 30.925036] ? __virt_addr_valid+0x1db/0x2d0 [ 30.925063] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.925087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.925115] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.925137] kasan_report+0x141/0x180 [ 30.925161] ? kasan_atomics_helper+0x4fa5/0x5450 [ 30.925190] __asan_report_load8_noabort+0x18/0x20 [ 30.925217] kasan_atomics_helper+0x4fa5/0x5450 [ 30.925243] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.925277] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.925304] ? kasan_atomics+0x152/0x310 [ 30.925333] kasan_atomics+0x1dc/0x310 [ 30.925357] ? __pfx_kasan_atomics+0x10/0x10 [ 30.925382] ? __pfx_read_tsc+0x10/0x10 [ 30.925405] ? ktime_get_ts64+0x86/0x230 [ 30.925431] kunit_try_run_case+0x1a5/0x480 [ 30.925458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.925482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.925508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.925534] ? __kthread_parkme+0x82/0x180 [ 30.925555] ? preempt_count_sub+0x50/0x80 [ 30.925592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.925616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.925641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.925664] kthread+0x337/0x6f0 [ 30.925684] ? trace_preempt_on+0x20/0xc0 [ 30.925710] ? __pfx_kthread+0x10/0x10 [ 30.925730] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.925755] ? calculate_sigpending+0x7b/0xa0 [ 30.925780] ? __pfx_kthread+0x10/0x10 [ 30.925801] ret_from_fork+0x116/0x1d0 [ 30.925822] ? __pfx_kthread+0x10/0x10 [ 30.925843] ret_from_fork_asm+0x1a/0x30 [ 30.925876] </TASK> [ 30.925889] [ 30.932955] Allocated by task 313: [ 30.933143] kasan_save_stack+0x45/0x70 [ 30.933361] kasan_save_track+0x18/0x40 [ 30.933505] kasan_save_alloc_info+0x3b/0x50 [ 30.933703] __kasan_kmalloc+0xb7/0xc0 [ 30.933893] __kmalloc_cache_noprof+0x189/0x420 [ 30.934103] kasan_atomics+0x95/0x310 [ 30.934234] kunit_try_run_case+0x1a5/0x480 [ 30.934374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.934634] kthread+0x337/0x6f0 [ 30.934796] ret_from_fork+0x116/0x1d0 [ 30.934976] ret_from_fork_asm+0x1a/0x30 [ 30.935169] [ 30.935235] The buggy address belongs to the object at ffff888106038600 [ 30.935235] which belongs to the cache kmalloc-64 of size 64 [ 30.935595] The buggy address is located 0 bytes to the right of [ 30.935595] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.936324] [ 30.936418] The buggy address belongs to the physical page: [ 30.936684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.937033] flags: 0x200000000000000(node=0|zone=2) [ 30.937269] page_type: f5(slab) [ 30.937438] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.937721] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.937942] page dumped because: kasan: bad access detected [ 30.938105] [ 30.938169] Memory state around the buggy address: [ 30.938319] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.938528] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.938906] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.939253] ^ [ 30.939744] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.940011] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.940217] ================================================================== [ 30.063206] ================================================================== [ 30.063547] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 30.064129] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.064392] [ 30.064506] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.064591] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.064606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.064630] Call Trace: [ 30.064648] <TASK> [ 30.064667] dump_stack_lvl+0x73/0xb0 [ 30.064717] print_report+0xd1/0x640 [ 30.064742] ? __virt_addr_valid+0x1db/0x2d0 [ 30.064785] ? kasan_atomics_helper+0x4a02/0x5450 [ 30.064869] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.064897] ? kasan_atomics_helper+0x4a02/0x5450 [ 30.064919] kasan_report+0x141/0x180 [ 30.064943] ? kasan_atomics_helper+0x4a02/0x5450 [ 30.064981] __asan_report_load4_noabort+0x18/0x20 [ 30.065006] kasan_atomics_helper+0x4a02/0x5450 [ 30.065029] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.065052] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.065078] ? kasan_atomics+0x152/0x310 [ 30.065105] kasan_atomics+0x1dc/0x310 [ 30.065129] ? __pfx_kasan_atomics+0x10/0x10 [ 30.065153] ? __pfx_read_tsc+0x10/0x10 [ 30.065176] ? ktime_get_ts64+0x86/0x230 [ 30.065202] kunit_try_run_case+0x1a5/0x480 [ 30.065228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.065252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.065300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.065326] ? __kthread_parkme+0x82/0x180 [ 30.065349] ? preempt_count_sub+0x50/0x80 [ 30.065373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.065398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.065422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.065447] kthread+0x337/0x6f0 [ 30.065484] ? trace_preempt_on+0x20/0xc0 [ 30.065509] ? __pfx_kthread+0x10/0x10 [ 30.065544] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.065592] ? calculate_sigpending+0x7b/0xa0 [ 30.065618] ? __pfx_kthread+0x10/0x10 [ 30.065640] ret_from_fork+0x116/0x1d0 [ 30.065660] ? __pfx_kthread+0x10/0x10 [ 30.065696] ret_from_fork_asm+0x1a/0x30 [ 30.065742] </TASK> [ 30.065755] [ 30.074924] Allocated by task 313: [ 30.075188] kasan_save_stack+0x45/0x70 [ 30.075461] kasan_save_track+0x18/0x40 [ 30.075675] kasan_save_alloc_info+0x3b/0x50 [ 30.075936] __kasan_kmalloc+0xb7/0xc0 [ 30.076107] __kmalloc_cache_noprof+0x189/0x420 [ 30.076355] kasan_atomics+0x95/0x310 [ 30.076546] kunit_try_run_case+0x1a5/0x480 [ 30.076856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.077382] kthread+0x337/0x6f0 [ 30.077505] ret_from_fork+0x116/0x1d0 [ 30.077699] ret_from_fork_asm+0x1a/0x30 [ 30.077908] [ 30.078019] The buggy address belongs to the object at ffff888106038600 [ 30.078019] which belongs to the cache kmalloc-64 of size 64 [ 30.078560] The buggy address is located 0 bytes to the right of [ 30.078560] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.079122] [ 30.079567] The buggy address belongs to the physical page: [ 30.079791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.080214] flags: 0x200000000000000(node=0|zone=2) [ 30.080385] page_type: f5(slab) [ 30.080593] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.081161] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.081409] page dumped because: kasan: bad access detected [ 30.081651] [ 30.081714] Memory state around the buggy address: [ 30.081860] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.082517] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.083054] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.083432] ^ [ 30.083673] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.084159] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.084409] ================================================================== [ 30.200915] ================================================================== [ 30.201352] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 30.201813] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.202554] [ 30.202741] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.202795] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.202810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.202833] Call Trace: [ 30.202855] <TASK> [ 30.202876] dump_stack_lvl+0x73/0xb0 [ 30.202907] print_report+0xd1/0x640 [ 30.202944] ? __virt_addr_valid+0x1db/0x2d0 [ 30.202970] ? kasan_atomics_helper+0x4eae/0x5450 [ 30.202995] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.203022] ? kasan_atomics_helper+0x4eae/0x5450 [ 30.203045] kasan_report+0x141/0x180 [ 30.203068] ? kasan_atomics_helper+0x4eae/0x5450 [ 30.203095] __asan_report_load8_noabort+0x18/0x20 [ 30.203120] kasan_atomics_helper+0x4eae/0x5450 [ 30.203144] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.203167] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.203193] ? kasan_atomics+0x152/0x310 [ 30.203220] kasan_atomics+0x1dc/0x310 [ 30.203244] ? __pfx_kasan_atomics+0x10/0x10 [ 30.203278] ? __pfx_read_tsc+0x10/0x10 [ 30.203302] ? ktime_get_ts64+0x86/0x230 [ 30.203328] kunit_try_run_case+0x1a5/0x480 [ 30.203355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.203379] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.203405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.203431] ? __kthread_parkme+0x82/0x180 [ 30.203453] ? preempt_count_sub+0x50/0x80 [ 30.203501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.203543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.203568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.203602] kthread+0x337/0x6f0 [ 30.203623] ? trace_preempt_on+0x20/0xc0 [ 30.203648] ? __pfx_kthread+0x10/0x10 [ 30.203669] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.203694] ? calculate_sigpending+0x7b/0xa0 [ 30.203719] ? __pfx_kthread+0x10/0x10 [ 30.203742] ret_from_fork+0x116/0x1d0 [ 30.203763] ? __pfx_kthread+0x10/0x10 [ 30.203796] ret_from_fork_asm+0x1a/0x30 [ 30.203830] </TASK> [ 30.203842] [ 30.215932] Allocated by task 313: [ 30.216105] kasan_save_stack+0x45/0x70 [ 30.216269] kasan_save_track+0x18/0x40 [ 30.217008] kasan_save_alloc_info+0x3b/0x50 [ 30.217461] __kasan_kmalloc+0xb7/0xc0 [ 30.217822] __kmalloc_cache_noprof+0x189/0x420 [ 30.218299] kasan_atomics+0x95/0x310 [ 30.218491] kunit_try_run_case+0x1a5/0x480 [ 30.218673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.219177] kthread+0x337/0x6f0 [ 30.219562] ret_from_fork+0x116/0x1d0 [ 30.219933] ret_from_fork_asm+0x1a/0x30 [ 30.220285] [ 30.220435] The buggy address belongs to the object at ffff888106038600 [ 30.220435] which belongs to the cache kmalloc-64 of size 64 [ 30.221221] The buggy address is located 0 bytes to the right of [ 30.221221] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.221596] [ 30.221675] The buggy address belongs to the physical page: [ 30.221928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.222250] flags: 0x200000000000000(node=0|zone=2) [ 30.222412] page_type: f5(slab) [ 30.222583] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.222976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.223279] page dumped because: kasan: bad access detected [ 30.223683] [ 30.223768] Memory state around the buggy address: [ 30.224020] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.224297] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.224543] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.224980] ^ [ 30.225139] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.225346] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.226038] ================================================================== [ 30.226539] ================================================================== [ 30.226939] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 30.227224] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.227529] [ 30.227652] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.227705] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.227720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.227743] Call Trace: [ 30.227763] <TASK> [ 30.227783] dump_stack_lvl+0x73/0xb0 [ 30.227815] print_report+0xd1/0x640 [ 30.227840] ? __virt_addr_valid+0x1db/0x2d0 [ 30.227865] ? kasan_atomics_helper+0x1467/0x5450 [ 30.227888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.227914] ? kasan_atomics_helper+0x1467/0x5450 [ 30.227937] kasan_report+0x141/0x180 [ 30.227960] ? kasan_atomics_helper+0x1467/0x5450 [ 30.227988] kasan_check_range+0x10c/0x1c0 [ 30.228012] __kasan_check_write+0x18/0x20 [ 30.228036] kasan_atomics_helper+0x1467/0x5450 [ 30.228059] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.228082] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.228108] ? kasan_atomics+0x152/0x310 [ 30.228134] kasan_atomics+0x1dc/0x310 [ 30.228158] ? __pfx_kasan_atomics+0x10/0x10 [ 30.228183] ? __pfx_read_tsc+0x10/0x10 [ 30.228225] ? ktime_get_ts64+0x86/0x230 [ 30.228261] kunit_try_run_case+0x1a5/0x480 [ 30.228293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.228317] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.228354] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.228380] ? __kthread_parkme+0x82/0x180 [ 30.228403] ? preempt_count_sub+0x50/0x80 [ 30.228428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.228453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.228477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.228502] kthread+0x337/0x6f0 [ 30.228522] ? trace_preempt_on+0x20/0xc0 [ 30.228547] ? __pfx_kthread+0x10/0x10 [ 30.228567] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.228601] ? calculate_sigpending+0x7b/0xa0 [ 30.228626] ? __pfx_kthread+0x10/0x10 [ 30.228648] ret_from_fork+0x116/0x1d0 [ 30.228668] ? __pfx_kthread+0x10/0x10 [ 30.228689] ret_from_fork_asm+0x1a/0x30 [ 30.228722] </TASK> [ 30.228734] [ 30.236853] Allocated by task 313: [ 30.236986] kasan_save_stack+0x45/0x70 [ 30.237284] kasan_save_track+0x18/0x40 [ 30.237475] kasan_save_alloc_info+0x3b/0x50 [ 30.237678] __kasan_kmalloc+0xb7/0xc0 [ 30.237870] __kmalloc_cache_noprof+0x189/0x420 [ 30.238043] kasan_atomics+0x95/0x310 [ 30.238170] kunit_try_run_case+0x1a5/0x480 [ 30.238310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.238477] kthread+0x337/0x6f0 [ 30.238648] ret_from_fork+0x116/0x1d0 [ 30.238834] ret_from_fork_asm+0x1a/0x30 [ 30.239146] [ 30.239238] The buggy address belongs to the object at ffff888106038600 [ 30.239238] which belongs to the cache kmalloc-64 of size 64 [ 30.239842] The buggy address is located 0 bytes to the right of [ 30.239842] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.240425] [ 30.240498] The buggy address belongs to the physical page: [ 30.240757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.241149] flags: 0x200000000000000(node=0|zone=2) [ 30.241377] page_type: f5(slab) [ 30.241504] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.241816] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.242195] page dumped because: kasan: bad access detected [ 30.242491] [ 30.242565] Memory state around the buggy address: [ 30.242788] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.243130] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.243474] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.243752] ^ [ 30.244162] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.244392] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.244779] ================================================================== [ 30.128195] ================================================================== [ 30.128543] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 30.129086] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.129415] [ 30.129523] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.129867] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.129885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.129908] Call Trace: [ 30.129922] <TASK> [ 30.129940] dump_stack_lvl+0x73/0xb0 [ 30.129972] print_report+0xd1/0x640 [ 30.129996] ? __virt_addr_valid+0x1db/0x2d0 [ 30.130021] ? kasan_atomics_helper+0x12e6/0x5450 [ 30.130044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.130096] ? kasan_atomics_helper+0x12e6/0x5450 [ 30.130119] kasan_report+0x141/0x180 [ 30.130141] ? kasan_atomics_helper+0x12e6/0x5450 [ 30.130169] kasan_check_range+0x10c/0x1c0 [ 30.130193] __kasan_check_write+0x18/0x20 [ 30.130217] kasan_atomics_helper+0x12e6/0x5450 [ 30.130241] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.130263] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.130290] ? kasan_atomics+0x152/0x310 [ 30.130317] kasan_atomics+0x1dc/0x310 [ 30.130341] ? __pfx_kasan_atomics+0x10/0x10 [ 30.130385] ? __pfx_read_tsc+0x10/0x10 [ 30.130407] ? ktime_get_ts64+0x86/0x230 [ 30.130433] kunit_try_run_case+0x1a5/0x480 [ 30.130460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.130483] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.130510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.130553] ? __kthread_parkme+0x82/0x180 [ 30.130585] ? preempt_count_sub+0x50/0x80 [ 30.130610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.130634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.130659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.130684] kthread+0x337/0x6f0 [ 30.130703] ? trace_preempt_on+0x20/0xc0 [ 30.130746] ? __pfx_kthread+0x10/0x10 [ 30.130767] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.130850] ? calculate_sigpending+0x7b/0xa0 [ 30.130877] ? __pfx_kthread+0x10/0x10 [ 30.130899] ret_from_fork+0x116/0x1d0 [ 30.130941] ? __pfx_kthread+0x10/0x10 [ 30.130963] ret_from_fork_asm+0x1a/0x30 [ 30.130995] </TASK> [ 30.131007] [ 30.139271] Allocated by task 313: [ 30.139546] kasan_save_stack+0x45/0x70 [ 30.139871] kasan_save_track+0x18/0x40 [ 30.140147] kasan_save_alloc_info+0x3b/0x50 [ 30.140339] __kasan_kmalloc+0xb7/0xc0 [ 30.140517] __kmalloc_cache_noprof+0x189/0x420 [ 30.140763] kasan_atomics+0x95/0x310 [ 30.141027] kunit_try_run_case+0x1a5/0x480 [ 30.141454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.141718] kthread+0x337/0x6f0 [ 30.141877] ret_from_fork+0x116/0x1d0 [ 30.142080] ret_from_fork_asm+0x1a/0x30 [ 30.142332] [ 30.142427] The buggy address belongs to the object at ffff888106038600 [ 30.142427] which belongs to the cache kmalloc-64 of size 64 [ 30.142906] The buggy address is located 0 bytes to the right of [ 30.142906] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.143470] [ 30.143589] The buggy address belongs to the physical page: [ 30.143844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.144185] flags: 0x200000000000000(node=0|zone=2) [ 30.144438] page_type: f5(slab) [ 30.144612] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.144937] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.145257] page dumped because: kasan: bad access detected [ 30.145464] [ 30.145528] Memory state around the buggy address: [ 30.145678] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.145879] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.146358] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.146695] ^ [ 30.147090] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.147417] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.147665] ================================================================== [ 29.750013] ================================================================== [ 29.750495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 29.750745] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.751423] [ 29.751604] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.751671] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.751687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.751710] Call Trace: [ 29.751730] <TASK> [ 29.751774] dump_stack_lvl+0x73/0xb0 [ 29.751814] print_report+0xd1/0x640 [ 29.751850] ? __virt_addr_valid+0x1db/0x2d0 [ 29.751875] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.751897] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.751923] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.751946] kasan_report+0x141/0x180 [ 29.751970] ? kasan_atomics_helper+0xb6a/0x5450 [ 29.751996] kasan_check_range+0x10c/0x1c0 [ 29.752021] __kasan_check_write+0x18/0x20 [ 29.752045] kasan_atomics_helper+0xb6a/0x5450 [ 29.752069] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.752092] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.752119] ? kasan_atomics+0x152/0x310 [ 29.752146] kasan_atomics+0x1dc/0x310 [ 29.752169] ? __pfx_kasan_atomics+0x10/0x10 [ 29.752194] ? __pfx_read_tsc+0x10/0x10 [ 29.752217] ? ktime_get_ts64+0x86/0x230 [ 29.752243] kunit_try_run_case+0x1a5/0x480 [ 29.752269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.752292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.752319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.752344] ? __kthread_parkme+0x82/0x180 [ 29.752366] ? preempt_count_sub+0x50/0x80 [ 29.752390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.752415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.752440] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.752464] kthread+0x337/0x6f0 [ 29.752484] ? trace_preempt_on+0x20/0xc0 [ 29.752508] ? __pfx_kthread+0x10/0x10 [ 29.752530] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.752554] ? calculate_sigpending+0x7b/0xa0 [ 29.752589] ? __pfx_kthread+0x10/0x10 [ 29.752611] ret_from_fork+0x116/0x1d0 [ 29.752631] ? __pfx_kthread+0x10/0x10 [ 29.752653] ret_from_fork_asm+0x1a/0x30 [ 29.752686] </TASK> [ 29.752698] [ 29.761509] Allocated by task 313: [ 29.762513] kasan_save_stack+0x45/0x70 [ 29.763054] kasan_save_track+0x18/0x40 [ 29.763699] kasan_save_alloc_info+0x3b/0x50 [ 29.764185] __kasan_kmalloc+0xb7/0xc0 [ 29.764376] __kmalloc_cache_noprof+0x189/0x420 [ 29.764595] kasan_atomics+0x95/0x310 [ 29.764743] kunit_try_run_case+0x1a5/0x480 [ 29.765606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.766317] kthread+0x337/0x6f0 [ 29.766475] ret_from_fork+0x116/0x1d0 [ 29.766644] ret_from_fork_asm+0x1a/0x30 [ 29.766780] [ 29.767468] The buggy address belongs to the object at ffff888106038600 [ 29.767468] which belongs to the cache kmalloc-64 of size 64 [ 29.768722] The buggy address is located 0 bytes to the right of [ 29.768722] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.769644] [ 29.769754] The buggy address belongs to the physical page: [ 29.770014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.770678] flags: 0x200000000000000(node=0|zone=2) [ 29.771185] page_type: f5(slab) [ 29.771371] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.771980] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.772427] page dumped because: kasan: bad access detected [ 29.772774] [ 29.773134] Memory state around the buggy address: [ 29.773314] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.773740] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.774439] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.775053] ^ [ 29.775296] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.775616] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.776168] ================================================================== [ 29.855092] ================================================================== [ 29.855450] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 29.855725] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.856679] [ 29.856832] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.856888] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.856904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.856928] Call Trace: [ 29.856949] <TASK> [ 29.856970] dump_stack_lvl+0x73/0xb0 [ 29.857013] print_report+0xd1/0x640 [ 29.857037] ? __virt_addr_valid+0x1db/0x2d0 [ 29.857062] ? kasan_atomics_helper+0xde0/0x5450 [ 29.857084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.857311] ? kasan_atomics_helper+0xde0/0x5450 [ 29.857339] kasan_report+0x141/0x180 [ 29.857364] ? kasan_atomics_helper+0xde0/0x5450 [ 29.857391] kasan_check_range+0x10c/0x1c0 [ 29.857417] __kasan_check_write+0x18/0x20 [ 29.857441] kasan_atomics_helper+0xde0/0x5450 [ 29.857465] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.857487] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.857513] ? kasan_atomics+0x152/0x310 [ 29.857541] kasan_atomics+0x1dc/0x310 [ 29.857564] ? __pfx_kasan_atomics+0x10/0x10 [ 29.857603] ? __pfx_read_tsc+0x10/0x10 [ 29.857626] ? ktime_get_ts64+0x86/0x230 [ 29.857652] kunit_try_run_case+0x1a5/0x480 [ 29.857677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.857700] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.857727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.857753] ? __kthread_parkme+0x82/0x180 [ 29.857775] ? preempt_count_sub+0x50/0x80 [ 29.857809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.857835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.857860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.857885] kthread+0x337/0x6f0 [ 29.857905] ? trace_preempt_on+0x20/0xc0 [ 29.857942] ? __pfx_kthread+0x10/0x10 [ 29.857963] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.857989] ? calculate_sigpending+0x7b/0xa0 [ 29.858015] ? __pfx_kthread+0x10/0x10 [ 29.858039] ret_from_fork+0x116/0x1d0 [ 29.858061] ? __pfx_kthread+0x10/0x10 [ 29.858082] ret_from_fork_asm+0x1a/0x30 [ 29.858116] </TASK> [ 29.858127] [ 29.870346] Allocated by task 313: [ 29.870529] kasan_save_stack+0x45/0x70 [ 29.870757] kasan_save_track+0x18/0x40 [ 29.870977] kasan_save_alloc_info+0x3b/0x50 [ 29.871433] __kasan_kmalloc+0xb7/0xc0 [ 29.872037] __kmalloc_cache_noprof+0x189/0x420 [ 29.872468] kasan_atomics+0x95/0x310 [ 29.872685] kunit_try_run_case+0x1a5/0x480 [ 29.873069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.873430] kthread+0x337/0x6f0 [ 29.873635] ret_from_fork+0x116/0x1d0 [ 29.874050] ret_from_fork_asm+0x1a/0x30 [ 29.874250] [ 29.874340] The buggy address belongs to the object at ffff888106038600 [ 29.874340] which belongs to the cache kmalloc-64 of size 64 [ 29.875202] The buggy address is located 0 bytes to the right of [ 29.875202] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.876026] [ 29.876107] The buggy address belongs to the physical page: [ 29.876373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.877303] flags: 0x200000000000000(node=0|zone=2) [ 29.877486] page_type: f5(slab) [ 29.877697] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.878314] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.878684] page dumped because: kasan: bad access detected [ 29.879049] [ 29.879150] Memory state around the buggy address: [ 29.879490] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.879794] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.880321] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.880656] ^ [ 29.881009] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.881367] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.881807] ================================================================== [ 30.382041] ================================================================== [ 30.382358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 30.382689] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.383652] [ 30.383761] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.383829] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.383846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.383869] Call Trace: [ 30.383891] <TASK> [ 30.383915] dump_stack_lvl+0x73/0xb0 [ 30.384131] print_report+0xd1/0x640 [ 30.384204] ? __virt_addr_valid+0x1db/0x2d0 [ 30.384231] ? kasan_atomics_helper+0x177f/0x5450 [ 30.384265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.384293] ? kasan_atomics_helper+0x177f/0x5450 [ 30.384316] kasan_report+0x141/0x180 [ 30.384339] ? kasan_atomics_helper+0x177f/0x5450 [ 30.384366] kasan_check_range+0x10c/0x1c0 [ 30.384390] __kasan_check_write+0x18/0x20 [ 30.384415] kasan_atomics_helper+0x177f/0x5450 [ 30.384439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.384461] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.384488] ? kasan_atomics+0x152/0x310 [ 30.384515] kasan_atomics+0x1dc/0x310 [ 30.384538] ? __pfx_kasan_atomics+0x10/0x10 [ 30.384563] ? __pfx_read_tsc+0x10/0x10 [ 30.384596] ? ktime_get_ts64+0x86/0x230 [ 30.384622] kunit_try_run_case+0x1a5/0x480 [ 30.384649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.384672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.384699] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.384725] ? __kthread_parkme+0x82/0x180 [ 30.384746] ? preempt_count_sub+0x50/0x80 [ 30.384771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.385018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.385047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.385072] kthread+0x337/0x6f0 [ 30.385095] ? trace_preempt_on+0x20/0xc0 [ 30.385120] ? __pfx_kthread+0x10/0x10 [ 30.385142] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.385167] ? calculate_sigpending+0x7b/0xa0 [ 30.385192] ? __pfx_kthread+0x10/0x10 [ 30.385214] ret_from_fork+0x116/0x1d0 [ 30.385235] ? __pfx_kthread+0x10/0x10 [ 30.385257] ret_from_fork_asm+0x1a/0x30 [ 30.385292] </TASK> [ 30.385305] [ 30.397219] Allocated by task 313: [ 30.397453] kasan_save_stack+0x45/0x70 [ 30.397702] kasan_save_track+0x18/0x40 [ 30.397953] kasan_save_alloc_info+0x3b/0x50 [ 30.398148] __kasan_kmalloc+0xb7/0xc0 [ 30.398321] __kmalloc_cache_noprof+0x189/0x420 [ 30.398510] kasan_atomics+0x95/0x310 [ 30.398680] kunit_try_run_case+0x1a5/0x480 [ 30.398951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.399199] kthread+0x337/0x6f0 [ 30.399453] ret_from_fork+0x116/0x1d0 [ 30.399591] ret_from_fork_asm+0x1a/0x30 [ 30.399724] [ 30.399790] The buggy address belongs to the object at ffff888106038600 [ 30.399790] which belongs to the cache kmalloc-64 of size 64 [ 30.400359] The buggy address is located 0 bytes to the right of [ 30.400359] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.400977] [ 30.401071] The buggy address belongs to the physical page: [ 30.401244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.401609] flags: 0x200000000000000(node=0|zone=2) [ 30.401838] page_type: f5(slab) [ 30.402299] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.402550] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.403047] page dumped because: kasan: bad access detected [ 30.403329] [ 30.403420] Memory state around the buggy address: [ 30.403652] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.404094] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.404389] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.404705] ^ [ 30.404948] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.405426] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.405639] ================================================================== [ 30.459462] ================================================================== [ 30.460323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 30.460671] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.461253] [ 30.461433] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.461489] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.461504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.461528] Call Trace: [ 30.461549] <TASK> [ 30.461570] dump_stack_lvl+0x73/0xb0 [ 30.461613] print_report+0xd1/0x640 [ 30.461637] ? __virt_addr_valid+0x1db/0x2d0 [ 30.461663] ? kasan_atomics_helper+0x194a/0x5450 [ 30.461685] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.461711] ? kasan_atomics_helper+0x194a/0x5450 [ 30.461734] kasan_report+0x141/0x180 [ 30.461756] ? kasan_atomics_helper+0x194a/0x5450 [ 30.461861] kasan_check_range+0x10c/0x1c0 [ 30.461893] __kasan_check_write+0x18/0x20 [ 30.461916] kasan_atomics_helper+0x194a/0x5450 [ 30.461941] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.461973] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.461998] ? kasan_atomics+0x152/0x310 [ 30.462025] kasan_atomics+0x1dc/0x310 [ 30.462049] ? __pfx_kasan_atomics+0x10/0x10 [ 30.462075] ? __pfx_read_tsc+0x10/0x10 [ 30.462098] ? ktime_get_ts64+0x86/0x230 [ 30.462126] kunit_try_run_case+0x1a5/0x480 [ 30.462154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.462177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.462204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.462230] ? __kthread_parkme+0x82/0x180 [ 30.462252] ? preempt_count_sub+0x50/0x80 [ 30.462276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.462301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.462326] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.462350] kthread+0x337/0x6f0 [ 30.462371] ? trace_preempt_on+0x20/0xc0 [ 30.462396] ? __pfx_kthread+0x10/0x10 [ 30.462417] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.462441] ? calculate_sigpending+0x7b/0xa0 [ 30.462466] ? __pfx_kthread+0x10/0x10 [ 30.462488] ret_from_fork+0x116/0x1d0 [ 30.462508] ? __pfx_kthread+0x10/0x10 [ 30.462530] ret_from_fork_asm+0x1a/0x30 [ 30.462563] </TASK> [ 30.462588] [ 30.475406] Allocated by task 313: [ 30.475551] kasan_save_stack+0x45/0x70 [ 30.475731] kasan_save_track+0x18/0x40 [ 30.476339] kasan_save_alloc_info+0x3b/0x50 [ 30.476537] __kasan_kmalloc+0xb7/0xc0 [ 30.476720] __kmalloc_cache_noprof+0x189/0x420 [ 30.476921] kasan_atomics+0x95/0x310 [ 30.477271] kunit_try_run_case+0x1a5/0x480 [ 30.477460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.477684] kthread+0x337/0x6f0 [ 30.477962] ret_from_fork+0x116/0x1d0 [ 30.478100] ret_from_fork_asm+0x1a/0x30 [ 30.478292] [ 30.478376] The buggy address belongs to the object at ffff888106038600 [ 30.478376] which belongs to the cache kmalloc-64 of size 64 [ 30.478738] The buggy address is located 0 bytes to the right of [ 30.478738] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.479285] [ 30.479385] The buggy address belongs to the physical page: [ 30.479695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.480374] flags: 0x200000000000000(node=0|zone=2) [ 30.480608] page_type: f5(slab) [ 30.480772] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.481557] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.482507] page dumped because: kasan: bad access detected [ 30.482699] [ 30.482768] Memory state around the buggy address: [ 30.482932] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.483143] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.483360] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.483566] ^ [ 30.484690] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.485782] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.486788] ================================================================== [ 30.106903] ================================================================== [ 30.107528] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 30.108009] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.108316] [ 30.108403] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.108637] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.108652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.108695] Call Trace: [ 30.108708] <TASK> [ 30.108727] dump_stack_lvl+0x73/0xb0 [ 30.108934] print_report+0xd1/0x640 [ 30.108962] ? __virt_addr_valid+0x1db/0x2d0 [ 30.108989] ? kasan_atomics_helper+0x49e8/0x5450 [ 30.109011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.109038] ? kasan_atomics_helper+0x49e8/0x5450 [ 30.109061] kasan_report+0x141/0x180 [ 30.109106] ? kasan_atomics_helper+0x49e8/0x5450 [ 30.109134] __asan_report_load4_noabort+0x18/0x20 [ 30.109158] kasan_atomics_helper+0x49e8/0x5450 [ 30.109181] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.109204] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.109230] ? kasan_atomics+0x152/0x310 [ 30.109257] kasan_atomics+0x1dc/0x310 [ 30.109282] ? __pfx_kasan_atomics+0x10/0x10 [ 30.109308] ? __pfx_read_tsc+0x10/0x10 [ 30.109331] ? ktime_get_ts64+0x86/0x230 [ 30.109375] kunit_try_run_case+0x1a5/0x480 [ 30.109401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.109425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.109452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.109479] ? __kthread_parkme+0x82/0x180 [ 30.109501] ? preempt_count_sub+0x50/0x80 [ 30.109525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.109565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.109601] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.109641] kthread+0x337/0x6f0 [ 30.109663] ? trace_preempt_on+0x20/0xc0 [ 30.109703] ? __pfx_kthread+0x10/0x10 [ 30.109727] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.109753] ? calculate_sigpending+0x7b/0xa0 [ 30.109880] ? __pfx_kthread+0x10/0x10 [ 30.109906] ret_from_fork+0x116/0x1d0 [ 30.109927] ? __pfx_kthread+0x10/0x10 [ 30.109950] ret_from_fork_asm+0x1a/0x30 [ 30.109984] </TASK> [ 30.109996] [ 30.118702] Allocated by task 313: [ 30.118859] kasan_save_stack+0x45/0x70 [ 30.119184] kasan_save_track+0x18/0x40 [ 30.119608] kasan_save_alloc_info+0x3b/0x50 [ 30.119811] __kasan_kmalloc+0xb7/0xc0 [ 30.120076] __kmalloc_cache_noprof+0x189/0x420 [ 30.120302] kasan_atomics+0x95/0x310 [ 30.120485] kunit_try_run_case+0x1a5/0x480 [ 30.120700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.120946] kthread+0x337/0x6f0 [ 30.121160] ret_from_fork+0x116/0x1d0 [ 30.121288] ret_from_fork_asm+0x1a/0x30 [ 30.121587] [ 30.121704] The buggy address belongs to the object at ffff888106038600 [ 30.121704] which belongs to the cache kmalloc-64 of size 64 [ 30.122507] The buggy address is located 0 bytes to the right of [ 30.122507] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.123233] [ 30.123338] The buggy address belongs to the physical page: [ 30.123608] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.124056] flags: 0x200000000000000(node=0|zone=2) [ 30.124285] page_type: f5(slab) [ 30.124420] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.124755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.125205] page dumped because: kasan: bad access detected [ 30.125443] [ 30.125530] Memory state around the buggy address: [ 30.125739] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.126040] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.126337] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.126649] ^ [ 30.126998] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127277] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127474] ================================================================== [ 29.475009] ================================================================== [ 29.475274] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 29.476114] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.476665] [ 29.476874] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.477007] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.477023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.477048] Call Trace: [ 29.477068] <TASK> [ 29.477089] dump_stack_lvl+0x73/0xb0 [ 29.477120] print_report+0xd1/0x640 [ 29.477143] ? __virt_addr_valid+0x1db/0x2d0 [ 29.477169] ? kasan_atomics_helper+0x4a0/0x5450 [ 29.477191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.477219] ? kasan_atomics_helper+0x4a0/0x5450 [ 29.477242] kasan_report+0x141/0x180 [ 29.477266] ? kasan_atomics_helper+0x4a0/0x5450 [ 29.477295] kasan_check_range+0x10c/0x1c0 [ 29.477321] __kasan_check_write+0x18/0x20 [ 29.477349] kasan_atomics_helper+0x4a0/0x5450 [ 29.477373] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.477397] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.477424] ? kasan_atomics+0x152/0x310 [ 29.477452] kasan_atomics+0x1dc/0x310 [ 29.477476] ? __pfx_kasan_atomics+0x10/0x10 [ 29.477501] ? __pfx_read_tsc+0x10/0x10 [ 29.477525] ? ktime_get_ts64+0x86/0x230 [ 29.477552] kunit_try_run_case+0x1a5/0x480 [ 29.477594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.477620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.477680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.477707] ? __kthread_parkme+0x82/0x180 [ 29.477728] ? preempt_count_sub+0x50/0x80 [ 29.477753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.477794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.477820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.477846] kthread+0x337/0x6f0 [ 29.477868] ? trace_preempt_on+0x20/0xc0 [ 29.477893] ? __pfx_kthread+0x10/0x10 [ 29.477914] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.477940] ? calculate_sigpending+0x7b/0xa0 [ 29.477971] ? __pfx_kthread+0x10/0x10 [ 29.477993] ret_from_fork+0x116/0x1d0 [ 29.478014] ? __pfx_kthread+0x10/0x10 [ 29.478035] ret_from_fork_asm+0x1a/0x30 [ 29.478068] </TASK> [ 29.478079] [ 29.489338] Allocated by task 313: [ 29.489687] kasan_save_stack+0x45/0x70 [ 29.490070] kasan_save_track+0x18/0x40 [ 29.490219] kasan_save_alloc_info+0x3b/0x50 [ 29.490493] __kasan_kmalloc+0xb7/0xc0 [ 29.490803] __kmalloc_cache_noprof+0x189/0x420 [ 29.491181] kasan_atomics+0x95/0x310 [ 29.491398] kunit_try_run_case+0x1a5/0x480 [ 29.491547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.491810] kthread+0x337/0x6f0 [ 29.492309] ret_from_fork+0x116/0x1d0 [ 29.492584] ret_from_fork_asm+0x1a/0x30 [ 29.492752] [ 29.493010] The buggy address belongs to the object at ffff888106038600 [ 29.493010] which belongs to the cache kmalloc-64 of size 64 [ 29.493728] The buggy address is located 0 bytes to the right of [ 29.493728] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.494243] [ 29.494339] The buggy address belongs to the physical page: [ 29.494595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.495444] flags: 0x200000000000000(node=0|zone=2) [ 29.495780] page_type: f5(slab) [ 29.496151] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.496533] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.497012] page dumped because: kasan: bad access detected [ 29.497187] [ 29.497435] Memory state around the buggy address: [ 29.497638] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.498133] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.498380] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.498859] ^ [ 29.499354] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.499767] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.500035] ================================================================== [ 29.776808] ================================================================== [ 29.777694] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 29.778146] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.778727] [ 29.778855] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.778910] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.778927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.778950] Call Trace: [ 29.778971] <TASK> [ 29.778993] dump_stack_lvl+0x73/0xb0 [ 29.779022] print_report+0xd1/0x640 [ 29.779047] ? __virt_addr_valid+0x1db/0x2d0 [ 29.779072] ? kasan_atomics_helper+0xc70/0x5450 [ 29.779093] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.779120] ? kasan_atomics_helper+0xc70/0x5450 [ 29.779142] kasan_report+0x141/0x180 [ 29.779166] ? kasan_atomics_helper+0xc70/0x5450 [ 29.779192] kasan_check_range+0x10c/0x1c0 [ 29.779216] __kasan_check_write+0x18/0x20 [ 29.779240] kasan_atomics_helper+0xc70/0x5450 [ 29.779270] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.779292] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.779318] ? kasan_atomics+0x152/0x310 [ 29.779345] kasan_atomics+0x1dc/0x310 [ 29.779369] ? __pfx_kasan_atomics+0x10/0x10 [ 29.779393] ? __pfx_read_tsc+0x10/0x10 [ 29.779416] ? ktime_get_ts64+0x86/0x230 [ 29.779442] kunit_try_run_case+0x1a5/0x480 [ 29.779468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.779491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.779517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.779544] ? __kthread_parkme+0x82/0x180 [ 29.779566] ? preempt_count_sub+0x50/0x80 [ 29.779792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.779824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.779851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.779875] kthread+0x337/0x6f0 [ 29.779897] ? trace_preempt_on+0x20/0xc0 [ 29.779937] ? __pfx_kthread+0x10/0x10 [ 29.779958] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.779984] ? calculate_sigpending+0x7b/0xa0 [ 29.780009] ? __pfx_kthread+0x10/0x10 [ 29.780031] ret_from_fork+0x116/0x1d0 [ 29.780052] ? __pfx_kthread+0x10/0x10 [ 29.780073] ret_from_fork_asm+0x1a/0x30 [ 29.780106] </TASK> [ 29.780119] [ 29.790960] Allocated by task 313: [ 29.791347] kasan_save_stack+0x45/0x70 [ 29.791501] kasan_save_track+0x18/0x40 [ 29.791676] kasan_save_alloc_info+0x3b/0x50 [ 29.792092] __kasan_kmalloc+0xb7/0xc0 [ 29.792267] __kmalloc_cache_noprof+0x189/0x420 [ 29.792521] kasan_atomics+0x95/0x310 [ 29.792713] kunit_try_run_case+0x1a5/0x480 [ 29.792891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.793366] kthread+0x337/0x6f0 [ 29.793607] ret_from_fork+0x116/0x1d0 [ 29.793936] ret_from_fork_asm+0x1a/0x30 [ 29.794296] [ 29.794402] The buggy address belongs to the object at ffff888106038600 [ 29.794402] which belongs to the cache kmalloc-64 of size 64 [ 29.794967] The buggy address is located 0 bytes to the right of [ 29.794967] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.795775] [ 29.796029] The buggy address belongs to the physical page: [ 29.796287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.796621] flags: 0x200000000000000(node=0|zone=2) [ 29.797016] page_type: f5(slab) [ 29.797287] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.797723] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.798202] page dumped because: kasan: bad access detected [ 29.798420] [ 29.798515] Memory state around the buggy address: [ 29.798817] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.799260] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.799506] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.800025] ^ [ 29.800211] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.800659] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.801055] ================================================================== [ 30.488079] ================================================================== [ 30.489557] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 30.490790] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.491724] [ 30.492031] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.492092] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.492108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.492246] Call Trace: [ 30.492286] <TASK> [ 30.492309] dump_stack_lvl+0x73/0xb0 [ 30.492391] print_report+0xd1/0x640 [ 30.492418] ? __virt_addr_valid+0x1db/0x2d0 [ 30.492444] ? kasan_atomics_helper+0x19e3/0x5450 [ 30.492468] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.492496] ? kasan_atomics_helper+0x19e3/0x5450 [ 30.492519] kasan_report+0x141/0x180 [ 30.492542] ? kasan_atomics_helper+0x19e3/0x5450 [ 30.492569] kasan_check_range+0x10c/0x1c0 [ 30.492605] __kasan_check_write+0x18/0x20 [ 30.492631] kasan_atomics_helper+0x19e3/0x5450 [ 30.492654] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.492676] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.492702] ? kasan_atomics+0x152/0x310 [ 30.492730] kasan_atomics+0x1dc/0x310 [ 30.492753] ? __pfx_kasan_atomics+0x10/0x10 [ 30.492777] ? __pfx_read_tsc+0x10/0x10 [ 30.492807] ? ktime_get_ts64+0x86/0x230 [ 30.492834] kunit_try_run_case+0x1a5/0x480 [ 30.492860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.492885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.492911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.492937] ? __kthread_parkme+0x82/0x180 [ 30.492959] ? preempt_count_sub+0x50/0x80 [ 30.492984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.493009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.493034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.493059] kthread+0x337/0x6f0 [ 30.493080] ? trace_preempt_on+0x20/0xc0 [ 30.493105] ? __pfx_kthread+0x10/0x10 [ 30.493127] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.493151] ? calculate_sigpending+0x7b/0xa0 [ 30.493176] ? __pfx_kthread+0x10/0x10 [ 30.493198] ret_from_fork+0x116/0x1d0 [ 30.493219] ? __pfx_kthread+0x10/0x10 [ 30.493240] ret_from_fork_asm+0x1a/0x30 [ 30.493274] </TASK> [ 30.493286] [ 30.510645] Allocated by task 313: [ 30.510806] kasan_save_stack+0x45/0x70 [ 30.510965] kasan_save_track+0x18/0x40 [ 30.511830] kasan_save_alloc_info+0x3b/0x50 [ 30.512527] __kasan_kmalloc+0xb7/0xc0 [ 30.512992] __kmalloc_cache_noprof+0x189/0x420 [ 30.513659] kasan_atomics+0x95/0x310 [ 30.514222] kunit_try_run_case+0x1a5/0x480 [ 30.514830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.515479] kthread+0x337/0x6f0 [ 30.516017] ret_from_fork+0x116/0x1d0 [ 30.516193] ret_from_fork_asm+0x1a/0x30 [ 30.516334] [ 30.516403] The buggy address belongs to the object at ffff888106038600 [ 30.516403] which belongs to the cache kmalloc-64 of size 64 [ 30.516771] The buggy address is located 0 bytes to the right of [ 30.516771] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.517593] [ 30.517666] The buggy address belongs to the physical page: [ 30.517880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.518374] flags: 0x200000000000000(node=0|zone=2) [ 30.518880] page_type: f5(slab) [ 30.519032] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.519789] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.520334] page dumped because: kasan: bad access detected [ 30.520692] [ 30.520907] Memory state around the buggy address: [ 30.521247] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.521680] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.521934] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.522659] ^ [ 30.522821] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.523371] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.524042] ================================================================== [ 30.879021] ================================================================== [ 30.879303] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 30.880014] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.880284] [ 30.880674] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.880735] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.880752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.880776] Call Trace: [ 30.880797] <TASK> [ 30.880926] dump_stack_lvl+0x73/0xb0 [ 30.880966] print_report+0xd1/0x640 [ 30.880990] ? __virt_addr_valid+0x1db/0x2d0 [ 30.881017] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.881039] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.881065] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.881088] kasan_report+0x141/0x180 [ 30.881111] ? kasan_atomics_helper+0x4fb2/0x5450 [ 30.881138] __asan_report_load8_noabort+0x18/0x20 [ 30.881163] kasan_atomics_helper+0x4fb2/0x5450 [ 30.881188] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.881210] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.881237] ? kasan_atomics+0x152/0x310 [ 30.881264] kasan_atomics+0x1dc/0x310 [ 30.881287] ? __pfx_kasan_atomics+0x10/0x10 [ 30.881312] ? __pfx_read_tsc+0x10/0x10 [ 30.881335] ? ktime_get_ts64+0x86/0x230 [ 30.881361] kunit_try_run_case+0x1a5/0x480 [ 30.881388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.881412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.881439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.881465] ? __kthread_parkme+0x82/0x180 [ 30.881486] ? preempt_count_sub+0x50/0x80 [ 30.881510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.881537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.881561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.881595] kthread+0x337/0x6f0 [ 30.881616] ? trace_preempt_on+0x20/0xc0 [ 30.881641] ? __pfx_kthread+0x10/0x10 [ 30.881662] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.881686] ? calculate_sigpending+0x7b/0xa0 [ 30.881711] ? __pfx_kthread+0x10/0x10 [ 30.881733] ret_from_fork+0x116/0x1d0 [ 30.881752] ? __pfx_kthread+0x10/0x10 [ 30.881774] ret_from_fork_asm+0x1a/0x30 [ 30.881807] </TASK> [ 30.881820] [ 30.892469] Allocated by task 313: [ 30.892791] kasan_save_stack+0x45/0x70 [ 30.893234] kasan_save_track+0x18/0x40 [ 30.893560] kasan_save_alloc_info+0x3b/0x50 [ 30.893765] __kasan_kmalloc+0xb7/0xc0 [ 30.894127] __kmalloc_cache_noprof+0x189/0x420 [ 30.894357] kasan_atomics+0x95/0x310 [ 30.894677] kunit_try_run_case+0x1a5/0x480 [ 30.894962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.895316] kthread+0x337/0x6f0 [ 30.895449] ret_from_fork+0x116/0x1d0 [ 30.895668] ret_from_fork_asm+0x1a/0x30 [ 30.896054] [ 30.896145] The buggy address belongs to the object at ffff888106038600 [ 30.896145] which belongs to the cache kmalloc-64 of size 64 [ 30.896835] The buggy address is located 0 bytes to the right of [ 30.896835] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.897237] [ 30.897312] The buggy address belongs to the physical page: [ 30.897490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.897742] flags: 0x200000000000000(node=0|zone=2) [ 30.897904] page_type: f5(slab) [ 30.898024] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.898249] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.898471] page dumped because: kasan: bad access detected [ 30.898781] [ 30.898934] Memory state around the buggy address: [ 30.899359] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.899988] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.900828] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.901617] ^ [ 30.902073] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.902706] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.903391] ================================================================== [ 30.958610] ================================================================== [ 30.959023] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 30.959312] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.959648] [ 30.959739] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.959792] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.959806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.959830] Call Trace: [ 30.959850] <TASK> [ 30.959872] dump_stack_lvl+0x73/0xb0 [ 30.959900] print_report+0xd1/0x640 [ 30.959925] ? __virt_addr_valid+0x1db/0x2d0 [ 30.959951] ? kasan_atomics_helper+0x5115/0x5450 [ 30.959973] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.960000] ? kasan_atomics_helper+0x5115/0x5450 [ 30.960023] kasan_report+0x141/0x180 [ 30.960046] ? kasan_atomics_helper+0x5115/0x5450 [ 30.960073] __asan_report_load8_noabort+0x18/0x20 [ 30.960098] kasan_atomics_helper+0x5115/0x5450 [ 30.960122] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.960145] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.960171] ? kasan_atomics+0x152/0x310 [ 30.960198] kasan_atomics+0x1dc/0x310 [ 30.960221] ? __pfx_kasan_atomics+0x10/0x10 [ 30.960246] ? __pfx_read_tsc+0x10/0x10 [ 30.960269] ? ktime_get_ts64+0x86/0x230 [ 30.960296] kunit_try_run_case+0x1a5/0x480 [ 30.960322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.960345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.960374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.960399] ? __kthread_parkme+0x82/0x180 [ 30.960421] ? preempt_count_sub+0x50/0x80 [ 30.960445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.960469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.960493] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.960517] kthread+0x337/0x6f0 [ 30.960539] ? trace_preempt_on+0x20/0xc0 [ 30.960563] ? __pfx_kthread+0x10/0x10 [ 30.960596] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.960619] ? calculate_sigpending+0x7b/0xa0 [ 30.960644] ? __pfx_kthread+0x10/0x10 [ 30.960667] ret_from_fork+0x116/0x1d0 [ 30.960699] ? __pfx_kthread+0x10/0x10 [ 30.960720] ret_from_fork_asm+0x1a/0x30 [ 30.960755] </TASK> [ 30.960767] [ 30.968188] Allocated by task 313: [ 30.968357] kasan_save_stack+0x45/0x70 [ 30.968548] kasan_save_track+0x18/0x40 [ 30.968719] kasan_save_alloc_info+0x3b/0x50 [ 30.968909] __kasan_kmalloc+0xb7/0xc0 [ 30.969083] __kmalloc_cache_noprof+0x189/0x420 [ 30.969284] kasan_atomics+0x95/0x310 [ 30.969462] kunit_try_run_case+0x1a5/0x480 [ 30.969641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.969880] kthread+0x337/0x6f0 [ 30.970047] ret_from_fork+0x116/0x1d0 [ 30.970208] ret_from_fork_asm+0x1a/0x30 [ 30.970370] [ 30.970460] The buggy address belongs to the object at ffff888106038600 [ 30.970460] which belongs to the cache kmalloc-64 of size 64 [ 30.970884] The buggy address is located 0 bytes to the right of [ 30.970884] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.971241] [ 30.971316] The buggy address belongs to the physical page: [ 30.971488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.971816] flags: 0x200000000000000(node=0|zone=2) [ 30.972219] page_type: f5(slab) [ 30.972384] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.972722] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.973070] page dumped because: kasan: bad access detected [ 30.973237] [ 30.973300] Memory state around the buggy address: [ 30.973450] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.973668] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.973991] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.974303] ^ [ 30.974523] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.974838] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.975475] ================================================================== [ 29.678988] ================================================================== [ 29.679294] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 29.679524] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.679754] [ 29.679898] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.679976] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.680015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.680061] Call Trace: [ 29.680102] <TASK> [ 29.680142] dump_stack_lvl+0x73/0xb0 [ 29.680193] print_report+0xd1/0x640 [ 29.680258] ? __virt_addr_valid+0x1db/0x2d0 [ 29.680284] ? kasan_atomics_helper+0x992/0x5450 [ 29.680522] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.680555] ? kasan_atomics_helper+0x992/0x5450 [ 29.680591] kasan_report+0x141/0x180 [ 29.680615] ? kasan_atomics_helper+0x992/0x5450 [ 29.680642] kasan_check_range+0x10c/0x1c0 [ 29.680667] __kasan_check_write+0x18/0x20 [ 29.680692] kasan_atomics_helper+0x992/0x5450 [ 29.680715] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.680739] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.680766] ? kasan_atomics+0x152/0x310 [ 29.680793] kasan_atomics+0x1dc/0x310 [ 29.680866] ? __pfx_kasan_atomics+0x10/0x10 [ 29.680893] ? __pfx_read_tsc+0x10/0x10 [ 29.680925] ? ktime_get_ts64+0x86/0x230 [ 29.680951] kunit_try_run_case+0x1a5/0x480 [ 29.680977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.681042] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.681070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.681096] ? __kthread_parkme+0x82/0x180 [ 29.681119] ? preempt_count_sub+0x50/0x80 [ 29.681144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.681169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.681194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.681218] kthread+0x337/0x6f0 [ 29.681238] ? trace_preempt_on+0x20/0xc0 [ 29.681264] ? __pfx_kthread+0x10/0x10 [ 29.681285] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.681309] ? calculate_sigpending+0x7b/0xa0 [ 29.681333] ? __pfx_kthread+0x10/0x10 [ 29.681355] ret_from_fork+0x116/0x1d0 [ 29.681375] ? __pfx_kthread+0x10/0x10 [ 29.681396] ret_from_fork_asm+0x1a/0x30 [ 29.681428] </TASK> [ 29.681441] [ 29.689029] Allocated by task 313: [ 29.689208] kasan_save_stack+0x45/0x70 [ 29.689474] kasan_save_track+0x18/0x40 [ 29.689673] kasan_save_alloc_info+0x3b/0x50 [ 29.689873] __kasan_kmalloc+0xb7/0xc0 [ 29.690259] __kmalloc_cache_noprof+0x189/0x420 [ 29.690592] kasan_atomics+0x95/0x310 [ 29.690729] kunit_try_run_case+0x1a5/0x480 [ 29.691194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.691466] kthread+0x337/0x6f0 [ 29.691651] ret_from_fork+0x116/0x1d0 [ 29.691984] ret_from_fork_asm+0x1a/0x30 [ 29.692198] [ 29.692264] The buggy address belongs to the object at ffff888106038600 [ 29.692264] which belongs to the cache kmalloc-64 of size 64 [ 29.692796] The buggy address is located 0 bytes to the right of [ 29.692796] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.693371] [ 29.693444] The buggy address belongs to the physical page: [ 29.693625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.693855] flags: 0x200000000000000(node=0|zone=2) [ 29.694008] page_type: f5(slab) [ 29.694233] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.694762] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.695217] page dumped because: kasan: bad access detected [ 29.695380] [ 29.695442] Memory state around the buggy address: [ 29.695599] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.695797] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.696507] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.696831] ^ [ 29.697374] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.697729] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.698145] ================================================================== [ 29.367128] ================================================================== [ 29.367559] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 29.368270] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.368979] [ 29.369170] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.369223] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.369238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.369261] Call Trace: [ 29.369276] <TASK> [ 29.369294] dump_stack_lvl+0x73/0xb0 [ 29.369323] print_report+0xd1/0x640 [ 29.369347] ? __virt_addr_valid+0x1db/0x2d0 [ 29.369372] ? kasan_atomics_helper+0x4b88/0x5450 [ 29.369397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.369424] ? kasan_atomics_helper+0x4b88/0x5450 [ 29.369695] kasan_report+0x141/0x180 [ 29.369724] ? kasan_atomics_helper+0x4b88/0x5450 [ 29.369756] __asan_report_load4_noabort+0x18/0x20 [ 29.369794] kasan_atomics_helper+0x4b88/0x5450 [ 29.369820] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.369844] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.369872] ? kasan_atomics+0x152/0x310 [ 29.369899] kasan_atomics+0x1dc/0x310 [ 29.370091] ? __pfx_kasan_atomics+0x10/0x10 [ 29.370126] ? __pfx_read_tsc+0x10/0x10 [ 29.370152] ? ktime_get_ts64+0x86/0x230 [ 29.370179] kunit_try_run_case+0x1a5/0x480 [ 29.370206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.370230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.370256] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.370284] ? __kthread_parkme+0x82/0x180 [ 29.370305] ? preempt_count_sub+0x50/0x80 [ 29.370329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.370354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.370379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.370404] kthread+0x337/0x6f0 [ 29.370424] ? trace_preempt_on+0x20/0xc0 [ 29.370449] ? __pfx_kthread+0x10/0x10 [ 29.370470] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.370494] ? calculate_sigpending+0x7b/0xa0 [ 29.370518] ? __pfx_kthread+0x10/0x10 [ 29.370540] ret_from_fork+0x116/0x1d0 [ 29.370560] ? __pfx_kthread+0x10/0x10 [ 29.370594] ret_from_fork_asm+0x1a/0x30 [ 29.370626] </TASK> [ 29.370638] [ 29.385005] Allocated by task 313: [ 29.385417] kasan_save_stack+0x45/0x70 [ 29.385754] kasan_save_track+0x18/0x40 [ 29.386087] kasan_save_alloc_info+0x3b/0x50 [ 29.386304] __kasan_kmalloc+0xb7/0xc0 [ 29.386480] __kmalloc_cache_noprof+0x189/0x420 [ 29.386689] kasan_atomics+0x95/0x310 [ 29.387217] kunit_try_run_case+0x1a5/0x480 [ 29.387493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.387960] kthread+0x337/0x6f0 [ 29.388294] ret_from_fork+0x116/0x1d0 [ 29.388647] ret_from_fork_asm+0x1a/0x30 [ 29.389008] [ 29.389125] The buggy address belongs to the object at ffff888106038600 [ 29.389125] which belongs to the cache kmalloc-64 of size 64 [ 29.389614] The buggy address is located 0 bytes to the right of [ 29.389614] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.390543] [ 29.390788] The buggy address belongs to the physical page: [ 29.391343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.391697] flags: 0x200000000000000(node=0|zone=2) [ 29.392121] page_type: f5(slab) [ 29.392432] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.393213] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.393525] page dumped because: kasan: bad access detected [ 29.393773] [ 29.393859] Memory state around the buggy address: [ 29.394425] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.395112] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.395635] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.396291] ^ [ 29.396516] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.397014] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.397479] ================================================================== [ 29.422183] ================================================================== [ 29.423134] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 29.423432] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.423750] [ 29.423938] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.423991] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.424007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.424031] Call Trace: [ 29.424052] <TASK> [ 29.424072] dump_stack_lvl+0x73/0xb0 [ 29.424102] print_report+0xd1/0x640 [ 29.424127] ? __virt_addr_valid+0x1db/0x2d0 [ 29.424152] ? kasan_atomics_helper+0x3df/0x5450 [ 29.424174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.424201] ? kasan_atomics_helper+0x3df/0x5450 [ 29.424223] kasan_report+0x141/0x180 [ 29.424246] ? kasan_atomics_helper+0x3df/0x5450 [ 29.424272] kasan_check_range+0x10c/0x1c0 [ 29.424297] __kasan_check_read+0x15/0x20 [ 29.424321] kasan_atomics_helper+0x3df/0x5450 [ 29.424344] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.424367] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.424394] ? kasan_atomics+0x152/0x310 [ 29.424421] kasan_atomics+0x1dc/0x310 [ 29.424444] ? __pfx_kasan_atomics+0x10/0x10 [ 29.424470] ? __pfx_read_tsc+0x10/0x10 [ 29.424492] ? ktime_get_ts64+0x86/0x230 [ 29.424518] kunit_try_run_case+0x1a5/0x480 [ 29.424544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.424568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.424605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.424631] ? __kthread_parkme+0x82/0x180 [ 29.424653] ? preempt_count_sub+0x50/0x80 [ 29.424678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.424703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.424727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.424752] kthread+0x337/0x6f0 [ 29.424772] ? trace_preempt_on+0x20/0xc0 [ 29.424797] ? __pfx_kthread+0x10/0x10 [ 29.424818] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.424842] ? calculate_sigpending+0x7b/0xa0 [ 29.424867] ? __pfx_kthread+0x10/0x10 [ 29.424889] ret_from_fork+0x116/0x1d0 [ 29.424910] ? __pfx_kthread+0x10/0x10 [ 29.424931] ret_from_fork_asm+0x1a/0x30 [ 29.424963] </TASK> [ 29.424975] [ 29.436668] Allocated by task 313: [ 29.436810] kasan_save_stack+0x45/0x70 [ 29.437089] kasan_save_track+0x18/0x40 [ 29.437280] kasan_save_alloc_info+0x3b/0x50 [ 29.437470] __kasan_kmalloc+0xb7/0xc0 [ 29.437634] __kmalloc_cache_noprof+0x189/0x420 [ 29.438273] kasan_atomics+0x95/0x310 [ 29.438427] kunit_try_run_case+0x1a5/0x480 [ 29.438780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.439185] kthread+0x337/0x6f0 [ 29.439659] ret_from_fork+0x116/0x1d0 [ 29.439843] ret_from_fork_asm+0x1a/0x30 [ 29.440328] [ 29.440439] The buggy address belongs to the object at ffff888106038600 [ 29.440439] which belongs to the cache kmalloc-64 of size 64 [ 29.441348] The buggy address is located 0 bytes to the right of [ 29.441348] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.442146] [ 29.442273] The buggy address belongs to the physical page: [ 29.442560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.443036] flags: 0x200000000000000(node=0|zone=2) [ 29.443538] page_type: f5(slab) [ 29.443680] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.444298] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.444660] page dumped because: kasan: bad access detected [ 29.444981] [ 29.445052] Memory state around the buggy address: [ 29.445449] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.445971] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.446476] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.446865] ^ [ 29.447059] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.447591] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.448022] ================================================================== [ 29.584647] ================================================================== [ 29.585236] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 29.585596] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.585847] [ 29.585999] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.586075] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.586091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.586117] Call Trace: [ 29.586137] <TASK> [ 29.586158] dump_stack_lvl+0x73/0xb0 [ 29.586188] print_report+0xd1/0x640 [ 29.586212] ? __virt_addr_valid+0x1db/0x2d0 [ 29.586238] ? kasan_atomics_helper+0x72f/0x5450 [ 29.586260] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.586286] ? kasan_atomics_helper+0x72f/0x5450 [ 29.586308] kasan_report+0x141/0x180 [ 29.586332] ? kasan_atomics_helper+0x72f/0x5450 [ 29.586361] kasan_check_range+0x10c/0x1c0 [ 29.586385] __kasan_check_write+0x18/0x20 [ 29.586409] kasan_atomics_helper+0x72f/0x5450 [ 29.586433] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.586455] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.586481] ? kasan_atomics+0x152/0x310 [ 29.586508] kasan_atomics+0x1dc/0x310 [ 29.586532] ? __pfx_kasan_atomics+0x10/0x10 [ 29.586556] ? __pfx_read_tsc+0x10/0x10 [ 29.586588] ? ktime_get_ts64+0x86/0x230 [ 29.586614] kunit_try_run_case+0x1a5/0x480 [ 29.586640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.586662] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.586689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.586716] ? __kthread_parkme+0x82/0x180 [ 29.586737] ? preempt_count_sub+0x50/0x80 [ 29.586761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.586809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.586932] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.586959] kthread+0x337/0x6f0 [ 29.586979] ? trace_preempt_on+0x20/0xc0 [ 29.587005] ? __pfx_kthread+0x10/0x10 [ 29.587025] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.587050] ? calculate_sigpending+0x7b/0xa0 [ 29.587076] ? __pfx_kthread+0x10/0x10 [ 29.587098] ret_from_fork+0x116/0x1d0 [ 29.587118] ? __pfx_kthread+0x10/0x10 [ 29.587139] ret_from_fork_asm+0x1a/0x30 [ 29.587173] </TASK> [ 29.587185] [ 29.601794] Allocated by task 313: [ 29.602064] kasan_save_stack+0x45/0x70 [ 29.602475] kasan_save_track+0x18/0x40 [ 29.602769] kasan_save_alloc_info+0x3b/0x50 [ 29.603248] __kasan_kmalloc+0xb7/0xc0 [ 29.603386] __kmalloc_cache_noprof+0x189/0x420 [ 29.603533] kasan_atomics+0x95/0x310 [ 29.603670] kunit_try_run_case+0x1a5/0x480 [ 29.603812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.603978] kthread+0x337/0x6f0 [ 29.604090] ret_from_fork+0x116/0x1d0 [ 29.604438] ret_from_fork_asm+0x1a/0x30 [ 29.604662] [ 29.604770] The buggy address belongs to the object at ffff888106038600 [ 29.604770] which belongs to the cache kmalloc-64 of size 64 [ 29.605251] The buggy address is located 0 bytes to the right of [ 29.605251] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.606072] [ 29.606205] The buggy address belongs to the physical page: [ 29.606653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.606897] flags: 0x200000000000000(node=0|zone=2) [ 29.607188] page_type: f5(slab) [ 29.607517] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.607752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.608205] page dumped because: kasan: bad access detected [ 29.608504] [ 29.608639] Memory state around the buggy address: [ 29.608969] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.609234] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.610317] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.610634] ^ [ 29.611111] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.611596] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.612555] ================================================================== [ 29.882472] ================================================================== [ 29.882969] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 29.883614] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.884034] [ 29.884337] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.884397] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.884412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.884435] Call Trace: [ 29.884456] <TASK> [ 29.884478] dump_stack_lvl+0x73/0xb0 [ 29.884511] print_report+0xd1/0x640 [ 29.884549] ? __virt_addr_valid+0x1db/0x2d0 [ 29.884587] ? kasan_atomics_helper+0xe78/0x5450 [ 29.884612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.884638] ? kasan_atomics_helper+0xe78/0x5450 [ 29.884679] kasan_report+0x141/0x180 [ 29.884703] ? kasan_atomics_helper+0xe78/0x5450 [ 29.884730] kasan_check_range+0x10c/0x1c0 [ 29.884755] __kasan_check_write+0x18/0x20 [ 29.884779] kasan_atomics_helper+0xe78/0x5450 [ 29.884803] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.884826] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.884978] ? kasan_atomics+0x152/0x310 [ 29.885007] kasan_atomics+0x1dc/0x310 [ 29.885030] ? __pfx_kasan_atomics+0x10/0x10 [ 29.885056] ? __pfx_read_tsc+0x10/0x10 [ 29.885079] ? ktime_get_ts64+0x86/0x230 [ 29.885105] kunit_try_run_case+0x1a5/0x480 [ 29.885132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.885155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.885184] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.885209] ? __kthread_parkme+0x82/0x180 [ 29.885230] ? preempt_count_sub+0x50/0x80 [ 29.885256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.885280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.885305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.885330] kthread+0x337/0x6f0 [ 29.885350] ? trace_preempt_on+0x20/0xc0 [ 29.885375] ? __pfx_kthread+0x10/0x10 [ 29.885396] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.885421] ? calculate_sigpending+0x7b/0xa0 [ 29.885445] ? __pfx_kthread+0x10/0x10 [ 29.885468] ret_from_fork+0x116/0x1d0 [ 29.885488] ? __pfx_kthread+0x10/0x10 [ 29.885509] ret_from_fork_asm+0x1a/0x30 [ 29.885542] </TASK> [ 29.885555] [ 29.896979] Allocated by task 313: [ 29.897342] kasan_save_stack+0x45/0x70 [ 29.897921] kasan_save_track+0x18/0x40 [ 29.898156] kasan_save_alloc_info+0x3b/0x50 [ 29.898509] __kasan_kmalloc+0xb7/0xc0 [ 29.898877] __kmalloc_cache_noprof+0x189/0x420 [ 29.899127] kasan_atomics+0x95/0x310 [ 29.899350] kunit_try_run_case+0x1a5/0x480 [ 29.899746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.900250] kthread+0x337/0x6f0 [ 29.900392] ret_from_fork+0x116/0x1d0 [ 29.900652] ret_from_fork_asm+0x1a/0x30 [ 29.900846] [ 29.900920] The buggy address belongs to the object at ffff888106038600 [ 29.900920] which belongs to the cache kmalloc-64 of size 64 [ 29.901810] The buggy address is located 0 bytes to the right of [ 29.901810] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.902643] [ 29.902853] The buggy address belongs to the physical page: [ 29.903149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.903711] flags: 0x200000000000000(node=0|zone=2) [ 29.903879] page_type: f5(slab) [ 29.904047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.904357] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.905130] page dumped because: kasan: bad access detected [ 29.905337] [ 29.905428] Memory state around the buggy address: [ 29.905761] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.906057] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.906431] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.906986] ^ [ 29.907219] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.907507] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.908087] ================================================================== [ 30.639033] ================================================================== [ 30.639658] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 30.640427] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.641361] [ 30.641544] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.641610] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.641626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.641649] Call Trace: [ 30.641671] <TASK> [ 30.641691] dump_stack_lvl+0x73/0xb0 [ 30.641721] print_report+0xd1/0x640 [ 30.641745] ? __virt_addr_valid+0x1db/0x2d0 [ 30.641770] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.641793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.641819] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.641926] kasan_report+0x141/0x180 [ 30.641953] ? kasan_atomics_helper+0x1ce1/0x5450 [ 30.641980] kasan_check_range+0x10c/0x1c0 [ 30.642004] __kasan_check_write+0x18/0x20 [ 30.642029] kasan_atomics_helper+0x1ce1/0x5450 [ 30.642053] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.642076] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.642101] ? kasan_atomics+0x152/0x310 [ 30.642129] kasan_atomics+0x1dc/0x310 [ 30.642151] ? __pfx_kasan_atomics+0x10/0x10 [ 30.642176] ? __pfx_read_tsc+0x10/0x10 [ 30.642199] ? ktime_get_ts64+0x86/0x230 [ 30.642224] kunit_try_run_case+0x1a5/0x480 [ 30.642250] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.642273] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.642299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.642325] ? __kthread_parkme+0x82/0x180 [ 30.642347] ? preempt_count_sub+0x50/0x80 [ 30.642370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.642394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.642419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.642443] kthread+0x337/0x6f0 [ 30.642463] ? trace_preempt_on+0x20/0xc0 [ 30.642488] ? __pfx_kthread+0x10/0x10 [ 30.642509] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.642534] ? calculate_sigpending+0x7b/0xa0 [ 30.642558] ? __pfx_kthread+0x10/0x10 [ 30.642594] ret_from_fork+0x116/0x1d0 [ 30.642615] ? __pfx_kthread+0x10/0x10 [ 30.642639] ret_from_fork_asm+0x1a/0x30 [ 30.642673] </TASK> [ 30.642684] [ 30.655953] Allocated by task 313: [ 30.656400] kasan_save_stack+0x45/0x70 [ 30.656800] kasan_save_track+0x18/0x40 [ 30.657496] kasan_save_alloc_info+0x3b/0x50 [ 30.657959] __kasan_kmalloc+0xb7/0xc0 [ 30.658487] __kmalloc_cache_noprof+0x189/0x420 [ 30.658787] kasan_atomics+0x95/0x310 [ 30.658927] kunit_try_run_case+0x1a5/0x480 [ 30.659069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.659239] kthread+0x337/0x6f0 [ 30.659363] ret_from_fork+0x116/0x1d0 [ 30.659493] ret_from_fork_asm+0x1a/0x30 [ 30.659645] [ 30.659713] The buggy address belongs to the object at ffff888106038600 [ 30.659713] which belongs to the cache kmalloc-64 of size 64 [ 30.660502] The buggy address is located 0 bytes to the right of [ 30.660502] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.661636] [ 30.661743] The buggy address belongs to the physical page: [ 30.661996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.662298] flags: 0x200000000000000(node=0|zone=2) [ 30.662647] page_type: f5(slab) [ 30.662981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.663232] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.664031] page dumped because: kasan: bad access detected [ 30.664284] [ 30.664403] Memory state around the buggy address: [ 30.664635] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.665062] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.665725] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.666232] ^ [ 30.666613] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666859] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.667167] ================================================================== [ 30.753957] ================================================================== [ 30.754529] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 30.755267] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.755607] [ 30.755715] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.755769] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.755785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.755809] Call Trace: [ 30.755824] <TASK> [ 30.755845] dump_stack_lvl+0x73/0xb0 [ 30.755877] print_report+0xd1/0x640 [ 30.755902] ? __virt_addr_valid+0x1db/0x2d0 [ 30.756269] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.756316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.756343] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.756367] kasan_report+0x141/0x180 [ 30.756431] ? kasan_atomics_helper+0x1f43/0x5450 [ 30.756462] kasan_check_range+0x10c/0x1c0 [ 30.756488] __kasan_check_write+0x18/0x20 [ 30.756513] kasan_atomics_helper+0x1f43/0x5450 [ 30.756536] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.756559] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.756595] ? kasan_atomics+0x152/0x310 [ 30.756622] kasan_atomics+0x1dc/0x310 [ 30.756645] ? __pfx_kasan_atomics+0x10/0x10 [ 30.756670] ? __pfx_read_tsc+0x10/0x10 [ 30.756692] ? ktime_get_ts64+0x86/0x230 [ 30.756718] kunit_try_run_case+0x1a5/0x480 [ 30.756743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.756767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.756795] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.756821] ? __kthread_parkme+0x82/0x180 [ 30.756842] ? preempt_count_sub+0x50/0x80 [ 30.756866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.756891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.756915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.756951] kthread+0x337/0x6f0 [ 30.756971] ? trace_preempt_on+0x20/0xc0 [ 30.756996] ? __pfx_kthread+0x10/0x10 [ 30.757017] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.757041] ? calculate_sigpending+0x7b/0xa0 [ 30.757065] ? __pfx_kthread+0x10/0x10 [ 30.757087] ret_from_fork+0x116/0x1d0 [ 30.757106] ? __pfx_kthread+0x10/0x10 [ 30.757127] ret_from_fork_asm+0x1a/0x30 [ 30.757160] </TASK> [ 30.757173] [ 30.767565] Allocated by task 313: [ 30.767925] kasan_save_stack+0x45/0x70 [ 30.768129] kasan_save_track+0x18/0x40 [ 30.768444] kasan_save_alloc_info+0x3b/0x50 [ 30.768665] __kasan_kmalloc+0xb7/0xc0 [ 30.769045] __kmalloc_cache_noprof+0x189/0x420 [ 30.769336] kasan_atomics+0x95/0x310 [ 30.769484] kunit_try_run_case+0x1a5/0x480 [ 30.769840] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.770204] kthread+0x337/0x6f0 [ 30.770343] ret_from_fork+0x116/0x1d0 [ 30.770658] ret_from_fork_asm+0x1a/0x30 [ 30.770857] [ 30.770926] The buggy address belongs to the object at ffff888106038600 [ 30.770926] which belongs to the cache kmalloc-64 of size 64 [ 30.771523] The buggy address is located 0 bytes to the right of [ 30.771523] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.772253] [ 30.772340] The buggy address belongs to the physical page: [ 30.772735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.773084] flags: 0x200000000000000(node=0|zone=2) [ 30.773440] page_type: f5(slab) [ 30.773568] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.774071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.774454] page dumped because: kasan: bad access detected [ 30.774717] [ 30.774784] Memory state around the buggy address: [ 30.775162] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.775473] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.775873] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.776167] ^ [ 30.776528] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.776957] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.777268] ================================================================== [ 30.085029] ================================================================== [ 30.085720] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 30.086197] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.086485] [ 30.086585] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.086661] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.086677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.086701] Call Trace: [ 30.086740] <TASK> [ 30.086763] dump_stack_lvl+0x73/0xb0 [ 30.086891] print_report+0xd1/0x640 [ 30.086919] ? __virt_addr_valid+0x1db/0x2d0 [ 30.086960] ? kasan_atomics_helper+0x1217/0x5450 [ 30.087041] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.087069] ? kasan_atomics_helper+0x1217/0x5450 [ 30.087092] kasan_report+0x141/0x180 [ 30.087116] ? kasan_atomics_helper+0x1217/0x5450 [ 30.087142] kasan_check_range+0x10c/0x1c0 [ 30.087166] __kasan_check_write+0x18/0x20 [ 30.087190] kasan_atomics_helper+0x1217/0x5450 [ 30.087214] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.087236] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.087271] ? kasan_atomics+0x152/0x310 [ 30.087298] kasan_atomics+0x1dc/0x310 [ 30.087321] ? __pfx_kasan_atomics+0x10/0x10 [ 30.087347] ? __pfx_read_tsc+0x10/0x10 [ 30.087369] ? ktime_get_ts64+0x86/0x230 [ 30.087395] kunit_try_run_case+0x1a5/0x480 [ 30.087423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.087446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.087473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.087499] ? __kthread_parkme+0x82/0x180 [ 30.087521] ? preempt_count_sub+0x50/0x80 [ 30.087545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.087570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.087744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.087769] kthread+0x337/0x6f0 [ 30.087791] ? trace_preempt_on+0x20/0xc0 [ 30.087840] ? __pfx_kthread+0x10/0x10 [ 30.087862] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.087887] ? calculate_sigpending+0x7b/0xa0 [ 30.087912] ? __pfx_kthread+0x10/0x10 [ 30.087992] ret_from_fork+0x116/0x1d0 [ 30.088018] ? __pfx_kthread+0x10/0x10 [ 30.088058] ret_from_fork_asm+0x1a/0x30 [ 30.088107] </TASK> [ 30.088119] [ 30.096601] Allocated by task 313: [ 30.096787] kasan_save_stack+0x45/0x70 [ 30.096993] kasan_save_track+0x18/0x40 [ 30.097280] kasan_save_alloc_info+0x3b/0x50 [ 30.097607] __kasan_kmalloc+0xb7/0xc0 [ 30.097746] __kmalloc_cache_noprof+0x189/0x420 [ 30.098014] kasan_atomics+0x95/0x310 [ 30.098280] kunit_try_run_case+0x1a5/0x480 [ 30.098513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.098750] kthread+0x337/0x6f0 [ 30.098925] ret_from_fork+0x116/0x1d0 [ 30.099125] ret_from_fork_asm+0x1a/0x30 [ 30.099347] [ 30.099438] The buggy address belongs to the object at ffff888106038600 [ 30.099438] which belongs to the cache kmalloc-64 of size 64 [ 30.100150] The buggy address is located 0 bytes to the right of [ 30.100150] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.100651] [ 30.100719] The buggy address belongs to the physical page: [ 30.100891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.101125] flags: 0x200000000000000(node=0|zone=2) [ 30.101750] page_type: f5(slab) [ 30.101946] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.102923] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.103358] page dumped because: kasan: bad access detected [ 30.103675] [ 30.103768] Memory state around the buggy address: [ 30.104196] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.104449] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.104668] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.104874] ^ [ 30.105190] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.105771] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.106163] ================================================================== [ 29.908837] ================================================================== [ 29.909495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 29.910191] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.910719] [ 29.911104] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.911300] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.911320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.911344] Call Trace: [ 29.911364] <TASK> [ 29.911383] dump_stack_lvl+0x73/0xb0 [ 29.911412] print_report+0xd1/0x640 [ 29.911436] ? __virt_addr_valid+0x1db/0x2d0 [ 29.911461] ? kasan_atomics_helper+0xf10/0x5450 [ 29.911482] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.911510] ? kasan_atomics_helper+0xf10/0x5450 [ 29.911532] kasan_report+0x141/0x180 [ 29.911555] ? kasan_atomics_helper+0xf10/0x5450 [ 29.911594] kasan_check_range+0x10c/0x1c0 [ 29.911619] __kasan_check_write+0x18/0x20 [ 29.911643] kasan_atomics_helper+0xf10/0x5450 [ 29.911667] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.911690] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.911717] ? kasan_atomics+0x152/0x310 [ 29.911744] kasan_atomics+0x1dc/0x310 [ 29.911774] ? __pfx_kasan_atomics+0x10/0x10 [ 29.911800] ? __pfx_read_tsc+0x10/0x10 [ 29.911823] ? ktime_get_ts64+0x86/0x230 [ 29.911848] kunit_try_run_case+0x1a5/0x480 [ 29.911874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.911897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.911924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.911950] ? __kthread_parkme+0x82/0x180 [ 29.911972] ? preempt_count_sub+0x50/0x80 [ 29.911996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.912021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.912045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.912069] kthread+0x337/0x6f0 [ 29.912089] ? trace_preempt_on+0x20/0xc0 [ 29.912114] ? __pfx_kthread+0x10/0x10 [ 29.912135] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.912159] ? calculate_sigpending+0x7b/0xa0 [ 29.912183] ? __pfx_kthread+0x10/0x10 [ 29.912205] ret_from_fork+0x116/0x1d0 [ 29.912225] ? __pfx_kthread+0x10/0x10 [ 29.912247] ret_from_fork_asm+0x1a/0x30 [ 29.912280] </TASK> [ 29.912292] [ 29.923843] Allocated by task 313: [ 29.924478] kasan_save_stack+0x45/0x70 [ 29.924725] kasan_save_track+0x18/0x40 [ 29.925127] kasan_save_alloc_info+0x3b/0x50 [ 29.925328] __kasan_kmalloc+0xb7/0xc0 [ 29.925537] __kmalloc_cache_noprof+0x189/0x420 [ 29.925833] kasan_atomics+0x95/0x310 [ 29.926083] kunit_try_run_case+0x1a5/0x480 [ 29.926481] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.926951] kthread+0x337/0x6f0 [ 29.927288] ret_from_fork+0x116/0x1d0 [ 29.927477] ret_from_fork_asm+0x1a/0x30 [ 29.927725] [ 29.927823] The buggy address belongs to the object at ffff888106038600 [ 29.927823] which belongs to the cache kmalloc-64 of size 64 [ 29.928689] The buggy address is located 0 bytes to the right of [ 29.928689] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.929539] [ 29.929661] The buggy address belongs to the physical page: [ 29.929958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.930303] flags: 0x200000000000000(node=0|zone=2) [ 29.930914] page_type: f5(slab) [ 29.931065] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.931382] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.931923] page dumped because: kasan: bad access detected [ 29.932118] [ 29.932214] Memory state around the buggy address: [ 29.932536] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.933153] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.933527] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.934014] ^ [ 29.934210] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.934753] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.935096] ================================================================== [ 30.304770] ================================================================== [ 30.305684] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 30.306530] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.307214] [ 30.307320] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.307542] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.307561] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.307597] Call Trace: [ 30.307619] <TASK> [ 30.307641] dump_stack_lvl+0x73/0xb0 [ 30.307679] print_report+0xd1/0x640 [ 30.307705] ? __virt_addr_valid+0x1db/0x2d0 [ 30.307731] ? kasan_atomics_helper+0x15b6/0x5450 [ 30.307755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.307816] ? kasan_atomics_helper+0x15b6/0x5450 [ 30.307841] kasan_report+0x141/0x180 [ 30.307866] ? kasan_atomics_helper+0x15b6/0x5450 [ 30.307893] kasan_check_range+0x10c/0x1c0 [ 30.307925] __kasan_check_write+0x18/0x20 [ 30.307949] kasan_atomics_helper+0x15b6/0x5450 [ 30.307974] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.307997] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.308023] ? kasan_atomics+0x152/0x310 [ 30.308050] kasan_atomics+0x1dc/0x310 [ 30.308074] ? __pfx_kasan_atomics+0x10/0x10 [ 30.308099] ? __pfx_read_tsc+0x10/0x10 [ 30.308122] ? ktime_get_ts64+0x86/0x230 [ 30.308148] kunit_try_run_case+0x1a5/0x480 [ 30.308173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.308196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.308223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.308250] ? __kthread_parkme+0x82/0x180 [ 30.308271] ? preempt_count_sub+0x50/0x80 [ 30.308296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.308320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.308345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.308370] kthread+0x337/0x6f0 [ 30.308390] ? trace_preempt_on+0x20/0xc0 [ 30.308415] ? __pfx_kthread+0x10/0x10 [ 30.308437] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.308461] ? calculate_sigpending+0x7b/0xa0 [ 30.308486] ? __pfx_kthread+0x10/0x10 [ 30.308508] ret_from_fork+0x116/0x1d0 [ 30.308527] ? __pfx_kthread+0x10/0x10 [ 30.308548] ret_from_fork_asm+0x1a/0x30 [ 30.308592] </TASK> [ 30.308606] [ 30.320564] Allocated by task 313: [ 30.320947] kasan_save_stack+0x45/0x70 [ 30.321299] kasan_save_track+0x18/0x40 [ 30.321482] kasan_save_alloc_info+0x3b/0x50 [ 30.321684] __kasan_kmalloc+0xb7/0xc0 [ 30.322166] __kmalloc_cache_noprof+0x189/0x420 [ 30.322409] kasan_atomics+0x95/0x310 [ 30.322725] kunit_try_run_case+0x1a5/0x480 [ 30.323115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.323581] kthread+0x337/0x6f0 [ 30.323754] ret_from_fork+0x116/0x1d0 [ 30.324199] ret_from_fork_asm+0x1a/0x30 [ 30.324401] [ 30.324492] The buggy address belongs to the object at ffff888106038600 [ 30.324492] which belongs to the cache kmalloc-64 of size 64 [ 30.325272] The buggy address is located 0 bytes to the right of [ 30.325272] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.326171] [ 30.326413] The buggy address belongs to the physical page: [ 30.326647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.326997] flags: 0x200000000000000(node=0|zone=2) [ 30.327287] page_type: f5(slab) [ 30.327422] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.327739] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.328043] page dumped because: kasan: bad access detected [ 30.328376] [ 30.328439] Memory state around the buggy address: [ 30.328680] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.329059] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.329510] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.329765] ^ [ 30.330035] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.330245] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.330663] ================================================================== [ 30.169547] ================================================================== [ 30.170088] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 30.170449] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.170674] [ 30.170757] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.170812] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.170826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.170850] Call Trace: [ 30.170871] <TASK> [ 30.170890] dump_stack_lvl+0x73/0xb0 [ 30.171216] print_report+0xd1/0x640 [ 30.171261] ? __virt_addr_valid+0x1db/0x2d0 [ 30.171286] ? kasan_atomics_helper+0x13b5/0x5450 [ 30.171308] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.171335] ? kasan_atomics_helper+0x13b5/0x5450 [ 30.171358] kasan_report+0x141/0x180 [ 30.171382] ? kasan_atomics_helper+0x13b5/0x5450 [ 30.171409] kasan_check_range+0x10c/0x1c0 [ 30.171433] __kasan_check_read+0x15/0x20 [ 30.171458] kasan_atomics_helper+0x13b5/0x5450 [ 30.171481] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.171505] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.171531] ? kasan_atomics+0x152/0x310 [ 30.171557] kasan_atomics+0x1dc/0x310 [ 30.171631] ? __pfx_kasan_atomics+0x10/0x10 [ 30.171657] ? __pfx_read_tsc+0x10/0x10 [ 30.171680] ? ktime_get_ts64+0x86/0x230 [ 30.171706] kunit_try_run_case+0x1a5/0x480 [ 30.171732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.171787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.171815] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.171841] ? __kthread_parkme+0x82/0x180 [ 30.171941] ? preempt_count_sub+0x50/0x80 [ 30.172006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.172032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.172057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.172082] kthread+0x337/0x6f0 [ 30.172134] ? trace_preempt_on+0x20/0xc0 [ 30.172160] ? __pfx_kthread+0x10/0x10 [ 30.172182] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.172206] ? calculate_sigpending+0x7b/0xa0 [ 30.172231] ? __pfx_kthread+0x10/0x10 [ 30.172283] ret_from_fork+0x116/0x1d0 [ 30.172304] ? __pfx_kthread+0x10/0x10 [ 30.172326] ret_from_fork_asm+0x1a/0x30 [ 30.172358] </TASK> [ 30.172370] [ 30.185880] Allocated by task 313: [ 30.186198] kasan_save_stack+0x45/0x70 [ 30.186563] kasan_save_track+0x18/0x40 [ 30.186903] kasan_save_alloc_info+0x3b/0x50 [ 30.187271] __kasan_kmalloc+0xb7/0xc0 [ 30.187660] __kmalloc_cache_noprof+0x189/0x420 [ 30.188144] kasan_atomics+0x95/0x310 [ 30.188538] kunit_try_run_case+0x1a5/0x480 [ 30.189011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.189533] kthread+0x337/0x6f0 [ 30.189899] ret_from_fork+0x116/0x1d0 [ 30.190232] ret_from_fork_asm+0x1a/0x30 [ 30.190595] [ 30.190797] The buggy address belongs to the object at ffff888106038600 [ 30.190797] which belongs to the cache kmalloc-64 of size 64 [ 30.191984] The buggy address is located 0 bytes to the right of [ 30.191984] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.193143] [ 30.193320] The buggy address belongs to the physical page: [ 30.193833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.194688] flags: 0x200000000000000(node=0|zone=2) [ 30.195214] page_type: f5(slab) [ 30.195384] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.195698] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.195996] page dumped because: kasan: bad access detected [ 30.196267] [ 30.196425] Memory state around the buggy address: [ 30.196840] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.197504] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.197966] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.198355] ^ [ 30.198817] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.199487] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.200166] ================================================================== [ 30.040977] ================================================================== [ 30.041602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 30.041942] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.042190] [ 30.042285] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.042337] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.042351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.042375] Call Trace: [ 30.042395] <TASK> [ 30.042416] dump_stack_lvl+0x73/0xb0 [ 30.042444] print_report+0xd1/0x640 [ 30.042487] ? __virt_addr_valid+0x1db/0x2d0 [ 30.042512] ? kasan_atomics_helper+0x1148/0x5450 [ 30.042534] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.042561] ? kasan_atomics_helper+0x1148/0x5450 [ 30.042595] kasan_report+0x141/0x180 [ 30.042618] ? kasan_atomics_helper+0x1148/0x5450 [ 30.042644] kasan_check_range+0x10c/0x1c0 [ 30.042670] __kasan_check_write+0x18/0x20 [ 30.042695] kasan_atomics_helper+0x1148/0x5450 [ 30.042719] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.042743] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.042769] ? kasan_atomics+0x152/0x310 [ 30.042796] kasan_atomics+0x1dc/0x310 [ 30.042819] ? __pfx_kasan_atomics+0x10/0x10 [ 30.042845] ? __pfx_read_tsc+0x10/0x10 [ 30.042868] ? ktime_get_ts64+0x86/0x230 [ 30.042895] kunit_try_run_case+0x1a5/0x480 [ 30.042921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.042945] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.042971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.042997] ? __kthread_parkme+0x82/0x180 [ 30.043019] ? preempt_count_sub+0x50/0x80 [ 30.043043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.043071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.043095] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.043120] kthread+0x337/0x6f0 [ 30.043169] ? trace_preempt_on+0x20/0xc0 [ 30.043426] ? __pfx_kthread+0x10/0x10 [ 30.043448] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.043483] ? calculate_sigpending+0x7b/0xa0 [ 30.043508] ? __pfx_kthread+0x10/0x10 [ 30.043530] ret_from_fork+0x116/0x1d0 [ 30.043551] ? __pfx_kthread+0x10/0x10 [ 30.043582] ret_from_fork_asm+0x1a/0x30 [ 30.043615] </TASK> [ 30.043627] [ 30.053153] Allocated by task 313: [ 30.053347] kasan_save_stack+0x45/0x70 [ 30.053551] kasan_save_track+0x18/0x40 [ 30.053770] kasan_save_alloc_info+0x3b/0x50 [ 30.054057] __kasan_kmalloc+0xb7/0xc0 [ 30.054198] __kmalloc_cache_noprof+0x189/0x420 [ 30.054442] kasan_atomics+0x95/0x310 [ 30.054666] kunit_try_run_case+0x1a5/0x480 [ 30.055043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.055284] kthread+0x337/0x6f0 [ 30.055474] ret_from_fork+0x116/0x1d0 [ 30.055643] ret_from_fork_asm+0x1a/0x30 [ 30.055922] [ 30.056012] The buggy address belongs to the object at ffff888106038600 [ 30.056012] which belongs to the cache kmalloc-64 of size 64 [ 30.056546] The buggy address is located 0 bytes to the right of [ 30.056546] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.057179] [ 30.057250] The buggy address belongs to the physical page: [ 30.057983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.058713] flags: 0x200000000000000(node=0|zone=2) [ 30.059155] page_type: f5(slab) [ 30.059358] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.059668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.060063] page dumped because: kasan: bad access detected [ 30.060509] [ 30.060612] Memory state around the buggy address: [ 30.060833] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.061183] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.061544] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.061788] ^ [ 30.062068] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.062482] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.062742] ================================================================== [ 30.608453] ================================================================== [ 30.609070] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 30.609909] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.610419] [ 30.610513] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.610567] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.610594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.610617] Call Trace: [ 30.610638] <TASK> [ 30.610657] dump_stack_lvl+0x73/0xb0 [ 30.610688] print_report+0xd1/0x640 [ 30.610713] ? __virt_addr_valid+0x1db/0x2d0 [ 30.610738] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.610761] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.610799] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.610821] kasan_report+0x141/0x180 [ 30.610845] ? kasan_atomics_helper+0x4f30/0x5450 [ 30.610872] __asan_report_load8_noabort+0x18/0x20 [ 30.610897] kasan_atomics_helper+0x4f30/0x5450 [ 30.610919] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.610959] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.610985] ? kasan_atomics+0x152/0x310 [ 30.611012] kasan_atomics+0x1dc/0x310 [ 30.611035] ? __pfx_kasan_atomics+0x10/0x10 [ 30.611059] ? __pfx_read_tsc+0x10/0x10 [ 30.611082] ? ktime_get_ts64+0x86/0x230 [ 30.611108] kunit_try_run_case+0x1a5/0x480 [ 30.611135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.611158] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.611185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.611211] ? __kthread_parkme+0x82/0x180 [ 30.611232] ? preempt_count_sub+0x50/0x80 [ 30.611260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.611285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.611310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.611334] kthread+0x337/0x6f0 [ 30.611355] ? trace_preempt_on+0x20/0xc0 [ 30.611380] ? __pfx_kthread+0x10/0x10 [ 30.611402] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.611426] ? calculate_sigpending+0x7b/0xa0 [ 30.611452] ? __pfx_kthread+0x10/0x10 [ 30.611475] ret_from_fork+0x116/0x1d0 [ 30.611495] ? __pfx_kthread+0x10/0x10 [ 30.611516] ret_from_fork_asm+0x1a/0x30 [ 30.611549] </TASK> [ 30.611561] [ 30.626462] Allocated by task 313: [ 30.626853] kasan_save_stack+0x45/0x70 [ 30.627274] kasan_save_track+0x18/0x40 [ 30.627439] kasan_save_alloc_info+0x3b/0x50 [ 30.627605] __kasan_kmalloc+0xb7/0xc0 [ 30.627731] __kmalloc_cache_noprof+0x189/0x420 [ 30.628140] kasan_atomics+0x95/0x310 [ 30.628534] kunit_try_run_case+0x1a5/0x480 [ 30.628968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.629579] kthread+0x337/0x6f0 [ 30.629922] ret_from_fork+0x116/0x1d0 [ 30.630269] ret_from_fork_asm+0x1a/0x30 [ 30.630402] [ 30.630469] The buggy address belongs to the object at ffff888106038600 [ 30.630469] which belongs to the cache kmalloc-64 of size 64 [ 30.630812] The buggy address is located 0 bytes to the right of [ 30.630812] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.631166] [ 30.631323] The buggy address belongs to the physical page: [ 30.631951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.632739] flags: 0x200000000000000(node=0|zone=2) [ 30.633277] page_type: f5(slab) [ 30.633536] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.634047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.634262] page dumped because: kasan: bad access detected [ 30.634810] [ 30.634985] Memory state around the buggy address: [ 30.635506] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.636236] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.637064] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.637299] ^ [ 30.637450] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.637661] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.638064] ================================================================== [ 30.904607] ================================================================== [ 30.905346] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 30.906024] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.906689] [ 30.906862] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.906930] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.906945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.906968] Call Trace: [ 30.906992] <TASK> [ 30.907014] dump_stack_lvl+0x73/0xb0 [ 30.907046] print_report+0xd1/0x640 [ 30.907071] ? __virt_addr_valid+0x1db/0x2d0 [ 30.907097] ? kasan_atomics_helper+0x218a/0x5450 [ 30.907119] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.907147] ? kasan_atomics_helper+0x218a/0x5450 [ 30.907169] kasan_report+0x141/0x180 [ 30.907192] ? kasan_atomics_helper+0x218a/0x5450 [ 30.907219] kasan_check_range+0x10c/0x1c0 [ 30.907244] __kasan_check_write+0x18/0x20 [ 30.907277] kasan_atomics_helper+0x218a/0x5450 [ 30.907305] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.907328] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.907356] ? kasan_atomics+0x152/0x310 [ 30.907383] kasan_atomics+0x1dc/0x310 [ 30.907407] ? __pfx_kasan_atomics+0x10/0x10 [ 30.907432] ? __pfx_read_tsc+0x10/0x10 [ 30.907455] ? ktime_get_ts64+0x86/0x230 [ 30.907482] kunit_try_run_case+0x1a5/0x480 [ 30.907508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.907532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.907558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.907595] ? __kthread_parkme+0x82/0x180 [ 30.907617] ? preempt_count_sub+0x50/0x80 [ 30.907642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.907666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.907690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.907714] kthread+0x337/0x6f0 [ 30.907734] ? trace_preempt_on+0x20/0xc0 [ 30.907760] ? __pfx_kthread+0x10/0x10 [ 30.907781] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.907805] ? calculate_sigpending+0x7b/0xa0 [ 30.907830] ? __pfx_kthread+0x10/0x10 [ 30.907852] ret_from_fork+0x116/0x1d0 [ 30.907873] ? __pfx_kthread+0x10/0x10 [ 30.907894] ret_from_fork_asm+0x1a/0x30 [ 30.907937] </TASK> [ 30.907950] [ 30.915453] Allocated by task 313: [ 30.915653] kasan_save_stack+0x45/0x70 [ 30.915858] kasan_save_track+0x18/0x40 [ 30.916033] kasan_save_alloc_info+0x3b/0x50 [ 30.916224] __kasan_kmalloc+0xb7/0xc0 [ 30.916393] __kmalloc_cache_noprof+0x189/0x420 [ 30.916556] kasan_atomics+0x95/0x310 [ 30.916747] kunit_try_run_case+0x1a5/0x480 [ 30.916921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.917129] kthread+0x337/0x6f0 [ 30.917244] ret_from_fork+0x116/0x1d0 [ 30.917402] ret_from_fork_asm+0x1a/0x30 [ 30.917605] [ 30.917701] The buggy address belongs to the object at ffff888106038600 [ 30.917701] which belongs to the cache kmalloc-64 of size 64 [ 30.918233] The buggy address is located 0 bytes to the right of [ 30.918233] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.918703] [ 30.918773] The buggy address belongs to the physical page: [ 30.919099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.919443] flags: 0x200000000000000(node=0|zone=2) [ 30.919632] page_type: f5(slab) [ 30.919751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.919975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.920195] page dumped because: kasan: bad access detected [ 30.920436] [ 30.920524] Memory state around the buggy address: [ 30.920832] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.921279] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.921485] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.921698] ^ [ 30.921856] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.922514] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.922839] ================================================================== [ 30.245241] ================================================================== [ 30.245598] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 30.245893] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.246194] [ 30.246280] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.246332] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.246347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.246370] Call Trace: [ 30.246392] <TASK> [ 30.246412] dump_stack_lvl+0x73/0xb0 [ 30.246440] print_report+0xd1/0x640 [ 30.246465] ? __virt_addr_valid+0x1db/0x2d0 [ 30.246490] ? kasan_atomics_helper+0x50d4/0x5450 [ 30.246513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.246540] ? kasan_atomics_helper+0x50d4/0x5450 [ 30.246562] kasan_report+0x141/0x180 [ 30.246596] ? kasan_atomics_helper+0x50d4/0x5450 [ 30.246623] __asan_report_store8_noabort+0x1b/0x30 [ 30.246649] kasan_atomics_helper+0x50d4/0x5450 [ 30.246673] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.246696] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.246722] ? kasan_atomics+0x152/0x310 [ 30.246749] kasan_atomics+0x1dc/0x310 [ 30.246772] ? __pfx_kasan_atomics+0x10/0x10 [ 30.246797] ? __pfx_read_tsc+0x10/0x10 [ 30.246820] ? ktime_get_ts64+0x86/0x230 [ 30.246845] kunit_try_run_case+0x1a5/0x480 [ 30.246871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.246894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.246920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.246946] ? __kthread_parkme+0x82/0x180 [ 30.246968] ? preempt_count_sub+0x50/0x80 [ 30.246992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.247017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.247041] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.247066] kthread+0x337/0x6f0 [ 30.247087] ? trace_preempt_on+0x20/0xc0 [ 30.247112] ? __pfx_kthread+0x10/0x10 [ 30.247133] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.247157] ? calculate_sigpending+0x7b/0xa0 [ 30.247181] ? __pfx_kthread+0x10/0x10 [ 30.247203] ret_from_fork+0x116/0x1d0 [ 30.247223] ? __pfx_kthread+0x10/0x10 [ 30.247245] ret_from_fork_asm+0x1a/0x30 [ 30.247283] </TASK> [ 30.247296] [ 30.257004] Allocated by task 313: [ 30.257203] kasan_save_stack+0x45/0x70 [ 30.257421] kasan_save_track+0x18/0x40 [ 30.258796] kasan_save_alloc_info+0x3b/0x50 [ 30.259689] __kasan_kmalloc+0xb7/0xc0 [ 30.260249] __kmalloc_cache_noprof+0x189/0x420 [ 30.260671] kasan_atomics+0x95/0x310 [ 30.261331] kunit_try_run_case+0x1a5/0x480 [ 30.261504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.261689] kthread+0x337/0x6f0 [ 30.261809] ret_from_fork+0x116/0x1d0 [ 30.262551] ret_from_fork_asm+0x1a/0x30 [ 30.263396] [ 30.263735] The buggy address belongs to the object at ffff888106038600 [ 30.263735] which belongs to the cache kmalloc-64 of size 64 [ 30.265259] The buggy address is located 0 bytes to the right of [ 30.265259] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.266843] [ 30.266935] The buggy address belongs to the physical page: [ 30.267427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.268404] flags: 0x200000000000000(node=0|zone=2) [ 30.269097] page_type: f5(slab) [ 30.269281] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.269511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.269744] page dumped because: kasan: bad access detected [ 30.270146] [ 30.270223] Memory state around the buggy address: [ 30.270381] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.270609] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.271138] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.271755] ^ [ 30.272247] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.272947] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.273601] ================================================================== [ 30.427731] ================================================================== [ 30.428487] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 30.429538] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.429937] [ 30.430028] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.430085] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.430101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.430124] Call Trace: [ 30.430146] <TASK> [ 30.430167] dump_stack_lvl+0x73/0xb0 [ 30.430197] print_report+0xd1/0x640 [ 30.430221] ? __virt_addr_valid+0x1db/0x2d0 [ 30.430246] ? kasan_atomics_helper+0x18b1/0x5450 [ 30.430268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.430294] ? kasan_atomics_helper+0x18b1/0x5450 [ 30.430317] kasan_report+0x141/0x180 [ 30.430340] ? kasan_atomics_helper+0x18b1/0x5450 [ 30.430366] kasan_check_range+0x10c/0x1c0 [ 30.430392] __kasan_check_write+0x18/0x20 [ 30.430417] kasan_atomics_helper+0x18b1/0x5450 [ 30.430440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.430464] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.430491] ? kasan_atomics+0x152/0x310 [ 30.430518] kasan_atomics+0x1dc/0x310 [ 30.430541] ? __pfx_kasan_atomics+0x10/0x10 [ 30.430566] ? __pfx_read_tsc+0x10/0x10 [ 30.430599] ? ktime_get_ts64+0x86/0x230 [ 30.430625] kunit_try_run_case+0x1a5/0x480 [ 30.430651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.430674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.430701] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.430727] ? __kthread_parkme+0x82/0x180 [ 30.430749] ? preempt_count_sub+0x50/0x80 [ 30.430774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.430799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.430823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.430848] kthread+0x337/0x6f0 [ 30.431288] ? trace_preempt_on+0x20/0xc0 [ 30.431315] ? __pfx_kthread+0x10/0x10 [ 30.431348] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.431373] ? calculate_sigpending+0x7b/0xa0 [ 30.431398] ? __pfx_kthread+0x10/0x10 [ 30.431420] ret_from_fork+0x116/0x1d0 [ 30.431441] ? __pfx_kthread+0x10/0x10 [ 30.431463] ret_from_fork_asm+0x1a/0x30 [ 30.431496] </TASK> [ 30.431508] [ 30.445367] Allocated by task 313: [ 30.445924] kasan_save_stack+0x45/0x70 [ 30.446179] kasan_save_track+0x18/0x40 [ 30.446598] kasan_save_alloc_info+0x3b/0x50 [ 30.446918] __kasan_kmalloc+0xb7/0xc0 [ 30.447105] __kmalloc_cache_noprof+0x189/0x420 [ 30.447461] kasan_atomics+0x95/0x310 [ 30.447857] kunit_try_run_case+0x1a5/0x480 [ 30.448322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.448677] kthread+0x337/0x6f0 [ 30.448923] ret_from_fork+0x116/0x1d0 [ 30.449358] ret_from_fork_asm+0x1a/0x30 [ 30.449744] [ 30.449952] The buggy address belongs to the object at ffff888106038600 [ 30.449952] which belongs to the cache kmalloc-64 of size 64 [ 30.450325] The buggy address is located 0 bytes to the right of [ 30.450325] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.451634] [ 30.451803] The buggy address belongs to the physical page: [ 30.452440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.453224] flags: 0x200000000000000(node=0|zone=2) [ 30.453699] page_type: f5(slab) [ 30.454062] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.454403] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.454642] page dumped because: kasan: bad access detected [ 30.454843] [ 30.454991] Memory state around the buggy address: [ 30.455450] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.455816] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.456546] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.457214] ^ [ 30.457637] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.457986] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.458542] ================================================================== [ 30.331679] ================================================================== [ 30.331990] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 30.332315] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.333368] [ 30.333475] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.333529] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.333544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.333568] Call Trace: [ 30.333678] <TASK> [ 30.333756] dump_stack_lvl+0x73/0xb0 [ 30.333790] print_report+0xd1/0x640 [ 30.333814] ? __virt_addr_valid+0x1db/0x2d0 [ 30.333900] ? kasan_atomics_helper+0x164f/0x5450 [ 30.333926] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.333955] ? kasan_atomics_helper+0x164f/0x5450 [ 30.333978] kasan_report+0x141/0x180 [ 30.334002] ? kasan_atomics_helper+0x164f/0x5450 [ 30.334029] kasan_check_range+0x10c/0x1c0 [ 30.334054] __kasan_check_write+0x18/0x20 [ 30.334078] kasan_atomics_helper+0x164f/0x5450 [ 30.334101] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.334125] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.334151] ? kasan_atomics+0x152/0x310 [ 30.334178] kasan_atomics+0x1dc/0x310 [ 30.334202] ? __pfx_kasan_atomics+0x10/0x10 [ 30.334227] ? __pfx_read_tsc+0x10/0x10 [ 30.334250] ? ktime_get_ts64+0x86/0x230 [ 30.334330] kunit_try_run_case+0x1a5/0x480 [ 30.334361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.334385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.334425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.334451] ? __kthread_parkme+0x82/0x180 [ 30.334473] ? preempt_count_sub+0x50/0x80 [ 30.334498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.334522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.334547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.334582] kthread+0x337/0x6f0 [ 30.334603] ? trace_preempt_on+0x20/0xc0 [ 30.334627] ? __pfx_kthread+0x10/0x10 [ 30.334650] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.334674] ? calculate_sigpending+0x7b/0xa0 [ 30.334699] ? __pfx_kthread+0x10/0x10 [ 30.334721] ret_from_fork+0x116/0x1d0 [ 30.334741] ? __pfx_kthread+0x10/0x10 [ 30.334764] ret_from_fork_asm+0x1a/0x30 [ 30.334807] </TASK> [ 30.334819] [ 30.345450] Allocated by task 313: [ 30.345798] kasan_save_stack+0x45/0x70 [ 30.346092] kasan_save_track+0x18/0x40 [ 30.346236] kasan_save_alloc_info+0x3b/0x50 [ 30.346425] __kasan_kmalloc+0xb7/0xc0 [ 30.346655] __kmalloc_cache_noprof+0x189/0x420 [ 30.346874] kasan_atomics+0x95/0x310 [ 30.347376] kunit_try_run_case+0x1a5/0x480 [ 30.347724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.348114] kthread+0x337/0x6f0 [ 30.348294] ret_from_fork+0x116/0x1d0 [ 30.348479] ret_from_fork_asm+0x1a/0x30 [ 30.348683] [ 30.348754] The buggy address belongs to the object at ffff888106038600 [ 30.348754] which belongs to the cache kmalloc-64 of size 64 [ 30.349660] The buggy address is located 0 bytes to the right of [ 30.349660] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.350456] [ 30.350653] The buggy address belongs to the physical page: [ 30.350988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.351630] flags: 0x200000000000000(node=0|zone=2) [ 30.351931] page_type: f5(slab) [ 30.352051] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.352436] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.352813] page dumped because: kasan: bad access detected [ 30.353226] [ 30.353389] Memory state around the buggy address: [ 30.353705] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.354193] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.354483] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.354781] ^ [ 30.355245] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.355648] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.356134] ================================================================== [ 30.668237] ================================================================== [ 30.668768] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 30.669398] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.670112] [ 30.670216] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.670294] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.670309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.670333] Call Trace: [ 30.670353] <TASK> [ 30.670375] dump_stack_lvl+0x73/0xb0 [ 30.670407] print_report+0xd1/0x640 [ 30.670432] ? __virt_addr_valid+0x1db/0x2d0 [ 30.670673] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.670699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.670726] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.670748] kasan_report+0x141/0x180 [ 30.670772] ? kasan_atomics_helper+0x1d7a/0x5450 [ 30.670810] kasan_check_range+0x10c/0x1c0 [ 30.670836] __kasan_check_write+0x18/0x20 [ 30.670861] kasan_atomics_helper+0x1d7a/0x5450 [ 30.670884] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.670907] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.670940] ? kasan_atomics+0x152/0x310 [ 30.670967] kasan_atomics+0x1dc/0x310 [ 30.670990] ? __pfx_kasan_atomics+0x10/0x10 [ 30.671015] ? __pfx_read_tsc+0x10/0x10 [ 30.671037] ? ktime_get_ts64+0x86/0x230 [ 30.671064] kunit_try_run_case+0x1a5/0x480 [ 30.671089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.671112] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.671139] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.671165] ? __kthread_parkme+0x82/0x180 [ 30.671186] ? preempt_count_sub+0x50/0x80 [ 30.671210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.671235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.671266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.671290] kthread+0x337/0x6f0 [ 30.671310] ? trace_preempt_on+0x20/0xc0 [ 30.671335] ? __pfx_kthread+0x10/0x10 [ 30.671356] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.671380] ? calculate_sigpending+0x7b/0xa0 [ 30.671405] ? __pfx_kthread+0x10/0x10 [ 30.671428] ret_from_fork+0x116/0x1d0 [ 30.671448] ? __pfx_kthread+0x10/0x10 [ 30.671469] ret_from_fork_asm+0x1a/0x30 [ 30.671503] </TASK> [ 30.671515] [ 30.684179] Allocated by task 313: [ 30.684617] kasan_save_stack+0x45/0x70 [ 30.684999] kasan_save_track+0x18/0x40 [ 30.685228] kasan_save_alloc_info+0x3b/0x50 [ 30.685443] __kasan_kmalloc+0xb7/0xc0 [ 30.685634] __kmalloc_cache_noprof+0x189/0x420 [ 30.686110] kasan_atomics+0x95/0x310 [ 30.686254] kunit_try_run_case+0x1a5/0x480 [ 30.686556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.687070] kthread+0x337/0x6f0 [ 30.687239] ret_from_fork+0x116/0x1d0 [ 30.687432] ret_from_fork_asm+0x1a/0x30 [ 30.687744] [ 30.687843] The buggy address belongs to the object at ffff888106038600 [ 30.687843] which belongs to the cache kmalloc-64 of size 64 [ 30.688826] The buggy address is located 0 bytes to the right of [ 30.688826] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.689544] [ 30.689661] The buggy address belongs to the physical page: [ 30.690219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.690890] flags: 0x200000000000000(node=0|zone=2) [ 30.691160] page_type: f5(slab) [ 30.691464] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.691782] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.692379] page dumped because: kasan: bad access detected [ 30.692739] [ 30.692837] Memory state around the buggy address: [ 30.693311] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.693718] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.694512] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.694976] ^ [ 30.695155] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.695504] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.696104] ================================================================== [ 30.827053] ================================================================== [ 30.827447] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 30.828237] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.828647] [ 30.829030] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.829200] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.829219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.829244] Call Trace: [ 30.829267] <TASK> [ 30.829290] dump_stack_lvl+0x73/0xb0 [ 30.829324] print_report+0xd1/0x640 [ 30.829349] ? __virt_addr_valid+0x1db/0x2d0 [ 30.829376] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.829399] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.829426] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.829449] kasan_report+0x141/0x180 [ 30.829472] ? kasan_atomics_helper+0x4f98/0x5450 [ 30.829498] __asan_report_load8_noabort+0x18/0x20 [ 30.829523] kasan_atomics_helper+0x4f98/0x5450 [ 30.829547] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.829571] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.829609] ? kasan_atomics+0x152/0x310 [ 30.829636] kasan_atomics+0x1dc/0x310 [ 30.829659] ? __pfx_kasan_atomics+0x10/0x10 [ 30.829684] ? __pfx_read_tsc+0x10/0x10 [ 30.829707] ? ktime_get_ts64+0x86/0x230 [ 30.829732] kunit_try_run_case+0x1a5/0x480 [ 30.829759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.829781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.829808] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.829834] ? __kthread_parkme+0x82/0x180 [ 30.829855] ? preempt_count_sub+0x50/0x80 [ 30.829879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.829904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.829943] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.829968] kthread+0x337/0x6f0 [ 30.829987] ? trace_preempt_on+0x20/0xc0 [ 30.830012] ? __pfx_kthread+0x10/0x10 [ 30.830033] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.830058] ? calculate_sigpending+0x7b/0xa0 [ 30.830084] ? __pfx_kthread+0x10/0x10 [ 30.830106] ret_from_fork+0x116/0x1d0 [ 30.830129] ? __pfx_kthread+0x10/0x10 [ 30.830151] ret_from_fork_asm+0x1a/0x30 [ 30.830187] </TASK> [ 30.830200] [ 30.840921] Allocated by task 313: [ 30.841349] kasan_save_stack+0x45/0x70 [ 30.841567] kasan_save_track+0x18/0x40 [ 30.841756] kasan_save_alloc_info+0x3b/0x50 [ 30.842202] __kasan_kmalloc+0xb7/0xc0 [ 30.842474] __kmalloc_cache_noprof+0x189/0x420 [ 30.842795] kasan_atomics+0x95/0x310 [ 30.843124] kunit_try_run_case+0x1a5/0x480 [ 30.843443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.843745] kthread+0x337/0x6f0 [ 30.844079] ret_from_fork+0x116/0x1d0 [ 30.844367] ret_from_fork_asm+0x1a/0x30 [ 30.844559] [ 30.844671] The buggy address belongs to the object at ffff888106038600 [ 30.844671] which belongs to the cache kmalloc-64 of size 64 [ 30.845489] The buggy address is located 0 bytes to the right of [ 30.845489] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.846115] [ 30.846402] The buggy address belongs to the physical page: [ 30.846709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.847269] flags: 0x200000000000000(node=0|zone=2) [ 30.847606] page_type: f5(slab) [ 30.847897] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.848308] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.848728] page dumped because: kasan: bad access detected [ 30.848955] [ 30.849047] Memory state around the buggy address: [ 30.849242] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.849550] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.849853] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.850499] ^ [ 30.850815] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851275] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.851641] ================================================================== [ 29.448444] ================================================================== [ 29.448694] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 29.449532] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.450156] [ 29.450276] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.450341] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.450356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.450380] Call Trace: [ 29.450398] <TASK> [ 29.450418] dump_stack_lvl+0x73/0xb0 [ 29.450449] print_report+0xd1/0x640 [ 29.450473] ? __virt_addr_valid+0x1db/0x2d0 [ 29.450498] ? kasan_atomics_helper+0x4b54/0x5450 [ 29.450739] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.450772] ? kasan_atomics_helper+0x4b54/0x5450 [ 29.450818] kasan_report+0x141/0x180 [ 29.450848] ? kasan_atomics_helper+0x4b54/0x5450 [ 29.450876] __asan_report_load4_noabort+0x18/0x20 [ 29.450901] kasan_atomics_helper+0x4b54/0x5450 [ 29.450932] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.450955] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.450984] ? kasan_atomics+0x152/0x310 [ 29.451012] kasan_atomics+0x1dc/0x310 [ 29.451036] ? __pfx_kasan_atomics+0x10/0x10 [ 29.451061] ? __pfx_read_tsc+0x10/0x10 [ 29.451084] ? ktime_get_ts64+0x86/0x230 [ 29.451110] kunit_try_run_case+0x1a5/0x480 [ 29.451136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.451159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.451186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.451213] ? __kthread_parkme+0x82/0x180 [ 29.451234] ? preempt_count_sub+0x50/0x80 [ 29.451264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.451289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.451314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.451339] kthread+0x337/0x6f0 [ 29.451359] ? trace_preempt_on+0x20/0xc0 [ 29.451383] ? __pfx_kthread+0x10/0x10 [ 29.451405] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.451429] ? calculate_sigpending+0x7b/0xa0 [ 29.451454] ? __pfx_kthread+0x10/0x10 [ 29.451476] ret_from_fork+0x116/0x1d0 [ 29.451496] ? __pfx_kthread+0x10/0x10 [ 29.451518] ret_from_fork_asm+0x1a/0x30 [ 29.451550] </TASK> [ 29.451562] [ 29.462910] Allocated by task 313: [ 29.463190] kasan_save_stack+0x45/0x70 [ 29.463674] kasan_save_track+0x18/0x40 [ 29.464094] kasan_save_alloc_info+0x3b/0x50 [ 29.464295] __kasan_kmalloc+0xb7/0xc0 [ 29.464569] __kmalloc_cache_noprof+0x189/0x420 [ 29.464773] kasan_atomics+0x95/0x310 [ 29.465200] kunit_try_run_case+0x1a5/0x480 [ 29.465442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.465769] kthread+0x337/0x6f0 [ 29.466026] ret_from_fork+0x116/0x1d0 [ 29.466430] ret_from_fork_asm+0x1a/0x30 [ 29.466608] [ 29.466704] The buggy address belongs to the object at ffff888106038600 [ 29.466704] which belongs to the cache kmalloc-64 of size 64 [ 29.467607] The buggy address is located 0 bytes to the right of [ 29.467607] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.468377] [ 29.468588] The buggy address belongs to the physical page: [ 29.469177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.469600] flags: 0x200000000000000(node=0|zone=2) [ 29.469904] page_type: f5(slab) [ 29.470232] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.470562] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.471062] page dumped because: kasan: bad access detected [ 29.471305] [ 29.471393] Memory state around the buggy address: [ 29.471784] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.472365] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.472665] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.473126] ^ [ 29.473445] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.474073] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.474366] ================================================================== [ 30.778265] ================================================================== [ 30.778943] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 30.779184] Read of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.779481] [ 30.779854] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.779982] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.779998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.780022] Call Trace: [ 30.780042] <TASK> [ 30.780062] dump_stack_lvl+0x73/0xb0 [ 30.780092] print_report+0xd1/0x640 [ 30.780116] ? __virt_addr_valid+0x1db/0x2d0 [ 30.780141] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.780164] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.780191] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.780214] kasan_report+0x141/0x180 [ 30.780358] ? kasan_atomics_helper+0x4f71/0x5450 [ 30.780386] __asan_report_load8_noabort+0x18/0x20 [ 30.780412] kasan_atomics_helper+0x4f71/0x5450 [ 30.780435] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.780457] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.780485] ? kasan_atomics+0x152/0x310 [ 30.780512] kasan_atomics+0x1dc/0x310 [ 30.780535] ? __pfx_kasan_atomics+0x10/0x10 [ 30.780560] ? __pfx_read_tsc+0x10/0x10 [ 30.780592] ? ktime_get_ts64+0x86/0x230 [ 30.780619] kunit_try_run_case+0x1a5/0x480 [ 30.780645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.780669] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.780696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.780722] ? __kthread_parkme+0x82/0x180 [ 30.780744] ? preempt_count_sub+0x50/0x80 [ 30.780770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.780797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.780822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.780847] kthread+0x337/0x6f0 [ 30.780867] ? trace_preempt_on+0x20/0xc0 [ 30.780893] ? __pfx_kthread+0x10/0x10 [ 30.780928] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.780953] ? calculate_sigpending+0x7b/0xa0 [ 30.780978] ? __pfx_kthread+0x10/0x10 [ 30.781000] ret_from_fork+0x116/0x1d0 [ 30.781020] ? __pfx_kthread+0x10/0x10 [ 30.781041] ret_from_fork_asm+0x1a/0x30 [ 30.781076] </TASK> [ 30.781088] [ 30.791027] Allocated by task 313: [ 30.791371] kasan_save_stack+0x45/0x70 [ 30.791549] kasan_save_track+0x18/0x40 [ 30.791723] kasan_save_alloc_info+0x3b/0x50 [ 30.791920] __kasan_kmalloc+0xb7/0xc0 [ 30.792358] __kmalloc_cache_noprof+0x189/0x420 [ 30.792533] kasan_atomics+0x95/0x310 [ 30.792877] kunit_try_run_case+0x1a5/0x480 [ 30.793095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.793490] kthread+0x337/0x6f0 [ 30.793748] ret_from_fork+0x116/0x1d0 [ 30.793896] ret_from_fork_asm+0x1a/0x30 [ 30.794243] [ 30.794364] The buggy address belongs to the object at ffff888106038600 [ 30.794364] which belongs to the cache kmalloc-64 of size 64 [ 30.795068] The buggy address is located 0 bytes to the right of [ 30.795068] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.795772] [ 30.795867] The buggy address belongs to the physical page: [ 30.796058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.796537] flags: 0x200000000000000(node=0|zone=2) [ 30.796859] page_type: f5(slab) [ 30.797036] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.797529] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.797959] page dumped because: kasan: bad access detected [ 30.798200] [ 30.798444] Memory state around the buggy address: [ 30.798622] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.799116] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.799418] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.799721] ^ [ 30.799924] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.800459] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.800859] ================================================================== [ 30.940821] ================================================================== [ 30.941144] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 30.941490] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.941833] [ 30.941953] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.942008] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.942023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.942046] Call Trace: [ 30.942067] <TASK> [ 30.942088] dump_stack_lvl+0x73/0xb0 [ 30.942117] print_report+0xd1/0x640 [ 30.942141] ? __virt_addr_valid+0x1db/0x2d0 [ 30.942166] ? kasan_atomics_helper+0x224c/0x5450 [ 30.942188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.942216] ? kasan_atomics_helper+0x224c/0x5450 [ 30.942238] kasan_report+0x141/0x180 [ 30.942261] ? kasan_atomics_helper+0x224c/0x5450 [ 30.942288] kasan_check_range+0x10c/0x1c0 [ 30.942313] __kasan_check_write+0x18/0x20 [ 30.942337] kasan_atomics_helper+0x224c/0x5450 [ 30.942361] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.942384] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.942411] ? kasan_atomics+0x152/0x310 [ 30.942438] kasan_atomics+0x1dc/0x310 [ 30.942461] ? __pfx_kasan_atomics+0x10/0x10 [ 30.942486] ? __pfx_read_tsc+0x10/0x10 [ 30.942509] ? ktime_get_ts64+0x86/0x230 [ 30.942535] kunit_try_run_case+0x1a5/0x480 [ 30.942561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.942596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.942623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.942650] ? __kthread_parkme+0x82/0x180 [ 30.942672] ? preempt_count_sub+0x50/0x80 [ 30.942695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.942720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.942744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.942768] kthread+0x337/0x6f0 [ 30.942789] ? trace_preempt_on+0x20/0xc0 [ 30.942813] ? __pfx_kthread+0x10/0x10 [ 30.942834] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.942858] ? calculate_sigpending+0x7b/0xa0 [ 30.942883] ? __pfx_kthread+0x10/0x10 [ 30.942905] ret_from_fork+0x116/0x1d0 [ 30.942925] ? __pfx_kthread+0x10/0x10 [ 30.942946] ret_from_fork_asm+0x1a/0x30 [ 30.942980] </TASK> [ 30.942991] [ 30.950946] Allocated by task 313: [ 30.951092] kasan_save_stack+0x45/0x70 [ 30.951236] kasan_save_track+0x18/0x40 [ 30.951372] kasan_save_alloc_info+0x3b/0x50 [ 30.951514] __kasan_kmalloc+0xb7/0xc0 [ 30.951685] __kmalloc_cache_noprof+0x189/0x420 [ 30.951904] kasan_atomics+0x95/0x310 [ 30.952096] kunit_try_run_case+0x1a5/0x480 [ 30.952296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.952541] kthread+0x337/0x6f0 [ 30.952710] ret_from_fork+0x116/0x1d0 [ 30.952890] ret_from_fork_asm+0x1a/0x30 [ 30.953049] [ 30.953115] The buggy address belongs to the object at ffff888106038600 [ 30.953115] which belongs to the cache kmalloc-64 of size 64 [ 30.953586] The buggy address is located 0 bytes to the right of [ 30.953586] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.954182] [ 30.954275] The buggy address belongs to the physical page: [ 30.954480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.954823] flags: 0x200000000000000(node=0|zone=2) [ 30.955058] page_type: f5(slab) [ 30.955194] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.955501] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.955790] page dumped because: kasan: bad access detected [ 30.956051] [ 30.956116] Memory state around the buggy address: [ 30.956322] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.956618] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.956899] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.957175] ^ [ 30.957379] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.957632] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.957837] ================================================================== [ 29.698691] ================================================================== [ 29.699080] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 29.699320] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.699683] [ 29.699792] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.699844] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.699859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.699882] Call Trace: [ 29.699902] <TASK> [ 29.699986] dump_stack_lvl+0x73/0xb0 [ 29.700541] print_report+0xd1/0x640 [ 29.700566] ? __virt_addr_valid+0x1db/0x2d0 [ 29.700604] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.700626] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.700652] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.700675] kasan_report+0x141/0x180 [ 29.700698] ? kasan_atomics_helper+0xa2b/0x5450 [ 29.700725] kasan_check_range+0x10c/0x1c0 [ 29.700750] __kasan_check_write+0x18/0x20 [ 29.700774] kasan_atomics_helper+0xa2b/0x5450 [ 29.700797] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.700820] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.700847] ? kasan_atomics+0x152/0x310 [ 29.700874] kasan_atomics+0x1dc/0x310 [ 29.700897] ? __pfx_kasan_atomics+0x10/0x10 [ 29.700923] ? __pfx_read_tsc+0x10/0x10 [ 29.700946] ? ktime_get_ts64+0x86/0x230 [ 29.700971] kunit_try_run_case+0x1a5/0x480 [ 29.700998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.701022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.701048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.701074] ? __kthread_parkme+0x82/0x180 [ 29.701095] ? preempt_count_sub+0x50/0x80 [ 29.701119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.701144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.701169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.701194] kthread+0x337/0x6f0 [ 29.701213] ? trace_preempt_on+0x20/0xc0 [ 29.701238] ? __pfx_kthread+0x10/0x10 [ 29.701259] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.701548] ? calculate_sigpending+0x7b/0xa0 [ 29.701595] ? __pfx_kthread+0x10/0x10 [ 29.701619] ret_from_fork+0x116/0x1d0 [ 29.701641] ? __pfx_kthread+0x10/0x10 [ 29.701662] ret_from_fork_asm+0x1a/0x30 [ 29.701696] </TASK> [ 29.701708] [ 29.714665] Allocated by task 313: [ 29.715272] kasan_save_stack+0x45/0x70 [ 29.715533] kasan_save_track+0x18/0x40 [ 29.715842] kasan_save_alloc_info+0x3b/0x50 [ 29.716228] __kasan_kmalloc+0xb7/0xc0 [ 29.716516] __kmalloc_cache_noprof+0x189/0x420 [ 29.716754] kasan_atomics+0x95/0x310 [ 29.717191] kunit_try_run_case+0x1a5/0x480 [ 29.717379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.717621] kthread+0x337/0x6f0 [ 29.717773] ret_from_fork+0x116/0x1d0 [ 29.718263] ret_from_fork_asm+0x1a/0x30 [ 29.718599] [ 29.718883] The buggy address belongs to the object at ffff888106038600 [ 29.718883] which belongs to the cache kmalloc-64 of size 64 [ 29.719641] The buggy address is located 0 bytes to the right of [ 29.719641] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.720599] [ 29.720949] The buggy address belongs to the physical page: [ 29.721450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.722163] flags: 0x200000000000000(node=0|zone=2) [ 29.722400] page_type: f5(slab) [ 29.722555] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.722870] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.723491] page dumped because: kasan: bad access detected [ 29.724016] [ 29.724285] Memory state around the buggy address: [ 29.724508] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.725070] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.725560] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.726445] ^ [ 29.726750] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.727352] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.727669] ================================================================== [ 30.555615] ================================================================== [ 30.556245] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 30.556698] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.557264] [ 30.557360] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.557414] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.557428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.557452] Call Trace: [ 30.557473] <TASK> [ 30.557493] dump_stack_lvl+0x73/0xb0 [ 30.557525] print_report+0xd1/0x640 [ 30.557848] ? __virt_addr_valid+0x1db/0x2d0 [ 30.557889] ? kasan_atomics_helper+0x1b22/0x5450 [ 30.557913] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.557949] ? kasan_atomics_helper+0x1b22/0x5450 [ 30.557972] kasan_report+0x141/0x180 [ 30.557995] ? kasan_atomics_helper+0x1b22/0x5450 [ 30.558022] kasan_check_range+0x10c/0x1c0 [ 30.558047] __kasan_check_write+0x18/0x20 [ 30.558071] kasan_atomics_helper+0x1b22/0x5450 [ 30.558096] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.558119] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.558145] ? kasan_atomics+0x152/0x310 [ 30.558171] kasan_atomics+0x1dc/0x310 [ 30.558195] ? __pfx_kasan_atomics+0x10/0x10 [ 30.558220] ? __pfx_read_tsc+0x10/0x10 [ 30.558242] ? ktime_get_ts64+0x86/0x230 [ 30.558268] kunit_try_run_case+0x1a5/0x480 [ 30.558294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.558316] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.558343] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.558370] ? __kthread_parkme+0x82/0x180 [ 30.558391] ? preempt_count_sub+0x50/0x80 [ 30.558416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.558440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.558465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.558489] kthread+0x337/0x6f0 [ 30.558509] ? trace_preempt_on+0x20/0xc0 [ 30.558534] ? __pfx_kthread+0x10/0x10 [ 30.558554] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.558588] ? calculate_sigpending+0x7b/0xa0 [ 30.558643] ? __pfx_kthread+0x10/0x10 [ 30.558666] ret_from_fork+0x116/0x1d0 [ 30.558687] ? __pfx_kthread+0x10/0x10 [ 30.558718] ret_from_fork_asm+0x1a/0x30 [ 30.558751] </TASK> [ 30.558763] [ 30.567398] Allocated by task 313: [ 30.567629] kasan_save_stack+0x45/0x70 [ 30.567869] kasan_save_track+0x18/0x40 [ 30.568130] kasan_save_alloc_info+0x3b/0x50 [ 30.568334] __kasan_kmalloc+0xb7/0xc0 [ 30.568559] __kmalloc_cache_noprof+0x189/0x420 [ 30.568747] kasan_atomics+0x95/0x310 [ 30.569069] kunit_try_run_case+0x1a5/0x480 [ 30.569294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.569601] kthread+0x337/0x6f0 [ 30.569776] ret_from_fork+0x116/0x1d0 [ 30.570142] ret_from_fork_asm+0x1a/0x30 [ 30.570470] [ 30.570593] The buggy address belongs to the object at ffff888106038600 [ 30.570593] which belongs to the cache kmalloc-64 of size 64 [ 30.570968] The buggy address is located 0 bytes to the right of [ 30.570968] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.571604] [ 30.571700] The buggy address belongs to the physical page: [ 30.572005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.572388] flags: 0x200000000000000(node=0|zone=2) [ 30.572597] page_type: f5(slab) [ 30.572763] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.573017] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.573441] page dumped because: kasan: bad access detected [ 30.573840] [ 30.573969] Memory state around the buggy address: [ 30.574251] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.574632] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.574970] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.575460] ^ [ 30.575783] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.576390] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.576727] ================================================================== [ 29.398391] ================================================================== [ 29.398723] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 29.399613] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.400463] [ 29.400652] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.400710] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.400727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.400751] Call Trace: [ 29.400884] <TASK> [ 29.400909] dump_stack_lvl+0x73/0xb0 [ 29.400943] print_report+0xd1/0x640 [ 29.400971] ? __virt_addr_valid+0x1db/0x2d0 [ 29.400998] ? kasan_atomics_helper+0x4b6e/0x5450 [ 29.401067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.401098] ? kasan_atomics_helper+0x4b6e/0x5450 [ 29.401122] kasan_report+0x141/0x180 [ 29.401146] ? kasan_atomics_helper+0x4b6e/0x5450 [ 29.401173] __asan_report_store4_noabort+0x1b/0x30 [ 29.401198] kasan_atomics_helper+0x4b6e/0x5450 [ 29.401223] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.401246] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.401272] ? kasan_atomics+0x152/0x310 [ 29.401300] kasan_atomics+0x1dc/0x310 [ 29.401323] ? __pfx_kasan_atomics+0x10/0x10 [ 29.401349] ? __pfx_read_tsc+0x10/0x10 [ 29.401371] ? ktime_get_ts64+0x86/0x230 [ 29.401397] kunit_try_run_case+0x1a5/0x480 [ 29.401426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.401452] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.401479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.401506] ? __kthread_parkme+0x82/0x180 [ 29.401528] ? preempt_count_sub+0x50/0x80 [ 29.401553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.401589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.401615] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.401639] kthread+0x337/0x6f0 [ 29.401660] ? trace_preempt_on+0x20/0xc0 [ 29.401684] ? __pfx_kthread+0x10/0x10 [ 29.401705] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.401730] ? calculate_sigpending+0x7b/0xa0 [ 29.401755] ? __pfx_kthread+0x10/0x10 [ 29.401777] ret_from_fork+0x116/0x1d0 [ 29.401810] ? __pfx_kthread+0x10/0x10 [ 29.401832] ret_from_fork_asm+0x1a/0x30 [ 29.401865] </TASK> [ 29.401876] [ 29.412992] Allocated by task 313: [ 29.413256] kasan_save_stack+0x45/0x70 [ 29.413436] kasan_save_track+0x18/0x40 [ 29.413625] kasan_save_alloc_info+0x3b/0x50 [ 29.413837] __kasan_kmalloc+0xb7/0xc0 [ 29.414041] __kmalloc_cache_noprof+0x189/0x420 [ 29.414233] kasan_atomics+0x95/0x310 [ 29.414431] kunit_try_run_case+0x1a5/0x480 [ 29.414620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.414819] kthread+0x337/0x6f0 [ 29.414935] ret_from_fork+0x116/0x1d0 [ 29.415064] ret_from_fork_asm+0x1a/0x30 [ 29.415203] [ 29.415282] The buggy address belongs to the object at ffff888106038600 [ 29.415282] which belongs to the cache kmalloc-64 of size 64 [ 29.416144] The buggy address is located 0 bytes to the right of [ 29.416144] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.416534] [ 29.416614] The buggy address belongs to the physical page: [ 29.416832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.417220] flags: 0x200000000000000(node=0|zone=2) [ 29.417674] page_type: f5(slab) [ 29.417900] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.418219] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.418524] page dumped because: kasan: bad access detected [ 29.418768] [ 29.418924] Memory state around the buggy address: [ 29.419137] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.419536] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.419868] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.420246] ^ [ 29.420486] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.420844] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.421146] ================================================================== [ 30.852993] ================================================================== [ 30.853311] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 30.853787] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.854266] [ 30.854672] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.854739] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.854756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.854779] Call Trace: [ 30.854802] <TASK> [ 30.854823] dump_stack_lvl+0x73/0xb0 [ 30.854856] print_report+0xd1/0x640 [ 30.854883] ? __virt_addr_valid+0x1db/0x2d0 [ 30.854909] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.854942] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.854969] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.854992] kasan_report+0x141/0x180 [ 30.855016] ? kasan_atomics_helper+0x20c8/0x5450 [ 30.855044] kasan_check_range+0x10c/0x1c0 [ 30.855068] __kasan_check_write+0x18/0x20 [ 30.855094] kasan_atomics_helper+0x20c8/0x5450 [ 30.855118] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.855141] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.855167] ? kasan_atomics+0x152/0x310 [ 30.855194] kasan_atomics+0x1dc/0x310 [ 30.855217] ? __pfx_kasan_atomics+0x10/0x10 [ 30.855242] ? __pfx_read_tsc+0x10/0x10 [ 30.855290] ? ktime_get_ts64+0x86/0x230 [ 30.855316] kunit_try_run_case+0x1a5/0x480 [ 30.855343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.855377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.855404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.855442] ? __kthread_parkme+0x82/0x180 [ 30.855463] ? preempt_count_sub+0x50/0x80 [ 30.855488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.855522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.855546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.855588] kthread+0x337/0x6f0 [ 30.855609] ? trace_preempt_on+0x20/0xc0 [ 30.855635] ? __pfx_kthread+0x10/0x10 [ 30.855666] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.855691] ? calculate_sigpending+0x7b/0xa0 [ 30.855716] ? __pfx_kthread+0x10/0x10 [ 30.855738] ret_from_fork+0x116/0x1d0 [ 30.855758] ? __pfx_kthread+0x10/0x10 [ 30.855780] ret_from_fork_asm+0x1a/0x30 [ 30.855813] </TASK> [ 30.855825] [ 30.867023] Allocated by task 313: [ 30.867255] kasan_save_stack+0x45/0x70 [ 30.867456] kasan_save_track+0x18/0x40 [ 30.867631] kasan_save_alloc_info+0x3b/0x50 [ 30.867829] __kasan_kmalloc+0xb7/0xc0 [ 30.868473] __kmalloc_cache_noprof+0x189/0x420 [ 30.868731] kasan_atomics+0x95/0x310 [ 30.869032] kunit_try_run_case+0x1a5/0x480 [ 30.869253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.869673] kthread+0x337/0x6f0 [ 30.869950] ret_from_fork+0x116/0x1d0 [ 30.870261] ret_from_fork_asm+0x1a/0x30 [ 30.870416] [ 30.870688] The buggy address belongs to the object at ffff888106038600 [ 30.870688] which belongs to the cache kmalloc-64 of size 64 [ 30.871494] The buggy address is located 0 bytes to the right of [ 30.871494] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.872212] [ 30.872301] The buggy address belongs to the physical page: [ 30.872710] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.873235] flags: 0x200000000000000(node=0|zone=2) [ 30.873561] page_type: f5(slab) [ 30.873865] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.874391] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.874822] page dumped because: kasan: bad access detected [ 30.875221] [ 30.875312] Memory state around the buggy address: [ 30.875691] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.876178] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.876568] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.877009] ^ [ 30.877255] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.877633] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.878099] ================================================================== [ 29.801653] ================================================================== [ 29.802073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 29.802314] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.803287] [ 29.803387] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.803439] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.803455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.803477] Call Trace: [ 29.803493] <TASK> [ 29.803509] dump_stack_lvl+0x73/0xb0 [ 29.803538] print_report+0xd1/0x640 [ 29.803563] ? __virt_addr_valid+0x1db/0x2d0 [ 29.803600] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.803657] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.803685] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.803706] kasan_report+0x141/0x180 [ 29.803730] ? kasan_atomics_helper+0x4a84/0x5450 [ 29.803757] __asan_report_load4_noabort+0x18/0x20 [ 29.803782] kasan_atomics_helper+0x4a84/0x5450 [ 29.804042] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.804070] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.804096] ? kasan_atomics+0x152/0x310 [ 29.804124] kasan_atomics+0x1dc/0x310 [ 29.804147] ? __pfx_kasan_atomics+0x10/0x10 [ 29.804173] ? __pfx_read_tsc+0x10/0x10 [ 29.804197] ? ktime_get_ts64+0x86/0x230 [ 29.804223] kunit_try_run_case+0x1a5/0x480 [ 29.804249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.804272] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.804298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.804324] ? __kthread_parkme+0x82/0x180 [ 29.804346] ? preempt_count_sub+0x50/0x80 [ 29.804370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.804395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.804419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.804443] kthread+0x337/0x6f0 [ 29.804464] ? trace_preempt_on+0x20/0xc0 [ 29.804488] ? __pfx_kthread+0x10/0x10 [ 29.804509] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.804534] ? calculate_sigpending+0x7b/0xa0 [ 29.804559] ? __pfx_kthread+0x10/0x10 [ 29.804594] ret_from_fork+0x116/0x1d0 [ 29.804614] ? __pfx_kthread+0x10/0x10 [ 29.804636] ret_from_fork_asm+0x1a/0x30 [ 29.804669] </TASK> [ 29.804681] [ 29.815156] Allocated by task 313: [ 29.815434] kasan_save_stack+0x45/0x70 [ 29.815761] kasan_save_track+0x18/0x40 [ 29.815995] kasan_save_alloc_info+0x3b/0x50 [ 29.816514] __kasan_kmalloc+0xb7/0xc0 [ 29.816694] __kmalloc_cache_noprof+0x189/0x420 [ 29.817188] kasan_atomics+0x95/0x310 [ 29.817361] kunit_try_run_case+0x1a5/0x480 [ 29.817513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.818021] kthread+0x337/0x6f0 [ 29.818398] ret_from_fork+0x116/0x1d0 [ 29.818544] ret_from_fork_asm+0x1a/0x30 [ 29.818756] [ 29.818847] The buggy address belongs to the object at ffff888106038600 [ 29.818847] which belongs to the cache kmalloc-64 of size 64 [ 29.819693] The buggy address is located 0 bytes to the right of [ 29.819693] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.820490] [ 29.820601] The buggy address belongs to the physical page: [ 29.820856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.821379] flags: 0x200000000000000(node=0|zone=2) [ 29.821560] page_type: f5(slab) [ 29.821739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.822310] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.822645] page dumped because: kasan: bad access detected [ 29.823042] [ 29.823168] Memory state around the buggy address: [ 29.823543] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.823888] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.824554] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.825109] ^ [ 29.825395] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.825987] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.826472] ================================================================== [ 29.962235] ================================================================== [ 29.962551] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 29.963260] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.963728] [ 29.963846] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.964037] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.964085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.964109] Call Trace: [ 29.964130] <TASK> [ 29.964213] dump_stack_lvl+0x73/0xb0 [ 29.964248] print_report+0xd1/0x640 [ 29.964272] ? __virt_addr_valid+0x1db/0x2d0 [ 29.964297] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.964319] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.964346] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.964368] kasan_report+0x141/0x180 [ 29.964391] ? kasan_atomics_helper+0x4a36/0x5450 [ 29.964418] __asan_report_load4_noabort+0x18/0x20 [ 29.964443] kasan_atomics_helper+0x4a36/0x5450 [ 29.964467] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.964491] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.964517] ? kasan_atomics+0x152/0x310 [ 29.964544] kasan_atomics+0x1dc/0x310 [ 29.964568] ? __pfx_kasan_atomics+0x10/0x10 [ 29.964606] ? __pfx_read_tsc+0x10/0x10 [ 29.964629] ? ktime_get_ts64+0x86/0x230 [ 29.964655] kunit_try_run_case+0x1a5/0x480 [ 29.964681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.964704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.964731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.964757] ? __kthread_parkme+0x82/0x180 [ 29.964779] ? preempt_count_sub+0x50/0x80 [ 29.964812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.964837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.964863] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.964888] kthread+0x337/0x6f0 [ 29.964909] ? trace_preempt_on+0x20/0xc0 [ 29.964941] ? __pfx_kthread+0x10/0x10 [ 29.964962] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.964988] ? calculate_sigpending+0x7b/0xa0 [ 29.965012] ? __pfx_kthread+0x10/0x10 [ 29.965034] ret_from_fork+0x116/0x1d0 [ 29.965055] ? __pfx_kthread+0x10/0x10 [ 29.965078] ret_from_fork_asm+0x1a/0x30 [ 29.965111] </TASK> [ 29.965123] [ 29.975477] Allocated by task 313: [ 29.975689] kasan_save_stack+0x45/0x70 [ 29.975862] kasan_save_track+0x18/0x40 [ 29.976322] kasan_save_alloc_info+0x3b/0x50 [ 29.976653] __kasan_kmalloc+0xb7/0xc0 [ 29.977031] __kmalloc_cache_noprof+0x189/0x420 [ 29.977225] kasan_atomics+0x95/0x310 [ 29.977518] kunit_try_run_case+0x1a5/0x480 [ 29.977906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.978116] kthread+0x337/0x6f0 [ 29.978300] ret_from_fork+0x116/0x1d0 [ 29.978597] ret_from_fork_asm+0x1a/0x30 [ 29.978773] [ 29.979058] The buggy address belongs to the object at ffff888106038600 [ 29.979058] which belongs to the cache kmalloc-64 of size 64 [ 29.979627] The buggy address is located 0 bytes to the right of [ 29.979627] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.980197] [ 29.980455] The buggy address belongs to the physical page: [ 29.980790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.981097] flags: 0x200000000000000(node=0|zone=2) [ 29.981408] page_type: f5(slab) [ 29.981678] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.982044] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.982416] page dumped because: kasan: bad access detected [ 29.982722] [ 29.982893] Memory state around the buggy address: [ 29.983164] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.983549] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.983875] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.984410] ^ [ 29.984642] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985025] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.985505] ================================================================== [ 30.274553] ================================================================== [ 30.275483] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 30.276077] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.276310] [ 30.276398] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.276457] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.276472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.276496] Call Trace: [ 30.276518] <TASK> [ 30.276541] dump_stack_lvl+0x73/0xb0 [ 30.276586] print_report+0xd1/0x640 [ 30.276616] ? __virt_addr_valid+0x1db/0x2d0 [ 30.276644] ? kasan_atomics_helper+0x151d/0x5450 [ 30.276667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.276696] ? kasan_atomics_helper+0x151d/0x5450 [ 30.276719] kasan_report+0x141/0x180 [ 30.276743] ? kasan_atomics_helper+0x151d/0x5450 [ 30.276770] kasan_check_range+0x10c/0x1c0 [ 30.276795] __kasan_check_write+0x18/0x20 [ 30.276924] kasan_atomics_helper+0x151d/0x5450 [ 30.276960] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.276985] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.277014] ? kasan_atomics+0x152/0x310 [ 30.277042] kasan_atomics+0x1dc/0x310 [ 30.277066] ? __pfx_kasan_atomics+0x10/0x10 [ 30.277091] ? __pfx_read_tsc+0x10/0x10 [ 30.277113] ? ktime_get_ts64+0x86/0x230 [ 30.277159] kunit_try_run_case+0x1a5/0x480 [ 30.277187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.277211] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.277238] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.277265] ? __kthread_parkme+0x82/0x180 [ 30.277289] ? preempt_count_sub+0x50/0x80 [ 30.277313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.277339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.277363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.277388] kthread+0x337/0x6f0 [ 30.277409] ? trace_preempt_on+0x20/0xc0 [ 30.277436] ? __pfx_kthread+0x10/0x10 [ 30.277458] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.277484] ? calculate_sigpending+0x7b/0xa0 [ 30.277510] ? __pfx_kthread+0x10/0x10 [ 30.277532] ret_from_fork+0x116/0x1d0 [ 30.277553] ? __pfx_kthread+0x10/0x10 [ 30.277587] ret_from_fork_asm+0x1a/0x30 [ 30.277621] </TASK> [ 30.277634] [ 30.293276] Allocated by task 313: [ 30.293454] kasan_save_stack+0x45/0x70 [ 30.293939] kasan_save_track+0x18/0x40 [ 30.294275] kasan_save_alloc_info+0x3b/0x50 [ 30.294555] __kasan_kmalloc+0xb7/0xc0 [ 30.294735] __kmalloc_cache_noprof+0x189/0x420 [ 30.295449] kasan_atomics+0x95/0x310 [ 30.295661] kunit_try_run_case+0x1a5/0x480 [ 30.295954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.296218] kthread+0x337/0x6f0 [ 30.296368] ret_from_fork+0x116/0x1d0 [ 30.296555] ret_from_fork_asm+0x1a/0x30 [ 30.296755] [ 30.296828] The buggy address belongs to the object at ffff888106038600 [ 30.296828] which belongs to the cache kmalloc-64 of size 64 [ 30.297916] The buggy address is located 0 bytes to the right of [ 30.297916] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.298492] [ 30.298610] The buggy address belongs to the physical page: [ 30.299255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.299614] flags: 0x200000000000000(node=0|zone=2) [ 30.299873] page_type: f5(slab) [ 30.300066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.300467] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.300938] page dumped because: kasan: bad access detected [ 30.301369] [ 30.301471] Memory state around the buggy address: [ 30.301712] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.302025] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.302434] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.302722] ^ [ 30.303072] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.303661] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.304264] ================================================================== [ 30.525018] ================================================================== [ 30.525411] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 30.525662] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.526191] [ 30.526384] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.526438] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.526454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.526477] Call Trace: [ 30.526498] <TASK> [ 30.526518] dump_stack_lvl+0x73/0xb0 [ 30.526556] print_report+0xd1/0x640 [ 30.526601] ? __virt_addr_valid+0x1db/0x2d0 [ 30.526629] ? kasan_atomics_helper+0x1a7f/0x5450 [ 30.526660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.526686] ? kasan_atomics_helper+0x1a7f/0x5450 [ 30.526709] kasan_report+0x141/0x180 [ 30.526743] ? kasan_atomics_helper+0x1a7f/0x5450 [ 30.526769] kasan_check_range+0x10c/0x1c0 [ 30.526794] __kasan_check_write+0x18/0x20 [ 30.526818] kasan_atomics_helper+0x1a7f/0x5450 [ 30.526841] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.526864] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.526890] ? kasan_atomics+0x152/0x310 [ 30.526925] kasan_atomics+0x1dc/0x310 [ 30.526947] ? __pfx_kasan_atomics+0x10/0x10 [ 30.526972] ? __pfx_read_tsc+0x10/0x10 [ 30.527031] ? ktime_get_ts64+0x86/0x230 [ 30.527081] kunit_try_run_case+0x1a5/0x480 [ 30.527109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.527132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.527159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.527185] ? __kthread_parkme+0x82/0x180 [ 30.527207] ? preempt_count_sub+0x50/0x80 [ 30.527232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.527263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.527288] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.527312] kthread+0x337/0x6f0 [ 30.527343] ? trace_preempt_on+0x20/0xc0 [ 30.527369] ? __pfx_kthread+0x10/0x10 [ 30.527401] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.527426] ? calculate_sigpending+0x7b/0xa0 [ 30.527451] ? __pfx_kthread+0x10/0x10 [ 30.527473] ret_from_fork+0x116/0x1d0 [ 30.527494] ? __pfx_kthread+0x10/0x10 [ 30.527516] ret_from_fork_asm+0x1a/0x30 [ 30.527549] </TASK> [ 30.527562] [ 30.543466] Allocated by task 313: [ 30.543787] kasan_save_stack+0x45/0x70 [ 30.544493] kasan_save_track+0x18/0x40 [ 30.544694] kasan_save_alloc_info+0x3b/0x50 [ 30.544839] __kasan_kmalloc+0xb7/0xc0 [ 30.545121] __kmalloc_cache_noprof+0x189/0x420 [ 30.545644] kasan_atomics+0x95/0x310 [ 30.546235] kunit_try_run_case+0x1a5/0x480 [ 30.546725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.547263] kthread+0x337/0x6f0 [ 30.547619] ret_from_fork+0x116/0x1d0 [ 30.547784] ret_from_fork_asm+0x1a/0x30 [ 30.548258] [ 30.548426] The buggy address belongs to the object at ffff888106038600 [ 30.548426] which belongs to the cache kmalloc-64 of size 64 [ 30.549135] The buggy address is located 0 bytes to the right of [ 30.549135] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.550510] [ 30.550681] The buggy address belongs to the physical page: [ 30.551052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.551594] flags: 0x200000000000000(node=0|zone=2) [ 30.552060] page_type: f5(slab) [ 30.552203] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.552446] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.552680] page dumped because: kasan: bad access detected [ 30.552873] [ 30.552980] Memory state around the buggy address: [ 30.553236] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.553558] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.553878] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.554090] ^ [ 30.554311] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.554607] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.555030] ================================================================== [ 29.324558] ================================================================== [ 29.325400] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 29.325950] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.326288] [ 29.326404] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.326461] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.326475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.326497] Call Trace: [ 29.326510] <TASK> [ 29.326529] dump_stack_lvl+0x73/0xb0 [ 29.326559] print_report+0xd1/0x640 [ 29.326596] ? __virt_addr_valid+0x1db/0x2d0 [ 29.326620] ? kasan_atomics_helper+0x4bbc/0x5450 [ 29.326641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.326688] ? kasan_atomics_helper+0x4bbc/0x5450 [ 29.326710] kasan_report+0x141/0x180 [ 29.326732] ? kasan_atomics_helper+0x4bbc/0x5450 [ 29.326758] __asan_report_load4_noabort+0x18/0x20 [ 29.326783] kasan_atomics_helper+0x4bbc/0x5450 [ 29.326805] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.326826] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.326852] ? kasan_atomics+0x152/0x310 [ 29.326878] kasan_atomics+0x1dc/0x310 [ 29.326964] ? __pfx_kasan_atomics+0x10/0x10 [ 29.326996] ? __pfx_read_tsc+0x10/0x10 [ 29.327018] ? ktime_get_ts64+0x86/0x230 [ 29.327044] kunit_try_run_case+0x1a5/0x480 [ 29.327071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.327094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.327119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.327143] ? __kthread_parkme+0x82/0x180 [ 29.327168] ? preempt_count_sub+0x50/0x80 [ 29.327192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.327218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.327244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.327275] kthread+0x337/0x6f0 [ 29.327296] ? trace_preempt_on+0x20/0xc0 [ 29.327321] ? __pfx_kthread+0x10/0x10 [ 29.327343] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.327366] ? calculate_sigpending+0x7b/0xa0 [ 29.327391] ? __pfx_kthread+0x10/0x10 [ 29.327413] ret_from_fork+0x116/0x1d0 [ 29.327434] ? __pfx_kthread+0x10/0x10 [ 29.327455] ret_from_fork_asm+0x1a/0x30 [ 29.327488] </TASK> [ 29.327500] [ 29.336218] Allocated by task 313: [ 29.336451] kasan_save_stack+0x45/0x70 [ 29.336665] kasan_save_track+0x18/0x40 [ 29.336868] kasan_save_alloc_info+0x3b/0x50 [ 29.337139] __kasan_kmalloc+0xb7/0xc0 [ 29.337352] __kmalloc_cache_noprof+0x189/0x420 [ 29.337537] kasan_atomics+0x95/0x310 [ 29.337672] kunit_try_run_case+0x1a5/0x480 [ 29.337976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.338257] kthread+0x337/0x6f0 [ 29.338424] ret_from_fork+0x116/0x1d0 [ 29.338645] ret_from_fork_asm+0x1a/0x30 [ 29.338945] [ 29.339038] The buggy address belongs to the object at ffff888106038600 [ 29.339038] which belongs to the cache kmalloc-64 of size 64 [ 29.339497] The buggy address is located 0 bytes to the right of [ 29.339497] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.340204] [ 29.340282] The buggy address belongs to the physical page: [ 29.340560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.340928] flags: 0x200000000000000(node=0|zone=2) [ 29.341255] page_type: f5(slab) [ 29.341409] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.341778] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.342081] page dumped because: kasan: bad access detected [ 29.342243] [ 29.342305] Memory state around the buggy address: [ 29.342451] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.342665] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.343335] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.343704] ^ [ 29.344034] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.344386] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.344704] ================================================================== [ 29.935954] ================================================================== [ 29.936310] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 29.936813] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.937536] [ 29.937665] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.937721] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.937737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.937761] Call Trace: [ 29.937782] <TASK> [ 29.937803] dump_stack_lvl+0x73/0xb0 [ 29.937834] print_report+0xd1/0x640 [ 29.937859] ? __virt_addr_valid+0x1db/0x2d0 [ 29.937884] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.937907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.938190] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.938216] kasan_report+0x141/0x180 [ 29.938240] ? kasan_atomics_helper+0xfa9/0x5450 [ 29.938267] kasan_check_range+0x10c/0x1c0 [ 29.938292] __kasan_check_write+0x18/0x20 [ 29.938316] kasan_atomics_helper+0xfa9/0x5450 [ 29.938340] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.938364] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.938390] ? kasan_atomics+0x152/0x310 [ 29.938418] kasan_atomics+0x1dc/0x310 [ 29.938440] ? __pfx_kasan_atomics+0x10/0x10 [ 29.938466] ? __pfx_read_tsc+0x10/0x10 [ 29.938488] ? ktime_get_ts64+0x86/0x230 [ 29.938514] kunit_try_run_case+0x1a5/0x480 [ 29.938542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.938566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.938605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.938632] ? __kthread_parkme+0x82/0x180 [ 29.938654] ? preempt_count_sub+0x50/0x80 [ 29.938679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.938703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.938727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.938751] kthread+0x337/0x6f0 [ 29.938771] ? trace_preempt_on+0x20/0xc0 [ 29.938814] ? __pfx_kthread+0x10/0x10 [ 29.938835] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.938859] ? calculate_sigpending+0x7b/0xa0 [ 29.938884] ? __pfx_kthread+0x10/0x10 [ 29.938906] ret_from_fork+0x116/0x1d0 [ 29.938937] ? __pfx_kthread+0x10/0x10 [ 29.938959] ret_from_fork_asm+0x1a/0x30 [ 29.938991] </TASK> [ 29.939003] [ 29.950487] Allocated by task 313: [ 29.950766] kasan_save_stack+0x45/0x70 [ 29.951144] kasan_save_track+0x18/0x40 [ 29.951481] kasan_save_alloc_info+0x3b/0x50 [ 29.951754] __kasan_kmalloc+0xb7/0xc0 [ 29.952128] __kmalloc_cache_noprof+0x189/0x420 [ 29.952340] kasan_atomics+0x95/0x310 [ 29.952553] kunit_try_run_case+0x1a5/0x480 [ 29.952778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.953243] kthread+0x337/0x6f0 [ 29.953431] ret_from_fork+0x116/0x1d0 [ 29.953630] ret_from_fork_asm+0x1a/0x30 [ 29.953895] [ 29.954157] The buggy address belongs to the object at ffff888106038600 [ 29.954157] which belongs to the cache kmalloc-64 of size 64 [ 29.954847] The buggy address is located 0 bytes to the right of [ 29.954847] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.955570] [ 29.956092] The buggy address belongs to the physical page: [ 29.956377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.956712] flags: 0x200000000000000(node=0|zone=2) [ 29.957179] page_type: f5(slab) [ 29.957509] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.957960] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.958351] page dumped because: kasan: bad access detected [ 29.958636] [ 29.958896] Memory state around the buggy address: [ 29.959090] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.959671] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.959937] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.960441] ^ [ 29.960892] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.961173] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.961474] ================================================================== [ 30.148366] ================================================================== [ 30.148693] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 30.149235] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.149594] [ 30.149705] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.149770] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.149787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.149811] Call Trace: [ 30.149830] <TASK> [ 30.149849] dump_stack_lvl+0x73/0xb0 [ 30.149878] print_report+0xd1/0x640 [ 30.149902] ? __virt_addr_valid+0x1db/0x2d0 [ 30.149928] ? kasan_atomics_helper+0x49ce/0x5450 [ 30.149950] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.149976] ? kasan_atomics_helper+0x49ce/0x5450 [ 30.149998] kasan_report+0x141/0x180 [ 30.150022] ? kasan_atomics_helper+0x49ce/0x5450 [ 30.150048] __asan_report_load4_noabort+0x18/0x20 [ 30.150075] kasan_atomics_helper+0x49ce/0x5450 [ 30.150099] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.150121] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.150148] ? kasan_atomics+0x152/0x310 [ 30.150176] kasan_atomics+0x1dc/0x310 [ 30.150199] ? __pfx_kasan_atomics+0x10/0x10 [ 30.150225] ? __pfx_read_tsc+0x10/0x10 [ 30.150251] ? ktime_get_ts64+0x86/0x230 [ 30.150278] kunit_try_run_case+0x1a5/0x480 [ 30.150304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.150328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.150355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.150475] ? __kthread_parkme+0x82/0x180 [ 30.150500] ? preempt_count_sub+0x50/0x80 [ 30.150524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.150549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.150610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.150636] kthread+0x337/0x6f0 [ 30.150656] ? trace_preempt_on+0x20/0xc0 [ 30.150681] ? __pfx_kthread+0x10/0x10 [ 30.150702] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.150727] ? calculate_sigpending+0x7b/0xa0 [ 30.150752] ? __pfx_kthread+0x10/0x10 [ 30.150840] ret_from_fork+0x116/0x1d0 [ 30.150862] ? __pfx_kthread+0x10/0x10 [ 30.150884] ret_from_fork_asm+0x1a/0x30 [ 30.150918] </TASK> [ 30.150930] [ 30.159622] Allocated by task 313: [ 30.159773] kasan_save_stack+0x45/0x70 [ 30.160321] kasan_save_track+0x18/0x40 [ 30.160548] kasan_save_alloc_info+0x3b/0x50 [ 30.160784] __kasan_kmalloc+0xb7/0xc0 [ 30.161252] __kmalloc_cache_noprof+0x189/0x420 [ 30.161422] kasan_atomics+0x95/0x310 [ 30.161632] kunit_try_run_case+0x1a5/0x480 [ 30.162026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.162299] kthread+0x337/0x6f0 [ 30.162450] ret_from_fork+0x116/0x1d0 [ 30.162583] ret_from_fork_asm+0x1a/0x30 [ 30.162777] [ 30.162964] The buggy address belongs to the object at ffff888106038600 [ 30.162964] which belongs to the cache kmalloc-64 of size 64 [ 30.163662] The buggy address is located 0 bytes to the right of [ 30.163662] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.164013] [ 30.164090] The buggy address belongs to the physical page: [ 30.164333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.164678] flags: 0x200000000000000(node=0|zone=2) [ 30.164902] page_type: f5(slab) [ 30.165067] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.165389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.165648] page dumped because: kasan: bad access detected [ 30.165812] [ 30.165875] Memory state around the buggy address: [ 30.166017] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.166591] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.167244] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.167569] ^ [ 30.167805] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.168536] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.169033] ================================================================== [ 30.406099] ================================================================== [ 30.406988] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 30.407440] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.407778] [ 30.407991] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.408046] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.408062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.408086] Call Trace: [ 30.408108] <TASK> [ 30.408129] dump_stack_lvl+0x73/0xb0 [ 30.408160] print_report+0xd1/0x640 [ 30.408186] ? __virt_addr_valid+0x1db/0x2d0 [ 30.408211] ? kasan_atomics_helper+0x1818/0x5450 [ 30.408234] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.408260] ? kasan_atomics_helper+0x1818/0x5450 [ 30.408283] kasan_report+0x141/0x180 [ 30.408399] ? kasan_atomics_helper+0x1818/0x5450 [ 30.408433] kasan_check_range+0x10c/0x1c0 [ 30.408458] __kasan_check_write+0x18/0x20 [ 30.408483] kasan_atomics_helper+0x1818/0x5450 [ 30.408507] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.408530] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.408557] ? kasan_atomics+0x152/0x310 [ 30.408600] kasan_atomics+0x1dc/0x310 [ 30.408624] ? __pfx_kasan_atomics+0x10/0x10 [ 30.408661] ? __pfx_read_tsc+0x10/0x10 [ 30.408685] ? ktime_get_ts64+0x86/0x230 [ 30.408711] kunit_try_run_case+0x1a5/0x480 [ 30.408737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.408760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.408830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.408859] ? __kthread_parkme+0x82/0x180 [ 30.408882] ? preempt_count_sub+0x50/0x80 [ 30.408932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.408958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.408983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.409008] kthread+0x337/0x6f0 [ 30.409029] ? trace_preempt_on+0x20/0xc0 [ 30.409054] ? __pfx_kthread+0x10/0x10 [ 30.409076] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.409100] ? calculate_sigpending+0x7b/0xa0 [ 30.409124] ? __pfx_kthread+0x10/0x10 [ 30.409147] ret_from_fork+0x116/0x1d0 [ 30.409168] ? __pfx_kthread+0x10/0x10 [ 30.409189] ret_from_fork_asm+0x1a/0x30 [ 30.409231] </TASK> [ 30.409243] [ 30.417406] Allocated by task 313: [ 30.417605] kasan_save_stack+0x45/0x70 [ 30.418011] kasan_save_track+0x18/0x40 [ 30.418188] kasan_save_alloc_info+0x3b/0x50 [ 30.418401] __kasan_kmalloc+0xb7/0xc0 [ 30.418554] __kmalloc_cache_noprof+0x189/0x420 [ 30.418763] kasan_atomics+0x95/0x310 [ 30.418994] kunit_try_run_case+0x1a5/0x480 [ 30.419240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.419516] kthread+0x337/0x6f0 [ 30.419673] ret_from_fork+0x116/0x1d0 [ 30.419915] ret_from_fork_asm+0x1a/0x30 [ 30.420123] [ 30.420216] The buggy address belongs to the object at ffff888106038600 [ 30.420216] which belongs to the cache kmalloc-64 of size 64 [ 30.420676] The buggy address is located 0 bytes to the right of [ 30.420676] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.421332] [ 30.421400] The buggy address belongs to the physical page: [ 30.422038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.422353] flags: 0x200000000000000(node=0|zone=2) [ 30.422552] page_type: f5(slab) [ 30.422737] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.422967] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.423219] page dumped because: kasan: bad access detected [ 30.423665] [ 30.423758] Memory state around the buggy address: [ 30.424209] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.424554] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.424968] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.425179] ^ [ 30.425330] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.425533] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.425875] ================================================================== [ 29.500520] ================================================================== [ 29.500774] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 29.501683] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.502216] [ 29.502328] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.502385] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.502401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.502426] Call Trace: [ 29.502448] <TASK> [ 29.502627] dump_stack_lvl+0x73/0xb0 [ 29.502668] print_report+0xd1/0x640 [ 29.502693] ? __virt_addr_valid+0x1db/0x2d0 [ 29.502719] ? kasan_atomics_helper+0x4b3a/0x5450 [ 29.502741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.502768] ? kasan_atomics_helper+0x4b3a/0x5450 [ 29.502803] kasan_report+0x141/0x180 [ 29.502829] ? kasan_atomics_helper+0x4b3a/0x5450 [ 29.502856] __asan_report_store4_noabort+0x1b/0x30 [ 29.502882] kasan_atomics_helper+0x4b3a/0x5450 [ 29.502905] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.502934] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.502961] ? kasan_atomics+0x152/0x310 [ 29.502988] kasan_atomics+0x1dc/0x310 [ 29.503012] ? __pfx_kasan_atomics+0x10/0x10 [ 29.503037] ? __pfx_read_tsc+0x10/0x10 [ 29.503060] ? ktime_get_ts64+0x86/0x230 [ 29.503086] kunit_try_run_case+0x1a5/0x480 [ 29.503113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.503137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.503164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.503190] ? __kthread_parkme+0x82/0x180 [ 29.503211] ? preempt_count_sub+0x50/0x80 [ 29.503236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.503267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.503292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.503316] kthread+0x337/0x6f0 [ 29.503337] ? trace_preempt_on+0x20/0xc0 [ 29.503361] ? __pfx_kthread+0x10/0x10 [ 29.503382] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.503406] ? calculate_sigpending+0x7b/0xa0 [ 29.503432] ? __pfx_kthread+0x10/0x10 [ 29.503454] ret_from_fork+0x116/0x1d0 [ 29.503474] ? __pfx_kthread+0x10/0x10 [ 29.503496] ret_from_fork_asm+0x1a/0x30 [ 29.503530] </TASK> [ 29.503543] [ 29.514061] Allocated by task 313: [ 29.514204] kasan_save_stack+0x45/0x70 [ 29.514465] kasan_save_track+0x18/0x40 [ 29.515028] kasan_save_alloc_info+0x3b/0x50 [ 29.515213] __kasan_kmalloc+0xb7/0xc0 [ 29.515409] __kmalloc_cache_noprof+0x189/0x420 [ 29.515642] kasan_atomics+0x95/0x310 [ 29.516158] kunit_try_run_case+0x1a5/0x480 [ 29.516351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.516728] kthread+0x337/0x6f0 [ 29.517136] ret_from_fork+0x116/0x1d0 [ 29.517311] ret_from_fork_asm+0x1a/0x30 [ 29.517666] [ 29.517773] The buggy address belongs to the object at ffff888106038600 [ 29.517773] which belongs to the cache kmalloc-64 of size 64 [ 29.518517] The buggy address is located 0 bytes to the right of [ 29.518517] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.519364] [ 29.519471] The buggy address belongs to the physical page: [ 29.519938] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.520401] flags: 0x200000000000000(node=0|zone=2) [ 29.520781] page_type: f5(slab) [ 29.521032] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.521484] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.521983] page dumped because: kasan: bad access detected [ 29.522384] [ 29.522547] Memory state around the buggy address: [ 29.523032] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.523492] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.524217] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.524518] ^ [ 29.524747] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.525283] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.525807] ================================================================== [ 29.827312] ================================================================== [ 29.827763] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 29.828378] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.828804] [ 29.828968] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.829021] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.829038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.829060] Call Trace: [ 29.829081] <TASK> [ 29.829099] dump_stack_lvl+0x73/0xb0 [ 29.829365] print_report+0xd1/0x640 [ 29.829391] ? __virt_addr_valid+0x1db/0x2d0 [ 29.829416] ? kasan_atomics_helper+0xd47/0x5450 [ 29.829437] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.829464] ? kasan_atomics_helper+0xd47/0x5450 [ 29.829486] kasan_report+0x141/0x180 [ 29.829509] ? kasan_atomics_helper+0xd47/0x5450 [ 29.829535] kasan_check_range+0x10c/0x1c0 [ 29.829560] __kasan_check_write+0x18/0x20 [ 29.829597] kasan_atomics_helper+0xd47/0x5450 [ 29.829620] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.829642] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.829668] ? kasan_atomics+0x152/0x310 [ 29.829695] kasan_atomics+0x1dc/0x310 [ 29.829718] ? __pfx_kasan_atomics+0x10/0x10 [ 29.829742] ? __pfx_read_tsc+0x10/0x10 [ 29.829765] ? ktime_get_ts64+0x86/0x230 [ 29.829801] kunit_try_run_case+0x1a5/0x480 [ 29.829827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.829850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.829876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.829902] ? __kthread_parkme+0x82/0x180 [ 29.829941] ? preempt_count_sub+0x50/0x80 [ 29.829964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.829989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.830013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.830037] kthread+0x337/0x6f0 [ 29.830058] ? trace_preempt_on+0x20/0xc0 [ 29.830081] ? __pfx_kthread+0x10/0x10 [ 29.830102] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.830126] ? calculate_sigpending+0x7b/0xa0 [ 29.830150] ? __pfx_kthread+0x10/0x10 [ 29.830172] ret_from_fork+0x116/0x1d0 [ 29.830191] ? __pfx_kthread+0x10/0x10 [ 29.830213] ret_from_fork_asm+0x1a/0x30 [ 29.830246] </TASK> [ 29.830258] [ 29.842562] Allocated by task 313: [ 29.842973] kasan_save_stack+0x45/0x70 [ 29.843176] kasan_save_track+0x18/0x40 [ 29.843475] kasan_save_alloc_info+0x3b/0x50 [ 29.843699] __kasan_kmalloc+0xb7/0xc0 [ 29.844163] __kmalloc_cache_noprof+0x189/0x420 [ 29.844382] kasan_atomics+0x95/0x310 [ 29.844523] kunit_try_run_case+0x1a5/0x480 [ 29.844944] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.845319] kthread+0x337/0x6f0 [ 29.845672] ret_from_fork+0x116/0x1d0 [ 29.845993] ret_from_fork_asm+0x1a/0x30 [ 29.846338] [ 29.846431] The buggy address belongs to the object at ffff888106038600 [ 29.846431] which belongs to the cache kmalloc-64 of size 64 [ 29.847055] The buggy address is located 0 bytes to the right of [ 29.847055] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.847748] [ 29.847926] The buggy address belongs to the physical page: [ 29.848350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.848684] flags: 0x200000000000000(node=0|zone=2) [ 29.849233] page_type: f5(slab) [ 29.849538] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.849944] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.850517] page dumped because: kasan: bad access detected [ 29.851016] [ 29.851147] Memory state around the buggy address: [ 29.851651] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.852206] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.852470] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.853043] ^ [ 29.853312] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.853951] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.854413] ================================================================== [ 29.614310] ================================================================== [ 29.614637] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 29.615560] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.615824] [ 29.615912] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.615966] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.615982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.616007] Call Trace: [ 29.616028] <TASK> [ 29.616048] dump_stack_lvl+0x73/0xb0 [ 29.616080] print_report+0xd1/0x640 [ 29.616106] ? __virt_addr_valid+0x1db/0x2d0 [ 29.616132] ? kasan_atomics_helper+0x7c7/0x5450 [ 29.616155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.616182] ? kasan_atomics_helper+0x7c7/0x5450 [ 29.616204] kasan_report+0x141/0x180 [ 29.616227] ? kasan_atomics_helper+0x7c7/0x5450 [ 29.616254] kasan_check_range+0x10c/0x1c0 [ 29.616277] __kasan_check_write+0x18/0x20 [ 29.616302] kasan_atomics_helper+0x7c7/0x5450 [ 29.616325] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.616348] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.616375] ? kasan_atomics+0x152/0x310 [ 29.616400] kasan_atomics+0x1dc/0x310 [ 29.616425] ? __pfx_kasan_atomics+0x10/0x10 [ 29.616449] ? __pfx_read_tsc+0x10/0x10 [ 29.616472] ? ktime_get_ts64+0x86/0x230 [ 29.616498] kunit_try_run_case+0x1a5/0x480 [ 29.616526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.616550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.616587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.616613] ? __kthread_parkme+0x82/0x180 [ 29.616634] ? preempt_count_sub+0x50/0x80 [ 29.616658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.616683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.616707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.616733] kthread+0x337/0x6f0 [ 29.616753] ? trace_preempt_on+0x20/0xc0 [ 29.616778] ? __pfx_kthread+0x10/0x10 [ 29.616800] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.617040] ? calculate_sigpending+0x7b/0xa0 [ 29.617072] ? __pfx_kthread+0x10/0x10 [ 29.617096] ret_from_fork+0x116/0x1d0 [ 29.617118] ? __pfx_kthread+0x10/0x10 [ 29.617141] ret_from_fork_asm+0x1a/0x30 [ 29.617175] </TASK> [ 29.617187] [ 29.625542] Allocated by task 313: [ 29.625690] kasan_save_stack+0x45/0x70 [ 29.625968] kasan_save_track+0x18/0x40 [ 29.626128] kasan_save_alloc_info+0x3b/0x50 [ 29.626270] __kasan_kmalloc+0xb7/0xc0 [ 29.626393] __kmalloc_cache_noprof+0x189/0x420 [ 29.626538] kasan_atomics+0x95/0x310 [ 29.627068] kunit_try_run_case+0x1a5/0x480 [ 29.627349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.627650] kthread+0x337/0x6f0 [ 29.627783] ret_from_fork+0x116/0x1d0 [ 29.628130] ret_from_fork_asm+0x1a/0x30 [ 29.628394] [ 29.628471] The buggy address belongs to the object at ffff888106038600 [ 29.628471] which belongs to the cache kmalloc-64 of size 64 [ 29.629070] The buggy address is located 0 bytes to the right of [ 29.629070] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.629619] [ 29.630103] The buggy address belongs to the physical page: [ 29.630379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.630728] flags: 0x200000000000000(node=0|zone=2) [ 29.631603] page_type: f5(slab) [ 29.631773] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.632442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.632759] page dumped because: kasan: bad access detected [ 29.633138] [ 29.633237] Memory state around the buggy address: [ 29.633464] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.633772] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.634233] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.634511] ^ [ 29.634748] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635279] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635615] ================================================================== [ 29.657015] ================================================================== [ 29.657362] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 29.657743] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.658227] [ 29.658330] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.658424] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.658441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.658464] Call Trace: [ 29.658483] <TASK> [ 29.658501] dump_stack_lvl+0x73/0xb0 [ 29.658563] print_report+0xd1/0x640 [ 29.658601] ? __virt_addr_valid+0x1db/0x2d0 [ 29.658625] ? kasan_atomics_helper+0x8f9/0x5450 [ 29.658647] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.658706] ? kasan_atomics_helper+0x8f9/0x5450 [ 29.658731] kasan_report+0x141/0x180 [ 29.658755] ? kasan_atomics_helper+0x8f9/0x5450 [ 29.658781] kasan_check_range+0x10c/0x1c0 [ 29.658903] __kasan_check_write+0x18/0x20 [ 29.658937] kasan_atomics_helper+0x8f9/0x5450 [ 29.658961] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.658984] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.659010] ? kasan_atomics+0x152/0x310 [ 29.659037] kasan_atomics+0x1dc/0x310 [ 29.659061] ? __pfx_kasan_atomics+0x10/0x10 [ 29.659085] ? __pfx_read_tsc+0x10/0x10 [ 29.659108] ? ktime_get_ts64+0x86/0x230 [ 29.659133] kunit_try_run_case+0x1a5/0x480 [ 29.659190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.659214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.659240] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.659273] ? __kthread_parkme+0x82/0x180 [ 29.659293] ? preempt_count_sub+0x50/0x80 [ 29.659344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.659369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.659418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.659466] kthread+0x337/0x6f0 [ 29.659486] ? trace_preempt_on+0x20/0xc0 [ 29.659534] ? __pfx_kthread+0x10/0x10 [ 29.659557] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.659619] ? calculate_sigpending+0x7b/0xa0 [ 29.659643] ? __pfx_kthread+0x10/0x10 [ 29.659666] ret_from_fork+0x116/0x1d0 [ 29.659686] ? __pfx_kthread+0x10/0x10 [ 29.659707] ret_from_fork_asm+0x1a/0x30 [ 29.659740] </TASK> [ 29.659751] [ 29.668945] Allocated by task 313: [ 29.669167] kasan_save_stack+0x45/0x70 [ 29.669383] kasan_save_track+0x18/0x40 [ 29.669586] kasan_save_alloc_info+0x3b/0x50 [ 29.669898] __kasan_kmalloc+0xb7/0xc0 [ 29.670119] __kmalloc_cache_noprof+0x189/0x420 [ 29.670335] kasan_atomics+0x95/0x310 [ 29.670521] kunit_try_run_case+0x1a5/0x480 [ 29.670685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.670850] kthread+0x337/0x6f0 [ 29.671101] ret_from_fork+0x116/0x1d0 [ 29.671426] ret_from_fork_asm+0x1a/0x30 [ 29.671759] [ 29.671924] The buggy address belongs to the object at ffff888106038600 [ 29.671924] which belongs to the cache kmalloc-64 of size 64 [ 29.672706] The buggy address is located 0 bytes to the right of [ 29.672706] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.673431] [ 29.673566] The buggy address belongs to the physical page: [ 29.673865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.674462] flags: 0x200000000000000(node=0|zone=2) [ 29.674758] page_type: f5(slab) [ 29.674898] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.675424] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.675786] page dumped because: kasan: bad access detected [ 29.675988] [ 29.676292] Memory state around the buggy address: [ 29.676508] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.676772] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.677126] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.677324] ^ [ 29.677469] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.678051] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.678408] ================================================================== [ 30.015108] ================================================================== [ 30.015782] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 30.016466] Read of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.016885] [ 30.017021] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.017087] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.017202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.017232] Call Trace: [ 30.017255] <TASK> [ 30.017277] dump_stack_lvl+0x73/0xb0 [ 30.017310] print_report+0xd1/0x640 [ 30.017334] ? __virt_addr_valid+0x1db/0x2d0 [ 30.017369] ? kasan_atomics_helper+0x4a1c/0x5450 [ 30.017392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.017419] ? kasan_atomics_helper+0x4a1c/0x5450 [ 30.017441] kasan_report+0x141/0x180 [ 30.017464] ? kasan_atomics_helper+0x4a1c/0x5450 [ 30.017491] __asan_report_load4_noabort+0x18/0x20 [ 30.017517] kasan_atomics_helper+0x4a1c/0x5450 [ 30.017540] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.017563] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.017599] ? kasan_atomics+0x152/0x310 [ 30.017626] kasan_atomics+0x1dc/0x310 [ 30.017650] ? __pfx_kasan_atomics+0x10/0x10 [ 30.017675] ? __pfx_read_tsc+0x10/0x10 [ 30.017698] ? ktime_get_ts64+0x86/0x230 [ 30.017725] kunit_try_run_case+0x1a5/0x480 [ 30.017753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.017776] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.017843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.017869] ? __kthread_parkme+0x82/0x180 [ 30.017891] ? preempt_count_sub+0x50/0x80 [ 30.017915] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.017940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.017965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.017990] kthread+0x337/0x6f0 [ 30.018012] ? trace_preempt_on+0x20/0xc0 [ 30.018038] ? __pfx_kthread+0x10/0x10 [ 30.018058] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.018083] ? calculate_sigpending+0x7b/0xa0 [ 30.018108] ? __pfx_kthread+0x10/0x10 [ 30.018130] ret_from_fork+0x116/0x1d0 [ 30.018150] ? __pfx_kthread+0x10/0x10 [ 30.018171] ret_from_fork_asm+0x1a/0x30 [ 30.018205] </TASK> [ 30.018218] [ 30.030365] Allocated by task 313: [ 30.030606] kasan_save_stack+0x45/0x70 [ 30.031046] kasan_save_track+0x18/0x40 [ 30.031271] kasan_save_alloc_info+0x3b/0x50 [ 30.031469] __kasan_kmalloc+0xb7/0xc0 [ 30.031652] __kmalloc_cache_noprof+0x189/0x420 [ 30.032081] kasan_atomics+0x95/0x310 [ 30.032384] kunit_try_run_case+0x1a5/0x480 [ 30.032792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.033241] kthread+0x337/0x6f0 [ 30.033430] ret_from_fork+0x116/0x1d0 [ 30.033618] ret_from_fork_asm+0x1a/0x30 [ 30.034020] [ 30.034116] The buggy address belongs to the object at ffff888106038600 [ 30.034116] which belongs to the cache kmalloc-64 of size 64 [ 30.034999] The buggy address is located 0 bytes to the right of [ 30.034999] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.035662] [ 30.035760] The buggy address belongs to the physical page: [ 30.036230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.036737] flags: 0x200000000000000(node=0|zone=2) [ 30.036963] page_type: f5(slab) [ 30.037225] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.037538] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.037801] page dumped because: kasan: bad access detected [ 30.038114] [ 30.038235] Memory state around the buggy address: [ 30.038426] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.038769] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.039040] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.039246] ^ [ 30.039483] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.039758] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.040226] ================================================================== [ 30.577184] ================================================================== [ 30.577535] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 30.577902] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.578124] [ 30.578208] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.578261] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.578276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.578300] Call Trace: [ 30.578321] <TASK> [ 30.578342] dump_stack_lvl+0x73/0xb0 [ 30.578370] print_report+0xd1/0x640 [ 30.578393] ? __virt_addr_valid+0x1db/0x2d0 [ 30.578418] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.578440] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.578466] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.578491] kasan_report+0x141/0x180 [ 30.578515] ? kasan_atomics_helper+0x1c18/0x5450 [ 30.578543] kasan_check_range+0x10c/0x1c0 [ 30.578567] __kasan_check_write+0x18/0x20 [ 30.578602] kasan_atomics_helper+0x1c18/0x5450 [ 30.578625] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.578694] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.578741] ? kasan_atomics+0x152/0x310 [ 30.578776] kasan_atomics+0x1dc/0x310 [ 30.578801] ? __pfx_kasan_atomics+0x10/0x10 [ 30.578825] ? __pfx_read_tsc+0x10/0x10 [ 30.578850] ? ktime_get_ts64+0x86/0x230 [ 30.578876] kunit_try_run_case+0x1a5/0x480 [ 30.578901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.578925] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.578951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.578977] ? __kthread_parkme+0x82/0x180 [ 30.578998] ? preempt_count_sub+0x50/0x80 [ 30.579023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.579048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.579073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.579097] kthread+0x337/0x6f0 [ 30.579118] ? trace_preempt_on+0x20/0xc0 [ 30.579143] ? __pfx_kthread+0x10/0x10 [ 30.579164] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.579188] ? calculate_sigpending+0x7b/0xa0 [ 30.579213] ? __pfx_kthread+0x10/0x10 [ 30.579235] ret_from_fork+0x116/0x1d0 [ 30.579263] ? __pfx_kthread+0x10/0x10 [ 30.579285] ret_from_fork_asm+0x1a/0x30 [ 30.579318] </TASK> [ 30.579331] [ 30.594561] Allocated by task 313: [ 30.594734] kasan_save_stack+0x45/0x70 [ 30.595091] kasan_save_track+0x18/0x40 [ 30.595282] kasan_save_alloc_info+0x3b/0x50 [ 30.595493] __kasan_kmalloc+0xb7/0xc0 [ 30.595690] __kmalloc_cache_noprof+0x189/0x420 [ 30.595868] kasan_atomics+0x95/0x310 [ 30.595997] kunit_try_run_case+0x1a5/0x480 [ 30.596197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.596686] kthread+0x337/0x6f0 [ 30.596864] ret_from_fork+0x116/0x1d0 [ 30.597601] ret_from_fork_asm+0x1a/0x30 [ 30.598099] [ 30.598280] The buggy address belongs to the object at ffff888106038600 [ 30.598280] which belongs to the cache kmalloc-64 of size 64 [ 30.599311] The buggy address is located 0 bytes to the right of [ 30.599311] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.600392] [ 30.600563] The buggy address belongs to the physical page: [ 30.601067] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.601321] flags: 0x200000000000000(node=0|zone=2) [ 30.601906] page_type: f5(slab) [ 30.602325] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.603098] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.603727] page dumped because: kasan: bad access detected [ 30.604277] [ 30.604423] Memory state around the buggy address: [ 30.604586] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.604961] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.605613] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.606307] ^ [ 30.606853] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.607479] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.607701] ================================================================== [ 30.801755] ================================================================== [ 30.802378] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 30.802711] Write of size 8 at addr ffff888106038630 by task kunit_try_catch/313 [ 30.803205] [ 30.803402] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 30.803743] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 30.803761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.803796] Call Trace: [ 30.803815] <TASK> [ 30.803834] dump_stack_lvl+0x73/0xb0 [ 30.803865] print_report+0xd1/0x640 [ 30.803955] ? __virt_addr_valid+0x1db/0x2d0 [ 30.804055] ? kasan_atomics_helper+0x2006/0x5450 [ 30.804092] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.804119] ? kasan_atomics_helper+0x2006/0x5450 [ 30.804142] kasan_report+0x141/0x180 [ 30.804166] ? kasan_atomics_helper+0x2006/0x5450 [ 30.804193] kasan_check_range+0x10c/0x1c0 [ 30.804218] __kasan_check_write+0x18/0x20 [ 30.804242] kasan_atomics_helper+0x2006/0x5450 [ 30.804266] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 30.804288] ? __kmalloc_cache_noprof+0x189/0x420 [ 30.804313] ? kasan_atomics+0x152/0x310 [ 30.804340] kasan_atomics+0x1dc/0x310 [ 30.804362] ? __pfx_kasan_atomics+0x10/0x10 [ 30.804387] ? __pfx_read_tsc+0x10/0x10 [ 30.804410] ? ktime_get_ts64+0x86/0x230 [ 30.804436] kunit_try_run_case+0x1a5/0x480 [ 30.804461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.804484] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.804510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.804536] ? __kthread_parkme+0x82/0x180 [ 30.804557] ? preempt_count_sub+0x50/0x80 [ 30.804590] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.804615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.804639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.804665] kthread+0x337/0x6f0 [ 30.804685] ? trace_preempt_on+0x20/0xc0 [ 30.804709] ? __pfx_kthread+0x10/0x10 [ 30.804731] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.804755] ? calculate_sigpending+0x7b/0xa0 [ 30.804779] ? __pfx_kthread+0x10/0x10 [ 30.804801] ret_from_fork+0x116/0x1d0 [ 30.804822] ? __pfx_kthread+0x10/0x10 [ 30.804843] ret_from_fork_asm+0x1a/0x30 [ 30.804875] </TASK> [ 30.804886] [ 30.815421] Allocated by task 313: [ 30.815636] kasan_save_stack+0x45/0x70 [ 30.815839] kasan_save_track+0x18/0x40 [ 30.816334] kasan_save_alloc_info+0x3b/0x50 [ 30.816558] __kasan_kmalloc+0xb7/0xc0 [ 30.816713] __kmalloc_cache_noprof+0x189/0x420 [ 30.817199] kasan_atomics+0x95/0x310 [ 30.817346] kunit_try_run_case+0x1a5/0x480 [ 30.817753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.818103] kthread+0x337/0x6f0 [ 30.818280] ret_from_fork+0x116/0x1d0 [ 30.818585] ret_from_fork_asm+0x1a/0x30 [ 30.818777] [ 30.818872] The buggy address belongs to the object at ffff888106038600 [ 30.818872] which belongs to the cache kmalloc-64 of size 64 [ 30.819881] The buggy address is located 0 bytes to the right of [ 30.819881] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 30.820715] [ 30.820800] The buggy address belongs to the physical page: [ 30.821228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 30.821696] flags: 0x200000000000000(node=0|zone=2) [ 30.821932] page_type: f5(slab) [ 30.822313] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 30.822752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 30.823326] page dumped because: kasan: bad access detected [ 30.823590] [ 30.823662] Memory state around the buggy address: [ 30.823891] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.824450] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 30.824760] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.825223] ^ [ 30.825448] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.825896] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.826287] ================================================================== [ 29.636276] ================================================================== [ 29.636602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 29.636936] Write of size 4 at addr ffff888106038630 by task kunit_try_catch/313 [ 29.637409] [ 29.637513] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.637611] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.637628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.637650] Call Trace: [ 29.637669] <TASK> [ 29.637686] dump_stack_lvl+0x73/0xb0 [ 29.637715] print_report+0xd1/0x640 [ 29.637772] ? __virt_addr_valid+0x1db/0x2d0 [ 29.637798] ? kasan_atomics_helper+0x860/0x5450 [ 29.637822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.638042] ? kasan_atomics_helper+0x860/0x5450 [ 29.638068] kasan_report+0x141/0x180 [ 29.638092] ? kasan_atomics_helper+0x860/0x5450 [ 29.638120] kasan_check_range+0x10c/0x1c0 [ 29.638176] __kasan_check_write+0x18/0x20 [ 29.638199] kasan_atomics_helper+0x860/0x5450 [ 29.638223] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.638246] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.638271] ? kasan_atomics+0x152/0x310 [ 29.638329] kasan_atomics+0x1dc/0x310 [ 29.638353] ? __pfx_kasan_atomics+0x10/0x10 [ 29.638377] ? __pfx_read_tsc+0x10/0x10 [ 29.638400] ? ktime_get_ts64+0x86/0x230 [ 29.638425] kunit_try_run_case+0x1a5/0x480 [ 29.638478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.638503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.638529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.638557] ? __kthread_parkme+0x82/0x180 [ 29.638591] ? preempt_count_sub+0x50/0x80 [ 29.638615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.638641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.638665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.638720] kthread+0x337/0x6f0 [ 29.638766] ? trace_preempt_on+0x20/0xc0 [ 29.638806] ? __pfx_kthread+0x10/0x10 [ 29.638828] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.638853] ? calculate_sigpending+0x7b/0xa0 [ 29.638877] ? __pfx_kthread+0x10/0x10 [ 29.638899] ret_from_fork+0x116/0x1d0 [ 29.638920] ? __pfx_kthread+0x10/0x10 [ 29.638993] ret_from_fork_asm+0x1a/0x30 [ 29.639027] </TASK> [ 29.639039] [ 29.647518] Allocated by task 313: [ 29.647717] kasan_save_stack+0x45/0x70 [ 29.648145] kasan_save_track+0x18/0x40 [ 29.648314] kasan_save_alloc_info+0x3b/0x50 [ 29.648596] __kasan_kmalloc+0xb7/0xc0 [ 29.648830] __kmalloc_cache_noprof+0x189/0x420 [ 29.649288] kasan_atomics+0x95/0x310 [ 29.649638] kunit_try_run_case+0x1a5/0x480 [ 29.649827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.650131] kthread+0x337/0x6f0 [ 29.650254] ret_from_fork+0x116/0x1d0 [ 29.650381] ret_from_fork_asm+0x1a/0x30 [ 29.650552] [ 29.650653] The buggy address belongs to the object at ffff888106038600 [ 29.650653] which belongs to the cache kmalloc-64 of size 64 [ 29.651365] The buggy address is located 0 bytes to the right of [ 29.651365] allocated 48-byte region [ffff888106038600, ffff888106038630) [ 29.652164] [ 29.652303] The buggy address belongs to the physical page: [ 29.652559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038 [ 29.653040] flags: 0x200000000000000(node=0|zone=2) [ 29.653204] page_type: f5(slab) [ 29.653321] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.653569] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.653913] page dumped because: kasan: bad access detected [ 29.654157] [ 29.654246] Memory state around the buggy address: [ 29.654448] ffff888106038500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.654795] ffff888106038580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.655007] >ffff888106038600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.655207] ^ [ 29.655360] ffff888106038680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.656046] ffff888106038700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.656448] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 29.134499] ================================================================== [ 29.134749] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.136204] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.137226] [ 29.137585] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.137756] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.137773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.137797] Call Trace: [ 29.137817] <TASK> [ 29.137835] dump_stack_lvl+0x73/0xb0 [ 29.137867] print_report+0xd1/0x640 [ 29.137890] ? __virt_addr_valid+0x1db/0x2d0 [ 29.137915] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.137941] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.137967] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.137994] kasan_report+0x141/0x180 [ 29.138016] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.138047] kasan_check_range+0x10c/0x1c0 [ 29.138072] __kasan_check_write+0x18/0x20 [ 29.138095] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 29.138122] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.138149] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.138173] ? trace_hardirqs_on+0x37/0xe0 [ 29.138196] ? kasan_bitops_generic+0x92/0x1c0 [ 29.138223] kasan_bitops_generic+0x121/0x1c0 [ 29.138246] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.138271] ? __pfx_read_tsc+0x10/0x10 [ 29.138292] ? ktime_get_ts64+0x86/0x230 [ 29.138317] kunit_try_run_case+0x1a5/0x480 [ 29.138342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.138365] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.138390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.138416] ? __kthread_parkme+0x82/0x180 [ 29.138436] ? preempt_count_sub+0x50/0x80 [ 29.138459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.138482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.138506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.138529] kthread+0x337/0x6f0 [ 29.138549] ? trace_preempt_on+0x20/0xc0 [ 29.138571] ? __pfx_kthread+0x10/0x10 [ 29.138610] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.138633] ? calculate_sigpending+0x7b/0xa0 [ 29.138657] ? __pfx_kthread+0x10/0x10 [ 29.138680] ret_from_fork+0x116/0x1d0 [ 29.138699] ? __pfx_kthread+0x10/0x10 [ 29.138719] ret_from_fork_asm+0x1a/0x30 [ 29.138751] </TASK> [ 29.138761] [ 29.151791] Allocated by task 309: [ 29.152014] kasan_save_stack+0x45/0x70 [ 29.152164] kasan_save_track+0x18/0x40 [ 29.152598] kasan_save_alloc_info+0x3b/0x50 [ 29.152832] __kasan_kmalloc+0xb7/0xc0 [ 29.152961] __kmalloc_cache_noprof+0x189/0x420 [ 29.153240] kasan_bitops_generic+0x92/0x1c0 [ 29.153511] kunit_try_run_case+0x1a5/0x480 [ 29.153737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.154042] kthread+0x337/0x6f0 [ 29.154162] ret_from_fork+0x116/0x1d0 [ 29.154288] ret_from_fork_asm+0x1a/0x30 [ 29.154461] [ 29.154551] The buggy address belongs to the object at ffff888104625b80 [ 29.154551] which belongs to the cache kmalloc-16 of size 16 [ 29.155024] The buggy address is located 8 bytes inside of [ 29.155024] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.155824] [ 29.156055] The buggy address belongs to the physical page: [ 29.156477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.156792] flags: 0x200000000000000(node=0|zone=2) [ 29.156953] page_type: f5(slab) [ 29.157108] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.157434] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.157892] page dumped because: kasan: bad access detected [ 29.158116] [ 29.158179] Memory state around the buggy address: [ 29.158377] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.158721] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.159093] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.159400] ^ [ 29.159568] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.160031] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.160434] ================================================================== [ 29.271123] ================================================================== [ 29.271502] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 29.271955] Read of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.272316] [ 29.272423] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.272472] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.272486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.272508] Call Trace: [ 29.272525] <TASK> [ 29.272542] dump_stack_lvl+0x73/0xb0 [ 29.272568] print_report+0xd1/0x640 [ 29.272603] ? __virt_addr_valid+0x1db/0x2d0 [ 29.272627] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 29.272653] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.272679] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 29.272706] kasan_report+0x141/0x180 [ 29.272728] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 29.272760] kasan_check_range+0x10c/0x1c0 [ 29.272789] __kasan_check_read+0x15/0x20 [ 29.272812] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 29.272839] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.272867] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.272892] ? trace_hardirqs_on+0x37/0xe0 [ 29.272915] ? kasan_bitops_generic+0x92/0x1c0 [ 29.272942] kasan_bitops_generic+0x121/0x1c0 [ 29.272966] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.272991] ? __pfx_read_tsc+0x10/0x10 [ 29.273013] ? ktime_get_ts64+0x86/0x230 [ 29.273037] kunit_try_run_case+0x1a5/0x480 [ 29.273061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.273084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.273109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.273134] ? __kthread_parkme+0x82/0x180 [ 29.273154] ? preempt_count_sub+0x50/0x80 [ 29.273177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.273201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.273224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.273248] kthread+0x337/0x6f0 [ 29.273266] ? trace_preempt_on+0x20/0xc0 [ 29.273287] ? __pfx_kthread+0x10/0x10 [ 29.273308] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.273330] ? calculate_sigpending+0x7b/0xa0 [ 29.273353] ? __pfx_kthread+0x10/0x10 [ 29.273374] ret_from_fork+0x116/0x1d0 [ 29.273392] ? __pfx_kthread+0x10/0x10 [ 29.273412] ret_from_fork_asm+0x1a/0x30 [ 29.273443] </TASK> [ 29.273453] [ 29.282900] Allocated by task 309: [ 29.283072] kasan_save_stack+0x45/0x70 [ 29.283448] kasan_save_track+0x18/0x40 [ 29.283645] kasan_save_alloc_info+0x3b/0x50 [ 29.283930] __kasan_kmalloc+0xb7/0xc0 [ 29.284236] __kmalloc_cache_noprof+0x189/0x420 [ 29.284384] kasan_bitops_generic+0x92/0x1c0 [ 29.284525] kunit_try_run_case+0x1a5/0x480 [ 29.284682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.284903] kthread+0x337/0x6f0 [ 29.285216] ret_from_fork+0x116/0x1d0 [ 29.285591] ret_from_fork_asm+0x1a/0x30 [ 29.285893] [ 29.286053] The buggy address belongs to the object at ffff888104625b80 [ 29.286053] which belongs to the cache kmalloc-16 of size 16 [ 29.286719] The buggy address is located 8 bytes inside of [ 29.286719] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.287548] [ 29.287625] The buggy address belongs to the physical page: [ 29.287884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.288308] flags: 0x200000000000000(node=0|zone=2) [ 29.288556] page_type: f5(slab) [ 29.288823] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.289235] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.289599] page dumped because: kasan: bad access detected [ 29.289851] [ 29.289942] Memory state around the buggy address: [ 29.290174] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.290414] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.290763] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291114] ^ [ 29.291284] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291617] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.291994] ================================================================== [ 29.102692] ================================================================== [ 29.103550] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.104081] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.104458] [ 29.104545] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.104644] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.104660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.104681] Call Trace: [ 29.104699] <TASK> [ 29.104717] dump_stack_lvl+0x73/0xb0 [ 29.104744] print_report+0xd1/0x640 [ 29.104798] ? __virt_addr_valid+0x1db/0x2d0 [ 29.104823] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.104849] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.104879] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.104906] kasan_report+0x141/0x180 [ 29.105017] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.105053] kasan_check_range+0x10c/0x1c0 [ 29.105076] __kasan_check_write+0x18/0x20 [ 29.105109] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 29.105136] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.105197] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.105222] ? trace_hardirqs_on+0x37/0xe0 [ 29.105245] ? kasan_bitops_generic+0x92/0x1c0 [ 29.105272] kasan_bitops_generic+0x121/0x1c0 [ 29.105295] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.105351] ? __pfx_read_tsc+0x10/0x10 [ 29.105373] ? ktime_get_ts64+0x86/0x230 [ 29.105398] kunit_try_run_case+0x1a5/0x480 [ 29.105423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.105446] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.105500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.105525] ? __kthread_parkme+0x82/0x180 [ 29.105545] ? preempt_count_sub+0x50/0x80 [ 29.105567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.105603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.105625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.105677] kthread+0x337/0x6f0 [ 29.105698] ? trace_preempt_on+0x20/0xc0 [ 29.105719] ? __pfx_kthread+0x10/0x10 [ 29.105739] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.105761] ? calculate_sigpending+0x7b/0xa0 [ 29.105795] ? __pfx_kthread+0x10/0x10 [ 29.105816] ret_from_fork+0x116/0x1d0 [ 29.105835] ? __pfx_kthread+0x10/0x10 [ 29.106003] ret_from_fork_asm+0x1a/0x30 [ 29.106089] </TASK> [ 29.106101] [ 29.119605] Allocated by task 309: [ 29.119740] kasan_save_stack+0x45/0x70 [ 29.119973] kasan_save_track+0x18/0x40 [ 29.120350] kasan_save_alloc_info+0x3b/0x50 [ 29.120870] __kasan_kmalloc+0xb7/0xc0 [ 29.121312] __kmalloc_cache_noprof+0x189/0x420 [ 29.121733] kasan_bitops_generic+0x92/0x1c0 [ 29.122343] kunit_try_run_case+0x1a5/0x480 [ 29.122760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.123225] kthread+0x337/0x6f0 [ 29.123539] ret_from_fork+0x116/0x1d0 [ 29.123791] ret_from_fork_asm+0x1a/0x30 [ 29.124357] [ 29.124429] The buggy address belongs to the object at ffff888104625b80 [ 29.124429] which belongs to the cache kmalloc-16 of size 16 [ 29.124831] The buggy address is located 8 bytes inside of [ 29.124831] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.126176] [ 29.126343] The buggy address belongs to the physical page: [ 29.126868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.127698] flags: 0x200000000000000(node=0|zone=2) [ 29.128176] page_type: f5(slab) [ 29.128295] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.128520] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.128746] page dumped because: kasan: bad access detected [ 29.128911] [ 29.129111] Memory state around the buggy address: [ 29.129678] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.130485] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.131191] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.131960] ^ [ 29.132298] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.132946] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.133615] ================================================================== [ 29.204558] ================================================================== [ 29.205105] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.205490] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.205839] [ 29.206124] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.206219] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.206234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.206256] Call Trace: [ 29.206274] <TASK> [ 29.206291] dump_stack_lvl+0x73/0xb0 [ 29.206346] print_report+0xd1/0x640 [ 29.206369] ? __virt_addr_valid+0x1db/0x2d0 [ 29.206393] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.206420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.206445] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.206472] kasan_report+0x141/0x180 [ 29.206495] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.206526] kasan_check_range+0x10c/0x1c0 [ 29.206550] __kasan_check_write+0x18/0x20 [ 29.206584] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 29.206612] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.206641] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.206665] ? trace_hardirqs_on+0x37/0xe0 [ 29.206688] ? kasan_bitops_generic+0x92/0x1c0 [ 29.206714] kasan_bitops_generic+0x121/0x1c0 [ 29.206738] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.206763] ? __pfx_read_tsc+0x10/0x10 [ 29.206862] ? ktime_get_ts64+0x86/0x230 [ 29.206893] kunit_try_run_case+0x1a5/0x480 [ 29.206919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.206942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.206968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.206992] ? __kthread_parkme+0x82/0x180 [ 29.207014] ? preempt_count_sub+0x50/0x80 [ 29.207037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.207062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.207086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.207109] kthread+0x337/0x6f0 [ 29.207128] ? trace_preempt_on+0x20/0xc0 [ 29.207151] ? __pfx_kthread+0x10/0x10 [ 29.207171] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.207194] ? calculate_sigpending+0x7b/0xa0 [ 29.207263] ? __pfx_kthread+0x10/0x10 [ 29.207309] ret_from_fork+0x116/0x1d0 [ 29.207329] ? __pfx_kthread+0x10/0x10 [ 29.207350] ret_from_fork_asm+0x1a/0x30 [ 29.207381] </TASK> [ 29.207392] [ 29.216846] Allocated by task 309: [ 29.217026] kasan_save_stack+0x45/0x70 [ 29.217266] kasan_save_track+0x18/0x40 [ 29.217568] kasan_save_alloc_info+0x3b/0x50 [ 29.217921] __kasan_kmalloc+0xb7/0xc0 [ 29.218125] __kmalloc_cache_noprof+0x189/0x420 [ 29.218371] kasan_bitops_generic+0x92/0x1c0 [ 29.218583] kunit_try_run_case+0x1a5/0x480 [ 29.218814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.219150] kthread+0x337/0x6f0 [ 29.219362] ret_from_fork+0x116/0x1d0 [ 29.219524] ret_from_fork_asm+0x1a/0x30 [ 29.219750] [ 29.220058] The buggy address belongs to the object at ffff888104625b80 [ 29.220058] which belongs to the cache kmalloc-16 of size 16 [ 29.220637] The buggy address is located 8 bytes inside of [ 29.220637] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.221289] [ 29.221367] The buggy address belongs to the physical page: [ 29.221539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.222116] flags: 0x200000000000000(node=0|zone=2) [ 29.222471] page_type: f5(slab) [ 29.222692] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.223111] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.223546] page dumped because: kasan: bad access detected [ 29.223768] [ 29.223831] Memory state around the buggy address: [ 29.223979] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.224528] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.225227] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.225489] ^ [ 29.225665] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.225880] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.226674] ================================================================== [ 29.160980] ================================================================== [ 29.161282] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.161672] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.162193] [ 29.162373] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.162430] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.162444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.162468] Call Trace: [ 29.162488] <TASK> [ 29.162507] dump_stack_lvl+0x73/0xb0 [ 29.162537] print_report+0xd1/0x640 [ 29.162560] ? __virt_addr_valid+0x1db/0x2d0 [ 29.162597] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.162624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.162650] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.162677] kasan_report+0x141/0x180 [ 29.162721] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.162753] kasan_check_range+0x10c/0x1c0 [ 29.162776] __kasan_check_write+0x18/0x20 [ 29.162799] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 29.162825] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.162853] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.162877] ? trace_hardirqs_on+0x37/0xe0 [ 29.162900] ? kasan_bitops_generic+0x92/0x1c0 [ 29.162926] kasan_bitops_generic+0x121/0x1c0 [ 29.162949] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.163050] ? __pfx_read_tsc+0x10/0x10 [ 29.163077] ? ktime_get_ts64+0x86/0x230 [ 29.163102] kunit_try_run_case+0x1a5/0x480 [ 29.163129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.163152] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.163178] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.163203] ? __kthread_parkme+0x82/0x180 [ 29.163224] ? preempt_count_sub+0x50/0x80 [ 29.163247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.163278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.163301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.163325] kthread+0x337/0x6f0 [ 29.163344] ? trace_preempt_on+0x20/0xc0 [ 29.163367] ? __pfx_kthread+0x10/0x10 [ 29.163389] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.163413] ? calculate_sigpending+0x7b/0xa0 [ 29.163438] ? __pfx_kthread+0x10/0x10 [ 29.163462] ret_from_fork+0x116/0x1d0 [ 29.163483] ? __pfx_kthread+0x10/0x10 [ 29.163505] ret_from_fork_asm+0x1a/0x30 [ 29.163559] </TASK> [ 29.163571] [ 29.172348] Allocated by task 309: [ 29.172494] kasan_save_stack+0x45/0x70 [ 29.172666] kasan_save_track+0x18/0x40 [ 29.172797] kasan_save_alloc_info+0x3b/0x50 [ 29.173226] __kasan_kmalloc+0xb7/0xc0 [ 29.173439] __kmalloc_cache_noprof+0x189/0x420 [ 29.173668] kasan_bitops_generic+0x92/0x1c0 [ 29.173987] kunit_try_run_case+0x1a5/0x480 [ 29.174135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.174302] kthread+0x337/0x6f0 [ 29.174418] ret_from_fork+0x116/0x1d0 [ 29.174546] ret_from_fork_asm+0x1a/0x30 [ 29.174789] [ 29.174913] The buggy address belongs to the object at ffff888104625b80 [ 29.174913] which belongs to the cache kmalloc-16 of size 16 [ 29.175560] The buggy address is located 8 bytes inside of [ 29.175560] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.176445] [ 29.176546] The buggy address belongs to the physical page: [ 29.176753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.177496] flags: 0x200000000000000(node=0|zone=2) [ 29.177706] page_type: f5(slab) [ 29.178008] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.178361] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.178598] page dumped because: kasan: bad access detected [ 29.178874] [ 29.178999] Memory state around the buggy address: [ 29.179273] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.179542] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.179837] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.180275] ^ [ 29.180399] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.180641] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.180948] ================================================================== [ 29.250616] ================================================================== [ 29.251028] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.251361] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.251698] [ 29.251874] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.251932] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.251946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.251968] Call Trace: [ 29.251987] <TASK> [ 29.252007] dump_stack_lvl+0x73/0xb0 [ 29.252037] print_report+0xd1/0x640 [ 29.252060] ? __virt_addr_valid+0x1db/0x2d0 [ 29.252084] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.252111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.252137] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.252165] kasan_report+0x141/0x180 [ 29.252188] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.252219] kasan_check_range+0x10c/0x1c0 [ 29.252242] __kasan_check_write+0x18/0x20 [ 29.252265] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 29.252292] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.252320] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.252344] ? trace_hardirqs_on+0x37/0xe0 [ 29.252366] ? kasan_bitops_generic+0x92/0x1c0 [ 29.252393] kasan_bitops_generic+0x121/0x1c0 [ 29.252456] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.252481] ? __pfx_read_tsc+0x10/0x10 [ 29.252502] ? ktime_get_ts64+0x86/0x230 [ 29.252526] kunit_try_run_case+0x1a5/0x480 [ 29.252552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.252586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.252612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.252638] ? __kthread_parkme+0x82/0x180 [ 29.252659] ? preempt_count_sub+0x50/0x80 [ 29.252683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.252707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.252730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.252753] kthread+0x337/0x6f0 [ 29.252773] ? trace_preempt_on+0x20/0xc0 [ 29.252807] ? __pfx_kthread+0x10/0x10 [ 29.252827] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.252850] ? calculate_sigpending+0x7b/0xa0 [ 29.252874] ? __pfx_kthread+0x10/0x10 [ 29.252895] ret_from_fork+0x116/0x1d0 [ 29.252948] ? __pfx_kthread+0x10/0x10 [ 29.252968] ret_from_fork_asm+0x1a/0x30 [ 29.253025] </TASK> [ 29.253036] [ 29.262207] Allocated by task 309: [ 29.262332] kasan_save_stack+0x45/0x70 [ 29.262470] kasan_save_track+0x18/0x40 [ 29.262629] kasan_save_alloc_info+0x3b/0x50 [ 29.262919] __kasan_kmalloc+0xb7/0xc0 [ 29.263307] __kmalloc_cache_noprof+0x189/0x420 [ 29.263648] kasan_bitops_generic+0x92/0x1c0 [ 29.264041] kunit_try_run_case+0x1a5/0x480 [ 29.264276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.264523] kthread+0x337/0x6f0 [ 29.264650] ret_from_fork+0x116/0x1d0 [ 29.264776] ret_from_fork_asm+0x1a/0x30 [ 29.265108] [ 29.265290] The buggy address belongs to the object at ffff888104625b80 [ 29.265290] which belongs to the cache kmalloc-16 of size 16 [ 29.265921] The buggy address is located 8 bytes inside of [ 29.265921] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.266435] [ 29.266529] The buggy address belongs to the physical page: [ 29.266874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.267399] flags: 0x200000000000000(node=0|zone=2) [ 29.267630] page_type: f5(slab) [ 29.267795] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.268260] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.268602] page dumped because: kasan: bad access detected [ 29.268838] [ 29.268900] Memory state around the buggy address: [ 29.269047] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.269253] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.269463] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.269730] ^ [ 29.269899] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.270214] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.270526] ================================================================== [ 29.227289] ================================================================== [ 29.227670] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.228152] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.228413] [ 29.228722] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.228824] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.228838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.228902] Call Trace: [ 29.228970] <TASK> [ 29.228987] dump_stack_lvl+0x73/0xb0 [ 29.229017] print_report+0xd1/0x640 [ 29.229039] ? __virt_addr_valid+0x1db/0x2d0 [ 29.229062] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.229088] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.229145] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.229173] kasan_report+0x141/0x180 [ 29.229195] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.229226] kasan_check_range+0x10c/0x1c0 [ 29.229249] __kasan_check_write+0x18/0x20 [ 29.229303] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 29.229330] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.229358] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.229383] ? trace_hardirqs_on+0x37/0xe0 [ 29.229435] ? kasan_bitops_generic+0x92/0x1c0 [ 29.229463] kasan_bitops_generic+0x121/0x1c0 [ 29.229486] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.229510] ? __pfx_read_tsc+0x10/0x10 [ 29.229531] ? ktime_get_ts64+0x86/0x230 [ 29.229596] kunit_try_run_case+0x1a5/0x480 [ 29.229620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.229644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.229669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.229694] ? __kthread_parkme+0x82/0x180 [ 29.229714] ? preempt_count_sub+0x50/0x80 [ 29.229738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.229762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.229854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.229883] kthread+0x337/0x6f0 [ 29.229938] ? trace_preempt_on+0x20/0xc0 [ 29.229960] ? __pfx_kthread+0x10/0x10 [ 29.229981] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.230015] ? calculate_sigpending+0x7b/0xa0 [ 29.230039] ? __pfx_kthread+0x10/0x10 [ 29.230061] ret_from_fork+0x116/0x1d0 [ 29.230115] ? __pfx_kthread+0x10/0x10 [ 29.230138] ret_from_fork_asm+0x1a/0x30 [ 29.230170] </TASK> [ 29.230182] [ 29.240375] Allocated by task 309: [ 29.240641] kasan_save_stack+0x45/0x70 [ 29.241187] kasan_save_track+0x18/0x40 [ 29.241344] kasan_save_alloc_info+0x3b/0x50 [ 29.241609] __kasan_kmalloc+0xb7/0xc0 [ 29.241822] __kmalloc_cache_noprof+0x189/0x420 [ 29.242116] kasan_bitops_generic+0x92/0x1c0 [ 29.242352] kunit_try_run_case+0x1a5/0x480 [ 29.242558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.242900] kthread+0x337/0x6f0 [ 29.243110] ret_from_fork+0x116/0x1d0 [ 29.243314] ret_from_fork_asm+0x1a/0x30 [ 29.243503] [ 29.243604] The buggy address belongs to the object at ffff888104625b80 [ 29.243604] which belongs to the cache kmalloc-16 of size 16 [ 29.244236] The buggy address is located 8 bytes inside of [ 29.244236] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.244759] [ 29.244927] The buggy address belongs to the physical page: [ 29.245157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.245392] flags: 0x200000000000000(node=0|zone=2) [ 29.245550] page_type: f5(slab) [ 29.245726] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.246649] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.246919] page dumped because: kasan: bad access detected [ 29.247085] [ 29.247148] Memory state around the buggy address: [ 29.247307] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.247523] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.248304] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.248687] ^ [ 29.248890] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.249279] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.250059] ================================================================== [ 29.181662] ================================================================== [ 29.182203] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.182822] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.183289] [ 29.183397] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.183492] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.183505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.183551] Call Trace: [ 29.183571] <TASK> [ 29.183600] dump_stack_lvl+0x73/0xb0 [ 29.183629] print_report+0xd1/0x640 [ 29.183653] ? __virt_addr_valid+0x1db/0x2d0 [ 29.183678] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.183705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.183731] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.183789] kasan_report+0x141/0x180 [ 29.183863] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.183896] kasan_check_range+0x10c/0x1c0 [ 29.183933] __kasan_check_write+0x18/0x20 [ 29.183957] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 29.184020] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.184050] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.184075] ? trace_hardirqs_on+0x37/0xe0 [ 29.184097] ? kasan_bitops_generic+0x92/0x1c0 [ 29.184124] kasan_bitops_generic+0x121/0x1c0 [ 29.184147] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.184172] ? __pfx_read_tsc+0x10/0x10 [ 29.184225] ? ktime_get_ts64+0x86/0x230 [ 29.184250] kunit_try_run_case+0x1a5/0x480 [ 29.184276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.184298] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.184324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.184379] ? __kthread_parkme+0x82/0x180 [ 29.184399] ? preempt_count_sub+0x50/0x80 [ 29.184423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.184447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.184470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.184494] kthread+0x337/0x6f0 [ 29.184512] ? trace_preempt_on+0x20/0xc0 [ 29.184566] ? __pfx_kthread+0x10/0x10 [ 29.184599] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.184622] ? calculate_sigpending+0x7b/0xa0 [ 29.184646] ? __pfx_kthread+0x10/0x10 [ 29.184667] ret_from_fork+0x116/0x1d0 [ 29.184719] ? __pfx_kthread+0x10/0x10 [ 29.184740] ret_from_fork_asm+0x1a/0x30 [ 29.184772] </TASK> [ 29.184782] [ 29.194906] Allocated by task 309: [ 29.195223] kasan_save_stack+0x45/0x70 [ 29.195464] kasan_save_track+0x18/0x40 [ 29.195670] kasan_save_alloc_info+0x3b/0x50 [ 29.195881] __kasan_kmalloc+0xb7/0xc0 [ 29.196066] __kmalloc_cache_noprof+0x189/0x420 [ 29.196416] kasan_bitops_generic+0x92/0x1c0 [ 29.196629] kunit_try_run_case+0x1a5/0x480 [ 29.196894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.197162] kthread+0x337/0x6f0 [ 29.197330] ret_from_fork+0x116/0x1d0 [ 29.197511] ret_from_fork_asm+0x1a/0x30 [ 29.197728] [ 29.197852] The buggy address belongs to the object at ffff888104625b80 [ 29.197852] which belongs to the cache kmalloc-16 of size 16 [ 29.198446] The buggy address is located 8 bytes inside of [ 29.198446] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.199129] [ 29.199299] The buggy address belongs to the physical page: [ 29.199559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.199976] flags: 0x200000000000000(node=0|zone=2) [ 29.200143] page_type: f5(slab) [ 29.200259] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.200485] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.201026] page dumped because: kasan: bad access detected [ 29.201349] [ 29.201471] Memory state around the buggy address: [ 29.201902] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.202391] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.202658] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.202868] ^ [ 29.203270] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.203678] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.204093] ================================================================== [ 29.292513] ================================================================== [ 29.292918] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 29.293437] Read of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.293850] [ 29.293969] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.294017] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.294031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.294104] Call Trace: [ 29.294122] <TASK> [ 29.294170] dump_stack_lvl+0x73/0xb0 [ 29.294197] print_report+0xd1/0x640 [ 29.294219] ? __virt_addr_valid+0x1db/0x2d0 [ 29.294243] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 29.294270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.294296] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 29.294355] kasan_report+0x141/0x180 [ 29.294378] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 29.294410] __asan_report_load8_noabort+0x18/0x20 [ 29.294435] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 29.294462] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 29.294519] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.294544] ? trace_hardirqs_on+0x37/0xe0 [ 29.294566] ? kasan_bitops_generic+0x92/0x1c0 [ 29.294606] kasan_bitops_generic+0x121/0x1c0 [ 29.294629] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.294685] ? __pfx_read_tsc+0x10/0x10 [ 29.294707] ? ktime_get_ts64+0x86/0x230 [ 29.294732] kunit_try_run_case+0x1a5/0x480 [ 29.294756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.294779] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.294804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.294859] ? __kthread_parkme+0x82/0x180 [ 29.294879] ? preempt_count_sub+0x50/0x80 [ 29.294902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.294938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.294963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.295091] kthread+0x337/0x6f0 [ 29.295112] ? trace_preempt_on+0x20/0xc0 [ 29.295133] ? __pfx_kthread+0x10/0x10 [ 29.295163] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.295186] ? calculate_sigpending+0x7b/0xa0 [ 29.295210] ? __pfx_kthread+0x10/0x10 [ 29.295232] ret_from_fork+0x116/0x1d0 [ 29.295257] ? __pfx_kthread+0x10/0x10 [ 29.295277] ret_from_fork_asm+0x1a/0x30 [ 29.295308] </TASK> [ 29.295318] [ 29.304313] Allocated by task 309: [ 29.304541] kasan_save_stack+0x45/0x70 [ 29.304757] kasan_save_track+0x18/0x40 [ 29.305000] kasan_save_alloc_info+0x3b/0x50 [ 29.305174] __kasan_kmalloc+0xb7/0xc0 [ 29.305294] __kmalloc_cache_noprof+0x189/0x420 [ 29.305527] kasan_bitops_generic+0x92/0x1c0 [ 29.305749] kunit_try_run_case+0x1a5/0x480 [ 29.306071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.306313] kthread+0x337/0x6f0 [ 29.306491] ret_from_fork+0x116/0x1d0 [ 29.306680] ret_from_fork_asm+0x1a/0x30 [ 29.306890] [ 29.307043] The buggy address belongs to the object at ffff888104625b80 [ 29.307043] which belongs to the cache kmalloc-16 of size 16 [ 29.307557] The buggy address is located 8 bytes inside of [ 29.307557] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.308227] [ 29.308345] The buggy address belongs to the physical page: [ 29.308559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.309027] flags: 0x200000000000000(node=0|zone=2) [ 29.309275] page_type: f5(slab) [ 29.309435] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.309758] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.310159] page dumped because: kasan: bad access detected [ 29.310399] [ 29.310516] Memory state around the buggy address: [ 29.310726] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.311199] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.311819] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.312026] ^ [ 29.312219] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.312523] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.312838] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 29.059938] ================================================================== [ 29.060270] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.060644] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.061162] [ 29.061277] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.061329] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.061342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.061364] Call Trace: [ 29.061385] <TASK> [ 29.061404] dump_stack_lvl+0x73/0xb0 [ 29.061433] print_report+0xd1/0x640 [ 29.061457] ? __virt_addr_valid+0x1db/0x2d0 [ 29.061482] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061506] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.061532] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061557] kasan_report+0x141/0x180 [ 29.061591] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061660] kasan_check_range+0x10c/0x1c0 [ 29.061686] __kasan_check_write+0x18/0x20 [ 29.061709] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 29.061735] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.061760] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.062006] ? trace_hardirqs_on+0x37/0xe0 [ 29.062032] ? kasan_bitops_generic+0x92/0x1c0 [ 29.062059] kasan_bitops_generic+0x116/0x1c0 [ 29.062085] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.062145] ? __pfx_read_tsc+0x10/0x10 [ 29.062168] ? ktime_get_ts64+0x86/0x230 [ 29.062193] kunit_try_run_case+0x1a5/0x480 [ 29.062218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.062240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.062297] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.062322] ? __kthread_parkme+0x82/0x180 [ 29.062342] ? preempt_count_sub+0x50/0x80 [ 29.062365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.062388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.062441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.062465] kthread+0x337/0x6f0 [ 29.062485] ? trace_preempt_on+0x20/0xc0 [ 29.062508] ? __pfx_kthread+0x10/0x10 [ 29.062527] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.062550] ? calculate_sigpending+0x7b/0xa0 [ 29.062615] ? __pfx_kthread+0x10/0x10 [ 29.062636] ret_from_fork+0x116/0x1d0 [ 29.062656] ? __pfx_kthread+0x10/0x10 [ 29.062676] ret_from_fork_asm+0x1a/0x30 [ 29.062708] </TASK> [ 29.062719] [ 29.071387] Allocated by task 309: [ 29.071568] kasan_save_stack+0x45/0x70 [ 29.071846] kasan_save_track+0x18/0x40 [ 29.072095] kasan_save_alloc_info+0x3b/0x50 [ 29.072305] __kasan_kmalloc+0xb7/0xc0 [ 29.072493] __kmalloc_cache_noprof+0x189/0x420 [ 29.072730] kasan_bitops_generic+0x92/0x1c0 [ 29.073003] kunit_try_run_case+0x1a5/0x480 [ 29.073236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.073474] kthread+0x337/0x6f0 [ 29.073642] ret_from_fork+0x116/0x1d0 [ 29.073846] ret_from_fork_asm+0x1a/0x30 [ 29.074115] [ 29.074199] The buggy address belongs to the object at ffff888104625b80 [ 29.074199] which belongs to the cache kmalloc-16 of size 16 [ 29.074709] The buggy address is located 8 bytes inside of [ 29.074709] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.075439] [ 29.075585] The buggy address belongs to the physical page: [ 29.075882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.076361] flags: 0x200000000000000(node=0|zone=2) [ 29.076602] page_type: f5(slab) [ 29.076850] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.077263] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.077604] page dumped because: kasan: bad access detected [ 29.077905] [ 29.078045] Memory state around the buggy address: [ 29.078328] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.078659] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.079172] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.079411] ^ [ 29.079593] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.080264] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.080568] ================================================================== [ 29.038660] ================================================================== [ 29.039315] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.039735] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.040140] [ 29.040251] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.040339] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.040354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.040376] Call Trace: [ 29.040396] <TASK> [ 29.040416] dump_stack_lvl+0x73/0xb0 [ 29.040446] print_report+0xd1/0x640 [ 29.040469] ? __virt_addr_valid+0x1db/0x2d0 [ 29.040512] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.040563] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040601] kasan_report+0x141/0x180 [ 29.040623] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040653] kasan_check_range+0x10c/0x1c0 [ 29.040675] __kasan_check_write+0x18/0x20 [ 29.040716] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 29.040741] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.040767] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.040954] ? trace_hardirqs_on+0x37/0xe0 [ 29.040986] ? kasan_bitops_generic+0x92/0x1c0 [ 29.041014] kasan_bitops_generic+0x116/0x1c0 [ 29.041067] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.041091] ? __pfx_read_tsc+0x10/0x10 [ 29.041114] ? ktime_get_ts64+0x86/0x230 [ 29.041156] kunit_try_run_case+0x1a5/0x480 [ 29.041182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041205] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.041231] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.041257] ? __kthread_parkme+0x82/0x180 [ 29.041277] ? preempt_count_sub+0x50/0x80 [ 29.041301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.041343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.041366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.041390] kthread+0x337/0x6f0 [ 29.041409] ? trace_preempt_on+0x20/0xc0 [ 29.041431] ? __pfx_kthread+0x10/0x10 [ 29.041452] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.041476] ? calculate_sigpending+0x7b/0xa0 [ 29.041516] ? __pfx_kthread+0x10/0x10 [ 29.041537] ret_from_fork+0x116/0x1d0 [ 29.041570] ? __pfx_kthread+0x10/0x10 [ 29.041601] ret_from_fork_asm+0x1a/0x30 [ 29.041648] </TASK> [ 29.041671] [ 29.050458] Allocated by task 309: [ 29.050685] kasan_save_stack+0x45/0x70 [ 29.050958] kasan_save_track+0x18/0x40 [ 29.051131] kasan_save_alloc_info+0x3b/0x50 [ 29.051275] __kasan_kmalloc+0xb7/0xc0 [ 29.051397] __kmalloc_cache_noprof+0x189/0x420 [ 29.051625] kasan_bitops_generic+0x92/0x1c0 [ 29.051835] kunit_try_run_case+0x1a5/0x480 [ 29.052253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.052525] kthread+0x337/0x6f0 [ 29.052705] ret_from_fork+0x116/0x1d0 [ 29.052960] ret_from_fork_asm+0x1a/0x30 [ 29.053197] [ 29.053286] The buggy address belongs to the object at ffff888104625b80 [ 29.053286] which belongs to the cache kmalloc-16 of size 16 [ 29.053731] The buggy address is located 8 bytes inside of [ 29.053731] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.054310] [ 29.054566] The buggy address belongs to the physical page: [ 29.055012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.055402] flags: 0x200000000000000(node=0|zone=2) [ 29.055673] page_type: f5(slab) [ 29.055861] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.056246] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.056584] page dumped because: kasan: bad access detected [ 29.056906] [ 29.057041] Memory state around the buggy address: [ 29.057251] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.057558] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.057893] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.058427] ^ [ 29.058648] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.059098] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.059445] ================================================================== [ 28.924766] ================================================================== [ 28.925290] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.925986] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.926415] [ 28.926751] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.926950] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.926969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.926993] Call Trace: [ 28.927007] <TASK> [ 28.927027] dump_stack_lvl+0x73/0xb0 [ 28.927056] print_report+0xd1/0x640 [ 28.927080] ? __virt_addr_valid+0x1db/0x2d0 [ 28.927104] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927128] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.927155] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927180] kasan_report+0x141/0x180 [ 28.927202] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927232] kasan_check_range+0x10c/0x1c0 [ 28.927262] __kasan_check_write+0x18/0x20 [ 28.927286] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 28.927311] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.927336] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.927361] ? trace_hardirqs_on+0x37/0xe0 [ 28.927383] ? kasan_bitops_generic+0x92/0x1c0 [ 28.927409] kasan_bitops_generic+0x116/0x1c0 [ 28.927432] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.927456] ? __pfx_read_tsc+0x10/0x10 [ 28.927477] ? ktime_get_ts64+0x86/0x230 [ 28.927501] kunit_try_run_case+0x1a5/0x480 [ 28.927526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.927548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.927583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.927607] ? __kthread_parkme+0x82/0x180 [ 28.927627] ? preempt_count_sub+0x50/0x80 [ 28.927650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.927673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.927697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.927719] kthread+0x337/0x6f0 [ 28.927738] ? trace_preempt_on+0x20/0xc0 [ 28.927760] ? __pfx_kthread+0x10/0x10 [ 28.927797] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.927820] ? calculate_sigpending+0x7b/0xa0 [ 28.927844] ? __pfx_kthread+0x10/0x10 [ 28.927866] ret_from_fork+0x116/0x1d0 [ 28.927885] ? __pfx_kthread+0x10/0x10 [ 28.927905] ret_from_fork_asm+0x1a/0x30 [ 28.927936] </TASK> [ 28.927948] [ 28.939882] Allocated by task 309: [ 28.940110] kasan_save_stack+0x45/0x70 [ 28.940477] kasan_save_track+0x18/0x40 [ 28.940676] kasan_save_alloc_info+0x3b/0x50 [ 28.941239] __kasan_kmalloc+0xb7/0xc0 [ 28.941476] __kmalloc_cache_noprof+0x189/0x420 [ 28.941659] kasan_bitops_generic+0x92/0x1c0 [ 28.942106] kunit_try_run_case+0x1a5/0x480 [ 28.942465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.942687] kthread+0x337/0x6f0 [ 28.942885] ret_from_fork+0x116/0x1d0 [ 28.943210] ret_from_fork_asm+0x1a/0x30 [ 28.943501] [ 28.943703] The buggy address belongs to the object at ffff888104625b80 [ 28.943703] which belongs to the cache kmalloc-16 of size 16 [ 28.944660] The buggy address is located 8 bytes inside of [ 28.944660] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.945407] [ 28.945482] The buggy address belongs to the physical page: [ 28.945753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.946263] flags: 0x200000000000000(node=0|zone=2) [ 28.946505] page_type: f5(slab) [ 28.946737] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.947025] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.947466] page dumped because: kasan: bad access detected [ 28.948009] [ 28.948091] Memory state around the buggy address: [ 28.948288] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.948602] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.949034] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.949358] ^ [ 28.949530] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.949876] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.950407] ================================================================== [ 28.972591] ================================================================== [ 28.973156] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.973540] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.973823] [ 28.973910] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.974198] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.974215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.974238] Call Trace: [ 28.974252] <TASK> [ 28.974271] dump_stack_lvl+0x73/0xb0 [ 28.974323] print_report+0xd1/0x640 [ 28.974347] ? __virt_addr_valid+0x1db/0x2d0 [ 28.974371] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974394] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.974420] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974445] kasan_report+0x141/0x180 [ 28.974484] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974514] kasan_check_range+0x10c/0x1c0 [ 28.974538] __kasan_check_write+0x18/0x20 [ 28.974561] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 28.974596] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.974622] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.974646] ? trace_hardirqs_on+0x37/0xe0 [ 28.974684] ? kasan_bitops_generic+0x92/0x1c0 [ 28.974723] kasan_bitops_generic+0x116/0x1c0 [ 28.974759] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.974842] ? __pfx_read_tsc+0x10/0x10 [ 28.974868] ? ktime_get_ts64+0x86/0x230 [ 28.974892] kunit_try_run_case+0x1a5/0x480 [ 28.974929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.974953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.974978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.975005] ? __kthread_parkme+0x82/0x180 [ 28.975026] ? preempt_count_sub+0x50/0x80 [ 28.975048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.975072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.975117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.975141] kthread+0x337/0x6f0 [ 28.975160] ? trace_preempt_on+0x20/0xc0 [ 28.975182] ? __pfx_kthread+0x10/0x10 [ 28.975201] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.975224] ? calculate_sigpending+0x7b/0xa0 [ 28.975248] ? __pfx_kthread+0x10/0x10 [ 28.975292] ret_from_fork+0x116/0x1d0 [ 28.975311] ? __pfx_kthread+0x10/0x10 [ 28.975332] ret_from_fork_asm+0x1a/0x30 [ 28.975363] </TASK> [ 28.975374] [ 28.984728] Allocated by task 309: [ 28.984924] kasan_save_stack+0x45/0x70 [ 28.985135] kasan_save_track+0x18/0x40 [ 28.985316] kasan_save_alloc_info+0x3b/0x50 [ 28.985647] __kasan_kmalloc+0xb7/0xc0 [ 28.986235] __kmalloc_cache_noprof+0x189/0x420 [ 28.986601] kasan_bitops_generic+0x92/0x1c0 [ 28.986827] kunit_try_run_case+0x1a5/0x480 [ 28.987128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.987392] kthread+0x337/0x6f0 [ 28.987585] ret_from_fork+0x116/0x1d0 [ 28.987763] ret_from_fork_asm+0x1a/0x30 [ 28.988123] [ 28.988212] The buggy address belongs to the object at ffff888104625b80 [ 28.988212] which belongs to the cache kmalloc-16 of size 16 [ 28.988708] The buggy address is located 8 bytes inside of [ 28.988708] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.989298] [ 28.989393] The buggy address belongs to the physical page: [ 28.989626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.990129] flags: 0x200000000000000(node=0|zone=2) [ 28.990456] page_type: f5(slab) [ 28.990606] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.991127] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.991510] page dumped because: kasan: bad access detected [ 28.991759] [ 28.991887] Memory state around the buggy address: [ 28.992148] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.992489] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.992810] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.993192] ^ [ 28.993378] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.993728] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.994024] ================================================================== [ 29.015975] ================================================================== [ 29.016288] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.017505] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.019036] [ 29.019143] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.019201] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.019216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.019239] Call Trace: [ 29.019271] <TASK> [ 29.019290] dump_stack_lvl+0x73/0xb0 [ 29.019320] print_report+0xd1/0x640 [ 29.019345] ? __virt_addr_valid+0x1db/0x2d0 [ 29.019368] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.019420] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019446] kasan_report+0x141/0x180 [ 29.019469] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019498] kasan_check_range+0x10c/0x1c0 [ 29.019523] __kasan_check_write+0x18/0x20 [ 29.019546] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 29.019589] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.019618] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.019642] ? trace_hardirqs_on+0x37/0xe0 [ 29.019665] ? kasan_bitops_generic+0x92/0x1c0 [ 29.019721] kasan_bitops_generic+0x116/0x1c0 [ 29.019759] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.019801] ? __pfx_read_tsc+0x10/0x10 [ 29.019823] ? ktime_get_ts64+0x86/0x230 [ 29.019848] kunit_try_run_case+0x1a5/0x480 [ 29.019873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.019896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.019922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.019964] ? __kthread_parkme+0x82/0x180 [ 29.019984] ? preempt_count_sub+0x50/0x80 [ 29.020008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.020031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.020055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.020079] kthread+0x337/0x6f0 [ 29.020099] ? trace_preempt_on+0x20/0xc0 [ 29.020121] ? __pfx_kthread+0x10/0x10 [ 29.020142] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.020165] ? calculate_sigpending+0x7b/0xa0 [ 29.020189] ? __pfx_kthread+0x10/0x10 [ 29.020210] ret_from_fork+0x116/0x1d0 [ 29.020228] ? __pfx_kthread+0x10/0x10 [ 29.020248] ret_from_fork_asm+0x1a/0x30 [ 29.020280] </TASK> [ 29.020291] [ 29.029314] Allocated by task 309: [ 29.029516] kasan_save_stack+0x45/0x70 [ 29.029743] kasan_save_track+0x18/0x40 [ 29.030033] kasan_save_alloc_info+0x3b/0x50 [ 29.030179] __kasan_kmalloc+0xb7/0xc0 [ 29.030351] __kmalloc_cache_noprof+0x189/0x420 [ 29.030605] kasan_bitops_generic+0x92/0x1c0 [ 29.030876] kunit_try_run_case+0x1a5/0x480 [ 29.031072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.031340] kthread+0x337/0x6f0 [ 29.031497] ret_from_fork+0x116/0x1d0 [ 29.031700] ret_from_fork_asm+0x1a/0x30 [ 29.031971] [ 29.032164] The buggy address belongs to the object at ffff888104625b80 [ 29.032164] which belongs to the cache kmalloc-16 of size 16 [ 29.032759] The buggy address is located 8 bytes inside of [ 29.032759] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.033568] [ 29.033730] The buggy address belongs to the physical page: [ 29.034019] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.034311] flags: 0x200000000000000(node=0|zone=2) [ 29.034566] page_type: f5(slab) [ 29.034766] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.035178] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.035477] page dumped because: kasan: bad access detected [ 29.035718] [ 29.035811] Memory state around the buggy address: [ 29.036010] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.036291] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.036604] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037164] ^ [ 29.037355] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.037673] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.038098] ================================================================== [ 28.994519] ================================================================== [ 28.994798] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.995303] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.995644] [ 28.995729] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.995784] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.995800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.995823] Call Trace: [ 28.995842] <TASK> [ 28.995864] dump_stack_lvl+0x73/0xb0 [ 28.995891] print_report+0xd1/0x640 [ 28.995915] ? __virt_addr_valid+0x1db/0x2d0 [ 28.996201] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.996279] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996304] kasan_report+0x141/0x180 [ 28.996345] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996374] kasan_check_range+0x10c/0x1c0 [ 28.996398] __kasan_check_write+0x18/0x20 [ 28.996420] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 28.996445] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.996471] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.996513] ? trace_hardirqs_on+0x37/0xe0 [ 28.996536] ? kasan_bitops_generic+0x92/0x1c0 [ 28.996563] kasan_bitops_generic+0x116/0x1c0 [ 28.996597] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.996621] ? __pfx_read_tsc+0x10/0x10 [ 28.996643] ? ktime_get_ts64+0x86/0x230 [ 28.996683] kunit_try_run_case+0x1a5/0x480 [ 28.996707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.996743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.996782] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.996807] ? __kthread_parkme+0x82/0x180 [ 28.996840] ? preempt_count_sub+0x50/0x80 [ 28.996875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.996912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.996948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.996984] kthread+0x337/0x6f0 [ 28.997004] ? trace_preempt_on+0x20/0xc0 [ 28.997038] ? __pfx_kthread+0x10/0x10 [ 28.997059] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.997095] ? calculate_sigpending+0x7b/0xa0 [ 28.997197] ? __pfx_kthread+0x10/0x10 [ 28.997222] ret_from_fork+0x116/0x1d0 [ 28.997242] ? __pfx_kthread+0x10/0x10 [ 28.997263] ret_from_fork_asm+0x1a/0x30 [ 28.997294] </TASK> [ 28.997306] [ 29.006617] Allocated by task 309: [ 29.006760] kasan_save_stack+0x45/0x70 [ 29.007217] kasan_save_track+0x18/0x40 [ 29.007438] kasan_save_alloc_info+0x3b/0x50 [ 29.007658] __kasan_kmalloc+0xb7/0xc0 [ 29.007978] __kmalloc_cache_noprof+0x189/0x420 [ 29.008202] kasan_bitops_generic+0x92/0x1c0 [ 29.008416] kunit_try_run_case+0x1a5/0x480 [ 29.008624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.008991] kthread+0x337/0x6f0 [ 29.009179] ret_from_fork+0x116/0x1d0 [ 29.009341] ret_from_fork_asm+0x1a/0x30 [ 29.009523] [ 29.009632] The buggy address belongs to the object at ffff888104625b80 [ 29.009632] which belongs to the cache kmalloc-16 of size 16 [ 29.010162] The buggy address is located 8 bytes inside of [ 29.010162] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.010704] [ 29.010796] The buggy address belongs to the physical page: [ 29.011041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.011611] flags: 0x200000000000000(node=0|zone=2) [ 29.011973] page_type: f5(slab) [ 29.012095] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.012312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.012523] page dumped because: kasan: bad access detected [ 29.012820] [ 29.012907] Memory state around the buggy address: [ 29.013127] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.013440] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.013761] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.014432] ^ [ 29.014654] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015060] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.015405] ================================================================== [ 28.950991] ================================================================== [ 28.951279] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.951662] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 28.952217] [ 28.952342] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.952395] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.952408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.952430] Call Trace: [ 28.952451] <TASK> [ 28.952470] dump_stack_lvl+0x73/0xb0 [ 28.952498] print_report+0xd1/0x640 [ 28.952521] ? __virt_addr_valid+0x1db/0x2d0 [ 28.952545] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.952608] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952632] kasan_report+0x141/0x180 [ 28.952654] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952683] kasan_check_range+0x10c/0x1c0 [ 28.952706] __kasan_check_write+0x18/0x20 [ 28.952729] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 28.952755] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.952780] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.952804] ? trace_hardirqs_on+0x37/0xe0 [ 28.952826] ? kasan_bitops_generic+0x92/0x1c0 [ 28.952853] kasan_bitops_generic+0x116/0x1c0 [ 28.952897] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.952923] ? __pfx_read_tsc+0x10/0x10 [ 28.952958] ? ktime_get_ts64+0x86/0x230 [ 28.952983] kunit_try_run_case+0x1a5/0x480 [ 28.953008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.953043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.953355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.953384] ? __kthread_parkme+0x82/0x180 [ 28.953405] ? preempt_count_sub+0x50/0x80 [ 28.953429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.953453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.953477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.953500] kthread+0x337/0x6f0 [ 28.953519] ? trace_preempt_on+0x20/0xc0 [ 28.953542] ? __pfx_kthread+0x10/0x10 [ 28.953561] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.953596] ? calculate_sigpending+0x7b/0xa0 [ 28.953620] ? __pfx_kthread+0x10/0x10 [ 28.953641] ret_from_fork+0x116/0x1d0 [ 28.953660] ? __pfx_kthread+0x10/0x10 [ 28.953680] ret_from_fork_asm+0x1a/0x30 [ 28.953711] </TASK> [ 28.953722] [ 28.962766] Allocated by task 309: [ 28.963032] kasan_save_stack+0x45/0x70 [ 28.963242] kasan_save_track+0x18/0x40 [ 28.963436] kasan_save_alloc_info+0x3b/0x50 [ 28.963595] __kasan_kmalloc+0xb7/0xc0 [ 28.963716] __kmalloc_cache_noprof+0x189/0x420 [ 28.963877] kasan_bitops_generic+0x92/0x1c0 [ 28.964499] kunit_try_run_case+0x1a5/0x480 [ 28.964742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.965089] kthread+0x337/0x6f0 [ 28.965286] ret_from_fork+0x116/0x1d0 [ 28.965454] ret_from_fork_asm+0x1a/0x30 [ 28.965671] [ 28.965764] The buggy address belongs to the object at ffff888104625b80 [ 28.965764] which belongs to the cache kmalloc-16 of size 16 [ 28.966417] The buggy address is located 8 bytes inside of [ 28.966417] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 28.967179] [ 28.967285] The buggy address belongs to the physical page: [ 28.967555] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 28.967942] flags: 0x200000000000000(node=0|zone=2) [ 28.968171] page_type: f5(slab) [ 28.968330] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 28.968664] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.969071] page dumped because: kasan: bad access detected [ 28.969284] [ 28.969344] Memory state around the buggy address: [ 28.969487] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.970220] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 28.970601] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971108] ^ [ 28.971271] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.971629] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.972004] ================================================================== [ 29.081167] ================================================================== [ 29.081497] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.081937] Write of size 8 at addr ffff888104625b88 by task kunit_try_catch/309 [ 29.082372] [ 29.082503] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 29.082553] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 29.082566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.082603] Call Trace: [ 29.082621] <TASK> [ 29.082638] dump_stack_lvl+0x73/0xb0 [ 29.082665] print_report+0xd1/0x640 [ 29.082688] ? __virt_addr_valid+0x1db/0x2d0 [ 29.082713] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082740] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.082766] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082795] kasan_report+0x141/0x180 [ 29.082818] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082847] kasan_check_range+0x10c/0x1c0 [ 29.082871] __kasan_check_write+0x18/0x20 [ 29.082894] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 29.082922] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 29.082948] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.082973] ? trace_hardirqs_on+0x37/0xe0 [ 29.082995] ? kasan_bitops_generic+0x92/0x1c0 [ 29.083023] kasan_bitops_generic+0x116/0x1c0 [ 29.083049] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 29.083073] ? __pfx_read_tsc+0x10/0x10 [ 29.083095] ? ktime_get_ts64+0x86/0x230 [ 29.083120] kunit_try_run_case+0x1a5/0x480 [ 29.083144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.083166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.083191] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.083216] ? __kthread_parkme+0x82/0x180 [ 29.083236] ? preempt_count_sub+0x50/0x80 [ 29.083265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.083288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.083312] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.083335] kthread+0x337/0x6f0 [ 29.083355] ? trace_preempt_on+0x20/0xc0 [ 29.083377] ? __pfx_kthread+0x10/0x10 [ 29.083398] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.083421] ? calculate_sigpending+0x7b/0xa0 [ 29.083444] ? __pfx_kthread+0x10/0x10 [ 29.083561] ret_from_fork+0x116/0x1d0 [ 29.083595] ? __pfx_kthread+0x10/0x10 [ 29.083615] ret_from_fork_asm+0x1a/0x30 [ 29.083648] </TASK> [ 29.083658] [ 29.093098] Allocated by task 309: [ 29.093284] kasan_save_stack+0x45/0x70 [ 29.093481] kasan_save_track+0x18/0x40 [ 29.093685] kasan_save_alloc_info+0x3b/0x50 [ 29.093979] __kasan_kmalloc+0xb7/0xc0 [ 29.094619] __kmalloc_cache_noprof+0x189/0x420 [ 29.095074] kasan_bitops_generic+0x92/0x1c0 [ 29.095297] kunit_try_run_case+0x1a5/0x480 [ 29.095474] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.095692] kthread+0x337/0x6f0 [ 29.095994] ret_from_fork+0x116/0x1d0 [ 29.096130] ret_from_fork_asm+0x1a/0x30 [ 29.096256] [ 29.096319] The buggy address belongs to the object at ffff888104625b80 [ 29.096319] which belongs to the cache kmalloc-16 of size 16 [ 29.096704] The buggy address is located 8 bytes inside of [ 29.096704] allocated 9-byte region [ffff888104625b80, ffff888104625b89) [ 29.097204] [ 29.097291] The buggy address belongs to the physical page: [ 29.097536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 29.098376] flags: 0x200000000000000(node=0|zone=2) [ 29.098669] page_type: f5(slab) [ 29.098843] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 29.099312] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 29.099527] page dumped because: kasan: bad access detected [ 29.099697] [ 29.099760] Memory state around the buggy address: [ 29.099983] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.100362] ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 29.100764] >ffff888104625b80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101313] ^ [ 29.101491] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.101750] ffff888104625c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.102226] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 28.892457] ================================================================== [ 28.892788] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 28.893259] Read of size 1 at addr ffff888106048f50 by task kunit_try_catch/307 [ 28.893482] [ 28.893567] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.893629] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.893642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.893665] Call Trace: [ 28.893684] <TASK> [ 28.893703] dump_stack_lvl+0x73/0xb0 [ 28.893731] print_report+0xd1/0x640 [ 28.893754] ? __virt_addr_valid+0x1db/0x2d0 [ 28.893779] ? strnlen+0x73/0x80 [ 28.893798] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.893824] ? strnlen+0x73/0x80 [ 28.893843] kasan_report+0x141/0x180 [ 28.893866] ? strnlen+0x73/0x80 [ 28.893889] __asan_report_load1_noabort+0x18/0x20 [ 28.893913] strnlen+0x73/0x80 [ 28.893934] kasan_strings+0x615/0xe80 [ 28.893953] ? trace_hardirqs_on+0x37/0xe0 [ 28.893977] ? __pfx_kasan_strings+0x10/0x10 [ 28.893997] ? finish_task_switch.isra.0+0x153/0x700 [ 28.894019] ? __switch_to+0x47/0xf80 [ 28.894044] ? __schedule+0x10da/0x2b60 [ 28.894069] ? __pfx_read_tsc+0x10/0x10 [ 28.894090] ? ktime_get_ts64+0x86/0x230 [ 28.894114] kunit_try_run_case+0x1a5/0x480 [ 28.894139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.894161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.894186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.894210] ? __kthread_parkme+0x82/0x180 [ 28.894230] ? preempt_count_sub+0x50/0x80 [ 28.894252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.894275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.894298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.894321] kthread+0x337/0x6f0 [ 28.894340] ? trace_preempt_on+0x20/0xc0 [ 28.894361] ? __pfx_kthread+0x10/0x10 [ 28.894381] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.894440] ? calculate_sigpending+0x7b/0xa0 [ 28.894463] ? __pfx_kthread+0x10/0x10 [ 28.894484] ret_from_fork+0x116/0x1d0 [ 28.894562] ? __pfx_kthread+0x10/0x10 [ 28.894594] ret_from_fork_asm+0x1a/0x30 [ 28.894627] </TASK> [ 28.894638] [ 28.903121] Allocated by task 307: [ 28.903315] kasan_save_stack+0x45/0x70 [ 28.903740] kasan_save_track+0x18/0x40 [ 28.903926] kasan_save_alloc_info+0x3b/0x50 [ 28.904128] __kasan_kmalloc+0xb7/0xc0 [ 28.904308] __kmalloc_cache_noprof+0x189/0x420 [ 28.904469] kasan_strings+0xc0/0xe80 [ 28.904603] kunit_try_run_case+0x1a5/0x480 [ 28.904745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.904913] kthread+0x337/0x6f0 [ 28.905389] ret_from_fork+0x116/0x1d0 [ 28.906745] ret_from_fork_asm+0x1a/0x30 [ 28.907418] [ 28.907518] Freed by task 307: [ 28.907688] kasan_save_stack+0x45/0x70 [ 28.908259] kasan_save_track+0x18/0x40 [ 28.908449] kasan_save_free_info+0x3f/0x60 [ 28.908664] __kasan_slab_free+0x56/0x70 [ 28.909480] kfree+0x222/0x3f0 [ 28.909648] kasan_strings+0x2aa/0xe80 [ 28.910109] kunit_try_run_case+0x1a5/0x480 [ 28.910745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.911485] kthread+0x337/0x6f0 [ 28.912245] ret_from_fork+0x116/0x1d0 [ 28.912496] ret_from_fork_asm+0x1a/0x30 [ 28.913089] [ 28.913478] The buggy address belongs to the object at ffff888106048f40 [ 28.913478] which belongs to the cache kmalloc-32 of size 32 [ 28.914454] The buggy address is located 16 bytes inside of [ 28.914454] freed 32-byte region [ffff888106048f40, ffff888106048f60) [ 28.915066] [ 28.915236] The buggy address belongs to the physical page: [ 28.915478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106048 [ 28.915874] flags: 0x200000000000000(node=0|zone=2) [ 28.916582] page_type: f5(slab) [ 28.916908] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.917435] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.918130] page dumped because: kasan: bad access detected [ 28.918542] [ 28.918653] Memory state around the buggy address: [ 28.919199] ffff888106048e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.919507] ffff888106048e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.920080] >ffff888106048f00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.920384] ^ [ 28.920774] ffff888106048f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.921184] ffff888106049000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.921494] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 28.869997] ================================================================== [ 28.870276] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 28.870487] Read of size 1 at addr ffff888106048f50 by task kunit_try_catch/307 [ 28.870902] [ 28.871106] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.871157] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.871171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.871194] Call Trace: [ 28.871214] <TASK> [ 28.871231] dump_stack_lvl+0x73/0xb0 [ 28.871264] print_report+0xd1/0x640 [ 28.871287] ? __virt_addr_valid+0x1db/0x2d0 [ 28.871321] ? strlen+0x8f/0xb0 [ 28.871340] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.871366] ? strlen+0x8f/0xb0 [ 28.871395] kasan_report+0x141/0x180 [ 28.871418] ? strlen+0x8f/0xb0 [ 28.871441] __asan_report_load1_noabort+0x18/0x20 [ 28.871466] strlen+0x8f/0xb0 [ 28.871494] kasan_strings+0x57b/0xe80 [ 28.871515] ? trace_hardirqs_on+0x37/0xe0 [ 28.871537] ? __pfx_kasan_strings+0x10/0x10 [ 28.871568] ? finish_task_switch.isra.0+0x153/0x700 [ 28.871598] ? __switch_to+0x47/0xf80 [ 28.871623] ? __schedule+0x10da/0x2b60 [ 28.871649] ? __pfx_read_tsc+0x10/0x10 [ 28.871679] ? ktime_get_ts64+0x86/0x230 [ 28.871704] kunit_try_run_case+0x1a5/0x480 [ 28.871728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.871761] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.871832] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.871862] ? __kthread_parkme+0x82/0x180 [ 28.871893] ? preempt_count_sub+0x50/0x80 [ 28.871916] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.871940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.871974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.871998] kthread+0x337/0x6f0 [ 28.872017] ? trace_preempt_on+0x20/0xc0 [ 28.872039] ? __pfx_kthread+0x10/0x10 [ 28.872059] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.872091] ? calculate_sigpending+0x7b/0xa0 [ 28.872114] ? __pfx_kthread+0x10/0x10 [ 28.872135] ret_from_fork+0x116/0x1d0 [ 28.872164] ? __pfx_kthread+0x10/0x10 [ 28.872185] ret_from_fork_asm+0x1a/0x30 [ 28.872217] </TASK> [ 28.872227] [ 28.880382] Allocated by task 307: [ 28.880588] kasan_save_stack+0x45/0x70 [ 28.880769] kasan_save_track+0x18/0x40 [ 28.881299] kasan_save_alloc_info+0x3b/0x50 [ 28.881513] __kasan_kmalloc+0xb7/0xc0 [ 28.881702] __kmalloc_cache_noprof+0x189/0x420 [ 28.881967] kasan_strings+0xc0/0xe80 [ 28.882166] kunit_try_run_case+0x1a5/0x480 [ 28.882348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.882518] kthread+0x337/0x6f0 [ 28.882646] ret_from_fork+0x116/0x1d0 [ 28.882774] ret_from_fork_asm+0x1a/0x30 [ 28.882964] [ 28.883053] Freed by task 307: [ 28.883341] kasan_save_stack+0x45/0x70 [ 28.883530] kasan_save_track+0x18/0x40 [ 28.883829] kasan_save_free_info+0x3f/0x60 [ 28.884044] __kasan_slab_free+0x56/0x70 [ 28.884174] kfree+0x222/0x3f0 [ 28.884309] kasan_strings+0x2aa/0xe80 [ 28.884518] kunit_try_run_case+0x1a5/0x480 [ 28.884729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.885249] kthread+0x337/0x6f0 [ 28.885423] ret_from_fork+0x116/0x1d0 [ 28.885600] ret_from_fork_asm+0x1a/0x30 [ 28.885797] [ 28.885867] The buggy address belongs to the object at ffff888106048f40 [ 28.885867] which belongs to the cache kmalloc-32 of size 32 [ 28.886434] The buggy address is located 16 bytes inside of [ 28.886434] freed 32-byte region [ffff888106048f40, ffff888106048f60) [ 28.887032] [ 28.887134] The buggy address belongs to the physical page: [ 28.887372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106048 [ 28.887722] flags: 0x200000000000000(node=0|zone=2) [ 28.888064] page_type: f5(slab) [ 28.888254] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.888729] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.889166] page dumped because: kasan: bad access detected [ 28.889403] [ 28.889493] Memory state around the buggy address: [ 28.889656] ffff888106048e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.889864] ffff888106048e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.890176] >ffff888106048f00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.890490] ^ [ 28.890759] ffff888106048f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.891477] ffff888106049000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.891940] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 28.846597] ================================================================== [ 28.847239] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 28.847610] Read of size 1 at addr ffff888106048f50 by task kunit_try_catch/307 [ 28.848164] [ 28.848285] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.848348] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.848364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.848385] Call Trace: [ 28.848403] <TASK> [ 28.848429] dump_stack_lvl+0x73/0xb0 [ 28.848458] print_report+0xd1/0x640 [ 28.848479] ? __virt_addr_valid+0x1db/0x2d0 [ 28.848515] ? kasan_strings+0xcbc/0xe80 [ 28.848536] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.848562] ? kasan_strings+0xcbc/0xe80 [ 28.848594] kasan_report+0x141/0x180 [ 28.848624] ? kasan_strings+0xcbc/0xe80 [ 28.848648] __asan_report_load1_noabort+0x18/0x20 [ 28.848672] kasan_strings+0xcbc/0xe80 [ 28.848704] ? trace_hardirqs_on+0x37/0xe0 [ 28.848728] ? __pfx_kasan_strings+0x10/0x10 [ 28.848747] ? finish_task_switch.isra.0+0x153/0x700 [ 28.848769] ? __switch_to+0x47/0xf80 [ 28.848855] ? __schedule+0x10da/0x2b60 [ 28.848883] ? __pfx_read_tsc+0x10/0x10 [ 28.848905] ? ktime_get_ts64+0x86/0x230 [ 28.848941] kunit_try_run_case+0x1a5/0x480 [ 28.848966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.848988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.849012] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.849037] ? __kthread_parkme+0x82/0x180 [ 28.849056] ? preempt_count_sub+0x50/0x80 [ 28.849079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.849104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.849136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.849158] kthread+0x337/0x6f0 [ 28.849178] ? trace_preempt_on+0x20/0xc0 [ 28.849209] ? __pfx_kthread+0x10/0x10 [ 28.849230] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.849253] ? calculate_sigpending+0x7b/0xa0 [ 28.849276] ? __pfx_kthread+0x10/0x10 [ 28.849297] ret_from_fork+0x116/0x1d0 [ 28.849316] ? __pfx_kthread+0x10/0x10 [ 28.849336] ret_from_fork_asm+0x1a/0x30 [ 28.849367] </TASK> [ 28.849377] [ 28.857453] Allocated by task 307: [ 28.857647] kasan_save_stack+0x45/0x70 [ 28.857886] kasan_save_track+0x18/0x40 [ 28.858067] kasan_save_alloc_info+0x3b/0x50 [ 28.858211] __kasan_kmalloc+0xb7/0xc0 [ 28.858335] __kmalloc_cache_noprof+0x189/0x420 [ 28.858482] kasan_strings+0xc0/0xe80 [ 28.858616] kunit_try_run_case+0x1a5/0x480 [ 28.858940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.859188] kthread+0x337/0x6f0 [ 28.859359] ret_from_fork+0x116/0x1d0 [ 28.859545] ret_from_fork_asm+0x1a/0x30 [ 28.859741] [ 28.859828] Freed by task 307: [ 28.860206] kasan_save_stack+0x45/0x70 [ 28.860456] kasan_save_track+0x18/0x40 [ 28.860619] kasan_save_free_info+0x3f/0x60 [ 28.860829] __kasan_slab_free+0x56/0x70 [ 28.861088] kfree+0x222/0x3f0 [ 28.861205] kasan_strings+0x2aa/0xe80 [ 28.861331] kunit_try_run_case+0x1a5/0x480 [ 28.861469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.861647] kthread+0x337/0x6f0 [ 28.861760] ret_from_fork+0x116/0x1d0 [ 28.861883] ret_from_fork_asm+0x1a/0x30 [ 28.862296] [ 28.862451] The buggy address belongs to the object at ffff888106048f40 [ 28.862451] which belongs to the cache kmalloc-32 of size 32 [ 28.863712] The buggy address is located 16 bytes inside of [ 28.863712] freed 32-byte region [ffff888106048f40, ffff888106048f60) [ 28.864141] [ 28.864208] The buggy address belongs to the physical page: [ 28.864380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106048 [ 28.864633] flags: 0x200000000000000(node=0|zone=2) [ 28.864912] page_type: f5(slab) [ 28.865086] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.865668] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.866271] page dumped because: kasan: bad access detected [ 28.866734] [ 28.866875] Memory state around the buggy address: [ 28.867177] ffff888106048e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.867398] ffff888106048e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.867735] >ffff888106048f00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.868252] ^ [ 28.868432] ffff888106048f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.868689] ffff888106049000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.869298] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 28.821737] ================================================================== [ 28.822661] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 28.822910] Read of size 1 at addr ffff888106048f50 by task kunit_try_catch/307 [ 28.823218] [ 28.823310] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.823365] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.823377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.823401] Call Trace: [ 28.823414] <TASK> [ 28.823432] dump_stack_lvl+0x73/0xb0 [ 28.823460] print_report+0xd1/0x640 [ 28.823485] ? __virt_addr_valid+0x1db/0x2d0 [ 28.823510] ? strcmp+0xb0/0xc0 [ 28.823528] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.823554] ? strcmp+0xb0/0xc0 [ 28.823585] kasan_report+0x141/0x180 [ 28.823607] ? strcmp+0xb0/0xc0 [ 28.823631] __asan_report_load1_noabort+0x18/0x20 [ 28.823655] strcmp+0xb0/0xc0 [ 28.823675] kasan_strings+0x431/0xe80 [ 28.823696] ? trace_hardirqs_on+0x37/0xe0 [ 28.823719] ? __pfx_kasan_strings+0x10/0x10 [ 28.823738] ? finish_task_switch.isra.0+0x153/0x700 [ 28.823761] ? __switch_to+0x47/0xf80 [ 28.823786] ? __schedule+0x10da/0x2b60 [ 28.823810] ? __pfx_read_tsc+0x10/0x10 [ 28.823832] ? ktime_get_ts64+0x86/0x230 [ 28.823856] kunit_try_run_case+0x1a5/0x480 [ 28.823881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.823903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.824276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.824306] ? __kthread_parkme+0x82/0x180 [ 28.824328] ? preempt_count_sub+0x50/0x80 [ 28.824352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.824377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.824401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.824425] kthread+0x337/0x6f0 [ 28.824444] ? trace_preempt_on+0x20/0xc0 [ 28.824467] ? __pfx_kthread+0x10/0x10 [ 28.824487] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.824510] ? calculate_sigpending+0x7b/0xa0 [ 28.824534] ? __pfx_kthread+0x10/0x10 [ 28.824554] ret_from_fork+0x116/0x1d0 [ 28.824586] ? __pfx_kthread+0x10/0x10 [ 28.824607] ret_from_fork_asm+0x1a/0x30 [ 28.824640] </TASK> [ 28.824651] [ 28.835339] Allocated by task 307: [ 28.835509] kasan_save_stack+0x45/0x70 [ 28.835732] kasan_save_track+0x18/0x40 [ 28.835866] kasan_save_alloc_info+0x3b/0x50 [ 28.836029] __kasan_kmalloc+0xb7/0xc0 [ 28.836323] __kmalloc_cache_noprof+0x189/0x420 [ 28.836645] kasan_strings+0xc0/0xe80 [ 28.836810] kunit_try_run_case+0x1a5/0x480 [ 28.837045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.837304] kthread+0x337/0x6f0 [ 28.837458] ret_from_fork+0x116/0x1d0 [ 28.837594] ret_from_fork_asm+0x1a/0x30 [ 28.837727] [ 28.837791] Freed by task 307: [ 28.837894] kasan_save_stack+0x45/0x70 [ 28.838254] kasan_save_track+0x18/0x40 [ 28.838443] kasan_save_free_info+0x3f/0x60 [ 28.838658] __kasan_slab_free+0x56/0x70 [ 28.838934] kfree+0x222/0x3f0 [ 28.839090] kasan_strings+0x2aa/0xe80 [ 28.839279] kunit_try_run_case+0x1a5/0x480 [ 28.839430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.839634] kthread+0x337/0x6f0 [ 28.839796] ret_from_fork+0x116/0x1d0 [ 28.840124] ret_from_fork_asm+0x1a/0x30 [ 28.840332] [ 28.840414] The buggy address belongs to the object at ffff888106048f40 [ 28.840414] which belongs to the cache kmalloc-32 of size 32 [ 28.841012] The buggy address is located 16 bytes inside of [ 28.841012] freed 32-byte region [ffff888106048f40, ffff888106048f60) [ 28.841475] [ 28.841551] The buggy address belongs to the physical page: [ 28.841780] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106048 [ 28.842250] flags: 0x200000000000000(node=0|zone=2) [ 28.842417] page_type: f5(slab) [ 28.842537] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.842885] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 28.843223] page dumped because: kasan: bad access detected [ 28.843498] [ 28.843560] Memory state around the buggy address: [ 28.843750] ffff888106048e00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.844417] ffff888106048e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.844776] >ffff888106048f00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 28.845340] ^ [ 28.845544] ffff888106048f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 28.845768] ffff888106049000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.845993] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 28.785393] ================================================================== [ 28.786663] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 28.787421] Read of size 1 at addr ffff888106048e18 by task kunit_try_catch/305 [ 28.788316] [ 28.788555] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.788627] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.788641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.788665] Call Trace: [ 28.788679] <TASK> [ 28.788700] dump_stack_lvl+0x73/0xb0 [ 28.788732] print_report+0xd1/0x640 [ 28.788783] ? __virt_addr_valid+0x1db/0x2d0 [ 28.788810] ? memcmp+0x1b4/0x1d0 [ 28.788829] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.788875] ? memcmp+0x1b4/0x1d0 [ 28.788895] kasan_report+0x141/0x180 [ 28.788942] ? memcmp+0x1b4/0x1d0 [ 28.788968] __asan_report_load1_noabort+0x18/0x20 [ 28.788992] memcmp+0x1b4/0x1d0 [ 28.789015] kasan_memcmp+0x18f/0x390 [ 28.789035] ? trace_hardirqs_on+0x37/0xe0 [ 28.789060] ? __pfx_kasan_memcmp+0x10/0x10 [ 28.789080] ? finish_task_switch.isra.0+0x153/0x700 [ 28.789102] ? __switch_to+0x47/0xf80 [ 28.789132] ? __pfx_read_tsc+0x10/0x10 [ 28.789155] ? ktime_get_ts64+0x86/0x230 [ 28.789180] kunit_try_run_case+0x1a5/0x480 [ 28.789206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.789228] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.789253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.789278] ? __kthread_parkme+0x82/0x180 [ 28.789298] ? preempt_count_sub+0x50/0x80 [ 28.789321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.789344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.789367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.789391] kthread+0x337/0x6f0 [ 28.789410] ? trace_preempt_on+0x20/0xc0 [ 28.789450] ? __pfx_kthread+0x10/0x10 [ 28.789471] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.789512] ? calculate_sigpending+0x7b/0xa0 [ 28.789537] ? __pfx_kthread+0x10/0x10 [ 28.789558] ret_from_fork+0x116/0x1d0 [ 28.789586] ? __pfx_kthread+0x10/0x10 [ 28.789607] ret_from_fork_asm+0x1a/0x30 [ 28.789639] </TASK> [ 28.789649] [ 28.802783] Allocated by task 305: [ 28.803203] kasan_save_stack+0x45/0x70 [ 28.803606] kasan_save_track+0x18/0x40 [ 28.804017] kasan_save_alloc_info+0x3b/0x50 [ 28.804437] __kasan_kmalloc+0xb7/0xc0 [ 28.804592] __kmalloc_cache_noprof+0x189/0x420 [ 28.804830] kasan_memcmp+0xb7/0x390 [ 28.805299] kunit_try_run_case+0x1a5/0x480 [ 28.805720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.806257] kthread+0x337/0x6f0 [ 28.806392] ret_from_fork+0x116/0x1d0 [ 28.806520] ret_from_fork_asm+0x1a/0x30 [ 28.806666] [ 28.806731] The buggy address belongs to the object at ffff888106048e00 [ 28.806731] which belongs to the cache kmalloc-32 of size 32 [ 28.807833] The buggy address is located 0 bytes to the right of [ 28.807833] allocated 24-byte region [ffff888106048e00, ffff888106048e18) [ 28.808988] [ 28.809220] The buggy address belongs to the physical page: [ 28.809711] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106048 [ 28.810282] flags: 0x200000000000000(node=0|zone=2) [ 28.810453] page_type: f5(slab) [ 28.810569] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 28.810877] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 28.811559] page dumped because: kasan: bad access detected [ 28.812072] [ 28.812222] Memory state around the buggy address: [ 28.812786] ffff888106048d00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 28.813489] ffff888106048d80: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 28.814268] >ffff888106048e00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.814983] ^ [ 28.815128] ffff888106048e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.815355] ffff888106048f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.815561] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 28.757273] ================================================================== [ 28.757750] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 28.758286] Read of size 1 at addr ffff8881049b7c4a by task kunit_try_catch/301 [ 28.758627] [ 28.758746] CPU: 1 UID: 0 PID: 301 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.758800] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.758886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.758910] Call Trace: [ 28.758947] <TASK> [ 28.758967] dump_stack_lvl+0x73/0xb0 [ 28.758997] print_report+0xd1/0x640 [ 28.759020] ? __virt_addr_valid+0x1db/0x2d0 [ 28.759045] ? kasan_alloca_oob_right+0x329/0x390 [ 28.759067] ? kasan_addr_to_slab+0x11/0xa0 [ 28.759087] ? kasan_alloca_oob_right+0x329/0x390 [ 28.759109] kasan_report+0x141/0x180 [ 28.759132] ? kasan_alloca_oob_right+0x329/0x390 [ 28.759158] __asan_report_load1_noabort+0x18/0x20 [ 28.759182] kasan_alloca_oob_right+0x329/0x390 [ 28.759203] ? __kasan_check_write+0x18/0x20 [ 28.759226] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.759247] ? finish_task_switch.isra.0+0x153/0x700 [ 28.759276] ? __wait_for_common+0x1fe/0x440 [ 28.759297] ? trace_hardirqs_on+0x37/0xe0 [ 28.759322] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 28.759346] ? __schedule+0x10da/0x2b60 [ 28.759393] ? __pfx_read_tsc+0x10/0x10 [ 28.759415] ? ktime_get_ts64+0x86/0x230 [ 28.759439] kunit_try_run_case+0x1a5/0x480 [ 28.759466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.759489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.759513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.759538] ? __kthread_parkme+0x82/0x180 [ 28.759558] ? preempt_count_sub+0x50/0x80 [ 28.759589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.759613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.759636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.759659] kthread+0x337/0x6f0 [ 28.759678] ? trace_preempt_on+0x20/0xc0 [ 28.759699] ? __pfx_kthread+0x10/0x10 [ 28.759720] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.759744] ? calculate_sigpending+0x7b/0xa0 [ 28.759766] ? __pfx_kthread+0x10/0x10 [ 28.759805] ret_from_fork+0x116/0x1d0 [ 28.759825] ? __pfx_kthread+0x10/0x10 [ 28.759845] ret_from_fork_asm+0x1a/0x30 [ 28.759877] </TASK> [ 28.759888] [ 28.770897] The buggy address belongs to stack of task kunit_try_catch/301 [ 28.771490] [ 28.771569] The buggy address belongs to the physical page: [ 28.771921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049b7 [ 28.772332] flags: 0x200000000000000(node=0|zone=2) [ 28.772564] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 28.772899] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.773586] page dumped because: kasan: bad access detected [ 28.773833] [ 28.774146] Memory state around the buggy address: [ 28.774323] ffff8881049b7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.774840] ffff8881049b7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.775216] >ffff8881049b7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 28.775517] ^ [ 28.775761] ffff8881049b7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 28.776348] ffff8881049b7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 28.776670] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 26.938961] ================================================================== [ 26.939667] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 26.940378] Write of size 2 at addr ffff888105454777 by task kunit_try_catch/220 [ 26.940695] [ 26.940804] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.940858] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.940872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.940894] Call Trace: [ 26.940907] <TASK> [ 26.941327] dump_stack_lvl+0x73/0xb0 [ 26.941370] print_report+0xd1/0x640 [ 26.941410] ? __virt_addr_valid+0x1db/0x2d0 [ 26.941436] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.941674] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.941708] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.941847] kasan_report+0x141/0x180 [ 26.941886] ? kmalloc_oob_memset_2+0x166/0x330 [ 26.941926] kasan_check_range+0x10c/0x1c0 [ 26.942034] __asan_memset+0x27/0x50 [ 26.942074] kmalloc_oob_memset_2+0x166/0x330 [ 26.942097] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 26.942119] ? __schedule+0x10da/0x2b60 [ 26.942145] ? __pfx_read_tsc+0x10/0x10 [ 26.942167] ? ktime_get_ts64+0x86/0x230 [ 26.942191] kunit_try_run_case+0x1a5/0x480 [ 26.942218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.942239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.942264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.942289] ? __kthread_parkme+0x82/0x180 [ 26.942309] ? preempt_count_sub+0x50/0x80 [ 26.942333] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.942356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.942378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.942401] kthread+0x337/0x6f0 [ 26.942421] ? trace_preempt_on+0x20/0xc0 [ 26.942445] ? __pfx_kthread+0x10/0x10 [ 26.942465] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.942488] ? calculate_sigpending+0x7b/0xa0 [ 26.942511] ? __pfx_kthread+0x10/0x10 [ 26.942532] ret_from_fork+0x116/0x1d0 [ 26.942550] ? __pfx_kthread+0x10/0x10 [ 26.942570] ret_from_fork_asm+0x1a/0x30 [ 26.942611] </TASK> [ 26.942622] [ 26.950399] Allocated by task 220: [ 26.950563] kasan_save_stack+0x45/0x70 [ 26.950781] kasan_save_track+0x18/0x40 [ 26.951022] kasan_save_alloc_info+0x3b/0x50 [ 26.951226] __kasan_kmalloc+0xb7/0xc0 [ 26.951418] __kmalloc_cache_noprof+0x189/0x420 [ 26.951619] kmalloc_oob_memset_2+0xac/0x330 [ 26.951760] kunit_try_run_case+0x1a5/0x480 [ 26.951898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.952105] kthread+0x337/0x6f0 [ 26.952277] ret_from_fork+0x116/0x1d0 [ 26.952455] ret_from_fork_asm+0x1a/0x30 [ 26.952655] [ 26.952742] The buggy address belongs to the object at ffff888105454700 [ 26.952742] which belongs to the cache kmalloc-128 of size 128 [ 26.953298] The buggy address is located 119 bytes inside of [ 26.953298] allocated 120-byte region [ffff888105454700, ffff888105454778) [ 26.953854] [ 26.953947] The buggy address belongs to the physical page: [ 26.954346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 26.954680] flags: 0x200000000000000(node=0|zone=2) [ 26.955103] page_type: f5(slab) [ 26.955275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.955640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.956020] page dumped because: kasan: bad access detected [ 26.956317] [ 26.956419] Memory state around the buggy address: [ 26.956602] ffff888105454600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.956924] ffff888105454680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.957263] >ffff888105454700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.957549] ^ [ 26.957906] ffff888105454780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.958200] ffff888105454800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.958651] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 26.910160] ================================================================== [ 26.910693] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 26.911158] Write of size 128 at addr ffff888104c4a600 by task kunit_try_catch/218 [ 26.911656] [ 26.911752] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.911805] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.911818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.911840] Call Trace: [ 26.911852] <TASK> [ 26.911871] dump_stack_lvl+0x73/0xb0 [ 26.911900] print_report+0xd1/0x640 [ 26.912048] ? __virt_addr_valid+0x1db/0x2d0 [ 26.912116] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.912138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.912164] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.912199] kasan_report+0x141/0x180 [ 26.912221] ? kmalloc_oob_in_memset+0x15f/0x320 [ 26.912247] kasan_check_range+0x10c/0x1c0 [ 26.912281] __asan_memset+0x27/0x50 [ 26.912304] kmalloc_oob_in_memset+0x15f/0x320 [ 26.912326] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 26.912349] ? __schedule+0x10da/0x2b60 [ 26.912374] ? __pfx_read_tsc+0x10/0x10 [ 26.912395] ? ktime_get_ts64+0x86/0x230 [ 26.912419] kunit_try_run_case+0x1a5/0x480 [ 26.912444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.912466] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.912490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.912515] ? __kthread_parkme+0x82/0x180 [ 26.912535] ? preempt_count_sub+0x50/0x80 [ 26.912558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.912591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.912614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.912638] kthread+0x337/0x6f0 [ 26.912658] ? trace_preempt_on+0x20/0xc0 [ 26.912683] ? __pfx_kthread+0x10/0x10 [ 26.912703] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.912726] ? calculate_sigpending+0x7b/0xa0 [ 26.912749] ? __pfx_kthread+0x10/0x10 [ 26.912770] ret_from_fork+0x116/0x1d0 [ 26.912842] ? __pfx_kthread+0x10/0x10 [ 26.912864] ret_from_fork_asm+0x1a/0x30 [ 26.912896] </TASK> [ 26.912907] [ 26.923753] Allocated by task 218: [ 26.923935] kasan_save_stack+0x45/0x70 [ 26.924166] kasan_save_track+0x18/0x40 [ 26.924362] kasan_save_alloc_info+0x3b/0x50 [ 26.924608] __kasan_kmalloc+0xb7/0xc0 [ 26.924781] __kmalloc_cache_noprof+0x189/0x420 [ 26.925109] kmalloc_oob_in_memset+0xac/0x320 [ 26.925333] kunit_try_run_case+0x1a5/0x480 [ 26.925553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.925875] kthread+0x337/0x6f0 [ 26.926062] ret_from_fork+0x116/0x1d0 [ 26.926274] ret_from_fork_asm+0x1a/0x30 [ 26.926452] [ 26.926533] The buggy address belongs to the object at ffff888104c4a600 [ 26.926533] which belongs to the cache kmalloc-128 of size 128 [ 26.927075] The buggy address is located 0 bytes inside of [ 26.927075] allocated 120-byte region [ffff888104c4a600, ffff888104c4a678) [ 26.927651] [ 26.927740] The buggy address belongs to the physical page: [ 26.927982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 26.928270] flags: 0x200000000000000(node=0|zone=2) [ 26.928652] page_type: f5(slab) [ 26.928814] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.929399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.929673] page dumped because: kasan: bad access detected [ 26.930016] [ 26.930213] Memory state around the buggy address: [ 26.930471] ffff888104c4a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.930759] ffff888104c4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.931175] >ffff888104c4a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.931486] ^ [ 26.931797] ffff888104c4a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.932154] ffff888104c4a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.932486] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 26.880352] ================================================================== [ 26.881331] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 26.881745] Read of size 16 at addr ffff888104625b60 by task kunit_try_catch/216 [ 26.882359] [ 26.882471] CPU: 1 UID: 0 PID: 216 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.882522] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.882535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.882556] Call Trace: [ 26.882568] <TASK> [ 26.882596] dump_stack_lvl+0x73/0xb0 [ 26.882627] print_report+0xd1/0x640 [ 26.882650] ? __virt_addr_valid+0x1db/0x2d0 [ 26.882674] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.882695] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.882720] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.882740] kasan_report+0x141/0x180 [ 26.882761] ? kmalloc_uaf_16+0x47b/0x4c0 [ 26.882846] __asan_report_load16_noabort+0x18/0x20 [ 26.882877] kmalloc_uaf_16+0x47b/0x4c0 [ 26.882899] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 26.882961] ? __schedule+0x10da/0x2b60 [ 26.882988] ? __pfx_read_tsc+0x10/0x10 [ 26.883009] ? ktime_get_ts64+0x86/0x230 [ 26.883046] kunit_try_run_case+0x1a5/0x480 [ 26.883072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.883093] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.883130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.883154] ? __kthread_parkme+0x82/0x180 [ 26.883174] ? preempt_count_sub+0x50/0x80 [ 26.883208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.883231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.883259] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.883282] kthread+0x337/0x6f0 [ 26.883303] ? trace_preempt_on+0x20/0xc0 [ 26.883327] ? __pfx_kthread+0x10/0x10 [ 26.883347] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.883369] ? calculate_sigpending+0x7b/0xa0 [ 26.883392] ? __pfx_kthread+0x10/0x10 [ 26.883413] ret_from_fork+0x116/0x1d0 [ 26.883432] ? __pfx_kthread+0x10/0x10 [ 26.883451] ret_from_fork_asm+0x1a/0x30 [ 26.883482] </TASK> [ 26.883493] [ 26.891641] Allocated by task 216: [ 26.891864] kasan_save_stack+0x45/0x70 [ 26.892085] kasan_save_track+0x18/0x40 [ 26.892494] kasan_save_alloc_info+0x3b/0x50 [ 26.892800] __kasan_kmalloc+0xb7/0xc0 [ 26.893108] __kmalloc_cache_noprof+0x189/0x420 [ 26.893356] kmalloc_uaf_16+0x15b/0x4c0 [ 26.893548] kunit_try_run_case+0x1a5/0x480 [ 26.893799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.894177] kthread+0x337/0x6f0 [ 26.894362] ret_from_fork+0x116/0x1d0 [ 26.894566] ret_from_fork_asm+0x1a/0x30 [ 26.894746] [ 26.894930] Freed by task 216: [ 26.895158] kasan_save_stack+0x45/0x70 [ 26.895304] kasan_save_track+0x18/0x40 [ 26.895536] kasan_save_free_info+0x3f/0x60 [ 26.895777] __kasan_slab_free+0x56/0x70 [ 26.896160] kfree+0x222/0x3f0 [ 26.896380] kmalloc_uaf_16+0x1d6/0x4c0 [ 26.896583] kunit_try_run_case+0x1a5/0x480 [ 26.896793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.897110] kthread+0x337/0x6f0 [ 26.897283] ret_from_fork+0x116/0x1d0 [ 26.897479] ret_from_fork_asm+0x1a/0x30 [ 26.897673] [ 26.897797] The buggy address belongs to the object at ffff888104625b60 [ 26.897797] which belongs to the cache kmalloc-16 of size 16 [ 26.898879] The buggy address is located 0 bytes inside of [ 26.898879] freed 16-byte region [ffff888104625b60, ffff888104625b70) [ 26.899539] [ 26.899620] The buggy address belongs to the physical page: [ 26.899790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 26.900178] flags: 0x200000000000000(node=0|zone=2) [ 26.900883] page_type: f5(slab) [ 26.901040] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.901259] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.901635] page dumped because: kasan: bad access detected [ 26.902071] [ 26.902194] Memory state around the buggy address: [ 26.902422] ffff888104625a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.902785] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.903176] >ffff888104625b00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 26.903510] ^ [ 26.903874] ffff888104625b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.904360] ffff888104625c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.904742] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 26.857365] ================================================================== [ 26.857821] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 26.858242] Write of size 16 at addr ffff8881046259a0 by task kunit_try_catch/214 [ 26.858514] [ 26.858635] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.858687] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.858700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.858721] Call Trace: [ 26.858735] <TASK> [ 26.858755] dump_stack_lvl+0x73/0xb0 [ 26.858787] print_report+0xd1/0x640 [ 26.858811] ? __virt_addr_valid+0x1db/0x2d0 [ 26.858837] ? kmalloc_oob_16+0x452/0x4a0 [ 26.858857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.858883] ? kmalloc_oob_16+0x452/0x4a0 [ 26.858904] kasan_report+0x141/0x180 [ 26.859030] ? kmalloc_oob_16+0x452/0x4a0 [ 26.859063] __asan_report_store16_noabort+0x1b/0x30 [ 26.859089] kmalloc_oob_16+0x452/0x4a0 [ 26.859110] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 26.859132] ? __schedule+0x10da/0x2b60 [ 26.859157] ? __pfx_read_tsc+0x10/0x10 [ 26.859190] ? ktime_get_ts64+0x86/0x230 [ 26.859216] kunit_try_run_case+0x1a5/0x480 [ 26.859242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.859306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.859331] ? __kthread_parkme+0x82/0x180 [ 26.859352] ? preempt_count_sub+0x50/0x80 [ 26.859386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.859409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.859433] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.859466] kthread+0x337/0x6f0 [ 26.859486] ? trace_preempt_on+0x20/0xc0 [ 26.859511] ? __pfx_kthread+0x10/0x10 [ 26.859531] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.859554] ? calculate_sigpending+0x7b/0xa0 [ 26.859587] ? __pfx_kthread+0x10/0x10 [ 26.859608] ret_from_fork+0x116/0x1d0 [ 26.859627] ? __pfx_kthread+0x10/0x10 [ 26.859647] ret_from_fork_asm+0x1a/0x30 [ 26.859679] </TASK> [ 26.859690] [ 26.867366] Allocated by task 214: [ 26.867590] kasan_save_stack+0x45/0x70 [ 26.867745] kasan_save_track+0x18/0x40 [ 26.868146] kasan_save_alloc_info+0x3b/0x50 [ 26.868370] __kasan_kmalloc+0xb7/0xc0 [ 26.868549] __kmalloc_cache_noprof+0x189/0x420 [ 26.868766] kmalloc_oob_16+0xa8/0x4a0 [ 26.869025] kunit_try_run_case+0x1a5/0x480 [ 26.869233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.869458] kthread+0x337/0x6f0 [ 26.869584] ret_from_fork+0x116/0x1d0 [ 26.869798] ret_from_fork_asm+0x1a/0x30 [ 26.870072] [ 26.870163] The buggy address belongs to the object at ffff8881046259a0 [ 26.870163] which belongs to the cache kmalloc-16 of size 16 [ 26.870590] The buggy address is located 0 bytes inside of [ 26.870590] allocated 13-byte region [ffff8881046259a0, ffff8881046259ad) [ 26.871226] [ 26.871305] The buggy address belongs to the physical page: [ 26.871480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 26.871731] flags: 0x200000000000000(node=0|zone=2) [ 26.871913] page_type: f5(slab) [ 26.872078] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.872597] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.872923] page dumped because: kasan: bad access detected [ 26.873164] [ 26.873249] Memory state around the buggy address: [ 26.873557] ffff888104625880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.873777] ffff888104625900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.873984] >ffff888104625980: 00 00 fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 26.874783] ^ [ 26.875181] ffff888104625a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.875425] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.875654] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 26.818210] ================================================================== [ 26.818526] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 26.819474] Read of size 1 at addr ffff888104a4cc00 by task kunit_try_catch/212 [ 26.819736] [ 26.819832] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.819882] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.819896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.819917] Call Trace: [ 26.819938] <TASK> [ 26.819956] dump_stack_lvl+0x73/0xb0 [ 26.819985] print_report+0xd1/0x640 [ 26.820007] ? __virt_addr_valid+0x1db/0x2d0 [ 26.820033] ? krealloc_uaf+0x53c/0x5e0 [ 26.820053] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.820078] ? krealloc_uaf+0x53c/0x5e0 [ 26.820099] kasan_report+0x141/0x180 [ 26.820120] ? krealloc_uaf+0x53c/0x5e0 [ 26.820146] __asan_report_load1_noabort+0x18/0x20 [ 26.820169] krealloc_uaf+0x53c/0x5e0 [ 26.820190] ? __pfx_krealloc_uaf+0x10/0x10 [ 26.820210] ? finish_task_switch.isra.0+0x153/0x700 [ 26.820231] ? __switch_to+0x47/0xf80 [ 26.820256] ? __schedule+0x10da/0x2b60 [ 26.820281] ? __pfx_read_tsc+0x10/0x10 [ 26.820302] ? ktime_get_ts64+0x86/0x230 [ 26.820326] kunit_try_run_case+0x1a5/0x480 [ 26.820349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.820371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.820395] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.820419] ? __kthread_parkme+0x82/0x180 [ 26.820438] ? preempt_count_sub+0x50/0x80 [ 26.820461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.820485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.820508] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.820531] kthread+0x337/0x6f0 [ 26.820551] ? trace_preempt_on+0x20/0xc0 [ 26.820584] ? __pfx_kthread+0x10/0x10 [ 26.820604] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.820627] ? calculate_sigpending+0x7b/0xa0 [ 26.820650] ? __pfx_kthread+0x10/0x10 [ 26.820671] ret_from_fork+0x116/0x1d0 [ 26.820690] ? __pfx_kthread+0x10/0x10 [ 26.820709] ret_from_fork_asm+0x1a/0x30 [ 26.820741] </TASK> [ 26.820751] [ 26.835465] Allocated by task 212: [ 26.835601] kasan_save_stack+0x45/0x70 [ 26.835741] kasan_save_track+0x18/0x40 [ 26.835869] kasan_save_alloc_info+0x3b/0x50 [ 26.836276] __kasan_kmalloc+0xb7/0xc0 [ 26.836656] __kmalloc_cache_noprof+0x189/0x420 [ 26.837166] krealloc_uaf+0xbb/0x5e0 [ 26.837594] kunit_try_run_case+0x1a5/0x480 [ 26.838010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.838605] kthread+0x337/0x6f0 [ 26.838974] ret_from_fork+0x116/0x1d0 [ 26.839358] ret_from_fork_asm+0x1a/0x30 [ 26.839799] [ 26.840005] Freed by task 212: [ 26.840317] kasan_save_stack+0x45/0x70 [ 26.840756] kasan_save_track+0x18/0x40 [ 26.841123] kasan_save_free_info+0x3f/0x60 [ 26.841482] __kasan_slab_free+0x56/0x70 [ 26.841637] kfree+0x222/0x3f0 [ 26.841921] krealloc_uaf+0x13d/0x5e0 [ 26.842298] kunit_try_run_case+0x1a5/0x480 [ 26.842773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.843332] kthread+0x337/0x6f0 [ 26.843540] ret_from_fork+0x116/0x1d0 [ 26.843956] ret_from_fork_asm+0x1a/0x30 [ 26.844280] [ 26.844460] The buggy address belongs to the object at ffff888104a4cc00 [ 26.844460] which belongs to the cache kmalloc-256 of size 256 [ 26.845242] The buggy address is located 0 bytes inside of [ 26.845242] freed 256-byte region [ffff888104a4cc00, ffff888104a4cd00) [ 26.845693] [ 26.845760] The buggy address belongs to the physical page: [ 26.846198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.846927] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.847714] flags: 0x200000000000040(head|node=0|zone=2) [ 26.848222] page_type: f5(slab) [ 26.848585] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.849309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.849532] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.849766] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.850006] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.850378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.850876] page dumped because: kasan: bad access detected [ 26.851381] [ 26.851548] Memory state around the buggy address: [ 26.851916] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.852136] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.852341] >ffff888104a4cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.852543] ^ [ 26.852685] ffff888104a4cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.853006] ffff888104a4cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.853344] ================================================================== [ 26.783218] ================================================================== [ 26.784772] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 26.785972] Read of size 1 at addr ffff888104a4cc00 by task kunit_try_catch/212 [ 26.787110] [ 26.787429] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.787486] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.787500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.787521] Call Trace: [ 26.787641] <TASK> [ 26.787663] dump_stack_lvl+0x73/0xb0 [ 26.787696] print_report+0xd1/0x640 [ 26.787719] ? __virt_addr_valid+0x1db/0x2d0 [ 26.787743] ? krealloc_uaf+0x1b8/0x5e0 [ 26.787764] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.787818] ? krealloc_uaf+0x1b8/0x5e0 [ 26.787839] kasan_report+0x141/0x180 [ 26.787861] ? krealloc_uaf+0x1b8/0x5e0 [ 26.787884] ? krealloc_uaf+0x1b8/0x5e0 [ 26.787919] __kasan_check_byte+0x3d/0x50 [ 26.787941] krealloc_noprof+0x3f/0x340 [ 26.787968] krealloc_uaf+0x1b8/0x5e0 [ 26.787988] ? __pfx_krealloc_uaf+0x10/0x10 [ 26.788008] ? finish_task_switch.isra.0+0x153/0x700 [ 26.788030] ? __switch_to+0x47/0xf80 [ 26.788055] ? __schedule+0x10da/0x2b60 [ 26.788080] ? __pfx_read_tsc+0x10/0x10 [ 26.788101] ? ktime_get_ts64+0x86/0x230 [ 26.788125] kunit_try_run_case+0x1a5/0x480 [ 26.788150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.788172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.788196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.788221] ? __kthread_parkme+0x82/0x180 [ 26.788241] ? preempt_count_sub+0x50/0x80 [ 26.788262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.788287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.788309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.788332] kthread+0x337/0x6f0 [ 26.788352] ? trace_preempt_on+0x20/0xc0 [ 26.788375] ? __pfx_kthread+0x10/0x10 [ 26.788395] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.788417] ? calculate_sigpending+0x7b/0xa0 [ 26.788440] ? __pfx_kthread+0x10/0x10 [ 26.788461] ret_from_fork+0x116/0x1d0 [ 26.788480] ? __pfx_kthread+0x10/0x10 [ 26.788499] ret_from_fork_asm+0x1a/0x30 [ 26.788529] </TASK> [ 26.788539] [ 26.798691] Allocated by task 212: [ 26.799062] kasan_save_stack+0x45/0x70 [ 26.799285] kasan_save_track+0x18/0x40 [ 26.799462] kasan_save_alloc_info+0x3b/0x50 [ 26.799687] __kasan_kmalloc+0xb7/0xc0 [ 26.799863] __kmalloc_cache_noprof+0x189/0x420 [ 26.800425] krealloc_uaf+0xbb/0x5e0 [ 26.800601] kunit_try_run_case+0x1a5/0x480 [ 26.801024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.801479] kthread+0x337/0x6f0 [ 26.801768] ret_from_fork+0x116/0x1d0 [ 26.802156] ret_from_fork_asm+0x1a/0x30 [ 26.802481] [ 26.802597] Freed by task 212: [ 26.803031] kasan_save_stack+0x45/0x70 [ 26.803322] kasan_save_track+0x18/0x40 [ 26.803524] kasan_save_free_info+0x3f/0x60 [ 26.804101] __kasan_slab_free+0x56/0x70 [ 26.804297] kfree+0x222/0x3f0 [ 26.804675] krealloc_uaf+0x13d/0x5e0 [ 26.805030] kunit_try_run_case+0x1a5/0x480 [ 26.805342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.805694] kthread+0x337/0x6f0 [ 26.806067] ret_from_fork+0x116/0x1d0 [ 26.806410] ret_from_fork_asm+0x1a/0x30 [ 26.806628] [ 26.806715] The buggy address belongs to the object at ffff888104a4cc00 [ 26.806715] which belongs to the cache kmalloc-256 of size 256 [ 26.807849] The buggy address is located 0 bytes inside of [ 26.807849] freed 256-byte region [ffff888104a4cc00, ffff888104a4cd00) [ 26.808507] [ 26.808623] The buggy address belongs to the physical page: [ 26.809023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.809452] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.809900] flags: 0x200000000000040(head|node=0|zone=2) [ 26.810105] page_type: f5(slab) [ 26.810428] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.810868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.811340] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.811791] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.812339] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.812874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.813427] page dumped because: kasan: bad access detected [ 26.813794] [ 26.814231] Memory state around the buggy address: [ 26.814462] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.814768] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.815449] >ffff888104a4cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.815899] ^ [ 26.816200] ffff888104a4cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.816619] ffff888104a4cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.817095] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 26.678806] ================================================================== [ 26.679272] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.679829] Write of size 1 at addr ffff88810616e0c9 by task kunit_try_catch/210 [ 26.680262] [ 26.680354] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.680403] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.680416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.680438] Call Trace: [ 26.680450] <TASK> [ 26.680466] dump_stack_lvl+0x73/0xb0 [ 26.680495] print_report+0xd1/0x640 [ 26.680517] ? __virt_addr_valid+0x1db/0x2d0 [ 26.680541] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680563] ? kasan_addr_to_slab+0x11/0xa0 [ 26.680596] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680619] kasan_report+0x141/0x180 [ 26.680641] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680668] __asan_report_store1_noabort+0x1b/0x30 [ 26.680692] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.680716] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.680739] ? finish_task_switch.isra.0+0x153/0x700 [ 26.680760] ? __switch_to+0x47/0xf80 [ 26.681176] ? __schedule+0x10da/0x2b60 [ 26.681216] ? __pfx_read_tsc+0x10/0x10 [ 26.681243] krealloc_large_less_oob+0x1c/0x30 [ 26.681266] kunit_try_run_case+0x1a5/0x480 [ 26.681292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.681314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.681338] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.681362] ? __kthread_parkme+0x82/0x180 [ 26.681381] ? preempt_count_sub+0x50/0x80 [ 26.681403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.681425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.681447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.681470] kthread+0x337/0x6f0 [ 26.681489] ? trace_preempt_on+0x20/0xc0 [ 26.681513] ? __pfx_kthread+0x10/0x10 [ 26.681532] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.681554] ? calculate_sigpending+0x7b/0xa0 [ 26.681591] ? __pfx_kthread+0x10/0x10 [ 26.681612] ret_from_fork+0x116/0x1d0 [ 26.681631] ? __pfx_kthread+0x10/0x10 [ 26.681651] ret_from_fork_asm+0x1a/0x30 [ 26.681681] </TASK> [ 26.681691] [ 26.692357] The buggy address belongs to the physical page: [ 26.692636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.693353] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.693668] flags: 0x200000000000040(head|node=0|zone=2) [ 26.694132] page_type: f8(unknown) [ 26.694334] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.694667] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.695198] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.695607] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.695964] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.696390] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.696715] page dumped because: kasan: bad access detected [ 26.697210] [ 26.697290] Memory state around the buggy address: [ 26.697494] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.697775] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.698356] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.698658] ^ [ 26.698893] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.699424] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.699878] ================================================================== [ 26.554656] ================================================================== [ 26.555303] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.555627] Write of size 1 at addr ffff888104a4cada by task kunit_try_catch/206 [ 26.556035] [ 26.556214] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.556543] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.556557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.556590] Call Trace: [ 26.556607] <TASK> [ 26.556624] dump_stack_lvl+0x73/0xb0 [ 26.556651] print_report+0xd1/0x640 [ 26.556672] ? __virt_addr_valid+0x1db/0x2d0 [ 26.556695] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556717] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.556742] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556765] kasan_report+0x141/0x180 [ 26.556845] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556874] __asan_report_store1_noabort+0x1b/0x30 [ 26.556897] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.556922] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.556945] ? finish_task_switch.isra.0+0x153/0x700 [ 26.556965] ? __switch_to+0x47/0xf80 [ 26.556990] ? __schedule+0x10da/0x2b60 [ 26.557015] ? __pfx_read_tsc+0x10/0x10 [ 26.557038] krealloc_less_oob+0x1c/0x30 [ 26.557058] kunit_try_run_case+0x1a5/0x480 [ 26.557082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.557103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.557126] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.557151] ? __kthread_parkme+0x82/0x180 [ 26.557170] ? preempt_count_sub+0x50/0x80 [ 26.557191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.557214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.557236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.557258] kthread+0x337/0x6f0 [ 26.557278] ? trace_preempt_on+0x20/0xc0 [ 26.557302] ? __pfx_kthread+0x10/0x10 [ 26.557322] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.557344] ? calculate_sigpending+0x7b/0xa0 [ 26.557367] ? __pfx_kthread+0x10/0x10 [ 26.557387] ret_from_fork+0x116/0x1d0 [ 26.557406] ? __pfx_kthread+0x10/0x10 [ 26.557425] ret_from_fork_asm+0x1a/0x30 [ 26.557456] </TASK> [ 26.557466] [ 26.568759] Allocated by task 206: [ 26.569118] kasan_save_stack+0x45/0x70 [ 26.569383] kasan_save_track+0x18/0x40 [ 26.569637] kasan_save_alloc_info+0x3b/0x50 [ 26.570141] __kasan_krealloc+0x190/0x1f0 [ 26.570341] krealloc_noprof+0xf3/0x340 [ 26.570488] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.570730] krealloc_less_oob+0x1c/0x30 [ 26.570920] kunit_try_run_case+0x1a5/0x480 [ 26.571376] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.571619] kthread+0x337/0x6f0 [ 26.571949] ret_from_fork+0x116/0x1d0 [ 26.572149] ret_from_fork_asm+0x1a/0x30 [ 26.572319] [ 26.572409] The buggy address belongs to the object at ffff888104a4ca00 [ 26.572409] which belongs to the cache kmalloc-256 of size 256 [ 26.573239] The buggy address is located 17 bytes to the right of [ 26.573239] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.573738] [ 26.574046] The buggy address belongs to the physical page: [ 26.574353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.574683] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.575050] flags: 0x200000000000040(head|node=0|zone=2) [ 26.575473] page_type: f5(slab) [ 26.575662] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.576050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.576407] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.576688] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.577030] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.577353] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.577671] page dumped because: kasan: bad access detected [ 26.577959] [ 26.578029] Memory state around the buggy address: [ 26.578177] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.578491] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.578723] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.579154] ^ [ 26.579423] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.579711] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.579963] ================================================================== [ 26.600905] ================================================================== [ 26.601228] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.601502] Write of size 1 at addr ffff888104a4caeb by task kunit_try_catch/206 [ 26.601731] [ 26.601897] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.601945] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.601958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.601977] Call Trace: [ 26.601992] <TASK> [ 26.602007] dump_stack_lvl+0x73/0xb0 [ 26.602033] print_report+0xd1/0x640 [ 26.602055] ? __virt_addr_valid+0x1db/0x2d0 [ 26.602078] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.602126] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602148] kasan_report+0x141/0x180 [ 26.602169] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602197] __asan_report_store1_noabort+0x1b/0x30 [ 26.602220] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.602245] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.602268] ? finish_task_switch.isra.0+0x153/0x700 [ 26.602288] ? __switch_to+0x47/0xf80 [ 26.602313] ? __schedule+0x10da/0x2b60 [ 26.602337] ? __pfx_read_tsc+0x10/0x10 [ 26.602361] krealloc_less_oob+0x1c/0x30 [ 26.602381] kunit_try_run_case+0x1a5/0x480 [ 26.602405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602427] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.602450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.602474] ? __kthread_parkme+0x82/0x180 [ 26.602493] ? preempt_count_sub+0x50/0x80 [ 26.602514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.602537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.602559] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.602593] kthread+0x337/0x6f0 [ 26.602612] ? trace_preempt_on+0x20/0xc0 [ 26.602635] ? __pfx_kthread+0x10/0x10 [ 26.602655] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.602677] ? calculate_sigpending+0x7b/0xa0 [ 26.602699] ? __pfx_kthread+0x10/0x10 [ 26.602720] ret_from_fork+0x116/0x1d0 [ 26.602738] ? __pfx_kthread+0x10/0x10 [ 26.602758] ret_from_fork_asm+0x1a/0x30 [ 26.602822] </TASK> [ 26.602836] [ 26.614400] Allocated by task 206: [ 26.614557] kasan_save_stack+0x45/0x70 [ 26.614766] kasan_save_track+0x18/0x40 [ 26.614937] kasan_save_alloc_info+0x3b/0x50 [ 26.615570] __kasan_krealloc+0x190/0x1f0 [ 26.615740] krealloc_noprof+0xf3/0x340 [ 26.616005] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.616264] krealloc_less_oob+0x1c/0x30 [ 26.616443] kunit_try_run_case+0x1a5/0x480 [ 26.616661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.616850] kthread+0x337/0x6f0 [ 26.617553] ret_from_fork+0x116/0x1d0 [ 26.617706] ret_from_fork_asm+0x1a/0x30 [ 26.617937] [ 26.618262] The buggy address belongs to the object at ffff888104a4ca00 [ 26.618262] which belongs to the cache kmalloc-256 of size 256 [ 26.618822] The buggy address is located 34 bytes to the right of [ 26.618822] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.619564] [ 26.619682] The buggy address belongs to the physical page: [ 26.619958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.620550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.621090] flags: 0x200000000000040(head|node=0|zone=2) [ 26.621403] page_type: f5(slab) [ 26.621530] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.622137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.622460] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.622788] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.623349] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.623731] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.624204] page dumped because: kasan: bad access detected [ 26.624430] [ 26.624526] Memory state around the buggy address: [ 26.624745] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.625290] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.625704] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.626138] ^ [ 26.626361] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.626702] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.627348] ================================================================== [ 26.724705] ================================================================== [ 26.725085] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 26.725550] Write of size 1 at addr ffff88810616e0da by task kunit_try_catch/210 [ 26.726027] [ 26.726156] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.726208] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.726221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.726242] Call Trace: [ 26.726255] <TASK> [ 26.726273] dump_stack_lvl+0x73/0xb0 [ 26.726301] print_report+0xd1/0x640 [ 26.726342] ? __virt_addr_valid+0x1db/0x2d0 [ 26.726367] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726404] ? kasan_addr_to_slab+0x11/0xa0 [ 26.726437] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726460] kasan_report+0x141/0x180 [ 26.726481] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726508] __asan_report_store1_noabort+0x1b/0x30 [ 26.726533] krealloc_less_oob_helper+0xec6/0x11d0 [ 26.726558] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.726593] ? finish_task_switch.isra.0+0x153/0x700 [ 26.726614] ? __switch_to+0x47/0xf80 [ 26.726640] ? __schedule+0x10da/0x2b60 [ 26.726664] ? __pfx_read_tsc+0x10/0x10 [ 26.726688] krealloc_large_less_oob+0x1c/0x30 [ 26.726710] kunit_try_run_case+0x1a5/0x480 [ 26.726735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.726779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.726866] ? __kthread_parkme+0x82/0x180 [ 26.726886] ? preempt_count_sub+0x50/0x80 [ 26.726908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.726938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.726960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.726983] kthread+0x337/0x6f0 [ 26.727003] ? trace_preempt_on+0x20/0xc0 [ 26.727027] ? __pfx_kthread+0x10/0x10 [ 26.727046] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.727069] ? calculate_sigpending+0x7b/0xa0 [ 26.727092] ? __pfx_kthread+0x10/0x10 [ 26.727112] ret_from_fork+0x116/0x1d0 [ 26.727131] ? __pfx_kthread+0x10/0x10 [ 26.727151] ret_from_fork_asm+0x1a/0x30 [ 26.727182] </TASK> [ 26.727192] [ 26.735958] The buggy address belongs to the physical page: [ 26.736527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.736924] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.737319] flags: 0x200000000000040(head|node=0|zone=2) [ 26.737547] page_type: f8(unknown) [ 26.737683] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.738194] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.738536] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.738899] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.739351] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.739588] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.739985] page dumped because: kasan: bad access detected [ 26.740371] [ 26.740516] Memory state around the buggy address: [ 26.740757] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.741133] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.741454] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.741677] ^ [ 26.741853] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.742435] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.742767] ================================================================== [ 26.581030] ================================================================== [ 26.581352] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.581676] Write of size 1 at addr ffff888104a4caea by task kunit_try_catch/206 [ 26.582075] [ 26.582185] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.582232] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.582244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.582264] Call Trace: [ 26.582282] <TASK> [ 26.582298] dump_stack_lvl+0x73/0xb0 [ 26.582324] print_report+0xd1/0x640 [ 26.582344] ? __virt_addr_valid+0x1db/0x2d0 [ 26.582367] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.582414] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582436] kasan_report+0x141/0x180 [ 26.582458] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582486] __asan_report_store1_noabort+0x1b/0x30 [ 26.582510] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.582534] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.582557] ? finish_task_switch.isra.0+0x153/0x700 [ 26.582591] ? __switch_to+0x47/0xf80 [ 26.582617] ? __schedule+0x10da/0x2b60 [ 26.582641] ? __pfx_read_tsc+0x10/0x10 [ 26.582664] krealloc_less_oob+0x1c/0x30 [ 26.582686] kunit_try_run_case+0x1a5/0x480 [ 26.582709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.582754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.582777] ? __kthread_parkme+0x82/0x180 [ 26.582796] ? preempt_count_sub+0x50/0x80 [ 26.582872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.582895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.582925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.582947] kthread+0x337/0x6f0 [ 26.582967] ? trace_preempt_on+0x20/0xc0 [ 26.582990] ? __pfx_kthread+0x10/0x10 [ 26.583010] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.583032] ? calculate_sigpending+0x7b/0xa0 [ 26.583055] ? __pfx_kthread+0x10/0x10 [ 26.583076] ret_from_fork+0x116/0x1d0 [ 26.583094] ? __pfx_kthread+0x10/0x10 [ 26.583113] ret_from_fork_asm+0x1a/0x30 [ 26.583144] </TASK> [ 26.583154] [ 26.590091] Allocated by task 206: [ 26.590257] kasan_save_stack+0x45/0x70 [ 26.590425] kasan_save_track+0x18/0x40 [ 26.590618] kasan_save_alloc_info+0x3b/0x50 [ 26.591034] __kasan_krealloc+0x190/0x1f0 [ 26.591228] krealloc_noprof+0xf3/0x340 [ 26.591402] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.591617] krealloc_less_oob+0x1c/0x30 [ 26.591876] kunit_try_run_case+0x1a5/0x480 [ 26.592072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.592302] kthread+0x337/0x6f0 [ 26.592440] ret_from_fork+0x116/0x1d0 [ 26.592635] ret_from_fork_asm+0x1a/0x30 [ 26.592770] [ 26.592907] The buggy address belongs to the object at ffff888104a4ca00 [ 26.592907] which belongs to the cache kmalloc-256 of size 256 [ 26.593393] The buggy address is located 33 bytes to the right of [ 26.593393] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.593796] [ 26.593862] The buggy address belongs to the physical page: [ 26.594114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.594555] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.595001] flags: 0x200000000000040(head|node=0|zone=2) [ 26.595232] page_type: f5(slab) [ 26.595403] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.595707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.595935] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.596160] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.596386] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.596621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.596872] page dumped because: kasan: bad access detected [ 26.597118] [ 26.597204] Memory state around the buggy address: [ 26.597419] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.598309] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.598709] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.599273] ^ [ 26.599474] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.599696] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.600416] ================================================================== [ 26.701006] ================================================================== [ 26.701308] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.701635] Write of size 1 at addr ffff88810616e0d0 by task kunit_try_catch/210 [ 26.702474] [ 26.702615] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.702666] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.702679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.702700] Call Trace: [ 26.702719] <TASK> [ 26.702738] dump_stack_lvl+0x73/0xb0 [ 26.702981] print_report+0xd1/0x640 [ 26.703008] ? __virt_addr_valid+0x1db/0x2d0 [ 26.703032] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703056] ? kasan_addr_to_slab+0x11/0xa0 [ 26.703076] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703098] kasan_report+0x141/0x180 [ 26.703119] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703147] __asan_report_store1_noabort+0x1b/0x30 [ 26.703170] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.703195] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.703218] ? finish_task_switch.isra.0+0x153/0x700 [ 26.703240] ? __switch_to+0x47/0xf80 [ 26.703273] ? __schedule+0x10da/0x2b60 [ 26.703297] ? __pfx_read_tsc+0x10/0x10 [ 26.703322] krealloc_large_less_oob+0x1c/0x30 [ 26.703343] kunit_try_run_case+0x1a5/0x480 [ 26.703368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703390] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.703413] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.703438] ? __kthread_parkme+0x82/0x180 [ 26.703457] ? preempt_count_sub+0x50/0x80 [ 26.703478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.703501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.703524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.703546] kthread+0x337/0x6f0 [ 26.703565] ? trace_preempt_on+0x20/0xc0 [ 26.703601] ? __pfx_kthread+0x10/0x10 [ 26.703620] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.703643] ? calculate_sigpending+0x7b/0xa0 [ 26.703665] ? __pfx_kthread+0x10/0x10 [ 26.703686] ret_from_fork+0x116/0x1d0 [ 26.703705] ? __pfx_kthread+0x10/0x10 [ 26.703725] ret_from_fork_asm+0x1a/0x30 [ 26.703756] </TASK> [ 26.703766] [ 26.714649] The buggy address belongs to the physical page: [ 26.714945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.715264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.716199] flags: 0x200000000000040(head|node=0|zone=2) [ 26.716563] page_type: f8(unknown) [ 26.716990] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.717426] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.717923] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.718310] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.718739] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.719292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.719712] page dumped because: kasan: bad access detected [ 26.720247] [ 26.720325] Memory state around the buggy address: [ 26.720762] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.721292] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.721633] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.722244] ^ [ 26.722465] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.722924] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.723474] ================================================================== [ 26.492008] ================================================================== [ 26.493295] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 26.494429] Write of size 1 at addr ffff888104a4cac9 by task kunit_try_catch/206 [ 26.495341] [ 26.495446] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.495497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.495511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.495532] Call Trace: [ 26.495545] <TASK> [ 26.495564] dump_stack_lvl+0x73/0xb0 [ 26.495605] print_report+0xd1/0x640 [ 26.495626] ? __virt_addr_valid+0x1db/0x2d0 [ 26.495650] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.495696] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495719] kasan_report+0x141/0x180 [ 26.495740] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495774] __asan_report_store1_noabort+0x1b/0x30 [ 26.495797] krealloc_less_oob_helper+0xd70/0x11d0 [ 26.495822] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.495845] ? finish_task_switch.isra.0+0x153/0x700 [ 26.495866] ? __switch_to+0x47/0xf80 [ 26.495893] ? __schedule+0x10da/0x2b60 [ 26.495917] ? __pfx_read_tsc+0x10/0x10 [ 26.495941] krealloc_less_oob+0x1c/0x30 [ 26.495961] kunit_try_run_case+0x1a5/0x480 [ 26.495985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.496006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.496031] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.496055] ? __kthread_parkme+0x82/0x180 [ 26.496074] ? preempt_count_sub+0x50/0x80 [ 26.496096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.496119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.496141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.496164] kthread+0x337/0x6f0 [ 26.496183] ? trace_preempt_on+0x20/0xc0 [ 26.496207] ? __pfx_kthread+0x10/0x10 [ 26.496226] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.496249] ? calculate_sigpending+0x7b/0xa0 [ 26.496271] ? __pfx_kthread+0x10/0x10 [ 26.496292] ret_from_fork+0x116/0x1d0 [ 26.496311] ? __pfx_kthread+0x10/0x10 [ 26.496331] ret_from_fork_asm+0x1a/0x30 [ 26.496361] </TASK> [ 26.496371] [ 26.509357] Allocated by task 206: [ 26.509707] kasan_save_stack+0x45/0x70 [ 26.510024] kasan_save_track+0x18/0x40 [ 26.510406] kasan_save_alloc_info+0x3b/0x50 [ 26.510786] __kasan_krealloc+0x190/0x1f0 [ 26.510939] krealloc_noprof+0xf3/0x340 [ 26.511130] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.511337] krealloc_less_oob+0x1c/0x30 [ 26.511519] kunit_try_run_case+0x1a5/0x480 [ 26.511721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.512109] kthread+0x337/0x6f0 [ 26.512299] ret_from_fork+0x116/0x1d0 [ 26.512427] ret_from_fork_asm+0x1a/0x30 [ 26.512565] [ 26.512664] The buggy address belongs to the object at ffff888104a4ca00 [ 26.512664] which belongs to the cache kmalloc-256 of size 256 [ 26.513701] The buggy address is located 0 bytes to the right of [ 26.513701] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.514493] [ 26.514629] The buggy address belongs to the physical page: [ 26.515065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.515566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.516151] flags: 0x200000000000040(head|node=0|zone=2) [ 26.516489] page_type: f5(slab) [ 26.516673] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.517337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.517736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.518281] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.518635] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.519173] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.519616] page dumped because: kasan: bad access detected [ 26.520245] [ 26.520356] Memory state around the buggy address: [ 26.520555] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.520904] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.521630] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.522187] ^ [ 26.522513] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.523011] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.523461] ================================================================== [ 26.743312] ================================================================== [ 26.743647] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744079] Write of size 1 at addr ffff88810616e0ea by task kunit_try_catch/210 [ 26.744293] [ 26.744371] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.744417] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.744430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.744492] Call Trace: [ 26.744508] <TASK> [ 26.744523] dump_stack_lvl+0x73/0xb0 [ 26.744549] print_report+0xd1/0x640 [ 26.744571] ? __virt_addr_valid+0x1db/0x2d0 [ 26.744607] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744629] ? kasan_addr_to_slab+0x11/0xa0 [ 26.744649] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744672] kasan_report+0x141/0x180 [ 26.744693] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744720] __asan_report_store1_noabort+0x1b/0x30 [ 26.744744] krealloc_less_oob_helper+0xe90/0x11d0 [ 26.744768] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.744974] ? finish_task_switch.isra.0+0x153/0x700 [ 26.745020] ? __switch_to+0x47/0xf80 [ 26.745048] ? __schedule+0x10da/0x2b60 [ 26.745073] ? __pfx_read_tsc+0x10/0x10 [ 26.745097] krealloc_large_less_oob+0x1c/0x30 [ 26.745120] kunit_try_run_case+0x1a5/0x480 [ 26.745188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.745234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.745259] ? __kthread_parkme+0x82/0x180 [ 26.745278] ? preempt_count_sub+0x50/0x80 [ 26.745331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.745355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.745377] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.745400] kthread+0x337/0x6f0 [ 26.745420] ? trace_preempt_on+0x20/0xc0 [ 26.745443] ? __pfx_kthread+0x10/0x10 [ 26.745494] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.745517] ? calculate_sigpending+0x7b/0xa0 [ 26.745540] ? __pfx_kthread+0x10/0x10 [ 26.745561] ret_from_fork+0x116/0x1d0 [ 26.745592] ? __pfx_kthread+0x10/0x10 [ 26.745612] ret_from_fork_asm+0x1a/0x30 [ 26.745675] </TASK> [ 26.745685] [ 26.754811] The buggy address belongs to the physical page: [ 26.755203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.755588] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.756036] flags: 0x200000000000040(head|node=0|zone=2) [ 26.756245] page_type: f8(unknown) [ 26.756379] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.756611] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.757083] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.757437] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.757777] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.758329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.758623] page dumped because: kasan: bad access detected [ 26.759077] [ 26.759182] Memory state around the buggy address: [ 26.759425] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.759740] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.760119] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.760312] ^ [ 26.760898] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.761234] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.761569] ================================================================== [ 26.762086] ================================================================== [ 26.762375] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 26.762628] Write of size 1 at addr ffff88810616e0eb by task kunit_try_catch/210 [ 26.762986] [ 26.763220] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.763276] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.763289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.763309] Call Trace: [ 26.763324] <TASK> [ 26.763340] dump_stack_lvl+0x73/0xb0 [ 26.763406] print_report+0xd1/0x640 [ 26.763429] ? __virt_addr_valid+0x1db/0x2d0 [ 26.763453] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763476] ? kasan_addr_to_slab+0x11/0xa0 [ 26.763497] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763553] kasan_report+0x141/0x180 [ 26.763587] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763614] __asan_report_store1_noabort+0x1b/0x30 [ 26.763638] krealloc_less_oob_helper+0xd47/0x11d0 [ 26.763694] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.763718] ? finish_task_switch.isra.0+0x153/0x700 [ 26.763738] ? __switch_to+0x47/0xf80 [ 26.763763] ? __schedule+0x10da/0x2b60 [ 26.763834] ? __pfx_read_tsc+0x10/0x10 [ 26.763896] krealloc_large_less_oob+0x1c/0x30 [ 26.763919] kunit_try_run_case+0x1a5/0x480 [ 26.763954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.763976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.764002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.764026] ? __kthread_parkme+0x82/0x180 [ 26.764075] ? preempt_count_sub+0x50/0x80 [ 26.764097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.764120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.764142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.764165] kthread+0x337/0x6f0 [ 26.764184] ? trace_preempt_on+0x20/0xc0 [ 26.764207] ? __pfx_kthread+0x10/0x10 [ 26.764227] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.764249] ? calculate_sigpending+0x7b/0xa0 [ 26.764272] ? __pfx_kthread+0x10/0x10 [ 26.764292] ret_from_fork+0x116/0x1d0 [ 26.764336] ? __pfx_kthread+0x10/0x10 [ 26.764356] ret_from_fork_asm+0x1a/0x30 [ 26.764387] </TASK> [ 26.764397] [ 26.772644] The buggy address belongs to the physical page: [ 26.773133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10616c [ 26.773404] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.773725] flags: 0x200000000000040(head|node=0|zone=2) [ 26.774219] page_type: f8(unknown) [ 26.774368] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.774732] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.775123] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.775490] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.775851] head: 0200000000000002 ffffea0004185b01 00000000ffffffff 00000000ffffffff [ 26.776246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.776595] page dumped because: kasan: bad access detected [ 26.776964] [ 26.777072] Memory state around the buggy address: [ 26.777237] ffff88810616df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.777437] ffff88810616e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.777649] >ffff88810616e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 26.778229] ^ [ 26.778686] ffff88810616e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.779112] ffff88810616e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.779319] ================================================================== [ 26.524394] ================================================================== [ 26.524739] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 26.525479] Write of size 1 at addr ffff888104a4cad0 by task kunit_try_catch/206 [ 26.526103] [ 26.526224] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.526506] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.526520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.526540] Call Trace: [ 26.526557] <TASK> [ 26.526587] dump_stack_lvl+0x73/0xb0 [ 26.526618] print_report+0xd1/0x640 [ 26.526640] ? __virt_addr_valid+0x1db/0x2d0 [ 26.526664] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526686] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.526711] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526734] kasan_report+0x141/0x180 [ 26.526755] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526782] __asan_report_store1_noabort+0x1b/0x30 [ 26.526806] krealloc_less_oob_helper+0xe23/0x11d0 [ 26.526831] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 26.526853] ? finish_task_switch.isra.0+0x153/0x700 [ 26.526874] ? __switch_to+0x47/0xf80 [ 26.526899] ? __schedule+0x10da/0x2b60 [ 26.526970] ? __pfx_read_tsc+0x10/0x10 [ 26.526996] krealloc_less_oob+0x1c/0x30 [ 26.527016] kunit_try_run_case+0x1a5/0x480 [ 26.527040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.527062] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.527086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.527110] ? __kthread_parkme+0x82/0x180 [ 26.527129] ? preempt_count_sub+0x50/0x80 [ 26.527150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.527173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.527196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.527219] kthread+0x337/0x6f0 [ 26.527238] ? trace_preempt_on+0x20/0xc0 [ 26.527268] ? __pfx_kthread+0x10/0x10 [ 26.527289] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.527311] ? calculate_sigpending+0x7b/0xa0 [ 26.527334] ? __pfx_kthread+0x10/0x10 [ 26.527354] ret_from_fork+0x116/0x1d0 [ 26.527373] ? __pfx_kthread+0x10/0x10 [ 26.527392] ret_from_fork_asm+0x1a/0x30 [ 26.527423] </TASK> [ 26.527433] [ 26.538765] Allocated by task 206: [ 26.539157] kasan_save_stack+0x45/0x70 [ 26.539537] kasan_save_track+0x18/0x40 [ 26.539851] kasan_save_alloc_info+0x3b/0x50 [ 26.540224] __kasan_krealloc+0x190/0x1f0 [ 26.540415] krealloc_noprof+0xf3/0x340 [ 26.540613] krealloc_less_oob_helper+0x1aa/0x11d0 [ 26.541111] krealloc_less_oob+0x1c/0x30 [ 26.541302] kunit_try_run_case+0x1a5/0x480 [ 26.541696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.542066] kthread+0x337/0x6f0 [ 26.542339] ret_from_fork+0x116/0x1d0 [ 26.542694] ret_from_fork_asm+0x1a/0x30 [ 26.543082] [ 26.543280] The buggy address belongs to the object at ffff888104a4ca00 [ 26.543280] which belongs to the cache kmalloc-256 of size 256 [ 26.543984] The buggy address is located 7 bytes to the right of [ 26.543984] allocated 201-byte region [ffff888104a4ca00, ffff888104a4cac9) [ 26.544518] [ 26.544626] The buggy address belongs to the physical page: [ 26.544870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a4c [ 26.545561] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.546135] flags: 0x200000000000040(head|node=0|zone=2) [ 26.546638] page_type: f5(slab) [ 26.546970] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.547462] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.547978] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 26.548319] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.548662] head: 0200000000000001 ffffea0004129301 00000000ffffffff 00000000ffffffff [ 26.549302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.549623] page dumped because: kasan: bad access detected [ 26.550012] [ 26.550110] Memory state around the buggy address: [ 26.550548] ffff888104a4c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.551072] ffff888104a4ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.551553] >ffff888104a4ca80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 26.552266] ^ [ 26.552649] ffff888104a4cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.553219] ffff888104a4cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.553690] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 26.418523] ================================================================== [ 26.418944] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 26.419206] Write of size 1 at addr ffff8881003958eb by task kunit_try_catch/204 [ 26.419434] [ 26.419524] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.419594] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.419609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.419631] Call Trace: [ 26.419645] <TASK> [ 26.419666] dump_stack_lvl+0x73/0xb0 [ 26.419696] print_report+0xd1/0x640 [ 26.419719] ? __virt_addr_valid+0x1db/0x2d0 [ 26.419744] ? krealloc_more_oob_helper+0x821/0x930 [ 26.419767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.419793] ? krealloc_more_oob_helper+0x821/0x930 [ 26.419816] kasan_report+0x141/0x180 [ 26.419838] ? krealloc_more_oob_helper+0x821/0x930 [ 26.419865] __asan_report_store1_noabort+0x1b/0x30 [ 26.419889] krealloc_more_oob_helper+0x821/0x930 [ 26.419911] ? __schedule+0x10da/0x2b60 [ 26.419936] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.419959] ? finish_task_switch.isra.0+0x153/0x700 [ 26.419981] ? __switch_to+0x47/0xf80 [ 26.420007] ? __schedule+0x10da/0x2b60 [ 26.420030] ? __pfx_read_tsc+0x10/0x10 [ 26.420055] krealloc_more_oob+0x1c/0x30 [ 26.420075] kunit_try_run_case+0x1a5/0x480 [ 26.420101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.420122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.420146] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.420171] ? __kthread_parkme+0x82/0x180 [ 26.420190] ? preempt_count_sub+0x50/0x80 [ 26.420212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.420235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.420257] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.420280] kthread+0x337/0x6f0 [ 26.420299] ? trace_preempt_on+0x20/0xc0 [ 26.420324] ? __pfx_kthread+0x10/0x10 [ 26.420343] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.420366] ? calculate_sigpending+0x7b/0xa0 [ 26.420390] ? __pfx_kthread+0x10/0x10 [ 26.420410] ret_from_fork+0x116/0x1d0 [ 26.420429] ? __pfx_kthread+0x10/0x10 [ 26.420449] ret_from_fork_asm+0x1a/0x30 [ 26.420480] </TASK> [ 26.420490] [ 26.441645] Allocated by task 204: [ 26.442128] kasan_save_stack+0x45/0x70 [ 26.442551] kasan_save_track+0x18/0x40 [ 26.442706] kasan_save_alloc_info+0x3b/0x50 [ 26.442861] __kasan_krealloc+0x190/0x1f0 [ 26.443273] krealloc_noprof+0xf3/0x340 [ 26.443665] krealloc_more_oob_helper+0x1a9/0x930 [ 26.444158] krealloc_more_oob+0x1c/0x30 [ 26.444562] kunit_try_run_case+0x1a5/0x480 [ 26.444965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.445556] kthread+0x337/0x6f0 [ 26.445696] ret_from_fork+0x116/0x1d0 [ 26.445825] ret_from_fork_asm+0x1a/0x30 [ 26.445992] [ 26.446156] The buggy address belongs to the object at ffff888100395800 [ 26.446156] which belongs to the cache kmalloc-256 of size 256 [ 26.447308] The buggy address is located 0 bytes to the right of [ 26.447308] allocated 235-byte region [ffff888100395800, ffff8881003958eb) [ 26.448652] [ 26.448815] The buggy address belongs to the physical page: [ 26.449268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 26.449511] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.450133] flags: 0x200000000000040(head|node=0|zone=2) [ 26.450316] page_type: f5(slab) [ 26.450435] raw: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004 [ 26.450672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.451176] head: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004 [ 26.451903] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.452820] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 26.453606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.454385] page dumped because: kasan: bad access detected [ 26.454962] [ 26.455103] Memory state around the buggy address: [ 26.455364] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.455585] ffff888100395800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.455833] >ffff888100395880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 26.456437] ^ [ 26.457108] ffff888100395900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.457724] ffff888100395980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.458368] ================================================================== [ 26.459273] ================================================================== [ 26.459593] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 26.459838] Write of size 1 at addr ffff8881003958f0 by task kunit_try_catch/204 [ 26.460089] [ 26.460210] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.460262] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.460276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.460297] Call Trace: [ 26.460312] <TASK> [ 26.460330] dump_stack_lvl+0x73/0xb0 [ 26.460357] print_report+0xd1/0x640 [ 26.460379] ? __virt_addr_valid+0x1db/0x2d0 [ 26.460403] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.460425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.460451] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.460474] kasan_report+0x141/0x180 [ 26.460496] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.460524] __asan_report_store1_noabort+0x1b/0x30 [ 26.460548] krealloc_more_oob_helper+0x7eb/0x930 [ 26.460593] ? __schedule+0x10da/0x2b60 [ 26.460620] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.460831] ? finish_task_switch.isra.0+0x153/0x700 [ 26.460854] ? __switch_to+0x47/0xf80 [ 26.460880] ? __schedule+0x10da/0x2b60 [ 26.460904] ? __pfx_read_tsc+0x10/0x10 [ 26.460940] krealloc_more_oob+0x1c/0x30 [ 26.460962] kunit_try_run_case+0x1a5/0x480 [ 26.460988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.461010] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.461035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.461060] ? __kthread_parkme+0x82/0x180 [ 26.461081] ? preempt_count_sub+0x50/0x80 [ 26.461103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.461127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.461150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.461173] kthread+0x337/0x6f0 [ 26.461194] ? trace_preempt_on+0x20/0xc0 [ 26.461218] ? __pfx_kthread+0x10/0x10 [ 26.461238] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.461261] ? calculate_sigpending+0x7b/0xa0 [ 26.461284] ? __pfx_kthread+0x10/0x10 [ 26.461305] ret_from_fork+0x116/0x1d0 [ 26.461324] ? __pfx_kthread+0x10/0x10 [ 26.461344] ret_from_fork_asm+0x1a/0x30 [ 26.461376] </TASK> [ 26.461386] [ 26.473423] Allocated by task 204: [ 26.473724] kasan_save_stack+0x45/0x70 [ 26.474207] kasan_save_track+0x18/0x40 [ 26.474506] kasan_save_alloc_info+0x3b/0x50 [ 26.474905] __kasan_krealloc+0x190/0x1f0 [ 26.475210] krealloc_noprof+0xf3/0x340 [ 26.475393] krealloc_more_oob_helper+0x1a9/0x930 [ 26.475611] krealloc_more_oob+0x1c/0x30 [ 26.475785] kunit_try_run_case+0x1a5/0x480 [ 26.476330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.476615] kthread+0x337/0x6f0 [ 26.476911] ret_from_fork+0x116/0x1d0 [ 26.477362] ret_from_fork_asm+0x1a/0x30 [ 26.477699] [ 26.477938] The buggy address belongs to the object at ffff888100395800 [ 26.477938] which belongs to the cache kmalloc-256 of size 256 [ 26.478746] The buggy address is located 5 bytes to the right of [ 26.478746] allocated 235-byte region [ffff888100395800, ffff8881003958eb) [ 26.479590] [ 26.479694] The buggy address belongs to the physical page: [ 26.480140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100394 [ 26.480878] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.481553] flags: 0x200000000000040(head|node=0|zone=2) [ 26.481870] page_type: f5(slab) [ 26.482208] raw: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004 [ 26.482700] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.483266] head: 0200000000000040 ffff888100041b40 ffffea0004026780 dead000000000004 [ 26.483825] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.484355] head: 0200000000000001 ffffea000400e501 00000000ffffffff 00000000ffffffff [ 26.484939] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.485474] page dumped because: kasan: bad access detected [ 26.485695] [ 26.485766] Memory state around the buggy address: [ 26.486011] ffff888100395780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.486305] ffff888100395800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.486657] >ffff888100395880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 26.487098] ^ [ 26.487322] ffff888100395900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.487645] ffff888100395980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.487958] ================================================================== [ 26.631088] ================================================================== [ 26.631530] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 26.632133] Write of size 1 at addr ffff88810616a0eb by task kunit_try_catch/208 [ 26.632443] [ 26.632535] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.632596] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.632609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.632629] Call Trace: [ 26.632642] <TASK> [ 26.632660] dump_stack_lvl+0x73/0xb0 [ 26.632694] print_report+0xd1/0x640 [ 26.632718] ? __virt_addr_valid+0x1db/0x2d0 [ 26.632743] ? krealloc_more_oob_helper+0x821/0x930 [ 26.632766] ? kasan_addr_to_slab+0x11/0xa0 [ 26.632787] ? krealloc_more_oob_helper+0x821/0x930 [ 26.632810] kasan_report+0x141/0x180 [ 26.632832] ? krealloc_more_oob_helper+0x821/0x930 [ 26.632860] __asan_report_store1_noabort+0x1b/0x30 [ 26.632883] krealloc_more_oob_helper+0x821/0x930 [ 26.632904] ? __schedule+0x10da/0x2b60 [ 26.632930] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.633068] ? finish_task_switch.isra.0+0x153/0x700 [ 26.633092] ? __switch_to+0x47/0xf80 [ 26.633119] ? __schedule+0x10da/0x2b60 [ 26.633143] ? __pfx_read_tsc+0x10/0x10 [ 26.633168] krealloc_large_more_oob+0x1c/0x30 [ 26.633191] kunit_try_run_case+0x1a5/0x480 [ 26.633216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.633238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.633262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.633286] ? __kthread_parkme+0x82/0x180 [ 26.633306] ? preempt_count_sub+0x50/0x80 [ 26.633328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.633351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.633373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.633396] kthread+0x337/0x6f0 [ 26.633416] ? trace_preempt_on+0x20/0xc0 [ 26.633440] ? __pfx_kthread+0x10/0x10 [ 26.633460] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.633482] ? calculate_sigpending+0x7b/0xa0 [ 26.633506] ? __pfx_kthread+0x10/0x10 [ 26.633526] ret_from_fork+0x116/0x1d0 [ 26.633545] ? __pfx_kthread+0x10/0x10 [ 26.633564] ret_from_fork_asm+0x1a/0x30 [ 26.633608] </TASK> [ 26.633619] [ 26.646264] The buggy address belongs to the physical page: [ 26.646509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106168 [ 26.647336] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.647675] flags: 0x200000000000040(head|node=0|zone=2) [ 26.648079] page_type: f8(unknown) [ 26.648260] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.648564] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.648800] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.649322] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.649654] head: 0200000000000002 ffffea0004185a01 00000000ffffffff 00000000ffffffff [ 26.650482] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.650877] page dumped because: kasan: bad access detected [ 26.651264] [ 26.651362] Memory state around the buggy address: [ 26.651586] ffff888106169f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.651880] ffff88810616a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.652350] >ffff88810616a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 26.652668] ^ [ 26.653212] ffff88810616a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.653591] ffff88810616a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.654080] ================================================================== [ 26.654636] ================================================================== [ 26.654913] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 26.655887] Write of size 1 at addr ffff88810616a0f0 by task kunit_try_catch/208 [ 26.656264] [ 26.656359] CPU: 1 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.656475] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.656543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.656564] Call Trace: [ 26.656587] <TASK> [ 26.656603] dump_stack_lvl+0x73/0xb0 [ 26.656630] print_report+0xd1/0x640 [ 26.656652] ? __virt_addr_valid+0x1db/0x2d0 [ 26.656674] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.656696] ? kasan_addr_to_slab+0x11/0xa0 [ 26.656716] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.656738] kasan_report+0x141/0x180 [ 26.656760] ? krealloc_more_oob_helper+0x7eb/0x930 [ 26.656868] __asan_report_store1_noabort+0x1b/0x30 [ 26.656897] krealloc_more_oob_helper+0x7eb/0x930 [ 26.656920] ? __schedule+0x10da/0x2b60 [ 26.656944] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 26.656967] ? finish_task_switch.isra.0+0x153/0x700 [ 26.656989] ? __switch_to+0x47/0xf80 [ 26.657014] ? __schedule+0x10da/0x2b60 [ 26.657038] ? __pfx_read_tsc+0x10/0x10 [ 26.657063] krealloc_large_more_oob+0x1c/0x30 [ 26.657085] kunit_try_run_case+0x1a5/0x480 [ 26.657108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.657130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.657154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.657178] ? __kthread_parkme+0x82/0x180 [ 26.657197] ? preempt_count_sub+0x50/0x80 [ 26.657219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.657242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.657265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.657288] kthread+0x337/0x6f0 [ 26.657308] ? trace_preempt_on+0x20/0xc0 [ 26.657331] ? __pfx_kthread+0x10/0x10 [ 26.657351] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.657374] ? calculate_sigpending+0x7b/0xa0 [ 26.657397] ? __pfx_kthread+0x10/0x10 [ 26.657417] ret_from_fork+0x116/0x1d0 [ 26.657436] ? __pfx_kthread+0x10/0x10 [ 26.657455] ret_from_fork_asm+0x1a/0x30 [ 26.657487] </TASK> [ 26.657497] [ 26.667952] The buggy address belongs to the physical page: [ 26.668445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106168 [ 26.668756] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.669331] flags: 0x200000000000040(head|node=0|zone=2) [ 26.669571] page_type: f8(unknown) [ 26.670017] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.670301] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.670752] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.671224] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.671552] head: 0200000000000002 ffffea0004185a01 00000000ffffffff 00000000ffffffff [ 26.672202] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.672519] page dumped because: kasan: bad access detected [ 26.672771] [ 26.673084] Memory state around the buggy address: [ 26.673264] ffff888106169f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.673681] ffff88810616a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.674090] >ffff88810616a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 26.674517] ^ [ 26.674959] ffff88810616a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.675366] ffff88810616a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.675627] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.505763] ================================================================== [ 63.506322] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 63.506322] [ 63.506689] Use-after-free read at 0x(____ptrval____) (in kfence-#155): [ 63.506949] test_krealloc+0x6fc/0xbe0 [ 63.507695] kunit_try_run_case+0x1a5/0x480 [ 63.507891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.508148] kthread+0x337/0x6f0 [ 63.508275] ret_from_fork+0x116/0x1d0 [ 63.508462] ret_from_fork_asm+0x1a/0x30 [ 63.508675] [ 63.508769] kfence-#155: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 63.508769] [ 63.509102] allocated by task 385 on cpu 0 at 63.505088s (0.004012s ago): [ 63.509948] test_alloc+0x364/0x10f0 [ 63.510234] test_krealloc+0xad/0xbe0 [ 63.510381] kunit_try_run_case+0x1a5/0x480 [ 63.510752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.511108] kthread+0x337/0x6f0 [ 63.511276] ret_from_fork+0x116/0x1d0 [ 63.511601] ret_from_fork_asm+0x1a/0x30 [ 63.511795] [ 63.511868] freed by task 385 on cpu 0 at 63.505339s (0.006527s ago): [ 63.512289] krealloc_noprof+0x108/0x340 [ 63.512473] test_krealloc+0x226/0xbe0 [ 63.512652] kunit_try_run_case+0x1a5/0x480 [ 63.512822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.513344] kthread+0x337/0x6f0 [ 63.513507] ret_from_fork+0x116/0x1d0 [ 63.513809] ret_from_fork_asm+0x1a/0x30 [ 63.514097] [ 63.514219] CPU: 0 UID: 0 PID: 385 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 63.514871] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 63.515189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.515654] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 63.410121] ================================================================== [ 63.410534] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.410534] [ 63.410881] Use-after-free read at 0x(____ptrval____) (in kfence-#154): [ 63.411181] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 63.411459] kunit_try_run_case+0x1a5/0x480 [ 63.411631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.411882] kthread+0x337/0x6f0 [ 63.412065] ret_from_fork+0x116/0x1d0 [ 63.412252] ret_from_fork_asm+0x1a/0x30 [ 63.412432] [ 63.412528] kfence-#154: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 63.412528] [ 63.412917] allocated by task 383 on cpu 1 at 63.397060s (0.015855s ago): [ 63.413281] test_alloc+0x2a6/0x10f0 [ 63.413467] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 63.413719] kunit_try_run_case+0x1a5/0x480 [ 63.413875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.414168] kthread+0x337/0x6f0 [ 63.414292] ret_from_fork+0x116/0x1d0 [ 63.414497] ret_from_fork_asm+0x1a/0x30 [ 63.414656] [ 63.414749] freed by task 383 on cpu 1 at 63.397185s (0.017562s ago): [ 63.415060] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 63.415305] kunit_try_run_case+0x1a5/0x480 [ 63.415497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 63.415739] kthread+0x337/0x6f0 [ 63.415932] ret_from_fork+0x116/0x1d0 [ 63.416099] ret_from_fork_asm+0x1a/0x30 [ 63.416292] [ 63.416421] CPU: 1 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 63.416839] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 63.416998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.417259] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 38.139180] ================================================================== [ 38.139727] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 38.139727] [ 38.140236] Invalid read at 0x(____ptrval____): [ 38.140501] test_invalid_access+0xf0/0x210 [ 38.140740] kunit_try_run_case+0x1a5/0x480 [ 38.140983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 38.141168] kthread+0x337/0x6f0 [ 38.141292] ret_from_fork+0x116/0x1d0 [ 38.141455] ret_from_fork_asm+0x1a/0x30 [ 38.141676] [ 38.141799] CPU: 0 UID: 0 PID: 379 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 38.142190] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 38.142919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 38.143450] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 37.913426] ================================================================== [ 37.913935] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.913935] [ 37.914392] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#149): [ 37.915016] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.915267] kunit_try_run_case+0x1a5/0x480 [ 37.915513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.915794] kthread+0x337/0x6f0 [ 37.915921] ret_from_fork+0x116/0x1d0 [ 37.916261] ret_from_fork_asm+0x1a/0x30 [ 37.916499] [ 37.916620] kfence-#149: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.916620] [ 37.917046] allocated by task 373 on cpu 0 at 37.913141s (0.003902s ago): [ 37.917283] test_alloc+0x364/0x10f0 [ 37.917509] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 37.917785] kunit_try_run_case+0x1a5/0x480 [ 37.917949] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.918275] kthread+0x337/0x6f0 [ 37.918390] ret_from_fork+0x116/0x1d0 [ 37.918514] ret_from_fork_asm+0x1a/0x30 [ 37.918754] [ 37.918848] freed by task 373 on cpu 0 at 37.913296s (0.005549s ago): [ 37.919285] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 37.919532] kunit_try_run_case+0x1a5/0x480 [ 37.919681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.919908] kthread+0x337/0x6f0 [ 37.920123] ret_from_fork+0x116/0x1d0 [ 37.920316] ret_from_fork_asm+0x1a/0x30 [ 37.920541] [ 37.920673] CPU: 0 UID: 0 PID: 373 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 37.921283] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 37.921538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.921927] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 37.809343] ================================================================== [ 37.809767] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.809767] [ 37.810164] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#148): [ 37.810521] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 37.810764] kunit_try_run_case+0x1a5/0x480 [ 37.810918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.811173] kthread+0x337/0x6f0 [ 37.811362] ret_from_fork+0x116/0x1d0 [ 37.811629] ret_from_fork_asm+0x1a/0x30 [ 37.811799] [ 37.811896] kfence-#148: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 37.811896] [ 37.812203] allocated by task 371 on cpu 0 at 37.809112s (0.003089s ago): [ 37.812496] test_alloc+0x364/0x10f0 [ 37.812690] test_kmalloc_aligned_oob_read+0x105/0x560 [ 37.812905] kunit_try_run_case+0x1a5/0x480 [ 37.813075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 37.813246] kthread+0x337/0x6f0 [ 37.813415] ret_from_fork+0x116/0x1d0 [ 37.813612] ret_from_fork_asm+0x1a/0x30 [ 37.813816] [ 37.813936] CPU: 0 UID: 0 PID: 371 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 37.814477] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 37.814692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 37.815113] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 33.857321] ================================================================== [ 33.857725] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 33.857725] [ 33.858057] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#110): [ 33.858638] test_corruption+0x2df/0x3e0 [ 33.858858] kunit_try_run_case+0x1a5/0x480 [ 33.859161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.859347] kthread+0x337/0x6f0 [ 33.859518] ret_from_fork+0x116/0x1d0 [ 33.859722] ret_from_fork_asm+0x1a/0x30 [ 33.859973] [ 33.860069] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.860069] [ 33.860552] allocated by task 359 on cpu 1 at 33.857064s (0.003486s ago): [ 33.860829] test_alloc+0x364/0x10f0 [ 33.861025] test_corruption+0x1cb/0x3e0 [ 33.861253] kunit_try_run_case+0x1a5/0x480 [ 33.861405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.861589] kthread+0x337/0x6f0 [ 33.861755] ret_from_fork+0x116/0x1d0 [ 33.861970] ret_from_fork_asm+0x1a/0x30 [ 33.862220] [ 33.862312] freed by task 359 on cpu 1 at 33.857159s (0.005151s ago): [ 33.862607] test_corruption+0x2df/0x3e0 [ 33.862742] kunit_try_run_case+0x1a5/0x480 [ 33.863071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.863316] kthread+0x337/0x6f0 [ 33.863505] ret_from_fork+0x116/0x1d0 [ 33.863646] ret_from_fork_asm+0x1a/0x30 [ 33.863783] [ 33.863897] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.864497] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.864814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.865292] ================================================================== [ 34.169276] ================================================================== [ 34.169668] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 34.169668] [ 34.169957] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#113): [ 34.170618] test_corruption+0x216/0x3e0 [ 34.170766] kunit_try_run_case+0x1a5/0x480 [ 34.170915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.171398] kthread+0x337/0x6f0 [ 34.171712] ret_from_fork+0x116/0x1d0 [ 34.171919] ret_from_fork_asm+0x1a/0x30 [ 34.172074] [ 34.172143] kfence-#113: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.172143] [ 34.172413] allocated by task 361 on cpu 0 at 34.169153s (0.003257s ago): [ 34.172649] test_alloc+0x2a6/0x10f0 [ 34.172778] test_corruption+0x1cb/0x3e0 [ 34.172972] kunit_try_run_case+0x1a5/0x480 [ 34.173186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.173408] kthread+0x337/0x6f0 [ 34.173562] ret_from_fork+0x116/0x1d0 [ 34.173737] ret_from_fork_asm+0x1a/0x30 [ 34.173908] [ 34.174037] freed by task 361 on cpu 0 at 34.169198s (0.004836s ago): [ 34.174346] test_corruption+0x216/0x3e0 [ 34.174523] kunit_try_run_case+0x1a5/0x480 [ 34.174713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.174987] kthread+0x337/0x6f0 [ 34.175149] ret_from_fork+0x116/0x1d0 [ 34.175312] ret_from_fork_asm+0x1a/0x30 [ 34.175456] [ 34.175542] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 34.175959] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 34.176282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.176624] ================================================================== [ 33.753368] ================================================================== [ 33.753860] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 33.753860] [ 33.754212] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#109): [ 33.755055] test_corruption+0x2d2/0x3e0 [ 33.755310] kunit_try_run_case+0x1a5/0x480 [ 33.755556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.755750] kthread+0x337/0x6f0 [ 33.755934] ret_from_fork+0x116/0x1d0 [ 33.756175] ret_from_fork_asm+0x1a/0x30 [ 33.756377] [ 33.756462] kfence-#109: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.756462] [ 33.756901] allocated by task 359 on cpu 1 at 33.753093s (0.003806s ago): [ 33.757135] test_alloc+0x364/0x10f0 [ 33.757388] test_corruption+0xe6/0x3e0 [ 33.757637] kunit_try_run_case+0x1a5/0x480 [ 33.757787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.758072] kthread+0x337/0x6f0 [ 33.758285] ret_from_fork+0x116/0x1d0 [ 33.758479] ret_from_fork_asm+0x1a/0x30 [ 33.758690] [ 33.758822] freed by task 359 on cpu 1 at 33.753198s (0.005622s ago): [ 33.759107] test_corruption+0x2d2/0x3e0 [ 33.759241] kunit_try_run_case+0x1a5/0x480 [ 33.759419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.759710] kthread+0x337/0x6f0 [ 33.759893] ret_from_fork+0x116/0x1d0 [ 33.760101] ret_from_fork_asm+0x1a/0x30 [ 33.760308] [ 33.760424] CPU: 1 UID: 0 PID: 359 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.760828] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.761272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.761569] ================================================================== [ 34.065273] ================================================================== [ 34.065688] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 34.065688] [ 34.065960] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#112): [ 34.066607] test_corruption+0x131/0x3e0 [ 34.066815] kunit_try_run_case+0x1a5/0x480 [ 34.067028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.067283] kthread+0x337/0x6f0 [ 34.067403] ret_from_fork+0x116/0x1d0 [ 34.067606] ret_from_fork_asm+0x1a/0x30 [ 34.067791] [ 34.067860] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.067860] [ 34.068387] allocated by task 361 on cpu 0 at 34.065125s (0.003260s ago): [ 34.068665] test_alloc+0x2a6/0x10f0 [ 34.068847] test_corruption+0xe6/0x3e0 [ 34.069049] kunit_try_run_case+0x1a5/0x480 [ 34.069266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.069437] kthread+0x337/0x6f0 [ 34.069553] ret_from_fork+0x116/0x1d0 [ 34.069716] ret_from_fork_asm+0x1a/0x30 [ 34.069906] [ 34.070000] freed by task 361 on cpu 0 at 34.065186s (0.004810s ago): [ 34.070296] test_corruption+0x131/0x3e0 [ 34.070468] kunit_try_run_case+0x1a5/0x480 [ 34.070617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 34.070836] kthread+0x337/0x6f0 [ 34.071083] ret_from_fork+0x116/0x1d0 [ 34.071280] ret_from_fork_asm+0x1a/0x30 [ 34.071468] [ 34.071595] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 34.072116] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 34.072316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.072658] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 33.649276] ================================================================== [ 33.649731] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 33.649731] [ 33.650070] Invalid free of 0x(____ptrval____) (in kfence-#108): [ 33.650405] test_invalid_addr_free+0xfb/0x260 [ 33.650629] kunit_try_run_case+0x1a5/0x480 [ 33.650772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.651166] kthread+0x337/0x6f0 [ 33.651313] ret_from_fork+0x116/0x1d0 [ 33.651523] ret_from_fork_asm+0x1a/0x30 [ 33.651732] [ 33.651822] kfence-#108: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.651822] [ 33.652215] allocated by task 357 on cpu 0 at 33.649146s (0.003067s ago): [ 33.652658] test_alloc+0x2a6/0x10f0 [ 33.652963] test_invalid_addr_free+0xdb/0x260 [ 33.653141] kunit_try_run_case+0x1a5/0x480 [ 33.653358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.653588] kthread+0x337/0x6f0 [ 33.653754] ret_from_fork+0x116/0x1d0 [ 33.653925] ret_from_fork_asm+0x1a/0x30 [ 33.654141] [ 33.654243] CPU: 0 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.654701] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.654931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.655334] ================================================================== [ 33.545299] ================================================================== [ 33.545697] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 33.545697] [ 33.545997] Invalid free of 0x(____ptrval____) (in kfence-#107): [ 33.546415] test_invalid_addr_free+0x1e1/0x260 [ 33.546636] kunit_try_run_case+0x1a5/0x480 [ 33.546782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.547198] kthread+0x337/0x6f0 [ 33.547369] ret_from_fork+0x116/0x1d0 [ 33.547520] ret_from_fork_asm+0x1a/0x30 [ 33.547730] [ 33.547827] kfence-#107: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.547827] [ 33.548210] allocated by task 355 on cpu 1 at 33.545151s (0.003056s ago): [ 33.548463] test_alloc+0x364/0x10f0 [ 33.548641] test_invalid_addr_free+0xdb/0x260 [ 33.548787] kunit_try_run_case+0x1a5/0x480 [ 33.548925] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.549120] kthread+0x337/0x6f0 [ 33.549289] ret_from_fork+0x116/0x1d0 [ 33.549478] ret_from_fork_asm+0x1a/0x30 [ 33.549687] [ 33.549866] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.550324] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.550508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.550931] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 33.337314] ================================================================== [ 33.337762] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 33.337762] [ 33.338178] Invalid free of 0x(____ptrval____) (in kfence-#105): [ 33.338591] test_double_free+0x1d3/0x260 [ 33.339246] kunit_try_run_case+0x1a5/0x480 [ 33.339666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.339875] kthread+0x337/0x6f0 [ 33.340111] ret_from_fork+0x116/0x1d0 [ 33.340466] ret_from_fork_asm+0x1a/0x30 [ 33.340695] [ 33.340874] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.340874] [ 33.341344] allocated by task 351 on cpu 0 at 33.337047s (0.004294s ago): [ 33.341834] test_alloc+0x364/0x10f0 [ 33.342035] test_double_free+0xdb/0x260 [ 33.342312] kunit_try_run_case+0x1a5/0x480 [ 33.342621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.342960] kthread+0x337/0x6f0 [ 33.343205] ret_from_fork+0x116/0x1d0 [ 33.343479] ret_from_fork_asm+0x1a/0x30 [ 33.343669] [ 33.343846] freed by task 351 on cpu 0 at 33.337108s (0.006736s ago): [ 33.344323] test_double_free+0x1e0/0x260 [ 33.344510] kunit_try_run_case+0x1a5/0x480 [ 33.344851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.345217] kthread+0x337/0x6f0 [ 33.345389] ret_from_fork+0x116/0x1d0 [ 33.345522] ret_from_fork_asm+0x1a/0x30 [ 33.345743] [ 33.345851] CPU: 0 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.346650] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.346973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.347456] ================================================================== [ 33.441347] ================================================================== [ 33.441762] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 33.441762] [ 33.442133] Invalid free of 0x(____ptrval____) (in kfence-#106): [ 33.442415] test_double_free+0x112/0x260 [ 33.442630] kunit_try_run_case+0x1a5/0x480 [ 33.442779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.443096] kthread+0x337/0x6f0 [ 33.443282] ret_from_fork+0x116/0x1d0 [ 33.443444] ret_from_fork_asm+0x1a/0x30 [ 33.443618] [ 33.443709] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.443709] [ 33.444118] allocated by task 353 on cpu 1 at 33.441160s (0.002956s ago): [ 33.444393] test_alloc+0x2a6/0x10f0 [ 33.444568] test_double_free+0xdb/0x260 [ 33.444743] kunit_try_run_case+0x1a5/0x480 [ 33.444936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.445199] kthread+0x337/0x6f0 [ 33.445329] ret_from_fork+0x116/0x1d0 [ 33.445513] ret_from_fork_asm+0x1a/0x30 [ 33.445691] [ 33.445756] freed by task 353 on cpu 1 at 33.441223s (0.004531s ago): [ 33.445965] test_double_free+0xfa/0x260 [ 33.446094] kunit_try_run_case+0x1a5/0x480 [ 33.446249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.446765] kthread+0x337/0x6f0 [ 33.446899] ret_from_fork+0x116/0x1d0 [ 33.447024] ret_from_fork_asm+0x1a/0x30 [ 33.447159] [ 33.447257] CPU: 1 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.448165] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.448399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.448804] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 33.025238] ================================================================== [ 33.025653] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 33.025653] [ 33.026033] Use-after-free read at 0x(____ptrval____) (in kfence-#102): [ 33.026351] test_use_after_free_read+0x129/0x270 [ 33.026587] kunit_try_run_case+0x1a5/0x480 [ 33.026736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.027086] kthread+0x337/0x6f0 [ 33.027305] ret_from_fork+0x116/0x1d0 [ 33.027457] ret_from_fork_asm+0x1a/0x30 [ 33.027647] [ 33.027723] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.027723] [ 33.028139] allocated by task 345 on cpu 1 at 33.025097s (0.003040s ago): [ 33.028433] test_alloc+0x2a6/0x10f0 [ 33.028594] test_use_after_free_read+0xdc/0x270 [ 33.028744] kunit_try_run_case+0x1a5/0x480 [ 33.028884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.029092] kthread+0x337/0x6f0 [ 33.029274] ret_from_fork+0x116/0x1d0 [ 33.029457] ret_from_fork_asm+0x1a/0x30 [ 33.029613] [ 33.029680] freed by task 345 on cpu 1 at 33.025159s (0.004518s ago): [ 33.029923] test_use_after_free_read+0xfb/0x270 [ 33.030147] kunit_try_run_case+0x1a5/0x480 [ 33.030351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.030610] kthread+0x337/0x6f0 [ 33.030775] ret_from_fork+0x116/0x1d0 [ 33.030911] ret_from_fork_asm+0x1a/0x30 [ 33.031118] [ 33.031219] CPU: 1 UID: 0 PID: 345 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 33.031677] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 33.031911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.032240] ================================================================== [ 32.921345] ================================================================== [ 32.921808] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 32.921808] [ 32.922280] Use-after-free read at 0x(____ptrval____) (in kfence-#101): [ 32.922611] test_use_after_free_read+0x129/0x270 [ 32.922787] kunit_try_run_case+0x1a5/0x480 [ 32.922997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.923278] kthread+0x337/0x6f0 [ 32.923406] ret_from_fork+0x116/0x1d0 [ 32.923588] ret_from_fork_asm+0x1a/0x30 [ 32.923790] [ 32.923882] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.923882] [ 32.924262] allocated by task 343 on cpu 0 at 32.921102s (0.003157s ago): [ 32.924565] test_alloc+0x364/0x10f0 [ 32.924761] test_use_after_free_read+0xdc/0x270 [ 32.925033] kunit_try_run_case+0x1a5/0x480 [ 32.925254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.925459] kthread+0x337/0x6f0 [ 32.925597] ret_from_fork+0x116/0x1d0 [ 32.925726] ret_from_fork_asm+0x1a/0x30 [ 32.925905] [ 32.926152] freed by task 343 on cpu 0 at 32.921175s (0.004893s ago): [ 32.926521] test_use_after_free_read+0x1e7/0x270 [ 32.926806] kunit_try_run_case+0x1a5/0x480 [ 32.926971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.927143] kthread+0x337/0x6f0 [ 32.927319] ret_from_fork+0x116/0x1d0 [ 32.927539] ret_from_fork_asm+0x1a/0x30 [ 32.927767] [ 32.927914] CPU: 0 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 32.928540] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.928723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.928991] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 32.817171] ================================================================== [ 32.817596] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 32.817596] [ 32.817924] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#100): [ 32.818278] test_out_of_bounds_write+0x10d/0x260 [ 32.818504] kunit_try_run_case+0x1a5/0x480 [ 32.818714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.818968] kthread+0x337/0x6f0 [ 32.819123] ret_from_fork+0x116/0x1d0 [ 32.819277] ret_from_fork_asm+0x1a/0x30 [ 32.819417] [ 32.819499] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.819499] [ 32.819969] allocated by task 341 on cpu 0 at 32.817102s (0.002865s ago): [ 32.820194] test_alloc+0x2a6/0x10f0 [ 32.820318] test_out_of_bounds_write+0xd4/0x260 [ 32.820462] kunit_try_run_case+0x1a5/0x480 [ 32.820681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.820928] kthread+0x337/0x6f0 [ 32.821112] ret_from_fork+0x116/0x1d0 [ 32.821314] ret_from_fork_asm+0x1a/0x30 [ 32.821534] [ 32.821681] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 32.822317] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.822529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.822943] ================================================================== [ 32.505278] ================================================================== [ 32.505735] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 32.505735] [ 32.506060] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#97): [ 32.506641] test_out_of_bounds_write+0x10d/0x260 [ 32.506832] kunit_try_run_case+0x1a5/0x480 [ 32.507558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.507763] kthread+0x337/0x6f0 [ 32.507920] ret_from_fork+0x116/0x1d0 [ 32.508341] ret_from_fork_asm+0x1a/0x30 [ 32.508514] [ 32.508625] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.508625] [ 32.509257] allocated by task 339 on cpu 1 at 32.505140s (0.004114s ago): [ 32.509651] test_alloc+0x364/0x10f0 [ 32.509809] test_out_of_bounds_write+0xd4/0x260 [ 32.510192] kunit_try_run_case+0x1a5/0x480 [ 32.510388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.510771] kthread+0x337/0x6f0 [ 32.510926] ret_from_fork+0x116/0x1d0 [ 32.511086] ret_from_fork_asm+0x1a/0x30 [ 32.511436] [ 32.511545] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 32.512185] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.512391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.513264] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 31.985299] ================================================================== [ 31.985703] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 31.985703] [ 31.986123] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#92): [ 31.986479] test_out_of_bounds_read+0x216/0x4e0 [ 31.986703] kunit_try_run_case+0x1a5/0x480 [ 31.986851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.987100] kthread+0x337/0x6f0 [ 31.987354] ret_from_fork+0x116/0x1d0 [ 31.987528] ret_from_fork_asm+0x1a/0x30 [ 31.987712] [ 31.987786] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.987786] [ 31.988314] allocated by task 335 on cpu 1 at 31.985111s (0.003201s ago): [ 31.988599] test_alloc+0x364/0x10f0 [ 31.988759] test_out_of_bounds_read+0x1e2/0x4e0 [ 31.989010] kunit_try_run_case+0x1a5/0x480 [ 31.989194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.989384] kthread+0x337/0x6f0 [ 31.989499] ret_from_fork+0x116/0x1d0 [ 31.989642] ret_from_fork_asm+0x1a/0x30 [ 31.989779] [ 31.989888] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.990399] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.990621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.990902] ================================================================== [ 32.089241] ================================================================== [ 32.089662] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 32.089662] [ 32.090058] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#93): [ 32.090384] test_out_of_bounds_read+0x126/0x4e0 [ 32.090596] kunit_try_run_case+0x1a5/0x480 [ 32.090812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.091051] kthread+0x337/0x6f0 [ 32.091176] ret_from_fork+0x116/0x1d0 [ 32.091368] ret_from_fork_asm+0x1a/0x30 [ 32.091570] [ 32.091670] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.091670] [ 32.091948] allocated by task 337 on cpu 0 at 32.089170s (0.002776s ago): [ 32.092487] test_alloc+0x2a6/0x10f0 [ 32.092705] test_out_of_bounds_read+0xed/0x4e0 [ 32.092990] kunit_try_run_case+0x1a5/0x480 [ 32.093184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.093357] kthread+0x337/0x6f0 [ 32.093530] ret_from_fork+0x116/0x1d0 [ 32.093738] ret_from_fork_asm+0x1a/0x30 [ 32.093899] [ 32.094054] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 32.094466] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.094654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.095169] ================================================================== [ 31.882167] ================================================================== [ 31.882647] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 31.882647] [ 31.883109] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#91): [ 31.883561] test_out_of_bounds_read+0x126/0x4e0 [ 31.883784] kunit_try_run_case+0x1a5/0x480 [ 31.883934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.884160] kthread+0x337/0x6f0 [ 31.884329] ret_from_fork+0x116/0x1d0 [ 31.884497] ret_from_fork_asm+0x1a/0x30 [ 31.884655] [ 31.884976] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.884976] [ 31.885542] allocated by task 335 on cpu 1 at 31.881107s (0.004380s ago): [ 31.886105] test_alloc+0x364/0x10f0 [ 31.886267] test_out_of_bounds_read+0xed/0x4e0 [ 31.886478] kunit_try_run_case+0x1a5/0x480 [ 31.886699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.886875] kthread+0x337/0x6f0 [ 31.887018] ret_from_fork+0x116/0x1d0 [ 31.887208] ret_from_fork_asm+0x1a/0x30 [ 31.887604] [ 31.887733] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.888221] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.888478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.888779] ================================================================== [ 32.193221] ================================================================== [ 32.193623] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 32.193623] [ 32.193989] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#94): [ 32.194349] test_out_of_bounds_read+0x216/0x4e0 [ 32.194552] kunit_try_run_case+0x1a5/0x480 [ 32.194716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.194963] kthread+0x337/0x6f0 [ 32.195164] ret_from_fork+0x116/0x1d0 [ 32.195393] ret_from_fork_asm+0x1a/0x30 [ 32.195567] [ 32.195648] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.195648] [ 32.196150] allocated by task 337 on cpu 0 at 32.193160s (0.002987s ago): [ 32.196468] test_alloc+0x2a6/0x10f0 [ 32.196645] test_out_of_bounds_read+0x1e2/0x4e0 [ 32.196798] kunit_try_run_case+0x1a5/0x480 [ 32.196940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.197146] kthread+0x337/0x6f0 [ 32.197312] ret_from_fork+0x116/0x1d0 [ 32.197514] ret_from_fork_asm+0x1a/0x30 [ 32.197717] [ 32.197832] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 32.198251] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 32.198486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.198885] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 31.235146] ================================================================== [ 31.235477] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 31.235943] Write of size 1 at addr ffff888105635478 by task kunit_try_catch/333 [ 31.236242] [ 31.236375] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.236425] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.236439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.236462] Call Trace: [ 31.236480] <TASK> [ 31.236497] dump_stack_lvl+0x73/0xb0 [ 31.236525] print_report+0xd1/0x640 [ 31.236549] ? __virt_addr_valid+0x1db/0x2d0 [ 31.236584] ? strncpy_from_user+0x1a5/0x1d0 [ 31.236608] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.236635] ? strncpy_from_user+0x1a5/0x1d0 [ 31.236658] kasan_report+0x141/0x180 [ 31.236682] ? strncpy_from_user+0x1a5/0x1d0 [ 31.236710] __asan_report_store1_noabort+0x1b/0x30 [ 31.236736] strncpy_from_user+0x1a5/0x1d0 [ 31.236773] copy_user_test_oob+0x760/0x10f0 [ 31.236799] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.236822] ? finish_task_switch.isra.0+0x153/0x700 [ 31.236856] ? __switch_to+0x47/0xf80 [ 31.236882] ? __schedule+0x10da/0x2b60 [ 31.236909] ? __pfx_read_tsc+0x10/0x10 [ 31.236931] ? ktime_get_ts64+0x86/0x230 [ 31.236958] kunit_try_run_case+0x1a5/0x480 [ 31.236983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.237006] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.237032] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.237059] ? __kthread_parkme+0x82/0x180 [ 31.237079] ? preempt_count_sub+0x50/0x80 [ 31.237103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.237129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.237153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.237188] kthread+0x337/0x6f0 [ 31.237210] ? trace_preempt_on+0x20/0xc0 [ 31.237234] ? __pfx_kthread+0x10/0x10 [ 31.237256] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.237280] ? calculate_sigpending+0x7b/0xa0 [ 31.237315] ? __pfx_kthread+0x10/0x10 [ 31.237337] ret_from_fork+0x116/0x1d0 [ 31.237356] ? __pfx_kthread+0x10/0x10 [ 31.237390] ret_from_fork_asm+0x1a/0x30 [ 31.237422] </TASK> [ 31.237434] [ 31.244560] Allocated by task 333: [ 31.244788] kasan_save_stack+0x45/0x70 [ 31.245058] kasan_save_track+0x18/0x40 [ 31.245250] kasan_save_alloc_info+0x3b/0x50 [ 31.245455] __kasan_kmalloc+0xb7/0xc0 [ 31.245665] __kmalloc_noprof+0x1ca/0x510 [ 31.245862] kunit_kmalloc_array+0x25/0x60 [ 31.246111] copy_user_test_oob+0xab/0x10f0 [ 31.246305] kunit_try_run_case+0x1a5/0x480 [ 31.246500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.246748] kthread+0x337/0x6f0 [ 31.246915] ret_from_fork+0x116/0x1d0 [ 31.247093] ret_from_fork_asm+0x1a/0x30 [ 31.247229] [ 31.247302] The buggy address belongs to the object at ffff888105635400 [ 31.247302] which belongs to the cache kmalloc-128 of size 128 [ 31.247748] The buggy address is located 0 bytes to the right of [ 31.247748] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.248696] [ 31.248799] The buggy address belongs to the physical page: [ 31.248972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.249211] flags: 0x200000000000000(node=0|zone=2) [ 31.249369] page_type: f5(slab) [ 31.249485] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.249860] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.250236] page dumped because: kasan: bad access detected [ 31.250480] [ 31.250569] Memory state around the buggy address: [ 31.250792] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.251242] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.251545] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.251762] ^ [ 31.252097] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.252414] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.252766] ================================================================== [ 31.211764] ================================================================== [ 31.212410] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 31.212776] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.213098] [ 31.213185] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.213237] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.213251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.213275] Call Trace: [ 31.213296] <TASK> [ 31.213317] dump_stack_lvl+0x73/0xb0 [ 31.213345] print_report+0xd1/0x640 [ 31.213370] ? __virt_addr_valid+0x1db/0x2d0 [ 31.213395] ? strncpy_from_user+0x2e/0x1d0 [ 31.213419] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.213446] ? strncpy_from_user+0x2e/0x1d0 [ 31.213470] kasan_report+0x141/0x180 [ 31.213493] ? strncpy_from_user+0x2e/0x1d0 [ 31.213520] kasan_check_range+0x10c/0x1c0 [ 31.213545] __kasan_check_write+0x18/0x20 [ 31.213569] strncpy_from_user+0x2e/0x1d0 [ 31.213605] ? __kasan_check_read+0x15/0x20 [ 31.213642] copy_user_test_oob+0x760/0x10f0 [ 31.213669] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.213693] ? finish_task_switch.isra.0+0x153/0x700 [ 31.213726] ? __switch_to+0x47/0xf80 [ 31.213755] ? __schedule+0x10da/0x2b60 [ 31.213782] ? __pfx_read_tsc+0x10/0x10 [ 31.213804] ? ktime_get_ts64+0x86/0x230 [ 31.213830] kunit_try_run_case+0x1a5/0x480 [ 31.213858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.213883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.213911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.213948] ? __kthread_parkme+0x82/0x180 [ 31.213970] ? preempt_count_sub+0x50/0x80 [ 31.213995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.214019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.214044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.214068] kthread+0x337/0x6f0 [ 31.214089] ? trace_preempt_on+0x20/0xc0 [ 31.214115] ? __pfx_kthread+0x10/0x10 [ 31.214138] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.214162] ? calculate_sigpending+0x7b/0xa0 [ 31.214189] ? __pfx_kthread+0x10/0x10 [ 31.214210] ret_from_fork+0x116/0x1d0 [ 31.214231] ? __pfx_kthread+0x10/0x10 [ 31.214252] ret_from_fork_asm+0x1a/0x30 [ 31.214284] </TASK> [ 31.214296] [ 31.222112] Allocated by task 333: [ 31.222410] kasan_save_stack+0x45/0x70 [ 31.222753] kasan_save_track+0x18/0x40 [ 31.223200] kasan_save_alloc_info+0x3b/0x50 [ 31.223615] __kasan_kmalloc+0xb7/0xc0 [ 31.223990] __kmalloc_noprof+0x1ca/0x510 [ 31.224379] kunit_kmalloc_array+0x25/0x60 [ 31.224761] copy_user_test_oob+0xab/0x10f0 [ 31.225257] kunit_try_run_case+0x1a5/0x480 [ 31.225409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.225587] kthread+0x337/0x6f0 [ 31.225904] ret_from_fork+0x116/0x1d0 [ 31.226235] ret_from_fork_asm+0x1a/0x30 [ 31.226600] [ 31.226751] The buggy address belongs to the object at ffff888105635400 [ 31.226751] which belongs to the cache kmalloc-128 of size 128 [ 31.227768] The buggy address is located 0 bytes inside of [ 31.227768] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.228601] [ 31.228678] The buggy address belongs to the physical page: [ 31.228850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.229473] flags: 0x200000000000000(node=0|zone=2) [ 31.229930] page_type: f5(slab) [ 31.230224] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.230874] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.231559] page dumped because: kasan: bad access detected [ 31.232044] [ 31.232144] Memory state around the buggy address: [ 31.232295] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.232968] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.233588] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.233996] ^ [ 31.234204] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.234412] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.234633] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 31.151760] ================================================================== [ 31.152381] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 31.152795] Read of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.153096] [ 31.153224] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.153278] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.153292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.153315] Call Trace: [ 31.153337] <TASK> [ 31.153357] dump_stack_lvl+0x73/0xb0 [ 31.153386] print_report+0xd1/0x640 [ 31.153411] ? __virt_addr_valid+0x1db/0x2d0 [ 31.153436] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.153486] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153512] kasan_report+0x141/0x180 [ 31.153546] ? copy_user_test_oob+0x4aa/0x10f0 [ 31.153591] kasan_check_range+0x10c/0x1c0 [ 31.153617] __kasan_check_read+0x15/0x20 [ 31.153641] copy_user_test_oob+0x4aa/0x10f0 [ 31.153676] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.153700] ? finish_task_switch.isra.0+0x153/0x700 [ 31.153732] ? __switch_to+0x47/0xf80 [ 31.153761] ? __schedule+0x10da/0x2b60 [ 31.153786] ? __pfx_read_tsc+0x10/0x10 [ 31.153810] ? ktime_get_ts64+0x86/0x230 [ 31.153847] kunit_try_run_case+0x1a5/0x480 [ 31.153876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.153899] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.153933] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.153969] ? __kthread_parkme+0x82/0x180 [ 31.153991] ? preempt_count_sub+0x50/0x80 [ 31.154025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.154050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.154074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.154098] kthread+0x337/0x6f0 [ 31.154119] ? trace_preempt_on+0x20/0xc0 [ 31.154144] ? __pfx_kthread+0x10/0x10 [ 31.154165] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.154190] ? calculate_sigpending+0x7b/0xa0 [ 31.154215] ? __pfx_kthread+0x10/0x10 [ 31.154236] ret_from_fork+0x116/0x1d0 [ 31.154257] ? __pfx_kthread+0x10/0x10 [ 31.154277] ret_from_fork_asm+0x1a/0x30 [ 31.154310] </TASK> [ 31.154322] [ 31.164029] Allocated by task 333: [ 31.164209] kasan_save_stack+0x45/0x70 [ 31.164404] kasan_save_track+0x18/0x40 [ 31.164587] kasan_save_alloc_info+0x3b/0x50 [ 31.164778] __kasan_kmalloc+0xb7/0xc0 [ 31.165498] __kmalloc_noprof+0x1ca/0x510 [ 31.165903] kunit_kmalloc_array+0x25/0x60 [ 31.166260] copy_user_test_oob+0xab/0x10f0 [ 31.166471] kunit_try_run_case+0x1a5/0x480 [ 31.166674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.166910] kthread+0x337/0x6f0 [ 31.167368] ret_from_fork+0x116/0x1d0 [ 31.167542] ret_from_fork_asm+0x1a/0x30 [ 31.167736] [ 31.167824] The buggy address belongs to the object at ffff888105635400 [ 31.167824] which belongs to the cache kmalloc-128 of size 128 [ 31.169178] The buggy address is located 0 bytes inside of [ 31.169178] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.170078] [ 31.170182] The buggy address belongs to the physical page: [ 31.170661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.171324] flags: 0x200000000000000(node=0|zone=2) [ 31.171514] page_type: f5(slab) [ 31.171724] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.172058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.172489] page dumped because: kasan: bad access detected [ 31.172717] [ 31.172804] Memory state around the buggy address: [ 31.173039] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.173347] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.173636] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.173936] ^ [ 31.174238] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.174519] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.174818] ================================================================== [ 31.133468] ================================================================== [ 31.133886] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 31.134249] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.134531] [ 31.134631] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.134697] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.134713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.134736] Call Trace: [ 31.134762] <TASK> [ 31.134783] dump_stack_lvl+0x73/0xb0 [ 31.134812] print_report+0xd1/0x640 [ 31.134838] ? __virt_addr_valid+0x1db/0x2d0 [ 31.134864] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.134888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.134944] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.134968] kasan_report+0x141/0x180 [ 31.134990] ? copy_user_test_oob+0x3fd/0x10f0 [ 31.135030] kasan_check_range+0x10c/0x1c0 [ 31.135055] __kasan_check_write+0x18/0x20 [ 31.135079] copy_user_test_oob+0x3fd/0x10f0 [ 31.135105] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.135137] ? finish_task_switch.isra.0+0x153/0x700 [ 31.135160] ? __switch_to+0x47/0xf80 [ 31.135186] ? __schedule+0x10da/0x2b60 [ 31.135223] ? __pfx_read_tsc+0x10/0x10 [ 31.135245] ? ktime_get_ts64+0x86/0x230 [ 31.135279] kunit_try_run_case+0x1a5/0x480 [ 31.135306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.135329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.135355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.135381] ? __kthread_parkme+0x82/0x180 [ 31.135402] ? preempt_count_sub+0x50/0x80 [ 31.135425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.135451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.135475] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.135508] kthread+0x337/0x6f0 [ 31.135530] ? trace_preempt_on+0x20/0xc0 [ 31.135555] ? __pfx_kthread+0x10/0x10 [ 31.135595] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.135620] ? calculate_sigpending+0x7b/0xa0 [ 31.135644] ? __pfx_kthread+0x10/0x10 [ 31.135666] ret_from_fork+0x116/0x1d0 [ 31.135700] ? __pfx_kthread+0x10/0x10 [ 31.135724] ret_from_fork_asm+0x1a/0x30 [ 31.135769] </TASK> [ 31.135783] [ 31.143204] Allocated by task 333: [ 31.143413] kasan_save_stack+0x45/0x70 [ 31.143645] kasan_save_track+0x18/0x40 [ 31.143806] kasan_save_alloc_info+0x3b/0x50 [ 31.144064] __kasan_kmalloc+0xb7/0xc0 [ 31.144197] __kmalloc_noprof+0x1ca/0x510 [ 31.144336] kunit_kmalloc_array+0x25/0x60 [ 31.144476] copy_user_test_oob+0xab/0x10f0 [ 31.144691] kunit_try_run_case+0x1a5/0x480 [ 31.144930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.145176] kthread+0x337/0x6f0 [ 31.145338] ret_from_fork+0x116/0x1d0 [ 31.145517] ret_from_fork_asm+0x1a/0x30 [ 31.145693] [ 31.145759] The buggy address belongs to the object at ffff888105635400 [ 31.145759] which belongs to the cache kmalloc-128 of size 128 [ 31.146468] The buggy address is located 0 bytes inside of [ 31.146468] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.147026] [ 31.147101] The buggy address belongs to the physical page: [ 31.147348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.147701] flags: 0x200000000000000(node=0|zone=2) [ 31.147918] page_type: f5(slab) [ 31.148100] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.148403] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.148721] page dumped because: kasan: bad access detected [ 31.148969] [ 31.149053] Memory state around the buggy address: [ 31.149264] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.149563] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.149895] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.150189] ^ [ 31.150483] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.150791] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.151075] ================================================================== [ 31.193851] ================================================================== [ 31.194175] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 31.194512] Read of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.194846] [ 31.194932] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.195000] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.195014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.195038] Call Trace: [ 31.195058] <TASK> [ 31.195078] dump_stack_lvl+0x73/0xb0 [ 31.195106] print_report+0xd1/0x640 [ 31.195130] ? __virt_addr_valid+0x1db/0x2d0 [ 31.195155] ? copy_user_test_oob+0x604/0x10f0 [ 31.195179] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.195205] ? copy_user_test_oob+0x604/0x10f0 [ 31.195229] kasan_report+0x141/0x180 [ 31.195256] ? copy_user_test_oob+0x604/0x10f0 [ 31.195285] kasan_check_range+0x10c/0x1c0 [ 31.195309] __kasan_check_read+0x15/0x20 [ 31.195333] copy_user_test_oob+0x604/0x10f0 [ 31.195359] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.195382] ? finish_task_switch.isra.0+0x153/0x700 [ 31.195405] ? __switch_to+0x47/0xf80 [ 31.195431] ? __schedule+0x10da/0x2b60 [ 31.195469] ? __pfx_read_tsc+0x10/0x10 [ 31.195491] ? ktime_get_ts64+0x86/0x230 [ 31.195517] kunit_try_run_case+0x1a5/0x480 [ 31.195554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.195586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.195612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.195639] ? __kthread_parkme+0x82/0x180 [ 31.195659] ? preempt_count_sub+0x50/0x80 [ 31.195682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.195707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.195732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.195756] kthread+0x337/0x6f0 [ 31.195776] ? trace_preempt_on+0x20/0xc0 [ 31.195802] ? __pfx_kthread+0x10/0x10 [ 31.195824] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.195848] ? calculate_sigpending+0x7b/0xa0 [ 31.195872] ? __pfx_kthread+0x10/0x10 [ 31.195894] ret_from_fork+0x116/0x1d0 [ 31.195915] ? __pfx_kthread+0x10/0x10 [ 31.195937] ret_from_fork_asm+0x1a/0x30 [ 31.195969] </TASK> [ 31.195980] [ 31.203458] Allocated by task 333: [ 31.203664] kasan_save_stack+0x45/0x70 [ 31.203878] kasan_save_track+0x18/0x40 [ 31.204072] kasan_save_alloc_info+0x3b/0x50 [ 31.204292] __kasan_kmalloc+0xb7/0xc0 [ 31.204453] __kmalloc_noprof+0x1ca/0x510 [ 31.204668] kunit_kmalloc_array+0x25/0x60 [ 31.204833] copy_user_test_oob+0xab/0x10f0 [ 31.205032] kunit_try_run_case+0x1a5/0x480 [ 31.205252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.205424] kthread+0x337/0x6f0 [ 31.205613] ret_from_fork+0x116/0x1d0 [ 31.205802] ret_from_fork_asm+0x1a/0x30 [ 31.205937] [ 31.206002] The buggy address belongs to the object at ffff888105635400 [ 31.206002] which belongs to the cache kmalloc-128 of size 128 [ 31.206355] The buggy address is located 0 bytes inside of [ 31.206355] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.206715] [ 31.206784] The buggy address belongs to the physical page: [ 31.206955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.207191] flags: 0x200000000000000(node=0|zone=2) [ 31.207356] page_type: f5(slab) [ 31.207498] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.207904] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.208346] page dumped because: kasan: bad access detected [ 31.208637] [ 31.208727] Memory state around the buggy address: [ 31.208973] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.209333] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.209665] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.209887] ^ [ 31.210375] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.210596] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.210804] ================================================================== [ 31.175528] ================================================================== [ 31.175859] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 31.176404] Write of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.176762] [ 31.176857] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.176912] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.176928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.176952] Call Trace: [ 31.176974] <TASK> [ 31.176996] dump_stack_lvl+0x73/0xb0 [ 31.177027] print_report+0xd1/0x640 [ 31.177050] ? __virt_addr_valid+0x1db/0x2d0 [ 31.177075] ? copy_user_test_oob+0x557/0x10f0 [ 31.177099] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.177126] ? copy_user_test_oob+0x557/0x10f0 [ 31.177150] kasan_report+0x141/0x180 [ 31.177174] ? copy_user_test_oob+0x557/0x10f0 [ 31.177203] kasan_check_range+0x10c/0x1c0 [ 31.177251] __kasan_check_write+0x18/0x20 [ 31.177275] copy_user_test_oob+0x557/0x10f0 [ 31.177314] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.177338] ? finish_task_switch.isra.0+0x153/0x700 [ 31.177360] ? __switch_to+0x47/0xf80 [ 31.177387] ? __schedule+0x10da/0x2b60 [ 31.177413] ? __pfx_read_tsc+0x10/0x10 [ 31.177436] ? ktime_get_ts64+0x86/0x230 [ 31.177463] kunit_try_run_case+0x1a5/0x480 [ 31.177489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.177512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.177538] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.177564] ? __kthread_parkme+0x82/0x180 [ 31.177596] ? preempt_count_sub+0x50/0x80 [ 31.177620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.177644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.177667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.177692] kthread+0x337/0x6f0 [ 31.177723] ? trace_preempt_on+0x20/0xc0 [ 31.177747] ? __pfx_kthread+0x10/0x10 [ 31.177768] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.177804] ? calculate_sigpending+0x7b/0xa0 [ 31.177828] ? __pfx_kthread+0x10/0x10 [ 31.177850] ret_from_fork+0x116/0x1d0 [ 31.177870] ? __pfx_kthread+0x10/0x10 [ 31.177900] ret_from_fork_asm+0x1a/0x30 [ 31.177943] </TASK> [ 31.177954] [ 31.185282] Allocated by task 333: [ 31.185452] kasan_save_stack+0x45/0x70 [ 31.185606] kasan_save_track+0x18/0x40 [ 31.185737] kasan_save_alloc_info+0x3b/0x50 [ 31.186025] __kasan_kmalloc+0xb7/0xc0 [ 31.186210] __kmalloc_noprof+0x1ca/0x510 [ 31.186431] kunit_kmalloc_array+0x25/0x60 [ 31.186656] copy_user_test_oob+0xab/0x10f0 [ 31.186870] kunit_try_run_case+0x1a5/0x480 [ 31.187069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.187312] kthread+0x337/0x6f0 [ 31.187485] ret_from_fork+0x116/0x1d0 [ 31.187652] ret_from_fork_asm+0x1a/0x30 [ 31.187863] [ 31.187958] The buggy address belongs to the object at ffff888105635400 [ 31.187958] which belongs to the cache kmalloc-128 of size 128 [ 31.188438] The buggy address is located 0 bytes inside of [ 31.188438] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.188934] [ 31.189048] The buggy address belongs to the physical page: [ 31.189264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.189547] flags: 0x200000000000000(node=0|zone=2) [ 31.189717] page_type: f5(slab) [ 31.189833] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.190309] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.190719] page dumped because: kasan: bad access detected [ 31.190893] [ 31.191061] Memory state around the buggy address: [ 31.191282] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.191598] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.191874] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.192204] ^ [ 31.192512] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.192809] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.193114] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 31.108663] ================================================================== [ 31.109149] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 31.109530] Read of size 121 at addr ffff888105635400 by task kunit_try_catch/333 [ 31.109870] [ 31.110000] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 31.110071] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 31.110088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.110112] Call Trace: [ 31.110126] <TASK> [ 31.110161] dump_stack_lvl+0x73/0xb0 [ 31.110218] print_report+0xd1/0x640 [ 31.110255] ? __virt_addr_valid+0x1db/0x2d0 [ 31.110281] ? _copy_to_user+0x3c/0x70 [ 31.110317] ? kasan_complete_mode_report_info+0x2a/0x200 [ 31.110343] ? _copy_to_user+0x3c/0x70 [ 31.110364] kasan_report+0x141/0x180 [ 31.110387] ? _copy_to_user+0x3c/0x70 [ 31.110411] kasan_check_range+0x10c/0x1c0 [ 31.110437] __kasan_check_read+0x15/0x20 [ 31.110460] _copy_to_user+0x3c/0x70 [ 31.110481] copy_user_test_oob+0x364/0x10f0 [ 31.110507] ? __pfx_copy_user_test_oob+0x10/0x10 [ 31.110531] ? finish_task_switch.isra.0+0x153/0x700 [ 31.110554] ? __switch_to+0x47/0xf80 [ 31.110590] ? __schedule+0x10da/0x2b60 [ 31.110617] ? __pfx_read_tsc+0x10/0x10 [ 31.110639] ? ktime_get_ts64+0x86/0x230 [ 31.110665] kunit_try_run_case+0x1a5/0x480 [ 31.110720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.110744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 31.110770] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.110807] ? __kthread_parkme+0x82/0x180 [ 31.110829] ? preempt_count_sub+0x50/0x80 [ 31.110854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.110878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.110902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.110926] kthread+0x337/0x6f0 [ 31.110949] ? trace_preempt_on+0x20/0xc0 [ 31.110974] ? __pfx_kthread+0x10/0x10 [ 31.110996] ? _raw_spin_unlock_irq+0x47/0x80 [ 31.111020] ? calculate_sigpending+0x7b/0xa0 [ 31.111045] ? __pfx_kthread+0x10/0x10 [ 31.111068] ret_from_fork+0x116/0x1d0 [ 31.111088] ? __pfx_kthread+0x10/0x10 [ 31.111110] ret_from_fork_asm+0x1a/0x30 [ 31.111142] </TASK> [ 31.111154] [ 31.119449] Allocated by task 333: [ 31.119682] kasan_save_stack+0x45/0x70 [ 31.119957] kasan_save_track+0x18/0x40 [ 31.120260] kasan_save_alloc_info+0x3b/0x50 [ 31.120451] __kasan_kmalloc+0xb7/0xc0 [ 31.120680] __kmalloc_noprof+0x1ca/0x510 [ 31.120921] kunit_kmalloc_array+0x25/0x60 [ 31.121092] copy_user_test_oob+0xab/0x10f0 [ 31.121231] kunit_try_run_case+0x1a5/0x480 [ 31.121367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.121740] kthread+0x337/0x6f0 [ 31.121917] ret_from_fork+0x116/0x1d0 [ 31.122205] ret_from_fork_asm+0x1a/0x30 [ 31.122441] [ 31.122596] The buggy address belongs to the object at ffff888105635400 [ 31.122596] which belongs to the cache kmalloc-128 of size 128 [ 31.123457] The buggy address is located 0 bytes inside of [ 31.123457] allocated 120-byte region [ffff888105635400, ffff888105635478) [ 31.123878] [ 31.123970] The buggy address belongs to the physical page: [ 31.124205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 31.124534] flags: 0x200000000000000(node=0|zone=2) [ 31.124702] page_type: f5(slab) [ 31.124973] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 31.125393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 31.125767] page dumped because: kasan: bad access detected [ 31.126038] [ 31.126148] Memory state around the buggy address: [ 31.126298] ffff888105635300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.126592] ffff888105635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.126930] >ffff888105635400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.127362] ^ [ 31.127770] ffff888105635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.128103] ffff888105635500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.128534] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 28.730800] ================================================================== [ 28.731224] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 28.731492] Read of size 1 at addr ffff8881061f7c3f by task kunit_try_catch/299 [ 28.731724] [ 28.731817] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.731874] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.731889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.731912] Call Trace: [ 28.731927] <TASK> [ 28.731947] dump_stack_lvl+0x73/0xb0 [ 28.731978] print_report+0xd1/0x640 [ 28.732005] ? __virt_addr_valid+0x1db/0x2d0 [ 28.732033] ? kasan_alloca_oob_left+0x320/0x380 [ 28.732055] ? kasan_addr_to_slab+0x11/0xa0 [ 28.732076] ? kasan_alloca_oob_left+0x320/0x380 [ 28.732098] kasan_report+0x141/0x180 [ 28.732121] ? kasan_alloca_oob_left+0x320/0x380 [ 28.732147] __asan_report_load1_noabort+0x18/0x20 [ 28.732172] kasan_alloca_oob_left+0x320/0x380 [ 28.732194] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.732218] ? finish_task_switch.isra.0+0x153/0x700 [ 28.732241] ? __wait_for_common+0x1fe/0x440 [ 28.732263] ? trace_hardirqs_on+0x37/0xe0 [ 28.732289] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 28.732313] ? __schedule+0x10da/0x2b60 [ 28.732337] ? __pfx_read_tsc+0x10/0x10 [ 28.732360] ? ktime_get_ts64+0x86/0x230 [ 28.732385] kunit_try_run_case+0x1a5/0x480 [ 28.732411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.732433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.732459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.732483] ? __kthread_parkme+0x82/0x180 [ 28.732505] ? preempt_count_sub+0x50/0x80 [ 28.732527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.732550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.733069] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.733116] kthread+0x337/0x6f0 [ 28.733475] ? trace_preempt_on+0x20/0xc0 [ 28.733503] ? __pfx_kthread+0x10/0x10 [ 28.733537] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.733562] ? calculate_sigpending+0x7b/0xa0 [ 28.733598] ? __pfx_kthread+0x10/0x10 [ 28.733620] ret_from_fork+0x116/0x1d0 [ 28.733640] ? __pfx_kthread+0x10/0x10 [ 28.733660] ret_from_fork_asm+0x1a/0x30 [ 28.733691] </TASK> [ 28.733702] [ 28.747861] The buggy address belongs to stack of task kunit_try_catch/299 [ 28.748278] [ 28.748363] The buggy address belongs to the physical page: [ 28.748647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061f7 [ 28.749260] flags: 0x200000000000000(node=0|zone=2) [ 28.749528] raw: 0200000000000000 ffffea0004187dc8 ffffea0004187dc8 0000000000000000 [ 28.749929] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.750319] page dumped because: kasan: bad access detected [ 28.750591] [ 28.750666] Memory state around the buggy address: [ 28.750994] ffff8881061f7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.751349] ffff8881061f7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.751633] >ffff8881061f7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 28.752049] ^ [ 28.752306] ffff8881061f7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 28.752623] ffff8881061f7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 28.752859] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 28.706050] ================================================================== [ 28.706667] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 28.707211] Read of size 1 at addr ffff8881049b7d02 by task kunit_try_catch/297 [ 28.707494] [ 28.707616] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.707667] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.707680] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.707703] Call Trace: [ 28.707716] <TASK> [ 28.707734] dump_stack_lvl+0x73/0xb0 [ 28.707764] print_report+0xd1/0x640 [ 28.708172] ? __virt_addr_valid+0x1db/0x2d0 [ 28.708207] ? kasan_stack_oob+0x2b5/0x300 [ 28.708228] ? kasan_addr_to_slab+0x11/0xa0 [ 28.708249] ? kasan_stack_oob+0x2b5/0x300 [ 28.708270] kasan_report+0x141/0x180 [ 28.708293] ? kasan_stack_oob+0x2b5/0x300 [ 28.708317] __asan_report_load1_noabort+0x18/0x20 [ 28.708341] kasan_stack_oob+0x2b5/0x300 [ 28.708361] ? __pfx_kasan_stack_oob+0x10/0x10 [ 28.708381] ? finish_task_switch.isra.0+0x153/0x700 [ 28.708403] ? __switch_to+0x47/0xf80 [ 28.708429] ? __schedule+0x10da/0x2b60 [ 28.708455] ? __pfx_read_tsc+0x10/0x10 [ 28.708478] ? ktime_get_ts64+0x86/0x230 [ 28.708502] kunit_try_run_case+0x1a5/0x480 [ 28.708528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.708550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.708587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.708612] ? __kthread_parkme+0x82/0x180 [ 28.708631] ? preempt_count_sub+0x50/0x80 [ 28.708654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.708677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.708700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.708723] kthread+0x337/0x6f0 [ 28.708743] ? trace_preempt_on+0x20/0xc0 [ 28.708767] ? __pfx_kthread+0x10/0x10 [ 28.708847] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.708872] ? calculate_sigpending+0x7b/0xa0 [ 28.708896] ? __pfx_kthread+0x10/0x10 [ 28.708919] ret_from_fork+0x116/0x1d0 [ 28.708939] ? __pfx_kthread+0x10/0x10 [ 28.708959] ret_from_fork_asm+0x1a/0x30 [ 28.708991] </TASK> [ 28.709002] [ 28.718670] The buggy address belongs to stack of task kunit_try_catch/297 [ 28.719591] and is located at offset 138 in frame: [ 28.719831] kasan_stack_oob+0x0/0x300 [ 28.720352] [ 28.720466] This frame has 4 objects: [ 28.720789] [48, 49) '__assertion' [ 28.720935] [64, 72) 'array' [ 28.721112] [96, 112) '__assertion' [ 28.721255] [128, 138) 'stack_array' [ 28.721455] [ 28.721954] The buggy address belongs to the physical page: [ 28.722466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049b7 [ 28.722970] flags: 0x200000000000000(node=0|zone=2) [ 28.723172] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 28.723677] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 28.724118] page dumped because: kasan: bad access detected [ 28.724347] [ 28.724445] Memory state around the buggy address: [ 28.724642] ffff8881049b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 28.724939] ffff8881049b7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 28.725689] >ffff8881049b7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 28.726166] ^ [ 28.726340] ffff8881049b7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 28.726635] ffff8881049b7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.726934] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 28.682505] ================================================================== [ 28.683313] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 28.683646] Read of size 1 at addr ffffffffab2cb00d by task kunit_try_catch/293 [ 28.684064] [ 28.684201] CPU: 0 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.684257] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.684271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.684294] Call Trace: [ 28.684308] <TASK> [ 28.684326] dump_stack_lvl+0x73/0xb0 [ 28.684356] print_report+0xd1/0x640 [ 28.684379] ? __virt_addr_valid+0x1db/0x2d0 [ 28.684405] ? kasan_global_oob_right+0x286/0x2d0 [ 28.684425] ? kasan_addr_to_slab+0x11/0xa0 [ 28.684446] ? kasan_global_oob_right+0x286/0x2d0 [ 28.684467] kasan_report+0x141/0x180 [ 28.684489] ? kasan_global_oob_right+0x286/0x2d0 [ 28.684515] __asan_report_load1_noabort+0x18/0x20 [ 28.684538] kasan_global_oob_right+0x286/0x2d0 [ 28.684560] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 28.684597] ? __schedule+0x10da/0x2b60 [ 28.684622] ? __pfx_read_tsc+0x10/0x10 [ 28.684643] ? ktime_get_ts64+0x86/0x230 [ 28.684668] kunit_try_run_case+0x1a5/0x480 [ 28.684694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.684716] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.684740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.684764] ? __kthread_parkme+0x82/0x180 [ 28.684828] ? preempt_count_sub+0x50/0x80 [ 28.684855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.684879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.684903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.684927] kthread+0x337/0x6f0 [ 28.684962] ? trace_preempt_on+0x20/0xc0 [ 28.684986] ? __pfx_kthread+0x10/0x10 [ 28.685006] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.685031] ? calculate_sigpending+0x7b/0xa0 [ 28.685054] ? __pfx_kthread+0x10/0x10 [ 28.685075] ret_from_fork+0x116/0x1d0 [ 28.685094] ? __pfx_kthread+0x10/0x10 [ 28.685114] ret_from_fork_asm+0x1a/0x30 [ 28.685145] </TASK> [ 28.685156] [ 28.694741] The buggy address belongs to the variable: [ 28.695337] global_array+0xd/0x40 [ 28.695533] [ 28.695701] The buggy address belongs to the physical page: [ 28.696219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13e2cb [ 28.696516] flags: 0x200000000002000(reserved|node=0|zone=2) [ 28.696942] raw: 0200000000002000 ffffea0004f8b2c8 ffffea0004f8b2c8 0000000000000000 [ 28.697260] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.697589] page dumped because: kasan: bad access detected [ 28.697819] [ 28.698144] Memory state around the buggy address: [ 28.698322] ffffffffab2caf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.698826] ffffffffab2caf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.699238] >ffffffffab2cb000: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 28.699523] ^ [ 28.699820] ffffffffab2cb080: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 28.700288] ffffffffab2cb100: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 28.700667] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 28.624110] ================================================================== [ 28.624502] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.624779] Free of addr ffff888105635001 by task kunit_try_catch/289 [ 28.625117] [ 28.625403] CPU: 0 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.625460] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.625475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.625498] Call Trace: [ 28.625510] <TASK> [ 28.625529] dump_stack_lvl+0x73/0xb0 [ 28.625558] print_report+0xd1/0x640 [ 28.625594] ? __virt_addr_valid+0x1db/0x2d0 [ 28.625622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.625648] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625674] kasan_report_invalid_free+0x10a/0x130 [ 28.625699] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625726] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625752] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625776] check_slab_allocation+0x11f/0x130 [ 28.625798] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.625821] mempool_free+0x490/0x640 [ 28.625848] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.625872] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.625898] ? ret_from_fork+0x116/0x1d0 [ 28.625972] ? kthread+0x337/0x6f0 [ 28.626005] ? ret_from_fork_asm+0x1a/0x30 [ 28.626053] ? mempool_alloc_preallocated+0x5b/0x90 [ 28.626080] mempool_kmalloc_invalid_free+0xed/0x140 [ 28.626106] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 28.626131] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.626153] ? __pfx_mempool_kfree+0x10/0x10 [ 28.626177] ? __pfx_read_tsc+0x10/0x10 [ 28.626200] ? ktime_get_ts64+0x86/0x230 [ 28.626226] kunit_try_run_case+0x1a5/0x480 [ 28.626252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.626300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.626324] ? __kthread_parkme+0x82/0x180 [ 28.626343] ? preempt_count_sub+0x50/0x80 [ 28.626366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.626390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.626413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.626436] kthread+0x337/0x6f0 [ 28.626455] ? trace_preempt_on+0x20/0xc0 [ 28.626478] ? __pfx_kthread+0x10/0x10 [ 28.626497] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.626521] ? calculate_sigpending+0x7b/0xa0 [ 28.626544] ? __pfx_kthread+0x10/0x10 [ 28.626565] ret_from_fork+0x116/0x1d0 [ 28.626592] ? __pfx_kthread+0x10/0x10 [ 28.626613] ret_from_fork_asm+0x1a/0x30 [ 28.626642] </TASK> [ 28.626654] [ 28.639420] Allocated by task 289: [ 28.639601] kasan_save_stack+0x45/0x70 [ 28.639748] kasan_save_track+0x18/0x40 [ 28.639881] kasan_save_alloc_info+0x3b/0x50 [ 28.640027] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.640209] remove_element+0x11e/0x190 [ 28.640488] mempool_alloc_preallocated+0x4d/0x90 [ 28.640793] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 28.641053] mempool_kmalloc_invalid_free+0xed/0x140 [ 28.641503] kunit_try_run_case+0x1a5/0x480 [ 28.641896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.642564] kthread+0x337/0x6f0 [ 28.643079] ret_from_fork+0x116/0x1d0 [ 28.643267] ret_from_fork_asm+0x1a/0x30 [ 28.643445] [ 28.643532] The buggy address belongs to the object at ffff888105635000 [ 28.643532] which belongs to the cache kmalloc-128 of size 128 [ 28.644778] The buggy address is located 1 bytes inside of [ 28.644778] 128-byte region [ffff888105635000, ffff888105635080) [ 28.645762] [ 28.645924] The buggy address belongs to the physical page: [ 28.646404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105635 [ 28.646758] flags: 0x200000000000000(node=0|zone=2) [ 28.647361] page_type: f5(slab) [ 28.647692] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.648771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.649228] page dumped because: kasan: bad access detected [ 28.649465] [ 28.649551] Memory state around the buggy address: [ 28.649721] ffff888105634f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.650052] ffff888105634f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.650587] >ffff888105635000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.650869] ^ [ 28.651500] ffff888105635080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.651985] ffff888105635100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.652285] ================================================================== [ 28.655468] ================================================================== [ 28.655940] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.656624] Free of addr ffff888104980001 by task kunit_try_catch/291 [ 28.657294] [ 28.657535] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.657616] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.657630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.657653] Call Trace: [ 28.657665] <TASK> [ 28.657684] dump_stack_lvl+0x73/0xb0 [ 28.657744] print_report+0xd1/0x640 [ 28.657769] ? __virt_addr_valid+0x1db/0x2d0 [ 28.657806] ? kasan_addr_to_slab+0x11/0xa0 [ 28.657827] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657852] kasan_report_invalid_free+0x10a/0x130 [ 28.657876] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657905] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.657928] __kasan_mempool_poison_object+0x102/0x1d0 [ 28.657952] mempool_free+0x490/0x640 [ 28.657980] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 28.658004] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 28.658030] ? dequeue_entities+0x23f/0x1630 [ 28.658054] ? __kasan_check_write+0x18/0x20 [ 28.658077] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.658097] ? finish_task_switch.isra.0+0x153/0x700 [ 28.658122] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 28.658146] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 28.658173] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.658195] ? __pfx_mempool_kfree+0x10/0x10 [ 28.658218] ? __pfx_read_tsc+0x10/0x10 [ 28.658240] ? ktime_get_ts64+0x86/0x230 [ 28.658264] kunit_try_run_case+0x1a5/0x480 [ 28.658290] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658313] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.658339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.658363] ? __kthread_parkme+0x82/0x180 [ 28.658383] ? preempt_count_sub+0x50/0x80 [ 28.658404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.658429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.658453] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.658475] kthread+0x337/0x6f0 [ 28.658495] ? trace_preempt_on+0x20/0xc0 [ 28.658519] ? __pfx_kthread+0x10/0x10 [ 28.658539] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.658562] ? calculate_sigpending+0x7b/0xa0 [ 28.658598] ? __pfx_kthread+0x10/0x10 [ 28.658620] ret_from_fork+0x116/0x1d0 [ 28.658640] ? __pfx_kthread+0x10/0x10 [ 28.658661] ret_from_fork_asm+0x1a/0x30 [ 28.658694] </TASK> [ 28.658706] [ 28.672749] The buggy address belongs to the physical page: [ 28.673437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104980 [ 28.673735] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.674478] flags: 0x200000000000040(head|node=0|zone=2) [ 28.674993] page_type: f8(unknown) [ 28.675407] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.676007] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.676237] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.676464] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.676719] head: 0200000000000002 ffffea0004126001 00000000ffffffff 00000000ffffffff [ 28.677026] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.677391] page dumped because: kasan: bad access detected [ 28.677651] [ 28.677740] Memory state around the buggy address: [ 28.677986] ffff88810497ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678265] ffff88810497ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.678514] >ffff888104980000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.678827] ^ [ 28.679031] ffff888104980080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.679285] ffff888104980100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.679553] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 28.573050] ================================================================== [ 28.573448] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 28.574121] Free of addr ffff88810614c000 by task kunit_try_catch/285 [ 28.574758] [ 28.575039] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.575105] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.575119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.575145] Call Trace: [ 28.575158] <TASK> [ 28.575181] dump_stack_lvl+0x73/0xb0 [ 28.575214] print_report+0xd1/0x640 [ 28.575238] ? __virt_addr_valid+0x1db/0x2d0 [ 28.575271] ? kasan_addr_to_slab+0x11/0xa0 [ 28.575291] ? mempool_double_free_helper+0x184/0x370 [ 28.575316] kasan_report_invalid_free+0x10a/0x130 [ 28.575341] ? mempool_double_free_helper+0x184/0x370 [ 28.575369] ? mempool_double_free_helper+0x184/0x370 [ 28.575390] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 28.575414] mempool_free+0x490/0x640 [ 28.575442] mempool_double_free_helper+0x184/0x370 [ 28.575466] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.575490] ? dequeue_entities+0x23f/0x1630 [ 28.575515] ? __kasan_check_write+0x18/0x20 [ 28.575537] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.575557] ? irqentry_exit+0x2a/0x60 [ 28.575590] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 28.575615] mempool_kmalloc_large_double_free+0xed/0x140 [ 28.575642] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 28.575669] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.575691] ? __pfx_mempool_kfree+0x10/0x10 [ 28.575714] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 28.575740] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 28.575766] kunit_try_run_case+0x1a5/0x480 [ 28.575848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575873] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.575899] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.575923] ? __kthread_parkme+0x82/0x180 [ 28.575945] ? preempt_count_sub+0x50/0x80 [ 28.575969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.575991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.576015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.576038] kthread+0x337/0x6f0 [ 28.576057] ? trace_preempt_on+0x20/0xc0 [ 28.576082] ? __pfx_kthread+0x10/0x10 [ 28.576102] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.576126] ? calculate_sigpending+0x7b/0xa0 [ 28.576150] ? __pfx_kthread+0x10/0x10 [ 28.576172] ret_from_fork+0x116/0x1d0 [ 28.576193] ? __pfx_kthread+0x10/0x10 [ 28.576213] ret_from_fork_asm+0x1a/0x30 [ 28.576246] </TASK> [ 28.576258] [ 28.589184] The buggy address belongs to the physical page: [ 28.589478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614c [ 28.590647] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.591118] flags: 0x200000000000040(head|node=0|zone=2) [ 28.591465] page_type: f8(unknown) [ 28.591616] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.592169] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.592556] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.593042] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.593486] head: 0200000000000002 ffffea0004185301 00000000ffffffff 00000000ffffffff [ 28.594054] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.594436] page dumped because: kasan: bad access detected [ 28.594705] [ 28.594863] Memory state around the buggy address: [ 28.595218] ffff88810614bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.595631] ffff88810614bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.596094] >ffff88810614c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.596425] ^ [ 28.596715] ffff88810614c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.597207] ffff88810614c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.597604] ================================================================== [ 28.601372] ================================================================== [ 28.601982] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 28.602281] Free of addr ffff888104980000 by task kunit_try_catch/287 [ 28.602567] [ 28.602670] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.602725] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.602738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.602762] Call Trace: [ 28.602774] <TASK> [ 28.602838] dump_stack_lvl+0x73/0xb0 [ 28.602874] print_report+0xd1/0x640 [ 28.602898] ? __virt_addr_valid+0x1db/0x2d0 [ 28.602940] ? kasan_addr_to_slab+0x11/0xa0 [ 28.602960] ? mempool_double_free_helper+0x184/0x370 [ 28.602985] kasan_report_invalid_free+0x10a/0x130 [ 28.603008] ? mempool_double_free_helper+0x184/0x370 [ 28.603034] ? mempool_double_free_helper+0x184/0x370 [ 28.603057] __kasan_mempool_poison_pages+0x115/0x130 [ 28.603080] mempool_free+0x430/0x640 [ 28.603108] mempool_double_free_helper+0x184/0x370 [ 28.603131] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.603155] ? dequeue_entities+0x23f/0x1630 [ 28.603180] ? __kasan_check_write+0x18/0x20 [ 28.603203] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.603224] ? finish_task_switch.isra.0+0x153/0x700 [ 28.603257] mempool_page_alloc_double_free+0xe8/0x140 [ 28.603282] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 28.603309] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 28.603333] ? __pfx_mempool_free_pages+0x10/0x10 [ 28.603358] ? __pfx_read_tsc+0x10/0x10 [ 28.603380] ? ktime_get_ts64+0x86/0x230 [ 28.603405] kunit_try_run_case+0x1a5/0x480 [ 28.603431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.603453] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.603478] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.603503] ? __kthread_parkme+0x82/0x180 [ 28.603523] ? preempt_count_sub+0x50/0x80 [ 28.603545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.603569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.603602] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.603625] kthread+0x337/0x6f0 [ 28.603644] ? trace_preempt_on+0x20/0xc0 [ 28.603668] ? __pfx_kthread+0x10/0x10 [ 28.603688] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.603710] ? calculate_sigpending+0x7b/0xa0 [ 28.603734] ? __pfx_kthread+0x10/0x10 [ 28.603755] ret_from_fork+0x116/0x1d0 [ 28.603774] ? __pfx_kthread+0x10/0x10 [ 28.603873] ret_from_fork_asm+0x1a/0x30 [ 28.603907] </TASK> [ 28.603930] [ 28.615671] The buggy address belongs to the physical page: [ 28.615899] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104980 [ 28.616343] flags: 0x200000000000000(node=0|zone=2) [ 28.616571] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.617264] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.617543] page dumped because: kasan: bad access detected [ 28.617883] [ 28.618144] Memory state around the buggy address: [ 28.618348] ffff88810497ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.618672] ffff88810497ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.619215] >ffff888104980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.619525] ^ [ 28.619671] ffff888104980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.620255] ffff888104980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.620555] ================================================================== [ 28.534130] ================================================================== [ 28.534570] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 28.534901] Free of addr ffff88810604d000 by task kunit_try_catch/283 [ 28.535795] [ 28.535979] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.536039] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.536052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.536076] Call Trace: [ 28.536090] <TASK> [ 28.536130] dump_stack_lvl+0x73/0xb0 [ 28.536167] print_report+0xd1/0x640 [ 28.536191] ? __virt_addr_valid+0x1db/0x2d0 [ 28.536219] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.536244] ? mempool_double_free_helper+0x184/0x370 [ 28.536268] kasan_report_invalid_free+0x10a/0x130 [ 28.536292] ? mempool_double_free_helper+0x184/0x370 [ 28.536317] ? mempool_double_free_helper+0x184/0x370 [ 28.536340] ? mempool_double_free_helper+0x184/0x370 [ 28.536363] check_slab_allocation+0x101/0x130 [ 28.536384] __kasan_mempool_poison_object+0x91/0x1d0 [ 28.536408] mempool_free+0x490/0x640 [ 28.536436] mempool_double_free_helper+0x184/0x370 [ 28.536460] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 28.536484] ? dequeue_entities+0x23f/0x1630 [ 28.536509] ? __kasan_check_write+0x18/0x20 [ 28.536532] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.536553] ? finish_task_switch.isra.0+0x153/0x700 [ 28.536594] mempool_kmalloc_double_free+0xed/0x140 [ 28.536617] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 28.536644] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.536666] ? __pfx_mempool_kfree+0x10/0x10 [ 28.536691] ? __pfx_read_tsc+0x10/0x10 [ 28.536712] ? ktime_get_ts64+0x86/0x230 [ 28.536738] kunit_try_run_case+0x1a5/0x480 [ 28.536765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.536787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.536813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.536838] ? __kthread_parkme+0x82/0x180 [ 28.536859] ? preempt_count_sub+0x50/0x80 [ 28.536883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.536906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.537024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.537052] kthread+0x337/0x6f0 [ 28.537073] ? trace_preempt_on+0x20/0xc0 [ 28.537098] ? __pfx_kthread+0x10/0x10 [ 28.537119] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.537143] ? calculate_sigpending+0x7b/0xa0 [ 28.537167] ? __pfx_kthread+0x10/0x10 [ 28.537188] ret_from_fork+0x116/0x1d0 [ 28.537208] ? __pfx_kthread+0x10/0x10 [ 28.537229] ret_from_fork_asm+0x1a/0x30 [ 28.537260] </TASK> [ 28.537271] [ 28.551061] Allocated by task 283: [ 28.551213] kasan_save_stack+0x45/0x70 [ 28.551410] kasan_save_track+0x18/0x40 [ 28.551595] kasan_save_alloc_info+0x3b/0x50 [ 28.551766] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.552020] remove_element+0x11e/0x190 [ 28.552341] mempool_alloc_preallocated+0x4d/0x90 [ 28.552557] mempool_double_free_helper+0x8a/0x370 [ 28.553491] mempool_kmalloc_double_free+0xed/0x140 [ 28.553741] kunit_try_run_case+0x1a5/0x480 [ 28.553884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.554733] kthread+0x337/0x6f0 [ 28.555087] ret_from_fork+0x116/0x1d0 [ 28.555258] ret_from_fork_asm+0x1a/0x30 [ 28.555431] [ 28.555511] Freed by task 283: [ 28.555659] kasan_save_stack+0x45/0x70 [ 28.555877] kasan_save_track+0x18/0x40 [ 28.556211] kasan_save_free_info+0x3f/0x60 [ 28.556394] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.556619] mempool_free+0x490/0x640 [ 28.557361] mempool_double_free_helper+0x109/0x370 [ 28.557652] mempool_kmalloc_double_free+0xed/0x140 [ 28.558436] kunit_try_run_case+0x1a5/0x480 [ 28.558726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.559238] kthread+0x337/0x6f0 [ 28.559547] ret_from_fork+0x116/0x1d0 [ 28.559743] ret_from_fork_asm+0x1a/0x30 [ 28.560374] [ 28.560503] The buggy address belongs to the object at ffff88810604d000 [ 28.560503] which belongs to the cache kmalloc-128 of size 128 [ 28.561498] The buggy address is located 0 bytes inside of [ 28.561498] 128-byte region [ffff88810604d000, ffff88810604d080) [ 28.562225] [ 28.562328] The buggy address belongs to the physical page: [ 28.562562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604d [ 28.563448] flags: 0x200000000000000(node=0|zone=2) [ 28.563778] page_type: f5(slab) [ 28.564248] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.564774] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.565254] page dumped because: kasan: bad access detected [ 28.565487] [ 28.565580] Memory state around the buggy address: [ 28.566463] ffff88810604cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.567119] ffff88810604cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.567419] >ffff88810604d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.567711] ^ [ 28.567939] ffff88810604d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.568225] ffff88810604d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.568502] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 28.509537] ================================================================== [ 28.510020] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.510507] Read of size 1 at addr ffff88810614c000 by task kunit_try_catch/281 [ 28.510765] [ 28.510865] CPU: 0 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.511320] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.511343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.511367] Call Trace: [ 28.511381] <TASK> [ 28.511401] dump_stack_lvl+0x73/0xb0 [ 28.511539] print_report+0xd1/0x640 [ 28.511566] ? __virt_addr_valid+0x1db/0x2d0 [ 28.511605] ? mempool_uaf_helper+0x392/0x400 [ 28.511627] ? kasan_addr_to_slab+0x11/0xa0 [ 28.511648] ? mempool_uaf_helper+0x392/0x400 [ 28.511671] kasan_report+0x141/0x180 [ 28.511693] ? mempool_uaf_helper+0x392/0x400 [ 28.511719] __asan_report_load1_noabort+0x18/0x20 [ 28.511744] mempool_uaf_helper+0x392/0x400 [ 28.511767] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.511799] ? dequeue_entities+0x23f/0x1630 [ 28.511825] ? __kasan_check_write+0x18/0x20 [ 28.511849] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.511873] ? finish_task_switch.isra.0+0x153/0x700 [ 28.511898] mempool_page_alloc_uaf+0xed/0x140 [ 28.511929] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 28.511955] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 28.511980] ? __pfx_mempool_free_pages+0x10/0x10 [ 28.512006] ? __pfx_read_tsc+0x10/0x10 [ 28.512030] ? ktime_get_ts64+0x86/0x230 [ 28.512054] kunit_try_run_case+0x1a5/0x480 [ 28.512081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.512104] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.512130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.512155] ? __kthread_parkme+0x82/0x180 [ 28.512175] ? preempt_count_sub+0x50/0x80 [ 28.512198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.512222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.512246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.512269] kthread+0x337/0x6f0 [ 28.512289] ? trace_preempt_on+0x20/0xc0 [ 28.512314] ? __pfx_kthread+0x10/0x10 [ 28.512334] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.512357] ? calculate_sigpending+0x7b/0xa0 [ 28.512381] ? __pfx_kthread+0x10/0x10 [ 28.512403] ret_from_fork+0x116/0x1d0 [ 28.512423] ? __pfx_kthread+0x10/0x10 [ 28.512443] ret_from_fork_asm+0x1a/0x30 [ 28.512475] </TASK> [ 28.512486] [ 28.523951] The buggy address belongs to the physical page: [ 28.524343] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614c [ 28.524693] flags: 0x200000000000000(node=0|zone=2) [ 28.525124] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 28.525515] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 28.525803] page dumped because: kasan: bad access detected [ 28.526247] [ 28.526322] Memory state around the buggy address: [ 28.526552] ffff88810614bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.526831] ffff88810614bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.527119] >ffff88810614c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.527401] ^ [ 28.527544] ffff88810614c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.527836] ffff88810614c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.528650] ================================================================== [ 28.433294] ================================================================== [ 28.434289] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.434598] Read of size 1 at addr ffff88810617c000 by task kunit_try_catch/277 [ 28.434894] [ 28.435380] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.435444] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.435683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.435708] Call Trace: [ 28.435723] <TASK> [ 28.435743] dump_stack_lvl+0x73/0xb0 [ 28.435778] print_report+0xd1/0x640 [ 28.435881] ? __virt_addr_valid+0x1db/0x2d0 [ 28.435911] ? mempool_uaf_helper+0x392/0x400 [ 28.435934] ? kasan_addr_to_slab+0x11/0xa0 [ 28.435955] ? mempool_uaf_helper+0x392/0x400 [ 28.435978] kasan_report+0x141/0x180 [ 28.436000] ? mempool_uaf_helper+0x392/0x400 [ 28.436027] __asan_report_load1_noabort+0x18/0x20 [ 28.436051] mempool_uaf_helper+0x392/0x400 [ 28.436074] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.436097] ? dequeue_entities+0x23f/0x1630 [ 28.436122] ? __kasan_check_write+0x18/0x20 [ 28.436146] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.436168] ? finish_task_switch.isra.0+0x153/0x700 [ 28.436196] mempool_kmalloc_large_uaf+0xef/0x140 [ 28.436219] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 28.436246] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.436270] ? __pfx_mempool_kfree+0x10/0x10 [ 28.436295] ? __pfx_read_tsc+0x10/0x10 [ 28.436318] ? ktime_get_ts64+0x86/0x230 [ 28.436344] kunit_try_run_case+0x1a5/0x480 [ 28.436371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.436394] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.436421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.436446] ? __kthread_parkme+0x82/0x180 [ 28.436467] ? preempt_count_sub+0x50/0x80 [ 28.436490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.436514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.436538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.436562] kthread+0x337/0x6f0 [ 28.436596] ? trace_preempt_on+0x20/0xc0 [ 28.436622] ? __pfx_kthread+0x10/0x10 [ 28.436645] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.436668] ? calculate_sigpending+0x7b/0xa0 [ 28.436692] ? __pfx_kthread+0x10/0x10 [ 28.436715] ret_from_fork+0x116/0x1d0 [ 28.436735] ? __pfx_kthread+0x10/0x10 [ 28.436757] ret_from_fork_asm+0x1a/0x30 [ 28.436834] </TASK> [ 28.436847] [ 28.449082] The buggy address belongs to the physical page: [ 28.449768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10617c [ 28.450264] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.450663] flags: 0x200000000000040(head|node=0|zone=2) [ 28.451072] page_type: f8(unknown) [ 28.451248] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.451895] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.452315] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.452705] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.453177] head: 0200000000000002 ffffea0004185f01 00000000ffffffff 00000000ffffffff [ 28.453455] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.453794] page dumped because: kasan: bad access detected [ 28.454025] [ 28.454403] Memory state around the buggy address: [ 28.454613] ffff88810617bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.454939] ffff88810617bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.455585] >ffff88810617c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.455943] ^ [ 28.456069] ffff88810617c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.456365] ffff88810617c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.456659] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 28.401503] ================================================================== [ 28.401971] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.402653] Read of size 1 at addr ffff888105454c00 by task kunit_try_catch/275 [ 28.403328] [ 28.403449] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.403758] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.403776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.403818] Call Trace: [ 28.403832] <TASK> [ 28.403854] dump_stack_lvl+0x73/0xb0 [ 28.403888] print_report+0xd1/0x640 [ 28.403911] ? __virt_addr_valid+0x1db/0x2d0 [ 28.403953] ? mempool_uaf_helper+0x392/0x400 [ 28.403975] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.404001] ? mempool_uaf_helper+0x392/0x400 [ 28.404024] kasan_report+0x141/0x180 [ 28.404046] ? mempool_uaf_helper+0x392/0x400 [ 28.404072] __asan_report_load1_noabort+0x18/0x20 [ 28.404097] mempool_uaf_helper+0x392/0x400 [ 28.404120] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.404146] ? finish_task_switch.isra.0+0x153/0x700 [ 28.404171] mempool_kmalloc_uaf+0xef/0x140 [ 28.404193] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 28.404218] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.404243] ? __pfx_mempool_kfree+0x10/0x10 [ 28.404267] ? __pfx_read_tsc+0x10/0x10 [ 28.404290] ? ktime_get_ts64+0x86/0x230 [ 28.404316] kunit_try_run_case+0x1a5/0x480 [ 28.404344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.404392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.404417] ? __kthread_parkme+0x82/0x180 [ 28.404438] ? preempt_count_sub+0x50/0x80 [ 28.404462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.404509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.404532] kthread+0x337/0x6f0 [ 28.404552] ? trace_preempt_on+0x20/0xc0 [ 28.404586] ? __pfx_kthread+0x10/0x10 [ 28.404606] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.404629] ? calculate_sigpending+0x7b/0xa0 [ 28.404653] ? __pfx_kthread+0x10/0x10 [ 28.404674] ret_from_fork+0x116/0x1d0 [ 28.404694] ? __pfx_kthread+0x10/0x10 [ 28.404714] ret_from_fork_asm+0x1a/0x30 [ 28.404745] </TASK> [ 28.404756] [ 28.415101] Allocated by task 275: [ 28.415245] kasan_save_stack+0x45/0x70 [ 28.415398] kasan_save_track+0x18/0x40 [ 28.415641] kasan_save_alloc_info+0x3b/0x50 [ 28.415990] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.416311] remove_element+0x11e/0x190 [ 28.416550] mempool_alloc_preallocated+0x4d/0x90 [ 28.416743] mempool_uaf_helper+0x96/0x400 [ 28.417284] mempool_kmalloc_uaf+0xef/0x140 [ 28.417540] kunit_try_run_case+0x1a5/0x480 [ 28.417758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.418033] kthread+0x337/0x6f0 [ 28.418349] ret_from_fork+0x116/0x1d0 [ 28.418672] ret_from_fork_asm+0x1a/0x30 [ 28.418922] [ 28.419000] Freed by task 275: [ 28.419106] kasan_save_stack+0x45/0x70 [ 28.419237] kasan_save_track+0x18/0x40 [ 28.419368] kasan_save_free_info+0x3f/0x60 [ 28.419552] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.419813] mempool_free+0x490/0x640 [ 28.420144] mempool_uaf_helper+0x11a/0x400 [ 28.420353] mempool_kmalloc_uaf+0xef/0x140 [ 28.420550] kunit_try_run_case+0x1a5/0x480 [ 28.420764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.421262] kthread+0x337/0x6f0 [ 28.421429] ret_from_fork+0x116/0x1d0 [ 28.421552] ret_from_fork_asm+0x1a/0x30 [ 28.421692] [ 28.421757] The buggy address belongs to the object at ffff888105454c00 [ 28.421757] which belongs to the cache kmalloc-128 of size 128 [ 28.422216] The buggy address is located 0 bytes inside of [ 28.422216] freed 128-byte region [ffff888105454c00, ffff888105454c80) [ 28.422794] [ 28.422878] The buggy address belongs to the physical page: [ 28.423075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 28.423356] flags: 0x200000000000000(node=0|zone=2) [ 28.423701] page_type: f5(slab) [ 28.423873] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.424282] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.425029] page dumped because: kasan: bad access detected [ 28.425304] [ 28.425391] Memory state around the buggy address: [ 28.425661] ffff888105454b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.426284] ffff888105454b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.426561] >ffff888105454c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.426767] ^ [ 28.427048] ffff888105454c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.427419] ffff888105454d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.427741] ================================================================== [ 28.462444] ================================================================== [ 28.462891] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 28.463132] Read of size 1 at addr ffff88810604d240 by task kunit_try_catch/279 [ 28.463356] [ 28.463442] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.463495] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.463510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.463533] Call Trace: [ 28.463545] <TASK> [ 28.463564] dump_stack_lvl+0x73/0xb0 [ 28.464461] print_report+0xd1/0x640 [ 28.464489] ? __virt_addr_valid+0x1db/0x2d0 [ 28.464517] ? mempool_uaf_helper+0x392/0x400 [ 28.464539] ? kasan_complete_mode_report_info+0x64/0x200 [ 28.464565] ? mempool_uaf_helper+0x392/0x400 [ 28.464601] kasan_report+0x141/0x180 [ 28.464623] ? mempool_uaf_helper+0x392/0x400 [ 28.464651] __asan_report_load1_noabort+0x18/0x20 [ 28.464675] mempool_uaf_helper+0x392/0x400 [ 28.464698] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 28.464723] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.464745] ? finish_task_switch.isra.0+0x153/0x700 [ 28.464779] mempool_slab_uaf+0xea/0x140 [ 28.464801] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 28.464825] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 28.464851] ? __pfx_mempool_free_slab+0x10/0x10 [ 28.464877] ? __pfx_read_tsc+0x10/0x10 [ 28.464899] ? ktime_get_ts64+0x86/0x230 [ 28.464925] kunit_try_run_case+0x1a5/0x480 [ 28.464952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.464974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.465000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.465025] ? __kthread_parkme+0x82/0x180 [ 28.465046] ? preempt_count_sub+0x50/0x80 [ 28.465069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.465093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.465117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.465141] kthread+0x337/0x6f0 [ 28.465162] ? trace_preempt_on+0x20/0xc0 [ 28.465187] ? __pfx_kthread+0x10/0x10 [ 28.465207] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.465230] ? calculate_sigpending+0x7b/0xa0 [ 28.465255] ? __pfx_kthread+0x10/0x10 [ 28.465276] ret_from_fork+0x116/0x1d0 [ 28.465296] ? __pfx_kthread+0x10/0x10 [ 28.465316] ret_from_fork_asm+0x1a/0x30 [ 28.465349] </TASK> [ 28.465360] [ 28.479919] Allocated by task 279: [ 28.480439] kasan_save_stack+0x45/0x70 [ 28.480680] kasan_save_track+0x18/0x40 [ 28.480929] kasan_save_alloc_info+0x3b/0x50 [ 28.481304] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 28.481557] remove_element+0x11e/0x190 [ 28.481759] mempool_alloc_preallocated+0x4d/0x90 [ 28.482375] mempool_uaf_helper+0x96/0x400 [ 28.482561] mempool_slab_uaf+0xea/0x140 [ 28.482959] kunit_try_run_case+0x1a5/0x480 [ 28.483246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.483497] kthread+0x337/0x6f0 [ 28.483659] ret_from_fork+0x116/0x1d0 [ 28.484086] ret_from_fork_asm+0x1a/0x30 [ 28.484275] [ 28.484439] Freed by task 279: [ 28.484631] kasan_save_stack+0x45/0x70 [ 28.484837] kasan_save_track+0x18/0x40 [ 28.485276] kasan_save_free_info+0x3f/0x60 [ 28.485440] __kasan_mempool_poison_object+0x131/0x1d0 [ 28.485699] mempool_free+0x490/0x640 [ 28.485867] mempool_uaf_helper+0x11a/0x400 [ 28.486420] mempool_slab_uaf+0xea/0x140 [ 28.486584] kunit_try_run_case+0x1a5/0x480 [ 28.486790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.487247] kthread+0x337/0x6f0 [ 28.487547] ret_from_fork+0x116/0x1d0 [ 28.487709] ret_from_fork_asm+0x1a/0x30 [ 28.487996] [ 28.488227] The buggy address belongs to the object at ffff88810604d240 [ 28.488227] which belongs to the cache test_cache of size 123 [ 28.488731] The buggy address is located 0 bytes inside of [ 28.488731] freed 123-byte region [ffff88810604d240, ffff88810604d2bb) [ 28.489408] [ 28.489588] The buggy address belongs to the physical page: [ 28.490157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10604d [ 28.490608] flags: 0x200000000000000(node=0|zone=2) [ 28.490839] page_type: f5(slab) [ 28.491124] raw: 0200000000000000 ffff888100fbe8c0 dead000000000122 0000000000000000 [ 28.491441] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.491760] page dumped because: kasan: bad access detected [ 28.492034] [ 28.492449] Memory state around the buggy address: [ 28.492668] ffff88810604d100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.493165] ffff88810604d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.493549] >ffff88810604d200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 28.493828] ^ [ 28.494350] ffff88810604d280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.494750] ffff88810604d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.495257] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 28.306480] ================================================================== [ 28.306956] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.307316] Read of size 1 at addr ffff888104c4ac73 by task kunit_try_catch/269 [ 28.308007] [ 28.308143] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.308279] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.308380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.308427] Call Trace: [ 28.308441] <TASK> [ 28.308463] dump_stack_lvl+0x73/0xb0 [ 28.308518] print_report+0xd1/0x640 [ 28.308542] ? __virt_addr_valid+0x1db/0x2d0 [ 28.308569] ? mempool_oob_right_helper+0x318/0x380 [ 28.308602] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.308628] ? mempool_oob_right_helper+0x318/0x380 [ 28.308652] kasan_report+0x141/0x180 [ 28.308674] ? mempool_oob_right_helper+0x318/0x380 [ 28.308703] __asan_report_load1_noabort+0x18/0x20 [ 28.308727] mempool_oob_right_helper+0x318/0x380 [ 28.308752] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.308776] ? dequeue_entities+0x23f/0x1630 [ 28.308928] ? __kasan_check_write+0x18/0x20 [ 28.308953] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.308975] ? finish_task_switch.isra.0+0x153/0x700 [ 28.309002] mempool_kmalloc_oob_right+0xf2/0x150 [ 28.309026] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 28.309053] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.309078] ? __pfx_mempool_kfree+0x10/0x10 [ 28.309105] ? __pfx_read_tsc+0x10/0x10 [ 28.309127] ? ktime_get_ts64+0x86/0x230 [ 28.309153] kunit_try_run_case+0x1a5/0x480 [ 28.309180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.309202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.309229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.309254] ? __kthread_parkme+0x82/0x180 [ 28.309275] ? preempt_count_sub+0x50/0x80 [ 28.309298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.309322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.309345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.309369] kthread+0x337/0x6f0 [ 28.309391] ? trace_preempt_on+0x20/0xc0 [ 28.309416] ? __pfx_kthread+0x10/0x10 [ 28.309437] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.309460] ? calculate_sigpending+0x7b/0xa0 [ 28.309485] ? __pfx_kthread+0x10/0x10 [ 28.309508] ret_from_fork+0x116/0x1d0 [ 28.309528] ? __pfx_kthread+0x10/0x10 [ 28.309549] ret_from_fork_asm+0x1a/0x30 [ 28.309594] </TASK> [ 28.309604] [ 28.321718] Allocated by task 269: [ 28.321962] kasan_save_stack+0x45/0x70 [ 28.322638] kasan_save_track+0x18/0x40 [ 28.322785] kasan_save_alloc_info+0x3b/0x50 [ 28.323187] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 28.323506] remove_element+0x11e/0x190 [ 28.323859] mempool_alloc_preallocated+0x4d/0x90 [ 28.324093] mempool_oob_right_helper+0x8a/0x380 [ 28.324448] mempool_kmalloc_oob_right+0xf2/0x150 [ 28.324836] kunit_try_run_case+0x1a5/0x480 [ 28.325093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.325463] kthread+0x337/0x6f0 [ 28.325726] ret_from_fork+0x116/0x1d0 [ 28.325869] ret_from_fork_asm+0x1a/0x30 [ 28.326398] [ 28.326481] The buggy address belongs to the object at ffff888104c4ac00 [ 28.326481] which belongs to the cache kmalloc-128 of size 128 [ 28.327235] The buggy address is located 0 bytes to the right of [ 28.327235] allocated 115-byte region [ffff888104c4ac00, ffff888104c4ac73) [ 28.328101] [ 28.328270] The buggy address belongs to the physical page: [ 28.328545] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 28.329089] flags: 0x200000000000000(node=0|zone=2) [ 28.329408] page_type: f5(slab) [ 28.329614] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.330166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.330456] page dumped because: kasan: bad access detected [ 28.330720] [ 28.330794] Memory state around the buggy address: [ 28.331658] ffff888104c4ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.332152] ffff888104c4ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.332524] >ffff888104c4ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.332966] ^ [ 28.333379] ffff888104c4ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.333697] ffff888104c4ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 28.334174] ================================================================== [ 28.338483] ================================================================== [ 28.339278] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.339665] Read of size 1 at addr ffff88810614a001 by task kunit_try_catch/271 [ 28.340236] [ 28.340352] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.340411] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.340426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.340448] Call Trace: [ 28.340462] <TASK> [ 28.340485] dump_stack_lvl+0x73/0xb0 [ 28.340518] print_report+0xd1/0x640 [ 28.340543] ? __virt_addr_valid+0x1db/0x2d0 [ 28.340570] ? mempool_oob_right_helper+0x318/0x380 [ 28.340604] ? kasan_addr_to_slab+0x11/0xa0 [ 28.340625] ? mempool_oob_right_helper+0x318/0x380 [ 28.340647] kasan_report+0x141/0x180 [ 28.340669] ? mempool_oob_right_helper+0x318/0x380 [ 28.340698] __asan_report_load1_noabort+0x18/0x20 [ 28.340721] mempool_oob_right_helper+0x318/0x380 [ 28.340746] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.340770] ? dequeue_entities+0x23f/0x1630 [ 28.340809] ? __kasan_check_write+0x18/0x20 [ 28.340832] ? __pfx_sched_clock_cpu+0x10/0x10 [ 28.340856] ? finish_task_switch.isra.0+0x153/0x700 [ 28.340884] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 28.340907] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 28.340934] ? __pfx_mempool_kmalloc+0x10/0x10 [ 28.340960] ? __pfx_mempool_kfree+0x10/0x10 [ 28.340985] ? __pfx_read_tsc+0x10/0x10 [ 28.341008] ? ktime_get_ts64+0x86/0x230 [ 28.341033] kunit_try_run_case+0x1a5/0x480 [ 28.341061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.341083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.341109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.341133] ? __kthread_parkme+0x82/0x180 [ 28.341154] ? preempt_count_sub+0x50/0x80 [ 28.341177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.341200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.341223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.341247] kthread+0x337/0x6f0 [ 28.341266] ? trace_preempt_on+0x20/0xc0 [ 28.341291] ? __pfx_kthread+0x10/0x10 [ 28.341311] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.341334] ? calculate_sigpending+0x7b/0xa0 [ 28.341358] ? __pfx_kthread+0x10/0x10 [ 28.341379] ret_from_fork+0x116/0x1d0 [ 28.341399] ? __pfx_kthread+0x10/0x10 [ 28.341420] ret_from_fork_asm+0x1a/0x30 [ 28.341452] </TASK> [ 28.341462] [ 28.351412] The buggy address belongs to the physical page: [ 28.351646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106148 [ 28.352065] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.352370] flags: 0x200000000000040(head|node=0|zone=2) [ 28.352551] page_type: f8(unknown) [ 28.352831] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.353294] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.353596] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 28.353823] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 28.354383] head: 0200000000000002 ffffea0004185201 00000000ffffffff 00000000ffffffff [ 28.354833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 28.355495] page dumped because: kasan: bad access detected [ 28.355752] [ 28.355818] Memory state around the buggy address: [ 28.356476] ffff888106149f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.356746] ffff888106149f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.357364] >ffff88810614a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.357674] ^ [ 28.357824] ffff88810614a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.358380] ffff88810614a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.358773] ================================================================== [ 28.363414] ================================================================== [ 28.364054] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 28.364353] Read of size 1 at addr ffff88810546d2bb by task kunit_try_catch/273 [ 28.364662] [ 28.364770] CPU: 0 UID: 0 PID: 273 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 28.364825] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 28.364839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.364861] Call Trace: [ 28.364874] <TASK> [ 28.364893] dump_stack_lvl+0x73/0xb0 [ 28.365326] print_report+0xd1/0x640 [ 28.365363] ? __virt_addr_valid+0x1db/0x2d0 [ 28.365390] ? mempool_oob_right_helper+0x318/0x380 [ 28.365530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.365556] ? mempool_oob_right_helper+0x318/0x380 [ 28.365591] kasan_report+0x141/0x180 [ 28.365614] ? mempool_oob_right_helper+0x318/0x380 [ 28.365642] __asan_report_load1_noabort+0x18/0x20 [ 28.365666] mempool_oob_right_helper+0x318/0x380 [ 28.365691] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 28.365967] ? finish_task_switch.isra.0+0x153/0x700 [ 28.366002] mempool_slab_oob_right+0xed/0x140 [ 28.366027] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 28.366054] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 28.366078] ? __pfx_mempool_free_slab+0x10/0x10 [ 28.366103] ? __pfx_read_tsc+0x10/0x10 [ 28.366125] ? ktime_get_ts64+0x86/0x230 [ 28.366151] kunit_try_run_case+0x1a5/0x480 [ 28.366177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.366199] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.366226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.366251] ? __kthread_parkme+0x82/0x180 [ 28.366272] ? preempt_count_sub+0x50/0x80 [ 28.366294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.366319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.366342] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.366365] kthread+0x337/0x6f0 [ 28.366384] ? trace_preempt_on+0x20/0xc0 [ 28.366408] ? __pfx_kthread+0x10/0x10 [ 28.366427] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.366450] ? calculate_sigpending+0x7b/0xa0 [ 28.366474] ? __pfx_kthread+0x10/0x10 [ 28.366495] ret_from_fork+0x116/0x1d0 [ 28.366514] ? __pfx_kthread+0x10/0x10 [ 28.366535] ret_from_fork_asm+0x1a/0x30 [ 28.366566] </TASK> [ 28.366591] [ 28.377533] Allocated by task 273: [ 28.377964] kasan_save_stack+0x45/0x70 [ 28.378370] kasan_save_track+0x18/0x40 [ 28.378551] kasan_save_alloc_info+0x3b/0x50 [ 28.378750] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 28.379365] remove_element+0x11e/0x190 [ 28.379538] mempool_alloc_preallocated+0x4d/0x90 [ 28.380015] mempool_oob_right_helper+0x8a/0x380 [ 28.380315] mempool_slab_oob_right+0xed/0x140 [ 28.380521] kunit_try_run_case+0x1a5/0x480 [ 28.380876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.381313] kthread+0x337/0x6f0 [ 28.381465] ret_from_fork+0x116/0x1d0 [ 28.381735] ret_from_fork_asm+0x1a/0x30 [ 28.381913] [ 28.382232] The buggy address belongs to the object at ffff88810546d240 [ 28.382232] which belongs to the cache test_cache of size 123 [ 28.382932] The buggy address is located 0 bytes to the right of [ 28.382932] allocated 123-byte region [ffff88810546d240, ffff88810546d2bb) [ 28.383470] [ 28.383564] The buggy address belongs to the physical page: [ 28.383810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10546d [ 28.384535] flags: 0x200000000000000(node=0|zone=2) [ 28.384920] page_type: f5(slab) [ 28.385167] raw: 0200000000000000 ffff888101d87a00 dead000000000122 0000000000000000 [ 28.385616] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 28.386174] page dumped because: kasan: bad access detected [ 28.386364] [ 28.386454] Memory state around the buggy address: [ 28.386897] ffff88810546d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.387198] ffff88810546d200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 28.387497] >ffff88810546d280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 28.387791] ^ [ 28.388423] ffff88810546d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.388691] ffff88810546d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.389174] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 27.716765] ================================================================== [ 27.717887] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 27.718176] Read of size 1 at addr ffff888100fbe640 by task kunit_try_catch/263 [ 27.718388] [ 27.718478] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.718536] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.718551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.718645] Call Trace: [ 27.718662] <TASK> [ 27.718685] dump_stack_lvl+0x73/0xb0 [ 27.718720] print_report+0xd1/0x640 [ 27.718745] ? __virt_addr_valid+0x1db/0x2d0 [ 27.718772] ? kmem_cache_double_destroy+0x1bf/0x380 [ 27.718845] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.718872] ? kmem_cache_double_destroy+0x1bf/0x380 [ 27.718897] kasan_report+0x141/0x180 [ 27.718920] ? kmem_cache_double_destroy+0x1bf/0x380 [ 27.718960] ? kmem_cache_double_destroy+0x1bf/0x380 [ 27.719015] __kasan_check_byte+0x3d/0x50 [ 27.719038] kmem_cache_destroy+0x25/0x1d0 [ 27.719067] kmem_cache_double_destroy+0x1bf/0x380 [ 27.719091] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 27.719115] ? finish_task_switch.isra.0+0x153/0x700 [ 27.719139] ? __switch_to+0x47/0xf80 [ 27.719199] ? __pfx_read_tsc+0x10/0x10 [ 27.719222] ? ktime_get_ts64+0x86/0x230 [ 27.719248] kunit_try_run_case+0x1a5/0x480 [ 27.719283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.719307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.719363] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.719389] ? __kthread_parkme+0x82/0x180 [ 27.719410] ? preempt_count_sub+0x50/0x80 [ 27.719434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.719458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.719482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.719506] kthread+0x337/0x6f0 [ 27.719525] ? trace_preempt_on+0x20/0xc0 [ 27.719550] ? __pfx_kthread+0x10/0x10 [ 27.719571] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.719604] ? calculate_sigpending+0x7b/0xa0 [ 27.719629] ? __pfx_kthread+0x10/0x10 [ 27.719652] ret_from_fork+0x116/0x1d0 [ 27.719705] ? __pfx_kthread+0x10/0x10 [ 27.719726] ret_from_fork_asm+0x1a/0x30 [ 27.719760] </TASK> [ 27.719770] [ 27.734370] Allocated by task 263: [ 27.734768] kasan_save_stack+0x45/0x70 [ 27.735127] kasan_save_track+0x18/0x40 [ 27.735266] kasan_save_alloc_info+0x3b/0x50 [ 27.735404] __kasan_slab_alloc+0x91/0xa0 [ 27.735532] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.735702] __kmem_cache_create_args+0x169/0x240 [ 27.735944] kmem_cache_double_destroy+0xd5/0x380 [ 27.736717] kunit_try_run_case+0x1a5/0x480 [ 27.737193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.737831] kthread+0x337/0x6f0 [ 27.738178] ret_from_fork+0x116/0x1d0 [ 27.738533] ret_from_fork_asm+0x1a/0x30 [ 27.738910] [ 27.739156] Freed by task 263: [ 27.739457] kasan_save_stack+0x45/0x70 [ 27.739623] kasan_save_track+0x18/0x40 [ 27.739748] kasan_save_free_info+0x3f/0x60 [ 27.740175] __kasan_slab_free+0x56/0x70 [ 27.740522] kmem_cache_free+0x249/0x420 [ 27.740909] slab_kmem_cache_release+0x2e/0x40 [ 27.741384] kmem_cache_release+0x16/0x20 [ 27.741757] kobject_put+0x181/0x450 [ 27.742110] sysfs_slab_release+0x16/0x20 [ 27.742350] kmem_cache_destroy+0xf0/0x1d0 [ 27.742497] kmem_cache_double_destroy+0x14e/0x380 [ 27.742668] kunit_try_run_case+0x1a5/0x480 [ 27.742860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.743348] kthread+0x337/0x6f0 [ 27.743645] ret_from_fork+0x116/0x1d0 [ 27.744015] ret_from_fork_asm+0x1a/0x30 [ 27.744686] [ 27.744890] The buggy address belongs to the object at ffff888100fbe640 [ 27.744890] which belongs to the cache kmem_cache of size 208 [ 27.745918] The buggy address is located 0 bytes inside of [ 27.745918] freed 208-byte region [ffff888100fbe640, ffff888100fbe710) [ 27.746268] [ 27.746339] The buggy address belongs to the physical page: [ 27.746521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100fbe [ 27.747368] flags: 0x200000000000000(node=0|zone=2) [ 27.747879] page_type: f5(slab) [ 27.748186] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 27.749133] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 27.749795] page dumped because: kasan: bad access detected [ 27.750354] [ 27.750422] Memory state around the buggy address: [ 27.750586] ffff888100fbe500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.751010] ffff888100fbe580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 27.751738] >ffff888100fbe600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 27.752458] ^ [ 27.753221] ffff888100fbe680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.753814] ffff888100fbe700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.754175] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 27.660068] ================================================================== [ 27.660553] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.660967] Read of size 1 at addr ffff88810546b000 by task kunit_try_catch/261 [ 27.661733] [ 27.661837] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.661968] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.661984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.662008] Call Trace: [ 27.662022] <TASK> [ 27.662042] dump_stack_lvl+0x73/0xb0 [ 27.662075] print_report+0xd1/0x640 [ 27.662099] ? __virt_addr_valid+0x1db/0x2d0 [ 27.662126] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.662150] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.662176] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.662200] kasan_report+0x141/0x180 [ 27.662221] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.662249] __asan_report_load1_noabort+0x18/0x20 [ 27.662273] kmem_cache_rcu_uaf+0x3e3/0x510 [ 27.662296] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 27.662318] ? finish_task_switch.isra.0+0x153/0x700 [ 27.662340] ? __switch_to+0x47/0xf80 [ 27.662371] ? __pfx_read_tsc+0x10/0x10 [ 27.662393] ? ktime_get_ts64+0x86/0x230 [ 27.662420] kunit_try_run_case+0x1a5/0x480 [ 27.662446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.662468] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.662494] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.662518] ? __kthread_parkme+0x82/0x180 [ 27.662539] ? preempt_count_sub+0x50/0x80 [ 27.662561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.662597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.662620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.662643] kthread+0x337/0x6f0 [ 27.662663] ? trace_preempt_on+0x20/0xc0 [ 27.662688] ? __pfx_kthread+0x10/0x10 [ 27.662709] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.662732] ? calculate_sigpending+0x7b/0xa0 [ 27.662757] ? __pfx_kthread+0x10/0x10 [ 27.662778] ret_from_fork+0x116/0x1d0 [ 27.662992] ? __pfx_kthread+0x10/0x10 [ 27.663017] ret_from_fork_asm+0x1a/0x30 [ 27.663051] </TASK> [ 27.663062] [ 27.672385] Allocated by task 261: [ 27.672561] kasan_save_stack+0x45/0x70 [ 27.672760] kasan_save_track+0x18/0x40 [ 27.673400] kasan_save_alloc_info+0x3b/0x50 [ 27.673706] __kasan_slab_alloc+0x91/0xa0 [ 27.674192] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.674626] kmem_cache_rcu_uaf+0x155/0x510 [ 27.675097] kunit_try_run_case+0x1a5/0x480 [ 27.675522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.676087] kthread+0x337/0x6f0 [ 27.676387] ret_from_fork+0x116/0x1d0 [ 27.676594] ret_from_fork_asm+0x1a/0x30 [ 27.676778] [ 27.677199] Freed by task 0: [ 27.677485] kasan_save_stack+0x45/0x70 [ 27.677911] kasan_save_track+0x18/0x40 [ 27.678252] kasan_save_free_info+0x3f/0x60 [ 27.678453] __kasan_slab_free+0x56/0x70 [ 27.678638] slab_free_after_rcu_debug+0xe4/0x310 [ 27.679169] rcu_core+0x66f/0x1c40 [ 27.679435] rcu_core_si+0x12/0x20 [ 27.679748] handle_softirqs+0x209/0x730 [ 27.680138] __irq_exit_rcu+0xc9/0x110 [ 27.680461] irq_exit_rcu+0x12/0x20 [ 27.680657] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.681234] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.681535] [ 27.681642] Last potentially related work creation: [ 27.682188] kasan_save_stack+0x45/0x70 [ 27.682472] kasan_record_aux_stack+0xb2/0xc0 [ 27.682678] kmem_cache_free+0x131/0x420 [ 27.682849] kmem_cache_rcu_uaf+0x194/0x510 [ 27.683258] kunit_try_run_case+0x1a5/0x480 [ 27.683697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.684216] kthread+0x337/0x6f0 [ 27.684538] ret_from_fork+0x116/0x1d0 [ 27.685020] ret_from_fork_asm+0x1a/0x30 [ 27.685404] [ 27.685492] The buggy address belongs to the object at ffff88810546b000 [ 27.685492] which belongs to the cache test_cache of size 200 [ 27.686417] The buggy address is located 0 bytes inside of [ 27.686417] freed 200-byte region [ffff88810546b000, ffff88810546b0c8) [ 27.687571] [ 27.687685] The buggy address belongs to the physical page: [ 27.688066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10546b [ 27.688314] flags: 0x200000000000000(node=0|zone=2) [ 27.688511] page_type: f5(slab) [ 27.688692] raw: 0200000000000000 ffff888101d87780 dead000000000122 0000000000000000 [ 27.689017] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.689237] page dumped because: kasan: bad access detected [ 27.689489] [ 27.689994] Memory state around the buggy address: [ 27.690190] ffff88810546af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.690496] ffff88810546af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.690922] >ffff88810546b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.691176] ^ [ 27.691369] ffff88810546b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 27.691645] ffff88810546b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.692039] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 27.594313] ================================================================== [ 27.595861] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 27.596707] Free of addr ffff88810613d001 by task kunit_try_catch/259 [ 27.597088] [ 27.597416] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.597586] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.597605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.597631] Call Trace: [ 27.597646] <TASK> [ 27.597667] dump_stack_lvl+0x73/0xb0 [ 27.597701] print_report+0xd1/0x640 [ 27.597725] ? __virt_addr_valid+0x1db/0x2d0 [ 27.597752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.597777] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.597802] kasan_report_invalid_free+0x10a/0x130 [ 27.597827] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.597853] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.597877] check_slab_allocation+0x11f/0x130 [ 27.597898] __kasan_slab_pre_free+0x28/0x40 [ 27.597926] kmem_cache_free+0xed/0x420 [ 27.597946] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.597971] ? kmem_cache_invalid_free+0x1d8/0x460 [ 27.597998] kmem_cache_invalid_free+0x1d8/0x460 [ 27.598022] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 27.598045] ? finish_task_switch.isra.0+0x153/0x700 [ 27.598068] ? __switch_to+0x47/0xf80 [ 27.598097] ? __pfx_read_tsc+0x10/0x10 [ 27.598119] ? ktime_get_ts64+0x86/0x230 [ 27.598145] kunit_try_run_case+0x1a5/0x480 [ 27.598171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.598219] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.598243] ? __kthread_parkme+0x82/0x180 [ 27.598264] ? preempt_count_sub+0x50/0x80 [ 27.598285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.598331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.598355] kthread+0x337/0x6f0 [ 27.598374] ? trace_preempt_on+0x20/0xc0 [ 27.598399] ? __pfx_kthread+0x10/0x10 [ 27.598418] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.598442] ? calculate_sigpending+0x7b/0xa0 [ 27.598465] ? __pfx_kthread+0x10/0x10 [ 27.598487] ret_from_fork+0x116/0x1d0 [ 27.598507] ? __pfx_kthread+0x10/0x10 [ 27.598528] ret_from_fork_asm+0x1a/0x30 [ 27.598559] </TASK> [ 27.598569] [ 27.615028] Allocated by task 259: [ 27.615198] kasan_save_stack+0x45/0x70 [ 27.615391] kasan_save_track+0x18/0x40 [ 27.615560] kasan_save_alloc_info+0x3b/0x50 [ 27.615714] __kasan_slab_alloc+0x91/0xa0 [ 27.615849] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.616020] kmem_cache_invalid_free+0x157/0x460 [ 27.616534] kunit_try_run_case+0x1a5/0x480 [ 27.617565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.618299] kthread+0x337/0x6f0 [ 27.618767] ret_from_fork+0x116/0x1d0 [ 27.619312] ret_from_fork_asm+0x1a/0x30 [ 27.619777] [ 27.620044] The buggy address belongs to the object at ffff88810613d000 [ 27.620044] which belongs to the cache test_cache of size 200 [ 27.621411] The buggy address is located 1 bytes inside of [ 27.621411] 200-byte region [ffff88810613d000, ffff88810613d0c8) [ 27.622850] [ 27.623323] The buggy address belongs to the physical page: [ 27.623822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10613d [ 27.624434] flags: 0x200000000000000(node=0|zone=2) [ 27.625003] page_type: f5(slab) [ 27.625389] raw: 0200000000000000 ffff888100fbe500 dead000000000122 0000000000000000 [ 27.625632] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.625847] page dumped because: kasan: bad access detected [ 27.626406] [ 27.626532] Memory state around the buggy address: [ 27.627108] ffff88810613cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.627330] ffff88810613cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.627537] >ffff88810613d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.628015] ^ [ 27.628472] ffff88810613d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 27.628734] ffff88810613d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.629503] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 27.555196] ================================================================== [ 27.555694] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 27.556450] Free of addr ffff88810546b000 by task kunit_try_catch/257 [ 27.556670] [ 27.556764] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.556823] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.556837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.556860] Call Trace: [ 27.556984] <TASK> [ 27.557009] dump_stack_lvl+0x73/0xb0 [ 27.557046] print_report+0xd1/0x640 [ 27.557071] ? __virt_addr_valid+0x1db/0x2d0 [ 27.557100] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.557125] ? kmem_cache_double_free+0x1e5/0x480 [ 27.557150] kasan_report_invalid_free+0x10a/0x130 [ 27.557174] ? kmem_cache_double_free+0x1e5/0x480 [ 27.557200] ? kmem_cache_double_free+0x1e5/0x480 [ 27.557224] check_slab_allocation+0x101/0x130 [ 27.557246] __kasan_slab_pre_free+0x28/0x40 [ 27.557266] kmem_cache_free+0xed/0x420 [ 27.557287] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.557312] ? kmem_cache_double_free+0x1e5/0x480 [ 27.557341] kmem_cache_double_free+0x1e5/0x480 [ 27.557366] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 27.557389] ? finish_task_switch.isra.0+0x153/0x700 [ 27.557412] ? __switch_to+0x47/0xf80 [ 27.557443] ? __pfx_read_tsc+0x10/0x10 [ 27.557465] ? ktime_get_ts64+0x86/0x230 [ 27.557492] kunit_try_run_case+0x1a5/0x480 [ 27.557519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.557541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.557567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.557607] ? __kthread_parkme+0x82/0x180 [ 27.557628] ? preempt_count_sub+0x50/0x80 [ 27.557651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.557675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.557698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.557721] kthread+0x337/0x6f0 [ 27.557742] ? trace_preempt_on+0x20/0xc0 [ 27.557767] ? __pfx_kthread+0x10/0x10 [ 27.557840] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.557868] ? calculate_sigpending+0x7b/0xa0 [ 27.557893] ? __pfx_kthread+0x10/0x10 [ 27.557937] ret_from_fork+0x116/0x1d0 [ 27.557958] ? __pfx_kthread+0x10/0x10 [ 27.557978] ret_from_fork_asm+0x1a/0x30 [ 27.558011] </TASK> [ 27.558022] [ 27.568495] Allocated by task 257: [ 27.568703] kasan_save_stack+0x45/0x70 [ 27.568914] kasan_save_track+0x18/0x40 [ 27.569331] kasan_save_alloc_info+0x3b/0x50 [ 27.569498] __kasan_slab_alloc+0x91/0xa0 [ 27.569707] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.570051] kmem_cache_double_free+0x14f/0x480 [ 27.570265] kunit_try_run_case+0x1a5/0x480 [ 27.570451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.570631] kthread+0x337/0x6f0 [ 27.570748] ret_from_fork+0x116/0x1d0 [ 27.570872] ret_from_fork_asm+0x1a/0x30 [ 27.571005] [ 27.571095] Freed by task 257: [ 27.571244] kasan_save_stack+0x45/0x70 [ 27.571433] kasan_save_track+0x18/0x40 [ 27.571626] kasan_save_free_info+0x3f/0x60 [ 27.572027] __kasan_slab_free+0x56/0x70 [ 27.572515] kmem_cache_free+0x249/0x420 [ 27.572722] kmem_cache_double_free+0x16a/0x480 [ 27.573661] kunit_try_run_case+0x1a5/0x480 [ 27.574206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.574500] kthread+0x337/0x6f0 [ 27.574666] ret_from_fork+0x116/0x1d0 [ 27.574934] ret_from_fork_asm+0x1a/0x30 [ 27.575129] [ 27.575241] The buggy address belongs to the object at ffff88810546b000 [ 27.575241] which belongs to the cache test_cache of size 200 [ 27.575708] The buggy address is located 0 bytes inside of [ 27.575708] 200-byte region [ffff88810546b000, ffff88810546b0c8) [ 27.576291] [ 27.576392] The buggy address belongs to the physical page: [ 27.576591] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10546b [ 27.576879] flags: 0x200000000000000(node=0|zone=2) [ 27.577111] page_type: f5(slab) [ 27.577278] raw: 0200000000000000 ffff888101d87640 dead000000000122 0000000000000000 [ 27.577621] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.578309] page dumped because: kasan: bad access detected [ 27.578496] [ 27.578796] Memory state around the buggy address: [ 27.579197] ffff88810546af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.579533] ffff88810546af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.579874] >ffff88810546b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.580180] ^ [ 27.580368] ffff88810546b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 27.580640] ffff88810546b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.580969] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 27.510215] ================================================================== [ 27.511161] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 27.511623] Read of size 1 at addr ffff88810546a0c8 by task kunit_try_catch/255 [ 27.512300] [ 27.512462] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.512519] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.512533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.512556] Call Trace: [ 27.512570] <TASK> [ 27.512600] dump_stack_lvl+0x73/0xb0 [ 27.512632] print_report+0xd1/0x640 [ 27.512655] ? __virt_addr_valid+0x1db/0x2d0 [ 27.512679] ? kmem_cache_oob+0x402/0x530 [ 27.512701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.512725] ? kmem_cache_oob+0x402/0x530 [ 27.512747] kasan_report+0x141/0x180 [ 27.512981] ? kmem_cache_oob+0x402/0x530 [ 27.513026] __asan_report_load1_noabort+0x18/0x20 [ 27.513052] kmem_cache_oob+0x402/0x530 [ 27.513073] ? trace_hardirqs_on+0x37/0xe0 [ 27.513098] ? __pfx_kmem_cache_oob+0x10/0x10 [ 27.513128] ? finish_task_switch.isra.0+0x153/0x700 [ 27.513150] ? __switch_to+0x47/0xf80 [ 27.513180] ? __pfx_read_tsc+0x10/0x10 [ 27.513201] ? ktime_get_ts64+0x86/0x230 [ 27.513226] kunit_try_run_case+0x1a5/0x480 [ 27.513252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.513274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.513299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.513324] ? __kthread_parkme+0x82/0x180 [ 27.513343] ? preempt_count_sub+0x50/0x80 [ 27.513366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.513389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.513412] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.513434] kthread+0x337/0x6f0 [ 27.513454] ? trace_preempt_on+0x20/0xc0 [ 27.513475] ? __pfx_kthread+0x10/0x10 [ 27.513495] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.513517] ? calculate_sigpending+0x7b/0xa0 [ 27.513540] ? __pfx_kthread+0x10/0x10 [ 27.513561] ret_from_fork+0x116/0x1d0 [ 27.513588] ? __pfx_kthread+0x10/0x10 [ 27.513608] ret_from_fork_asm+0x1a/0x30 [ 27.513639] </TASK> [ 27.513650] [ 27.520854] Allocated by task 255: [ 27.521047] kasan_save_stack+0x45/0x70 [ 27.521234] kasan_save_track+0x18/0x40 [ 27.521424] kasan_save_alloc_info+0x3b/0x50 [ 27.521603] __kasan_slab_alloc+0x91/0xa0 [ 27.521868] kmem_cache_alloc_noprof+0x123/0x3f0 [ 27.522097] kmem_cache_oob+0x157/0x530 [ 27.522262] kunit_try_run_case+0x1a5/0x480 [ 27.522402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.522598] kthread+0x337/0x6f0 [ 27.522757] ret_from_fork+0x116/0x1d0 [ 27.523063] ret_from_fork_asm+0x1a/0x30 [ 27.523270] [ 27.523362] The buggy address belongs to the object at ffff88810546a000 [ 27.523362] which belongs to the cache test_cache of size 200 [ 27.523886] The buggy address is located 0 bytes to the right of [ 27.523886] allocated 200-byte region [ffff88810546a000, ffff88810546a0c8) [ 27.524421] [ 27.524511] The buggy address belongs to the physical page: [ 27.524696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10546a [ 27.525018] flags: 0x200000000000000(node=0|zone=2) [ 27.525183] page_type: f5(slab) [ 27.525324] raw: 0200000000000000 ffff888101d87500 dead000000000122 0000000000000000 [ 27.525663] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 27.526079] page dumped because: kasan: bad access detected [ 27.526326] [ 27.526411] Memory state around the buggy address: [ 27.526642] ffff888105469f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.527004] ffff88810546a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.527219] >ffff88810546a080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 27.527519] ^ [ 27.527846] ffff88810546a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.528186] ffff88810546a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.528468] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 27.464556] ================================================================== [ 27.465046] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 27.465420] Read of size 8 at addr ffff888104fcba40 by task kunit_try_catch/248 [ 27.466042] [ 27.466178] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.466234] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.466249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.466270] Call Trace: [ 27.466285] <TASK> [ 27.466305] dump_stack_lvl+0x73/0xb0 [ 27.466334] print_report+0xd1/0x640 [ 27.466357] ? __virt_addr_valid+0x1db/0x2d0 [ 27.466381] ? workqueue_uaf+0x4d6/0x560 [ 27.466402] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.466427] ? workqueue_uaf+0x4d6/0x560 [ 27.466447] kasan_report+0x141/0x180 [ 27.466469] ? workqueue_uaf+0x4d6/0x560 [ 27.466494] __asan_report_load8_noabort+0x18/0x20 [ 27.466518] workqueue_uaf+0x4d6/0x560 [ 27.466551] ? __pfx_workqueue_uaf+0x10/0x10 [ 27.466591] ? __schedule+0x10da/0x2b60 [ 27.466616] ? __pfx_read_tsc+0x10/0x10 [ 27.466638] ? ktime_get_ts64+0x86/0x230 [ 27.466662] kunit_try_run_case+0x1a5/0x480 [ 27.466688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.466709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.466734] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.466758] ? __kthread_parkme+0x82/0x180 [ 27.466778] ? preempt_count_sub+0x50/0x80 [ 27.466801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.466824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.466847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.466870] kthread+0x337/0x6f0 [ 27.466890] ? trace_preempt_on+0x20/0xc0 [ 27.466915] ? __pfx_kthread+0x10/0x10 [ 27.466935] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.466957] ? calculate_sigpending+0x7b/0xa0 [ 27.466981] ? __pfx_kthread+0x10/0x10 [ 27.467001] ret_from_fork+0x116/0x1d0 [ 27.467021] ? __pfx_kthread+0x10/0x10 [ 27.467040] ret_from_fork_asm+0x1a/0x30 [ 27.467072] </TASK> [ 27.467082] [ 27.478897] Allocated by task 248: [ 27.479408] kasan_save_stack+0x45/0x70 [ 27.479592] kasan_save_track+0x18/0x40 [ 27.479726] kasan_save_alloc_info+0x3b/0x50 [ 27.480332] __kasan_kmalloc+0xb7/0xc0 [ 27.480918] __kmalloc_cache_noprof+0x189/0x420 [ 27.481461] workqueue_uaf+0x152/0x560 [ 27.481911] kunit_try_run_case+0x1a5/0x480 [ 27.482238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.482898] kthread+0x337/0x6f0 [ 27.483355] ret_from_fork+0x116/0x1d0 [ 27.483507] ret_from_fork_asm+0x1a/0x30 [ 27.483659] [ 27.483726] Freed by task 41: [ 27.483833] kasan_save_stack+0x45/0x70 [ 27.483983] kasan_save_track+0x18/0x40 [ 27.484341] kasan_save_free_info+0x3f/0x60 [ 27.484721] __kasan_slab_free+0x56/0x70 [ 27.485188] kfree+0x222/0x3f0 [ 27.485520] workqueue_uaf_work+0x12/0x20 [ 27.485954] process_one_work+0x5ee/0xf60 [ 27.486429] worker_thread+0x758/0x1220 [ 27.486794] kthread+0x337/0x6f0 [ 27.487301] ret_from_fork+0x116/0x1d0 [ 27.487672] ret_from_fork_asm+0x1a/0x30 [ 27.487882] [ 27.488106] Last potentially related work creation: [ 27.488515] kasan_save_stack+0x45/0x70 [ 27.488671] kasan_record_aux_stack+0xb2/0xc0 [ 27.488932] __queue_work+0x61a/0xe70 [ 27.489275] queue_work_on+0xb6/0xc0 [ 27.489604] workqueue_uaf+0x26d/0x560 [ 27.489984] kunit_try_run_case+0x1a5/0x480 [ 27.490368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.490552] kthread+0x337/0x6f0 [ 27.490680] ret_from_fork+0x116/0x1d0 [ 27.490853] ret_from_fork_asm+0x1a/0x30 [ 27.491206] [ 27.491415] The buggy address belongs to the object at ffff888104fcba40 [ 27.491415] which belongs to the cache kmalloc-32 of size 32 [ 27.492726] The buggy address is located 0 bytes inside of [ 27.492726] freed 32-byte region [ffff888104fcba40, ffff888104fcba60) [ 27.494084] [ 27.494228] The buggy address belongs to the physical page: [ 27.494415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104fcb [ 27.494676] flags: 0x200000000000000(node=0|zone=2) [ 27.494939] page_type: f5(slab) [ 27.495340] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.495613] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.496030] page dumped because: kasan: bad access detected [ 27.496519] [ 27.496681] Memory state around the buggy address: [ 27.497474] ffff888104fcb900: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.498378] ffff888104fcb980: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 27.498609] >ffff888104fcba00: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 27.498925] ^ [ 27.499484] ffff888104fcba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.500217] ffff888104fcbb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.501156] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 27.425044] ================================================================== [ 27.425477] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 27.425743] Read of size 4 at addr ffff888104fcb8c0 by task swapper/1/0 [ 27.425948] [ 27.426039] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.426092] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.426106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.426128] Call Trace: [ 27.426156] <IRQ> [ 27.426178] dump_stack_lvl+0x73/0xb0 [ 27.426207] print_report+0xd1/0x640 [ 27.426230] ? __virt_addr_valid+0x1db/0x2d0 [ 27.426255] ? rcu_uaf_reclaim+0x50/0x60 [ 27.426274] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.426299] ? rcu_uaf_reclaim+0x50/0x60 [ 27.426318] kasan_report+0x141/0x180 [ 27.426339] ? rcu_uaf_reclaim+0x50/0x60 [ 27.426363] __asan_report_load4_noabort+0x18/0x20 [ 27.426386] rcu_uaf_reclaim+0x50/0x60 [ 27.426405] rcu_core+0x66f/0x1c40 [ 27.426433] ? __pfx_rcu_core+0x10/0x10 [ 27.426454] ? ktime_get+0x6b/0x150 [ 27.426476] ? handle_softirqs+0x18e/0x730 [ 27.426500] rcu_core_si+0x12/0x20 [ 27.426519] handle_softirqs+0x209/0x730 [ 27.426538] ? hrtimer_interrupt+0x2fe/0x780 [ 27.426560] ? __pfx_handle_softirqs+0x10/0x10 [ 27.427173] __irq_exit_rcu+0xc9/0x110 [ 27.427215] irq_exit_rcu+0x12/0x20 [ 27.427237] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.427268] </IRQ> [ 27.427278] <TASK> [ 27.427289] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.427366] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 27.427394] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 93 15 00 fb f4 <e9> bc 2a 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 27.427433] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010202 [ 27.427470] RAX: ffff8881aff0d000 RBX: ffff88810085b000 RCX: ffffffffa8d329a5 [ 27.427491] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000001bf84 [ 27.427509] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 27.427528] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 27.427547] R13: ffffed102010b600 R14: ffffffffaa9ff1d0 R15: 0000000000000000 [ 27.427608] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 27.427663] ? default_idle+0xd/0x20 [ 27.427684] arch_cpu_idle+0xd/0x20 [ 27.427704] default_idle_call+0x48/0x80 [ 27.427724] do_idle+0x379/0x4f0 [ 27.427751] ? __pfx_do_idle+0x10/0x10 [ 27.427771] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 27.427796] ? complete+0x15b/0x1d0 [ 27.427822] cpu_startup_entry+0x5c/0x70 [ 27.427845] start_secondary+0x211/0x290 [ 27.427869] ? __pfx_start_secondary+0x10/0x10 [ 27.427894] common_startup_64+0x13e/0x148 [ 27.427929] </TASK> [ 27.427940] [ 27.441655] Allocated by task 246: [ 27.441824] kasan_save_stack+0x45/0x70 [ 27.442327] kasan_save_track+0x18/0x40 [ 27.442758] kasan_save_alloc_info+0x3b/0x50 [ 27.443038] __kasan_kmalloc+0xb7/0xc0 [ 27.443213] __kmalloc_cache_noprof+0x189/0x420 [ 27.443416] rcu_uaf+0xb0/0x330 [ 27.443565] kunit_try_run_case+0x1a5/0x480 [ 27.443720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.443981] kthread+0x337/0x6f0 [ 27.444116] ret_from_fork+0x116/0x1d0 [ 27.444242] ret_from_fork_asm+0x1a/0x30 [ 27.444394] [ 27.444482] Freed by task 0: [ 27.444677] kasan_save_stack+0x45/0x70 [ 27.444848] kasan_save_track+0x18/0x40 [ 27.445121] kasan_save_free_info+0x3f/0x60 [ 27.445262] __kasan_slab_free+0x56/0x70 [ 27.445387] kfree+0x222/0x3f0 [ 27.445513] rcu_uaf_reclaim+0x1f/0x60 [ 27.445698] rcu_core+0x66f/0x1c40 [ 27.445865] rcu_core_si+0x12/0x20 [ 27.446181] handle_softirqs+0x209/0x730 [ 27.446365] __irq_exit_rcu+0xc9/0x110 [ 27.446487] irq_exit_rcu+0x12/0x20 [ 27.446612] sysvec_apic_timer_interrupt+0x81/0x90 [ 27.446834] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 27.447275] [ 27.447414] Last potentially related work creation: [ 27.447657] kasan_save_stack+0x45/0x70 [ 27.447863] kasan_record_aux_stack+0xb2/0xc0 [ 27.448098] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 27.448415] call_rcu+0x12/0x20 [ 27.449451] rcu_uaf+0x168/0x330 [ 27.449612] kunit_try_run_case+0x1a5/0x480 [ 27.449837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.450179] kthread+0x337/0x6f0 [ 27.450373] ret_from_fork+0x116/0x1d0 [ 27.450687] ret_from_fork_asm+0x1a/0x30 [ 27.450907] [ 27.451354] The buggy address belongs to the object at ffff888104fcb8c0 [ 27.451354] which belongs to the cache kmalloc-32 of size 32 [ 27.451914] The buggy address is located 0 bytes inside of [ 27.451914] freed 32-byte region [ffff888104fcb8c0, ffff888104fcb8e0) [ 27.452510] [ 27.452837] The buggy address belongs to the physical page: [ 27.453137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104fcb [ 27.453653] flags: 0x200000000000000(node=0|zone=2) [ 27.454018] page_type: f5(slab) [ 27.454197] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.454613] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.455190] page dumped because: kasan: bad access detected [ 27.455519] [ 27.455624] Memory state around the buggy address: [ 27.456109] ffff888104fcb780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.456494] ffff888104fcb800: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.456930] >ffff888104fcb880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.457283] ^ [ 27.457531] ffff888104fcb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.457989] ffff888104fcb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.458380] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 27.333420] ================================================================== [ 27.333970] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 27.334198] Read of size 1 at addr ffff888104c4a900 by task kunit_try_catch/244 [ 27.334416] [ 27.334507] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.334560] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.334583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.334604] Call Trace: [ 27.334617] <TASK> [ 27.334637] dump_stack_lvl+0x73/0xb0 [ 27.334666] print_report+0xd1/0x640 [ 27.334688] ? __virt_addr_valid+0x1db/0x2d0 [ 27.334713] ? ksize_uaf+0x19d/0x6c0 [ 27.334732] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.334757] ? ksize_uaf+0x19d/0x6c0 [ 27.334776] kasan_report+0x141/0x180 [ 27.334797] ? ksize_uaf+0x19d/0x6c0 [ 27.334820] ? ksize_uaf+0x19d/0x6c0 [ 27.334840] __kasan_check_byte+0x3d/0x50 [ 27.334860] ksize+0x20/0x60 [ 27.334880] ksize_uaf+0x19d/0x6c0 [ 27.334900] ? __pfx_ksize_uaf+0x10/0x10 [ 27.334920] ? __schedule+0x10da/0x2b60 [ 27.334945] ? __pfx_read_tsc+0x10/0x10 [ 27.334966] ? ktime_get_ts64+0x86/0x230 [ 27.334991] kunit_try_run_case+0x1a5/0x480 [ 27.335016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335037] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.335060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.335084] ? __kthread_parkme+0x82/0x180 [ 27.335105] ? preempt_count_sub+0x50/0x80 [ 27.335128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.335150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.335173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.335195] kthread+0x337/0x6f0 [ 27.335213] ? trace_preempt_on+0x20/0xc0 [ 27.335237] ? __pfx_kthread+0x10/0x10 [ 27.335263] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.335285] ? calculate_sigpending+0x7b/0xa0 [ 27.335309] ? __pfx_kthread+0x10/0x10 [ 27.335329] ret_from_fork+0x116/0x1d0 [ 27.335347] ? __pfx_kthread+0x10/0x10 [ 27.335366] ret_from_fork_asm+0x1a/0x30 [ 27.335398] </TASK> [ 27.335408] [ 27.349539] Allocated by task 244: [ 27.349700] kasan_save_stack+0x45/0x70 [ 27.350381] kasan_save_track+0x18/0x40 [ 27.350874] kasan_save_alloc_info+0x3b/0x50 [ 27.351347] __kasan_kmalloc+0xb7/0xc0 [ 27.351722] __kmalloc_cache_noprof+0x189/0x420 [ 27.352214] ksize_uaf+0xaa/0x6c0 [ 27.352418] kunit_try_run_case+0x1a5/0x480 [ 27.352559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.352741] kthread+0x337/0x6f0 [ 27.353228] ret_from_fork+0x116/0x1d0 [ 27.353566] ret_from_fork_asm+0x1a/0x30 [ 27.354018] [ 27.354175] Freed by task 244: [ 27.354441] kasan_save_stack+0x45/0x70 [ 27.354803] kasan_save_track+0x18/0x40 [ 27.355233] kasan_save_free_info+0x3f/0x60 [ 27.355645] __kasan_slab_free+0x56/0x70 [ 27.355848] kfree+0x222/0x3f0 [ 27.356119] ksize_uaf+0x12c/0x6c0 [ 27.356442] kunit_try_run_case+0x1a5/0x480 [ 27.356860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.357173] kthread+0x337/0x6f0 [ 27.357292] ret_from_fork+0x116/0x1d0 [ 27.357418] ret_from_fork_asm+0x1a/0x30 [ 27.357551] [ 27.357633] The buggy address belongs to the object at ffff888104c4a900 [ 27.357633] which belongs to the cache kmalloc-128 of size 128 [ 27.358180] The buggy address is located 0 bytes inside of [ 27.358180] freed 128-byte region [ffff888104c4a900, ffff888104c4a980) [ 27.358620] [ 27.358690] The buggy address belongs to the physical page: [ 27.358943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 27.359287] flags: 0x200000000000000(node=0|zone=2) [ 27.359448] page_type: f5(slab) [ 27.359704] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.360095] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.360398] page dumped because: kasan: bad access detected [ 27.360638] [ 27.360724] Memory state around the buggy address: [ 27.361085] ffff888104c4a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.361372] ffff888104c4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.361597] >ffff888104c4a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.361972] ^ [ 27.362811] ffff888104c4a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.363376] ffff888104c4aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.363606] ================================================================== [ 27.390139] ================================================================== [ 27.390464] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 27.390787] Read of size 1 at addr ffff888104c4a978 by task kunit_try_catch/244 [ 27.391741] [ 27.392078] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.392138] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.392152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.392270] Call Trace: [ 27.392287] <TASK> [ 27.392306] dump_stack_lvl+0x73/0xb0 [ 27.392339] print_report+0xd1/0x640 [ 27.392365] ? __virt_addr_valid+0x1db/0x2d0 [ 27.392392] ? ksize_uaf+0x5e4/0x6c0 [ 27.392413] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.392439] ? ksize_uaf+0x5e4/0x6c0 [ 27.392460] kasan_report+0x141/0x180 [ 27.392483] ? ksize_uaf+0x5e4/0x6c0 [ 27.392509] __asan_report_load1_noabort+0x18/0x20 [ 27.392533] ksize_uaf+0x5e4/0x6c0 [ 27.392554] ? __pfx_ksize_uaf+0x10/0x10 [ 27.392584] ? __schedule+0x10da/0x2b60 [ 27.392609] ? __pfx_read_tsc+0x10/0x10 [ 27.392631] ? ktime_get_ts64+0x86/0x230 [ 27.392655] kunit_try_run_case+0x1a5/0x480 [ 27.392680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.392701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.392725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.392750] ? __kthread_parkme+0x82/0x180 [ 27.392770] ? preempt_count_sub+0x50/0x80 [ 27.392804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.392828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.392850] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.392873] kthread+0x337/0x6f0 [ 27.392893] ? trace_preempt_on+0x20/0xc0 [ 27.392961] ? __pfx_kthread+0x10/0x10 [ 27.392985] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.393008] ? calculate_sigpending+0x7b/0xa0 [ 27.393032] ? __pfx_kthread+0x10/0x10 [ 27.393053] ret_from_fork+0x116/0x1d0 [ 27.393072] ? __pfx_kthread+0x10/0x10 [ 27.393092] ret_from_fork_asm+0x1a/0x30 [ 27.393123] </TASK> [ 27.393133] [ 27.401685] Allocated by task 244: [ 27.402118] kasan_save_stack+0x45/0x70 [ 27.402331] kasan_save_track+0x18/0x40 [ 27.402480] kasan_save_alloc_info+0x3b/0x50 [ 27.402684] __kasan_kmalloc+0xb7/0xc0 [ 27.402855] __kmalloc_cache_noprof+0x189/0x420 [ 27.403120] ksize_uaf+0xaa/0x6c0 [ 27.403237] kunit_try_run_case+0x1a5/0x480 [ 27.403383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.403546] kthread+0x337/0x6f0 [ 27.403719] ret_from_fork+0x116/0x1d0 [ 27.403898] ret_from_fork_asm+0x1a/0x30 [ 27.404184] [ 27.404326] Freed by task 244: [ 27.404498] kasan_save_stack+0x45/0x70 [ 27.404710] kasan_save_track+0x18/0x40 [ 27.404837] kasan_save_free_info+0x3f/0x60 [ 27.404971] __kasan_slab_free+0x56/0x70 [ 27.405099] kfree+0x222/0x3f0 [ 27.405211] ksize_uaf+0x12c/0x6c0 [ 27.405466] kunit_try_run_case+0x1a5/0x480 [ 27.405841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.406213] kthread+0x337/0x6f0 [ 27.406380] ret_from_fork+0x116/0x1d0 [ 27.406542] ret_from_fork_asm+0x1a/0x30 [ 27.406726] [ 27.406792] The buggy address belongs to the object at ffff888104c4a900 [ 27.406792] which belongs to the cache kmalloc-128 of size 128 [ 27.407541] The buggy address is located 120 bytes inside of [ 27.407541] freed 128-byte region [ffff888104c4a900, ffff888104c4a980) [ 27.408140] [ 27.408239] The buggy address belongs to the physical page: [ 27.408485] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 27.408990] flags: 0x200000000000000(node=0|zone=2) [ 27.409199] page_type: f5(slab) [ 27.409556] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.409939] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.410367] page dumped because: kasan: bad access detected [ 27.410626] [ 27.410715] Memory state around the buggy address: [ 27.411015] ffff888104c4a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.411291] ffff888104c4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.411564] >ffff888104c4a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.411772] ^ [ 27.411974] ffff888104c4a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.412173] ffff888104c4aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.412369] ================================================================== [ 27.364210] ================================================================== [ 27.364886] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 27.365739] Read of size 1 at addr ffff888104c4a900 by task kunit_try_catch/244 [ 27.366125] [ 27.366428] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.366481] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.366539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.366560] Call Trace: [ 27.366595] <TASK> [ 27.366614] dump_stack_lvl+0x73/0xb0 [ 27.366645] print_report+0xd1/0x640 [ 27.366668] ? __virt_addr_valid+0x1db/0x2d0 [ 27.366692] ? ksize_uaf+0x5fe/0x6c0 [ 27.366712] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.366737] ? ksize_uaf+0x5fe/0x6c0 [ 27.366782] kasan_report+0x141/0x180 [ 27.366815] ? ksize_uaf+0x5fe/0x6c0 [ 27.366839] __asan_report_load1_noabort+0x18/0x20 [ 27.366864] ksize_uaf+0x5fe/0x6c0 [ 27.366884] ? __pfx_ksize_uaf+0x10/0x10 [ 27.366920] ? __schedule+0x10da/0x2b60 [ 27.366945] ? __pfx_read_tsc+0x10/0x10 [ 27.366967] ? ktime_get_ts64+0x86/0x230 [ 27.366992] kunit_try_run_case+0x1a5/0x480 [ 27.367017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.367039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.367063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.367088] ? __kthread_parkme+0x82/0x180 [ 27.367108] ? preempt_count_sub+0x50/0x80 [ 27.367131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.367154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.367176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.367199] kthread+0x337/0x6f0 [ 27.367219] ? trace_preempt_on+0x20/0xc0 [ 27.367243] ? __pfx_kthread+0x10/0x10 [ 27.367268] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.367291] ? calculate_sigpending+0x7b/0xa0 [ 27.367314] ? __pfx_kthread+0x10/0x10 [ 27.367335] ret_from_fork+0x116/0x1d0 [ 27.367354] ? __pfx_kthread+0x10/0x10 [ 27.367373] ret_from_fork_asm+0x1a/0x30 [ 27.367405] </TASK> [ 27.367415] [ 27.375869] Allocated by task 244: [ 27.376097] kasan_save_stack+0x45/0x70 [ 27.376306] kasan_save_track+0x18/0x40 [ 27.376479] kasan_save_alloc_info+0x3b/0x50 [ 27.376629] __kasan_kmalloc+0xb7/0xc0 [ 27.377089] __kmalloc_cache_noprof+0x189/0x420 [ 27.377479] ksize_uaf+0xaa/0x6c0 [ 27.377660] kunit_try_run_case+0x1a5/0x480 [ 27.377963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.378182] kthread+0x337/0x6f0 [ 27.378348] ret_from_fork+0x116/0x1d0 [ 27.378690] ret_from_fork_asm+0x1a/0x30 [ 27.378986] [ 27.379081] Freed by task 244: [ 27.379243] kasan_save_stack+0x45/0x70 [ 27.379506] kasan_save_track+0x18/0x40 [ 27.379699] kasan_save_free_info+0x3f/0x60 [ 27.380013] __kasan_slab_free+0x56/0x70 [ 27.380333] kfree+0x222/0x3f0 [ 27.380546] ksize_uaf+0x12c/0x6c0 [ 27.380726] kunit_try_run_case+0x1a5/0x480 [ 27.381018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.381257] kthread+0x337/0x6f0 [ 27.381422] ret_from_fork+0x116/0x1d0 [ 27.381571] ret_from_fork_asm+0x1a/0x30 [ 27.382129] [ 27.382269] The buggy address belongs to the object at ffff888104c4a900 [ 27.382269] which belongs to the cache kmalloc-128 of size 128 [ 27.382833] The buggy address is located 0 bytes inside of [ 27.382833] freed 128-byte region [ffff888104c4a900, ffff888104c4a980) [ 27.383389] [ 27.383485] The buggy address belongs to the physical page: [ 27.383754] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 27.384206] flags: 0x200000000000000(node=0|zone=2) [ 27.384466] page_type: f5(slab) [ 27.384654] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.385111] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.385444] page dumped because: kasan: bad access detected [ 27.385691] [ 27.385793] Memory state around the buggy address: [ 27.386061] ffff888104c4a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.386382] ffff888104c4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.386694] >ffff888104c4a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.387275] ^ [ 27.387621] ffff888104c4a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.388150] ffff888104c4aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.388358] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 27.267303] ================================================================== [ 27.267787] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 27.268322] Read of size 1 at addr ffff888105454973 by task kunit_try_catch/242 [ 27.268628] [ 27.268760] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.268809] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.268822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.268842] Call Trace: [ 27.268855] <TASK> [ 27.268872] dump_stack_lvl+0x73/0xb0 [ 27.268899] print_report+0xd1/0x640 [ 27.268921] ? __virt_addr_valid+0x1db/0x2d0 [ 27.268944] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.268966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.269041] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.269066] kasan_report+0x141/0x180 [ 27.269088] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 27.269147] __asan_report_load1_noabort+0x18/0x20 [ 27.269179] ksize_unpoisons_memory+0x81c/0x9b0 [ 27.269203] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.269227] ? __kasan_check_write+0x18/0x20 [ 27.269249] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.269273] ? irqentry_exit+0x2a/0x60 [ 27.269303] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.269325] ? trace_hardirqs_on+0x37/0xe0 [ 27.269349] ? __pfx_read_tsc+0x10/0x10 [ 27.269381] ? ktime_get_ts64+0x86/0x230 [ 27.269406] kunit_try_run_case+0x1a5/0x480 [ 27.269430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.269454] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.269478] ? __kthread_parkme+0x82/0x180 [ 27.269506] ? preempt_count_sub+0x50/0x80 [ 27.269529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.269552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.269595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.269617] kthread+0x337/0x6f0 [ 27.269637] ? trace_preempt_on+0x20/0xc0 [ 27.269658] ? __pfx_kthread+0x10/0x10 [ 27.269678] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.269700] ? calculate_sigpending+0x7b/0xa0 [ 27.269723] ? __pfx_kthread+0x10/0x10 [ 27.269743] ret_from_fork+0x116/0x1d0 [ 27.269762] ? __pfx_kthread+0x10/0x10 [ 27.269781] ret_from_fork_asm+0x1a/0x30 [ 27.269933] </TASK> [ 27.269944] [ 27.278396] Allocated by task 242: [ 27.278566] kasan_save_stack+0x45/0x70 [ 27.278775] kasan_save_track+0x18/0x40 [ 27.278989] kasan_save_alloc_info+0x3b/0x50 [ 27.279245] __kasan_kmalloc+0xb7/0xc0 [ 27.279443] __kmalloc_cache_noprof+0x189/0x420 [ 27.279662] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.279908] kunit_try_run_case+0x1a5/0x480 [ 27.280059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.280371] kthread+0x337/0x6f0 [ 27.280623] ret_from_fork+0x116/0x1d0 [ 27.280758] ret_from_fork_asm+0x1a/0x30 [ 27.280996] [ 27.281212] The buggy address belongs to the object at ffff888105454900 [ 27.281212] which belongs to the cache kmalloc-128 of size 128 [ 27.281727] The buggy address is located 0 bytes to the right of [ 27.281727] allocated 115-byte region [ffff888105454900, ffff888105454973) [ 27.282481] [ 27.282606] The buggy address belongs to the physical page: [ 27.282888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 27.283131] flags: 0x200000000000000(node=0|zone=2) [ 27.283295] page_type: f5(slab) [ 27.283409] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.283680] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.284004] page dumped because: kasan: bad access detected [ 27.284247] [ 27.284391] Memory state around the buggy address: [ 27.284656] ffff888105454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.284965] ffff888105454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.285289] >ffff888105454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.285505] ^ [ 27.285880] ffff888105454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.286349] ffff888105454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.286670] ================================================================== [ 27.306064] ================================================================== [ 27.306299] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.306526] Read of size 1 at addr ffff88810545497f by task kunit_try_catch/242 [ 27.307080] [ 27.307212] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.307268] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.307293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.307313] Call Trace: [ 27.307329] <TASK> [ 27.307344] dump_stack_lvl+0x73/0xb0 [ 27.307369] print_report+0xd1/0x640 [ 27.307390] ? __virt_addr_valid+0x1db/0x2d0 [ 27.307423] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.307445] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.307470] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.307503] kasan_report+0x141/0x180 [ 27.307525] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.307553] __asan_report_load1_noabort+0x18/0x20 [ 27.307594] ksize_unpoisons_memory+0x7b6/0x9b0 [ 27.307617] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.307640] ? __kasan_check_write+0x18/0x20 [ 27.307673] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.307697] ? irqentry_exit+0x2a/0x60 [ 27.307717] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.307738] ? trace_hardirqs_on+0x37/0xe0 [ 27.307761] ? __pfx_read_tsc+0x10/0x10 [ 27.307790] ? ktime_get_ts64+0x86/0x230 [ 27.307815] kunit_try_run_case+0x1a5/0x480 [ 27.307849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.307949] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.307975] ? __kthread_parkme+0x82/0x180 [ 27.308005] ? preempt_count_sub+0x50/0x80 [ 27.308027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.308050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.308084] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.308107] kthread+0x337/0x6f0 [ 27.308127] ? trace_preempt_on+0x20/0xc0 [ 27.308149] ? __pfx_kthread+0x10/0x10 [ 27.308169] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.308200] ? calculate_sigpending+0x7b/0xa0 [ 27.308224] ? __pfx_kthread+0x10/0x10 [ 27.308244] ret_from_fork+0x116/0x1d0 [ 27.308273] ? __pfx_kthread+0x10/0x10 [ 27.308293] ret_from_fork_asm+0x1a/0x30 [ 27.308323] </TASK> [ 27.308333] [ 27.316541] Allocated by task 242: [ 27.316725] kasan_save_stack+0x45/0x70 [ 27.317044] kasan_save_track+0x18/0x40 [ 27.317222] kasan_save_alloc_info+0x3b/0x50 [ 27.317365] __kasan_kmalloc+0xb7/0xc0 [ 27.317490] __kmalloc_cache_noprof+0x189/0x420 [ 27.317651] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.317795] kunit_try_run_case+0x1a5/0x480 [ 27.317934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.318106] kthread+0x337/0x6f0 [ 27.318222] ret_from_fork+0x116/0x1d0 [ 27.318346] ret_from_fork_asm+0x1a/0x30 [ 27.318478] [ 27.318612] The buggy address belongs to the object at ffff888105454900 [ 27.318612] which belongs to the cache kmalloc-128 of size 128 [ 27.319826] The buggy address is located 12 bytes to the right of [ 27.319826] allocated 115-byte region [ffff888105454900, ffff888105454973) [ 27.321792] [ 27.322242] The buggy address belongs to the physical page: [ 27.323241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 27.323634] flags: 0x200000000000000(node=0|zone=2) [ 27.323856] page_type: f5(slab) [ 27.324115] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.324417] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.325338] page dumped because: kasan: bad access detected [ 27.325603] [ 27.325691] Memory state around the buggy address: [ 27.326078] ffff888105454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.326359] ffff888105454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.326654] >ffff888105454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.327586] ^ [ 27.328224] ffff888105454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.328767] ffff888105454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.329528] ================================================================== [ 27.287155] ================================================================== [ 27.287387] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.287766] Read of size 1 at addr ffff888105454978 by task kunit_try_catch/242 [ 27.288082] [ 27.288180] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.288225] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.288237] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.288256] Call Trace: [ 27.288269] <TASK> [ 27.288282] dump_stack_lvl+0x73/0xb0 [ 27.288306] print_report+0xd1/0x640 [ 27.288326] ? __virt_addr_valid+0x1db/0x2d0 [ 27.288348] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.288369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.288393] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.288415] kasan_report+0x141/0x180 [ 27.288436] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.288462] __asan_report_load1_noabort+0x18/0x20 [ 27.288485] ksize_unpoisons_memory+0x7e9/0x9b0 [ 27.288507] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 27.288530] ? __kasan_check_write+0x18/0x20 [ 27.288552] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.288586] ? irqentry_exit+0x2a/0x60 [ 27.288605] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 27.288686] ? trace_hardirqs_on+0x37/0xe0 [ 27.288714] ? __pfx_read_tsc+0x10/0x10 [ 27.288734] ? ktime_get_ts64+0x86/0x230 [ 27.288758] kunit_try_run_case+0x1a5/0x480 [ 27.288831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.288872] ? queued_spin_lock_slowpath+0x116/0xb40 [ 27.288897] ? __kthread_parkme+0x82/0x180 [ 27.288916] ? preempt_count_sub+0x50/0x80 [ 27.288960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.288983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.289005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.289028] kthread+0x337/0x6f0 [ 27.289048] ? trace_preempt_on+0x20/0xc0 [ 27.289069] ? __pfx_kthread+0x10/0x10 [ 27.289089] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.289111] ? calculate_sigpending+0x7b/0xa0 [ 27.289135] ? __pfx_kthread+0x10/0x10 [ 27.289155] ret_from_fork+0x116/0x1d0 [ 27.289173] ? __pfx_kthread+0x10/0x10 [ 27.289193] ret_from_fork_asm+0x1a/0x30 [ 27.289223] </TASK> [ 27.289233] [ 27.297192] Allocated by task 242: [ 27.297485] kasan_save_stack+0x45/0x70 [ 27.297688] kasan_save_track+0x18/0x40 [ 27.297880] kasan_save_alloc_info+0x3b/0x50 [ 27.298375] __kasan_kmalloc+0xb7/0xc0 [ 27.298565] __kmalloc_cache_noprof+0x189/0x420 [ 27.298837] ksize_unpoisons_memory+0xc7/0x9b0 [ 27.299088] kunit_try_run_case+0x1a5/0x480 [ 27.299294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.299497] kthread+0x337/0x6f0 [ 27.299621] ret_from_fork+0x116/0x1d0 [ 27.299745] ret_from_fork_asm+0x1a/0x30 [ 27.299877] [ 27.299942] The buggy address belongs to the object at ffff888105454900 [ 27.299942] which belongs to the cache kmalloc-128 of size 128 [ 27.300289] The buggy address is located 5 bytes to the right of [ 27.300289] allocated 115-byte region [ffff888105454900, ffff888105454973) [ 27.300724] [ 27.300897] The buggy address belongs to the physical page: [ 27.301156] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 27.301500] flags: 0x200000000000000(node=0|zone=2) [ 27.301740] page_type: f5(slab) [ 27.302200] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.302554] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.303067] page dumped because: kasan: bad access detected [ 27.303247] [ 27.303313] Memory state around the buggy address: [ 27.303461] ffff888105454800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.303681] ffff888105454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.303891] >ffff888105454900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.304201] ^ [ 27.304510] ffff888105454980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.304931] ffff888105454a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.305296] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 27.231132] ================================================================== [ 27.232001] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 27.232957] Free of addr ffff888105424ae0 by task kunit_try_catch/240 [ 27.233759] [ 27.233962] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.234033] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.234046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.234068] Call Trace: [ 27.234081] <TASK> [ 27.234099] dump_stack_lvl+0x73/0xb0 [ 27.234127] print_report+0xd1/0x640 [ 27.234151] ? __virt_addr_valid+0x1db/0x2d0 [ 27.234176] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.234203] ? kfree_sensitive+0x2e/0x90 [ 27.234225] kasan_report_invalid_free+0x10a/0x130 [ 27.234249] ? kfree_sensitive+0x2e/0x90 [ 27.234270] ? kfree_sensitive+0x2e/0x90 [ 27.234289] check_slab_allocation+0x101/0x130 [ 27.234312] __kasan_slab_pre_free+0x28/0x40 [ 27.234332] kfree+0xf0/0x3f0 [ 27.234355] ? kfree_sensitive+0x2e/0x90 [ 27.234376] kfree_sensitive+0x2e/0x90 [ 27.234395] kmalloc_double_kzfree+0x19c/0x350 [ 27.234418] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 27.234441] ? __schedule+0x10da/0x2b60 [ 27.234465] ? __pfx_read_tsc+0x10/0x10 [ 27.234486] ? ktime_get_ts64+0x86/0x230 [ 27.234510] kunit_try_run_case+0x1a5/0x480 [ 27.234533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.234555] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.234591] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.234628] ? __kthread_parkme+0x82/0x180 [ 27.234664] ? preempt_count_sub+0x50/0x80 [ 27.234705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.234728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.234751] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.234773] kthread+0x337/0x6f0 [ 27.234802] ? trace_preempt_on+0x20/0xc0 [ 27.234825] ? __pfx_kthread+0x10/0x10 [ 27.234845] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.234867] ? calculate_sigpending+0x7b/0xa0 [ 27.234891] ? __pfx_kthread+0x10/0x10 [ 27.234911] ret_from_fork+0x116/0x1d0 [ 27.234930] ? __pfx_kthread+0x10/0x10 [ 27.234958] ret_from_fork_asm+0x1a/0x30 [ 27.234989] </TASK> [ 27.235000] [ 27.248426] Allocated by task 240: [ 27.248860] kasan_save_stack+0x45/0x70 [ 27.249365] kasan_save_track+0x18/0x40 [ 27.249757] kasan_save_alloc_info+0x3b/0x50 [ 27.250068] __kasan_kmalloc+0xb7/0xc0 [ 27.250313] __kmalloc_cache_noprof+0x189/0x420 [ 27.250708] kmalloc_double_kzfree+0xa9/0x350 [ 27.251171] kunit_try_run_case+0x1a5/0x480 [ 27.251551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.251733] kthread+0x337/0x6f0 [ 27.252060] ret_from_fork+0x116/0x1d0 [ 27.252422] ret_from_fork_asm+0x1a/0x30 [ 27.252807] [ 27.253018] Freed by task 240: [ 27.253250] kasan_save_stack+0x45/0x70 [ 27.253561] kasan_save_track+0x18/0x40 [ 27.253703] kasan_save_free_info+0x3f/0x60 [ 27.253910] __kasan_slab_free+0x56/0x70 [ 27.254333] kfree+0x222/0x3f0 [ 27.254696] kfree_sensitive+0x67/0x90 [ 27.255119] kmalloc_double_kzfree+0x12b/0x350 [ 27.255666] kunit_try_run_case+0x1a5/0x480 [ 27.256007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.256186] kthread+0x337/0x6f0 [ 27.256300] ret_from_fork+0x116/0x1d0 [ 27.256425] ret_from_fork_asm+0x1a/0x30 [ 27.256557] [ 27.256637] The buggy address belongs to the object at ffff888105424ae0 [ 27.256637] which belongs to the cache kmalloc-16 of size 16 [ 27.257052] The buggy address is located 0 bytes inside of [ 27.257052] 16-byte region [ffff888105424ae0, ffff888105424af0) [ 27.257643] [ 27.257718] The buggy address belongs to the physical page: [ 27.258052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105424 [ 27.258433] flags: 0x200000000000000(node=0|zone=2) [ 27.258641] page_type: f5(slab) [ 27.258893] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.259229] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.259516] page dumped because: kasan: bad access detected [ 27.259739] [ 27.259803] Memory state around the buggy address: [ 27.260179] ffff888105424980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260497] ffff888105424a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.260884] >ffff888105424a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.261256] ^ [ 27.261447] ffff888105424b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.261794] ffff888105424b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.262120] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 27.194659] ================================================================== [ 27.196328] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 27.197137] Read of size 1 at addr ffff888105424ae0 by task kunit_try_catch/240 [ 27.197993] [ 27.198185] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.198264] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.198277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.198299] Call Trace: [ 27.198313] <TASK> [ 27.198333] dump_stack_lvl+0x73/0xb0 [ 27.198374] print_report+0xd1/0x640 [ 27.198399] ? __virt_addr_valid+0x1db/0x2d0 [ 27.198425] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.198447] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.198472] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.198526] kasan_report+0x141/0x180 [ 27.198549] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.198584] ? kmalloc_double_kzfree+0x19c/0x350 [ 27.198607] __kasan_check_byte+0x3d/0x50 [ 27.198629] kfree_sensitive+0x22/0x90 [ 27.198651] kmalloc_double_kzfree+0x19c/0x350 [ 27.198674] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 27.198699] ? __schedule+0x10da/0x2b60 [ 27.198724] ? __pfx_read_tsc+0x10/0x10 [ 27.198746] ? ktime_get_ts64+0x86/0x230 [ 27.198772] kunit_try_run_case+0x1a5/0x480 [ 27.198823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.198845] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.198890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.198915] ? __kthread_parkme+0x82/0x180 [ 27.198937] ? preempt_count_sub+0x50/0x80 [ 27.198971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.198995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.199018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.199041] kthread+0x337/0x6f0 [ 27.199061] ? trace_preempt_on+0x20/0xc0 [ 27.199086] ? __pfx_kthread+0x10/0x10 [ 27.199106] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.199128] ? calculate_sigpending+0x7b/0xa0 [ 27.199152] ? __pfx_kthread+0x10/0x10 [ 27.199173] ret_from_fork+0x116/0x1d0 [ 27.199192] ? __pfx_kthread+0x10/0x10 [ 27.199212] ret_from_fork_asm+0x1a/0x30 [ 27.199243] </TASK> [ 27.199259] [ 27.213063] Allocated by task 240: [ 27.213206] kasan_save_stack+0x45/0x70 [ 27.213353] kasan_save_track+0x18/0x40 [ 27.213480] kasan_save_alloc_info+0x3b/0x50 [ 27.213803] __kasan_kmalloc+0xb7/0xc0 [ 27.214363] __kmalloc_cache_noprof+0x189/0x420 [ 27.214534] kmalloc_double_kzfree+0xa9/0x350 [ 27.214696] kunit_try_run_case+0x1a5/0x480 [ 27.215352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.216140] kthread+0x337/0x6f0 [ 27.216472] ret_from_fork+0x116/0x1d0 [ 27.216618] ret_from_fork_asm+0x1a/0x30 [ 27.216755] [ 27.216972] Freed by task 240: [ 27.217316] kasan_save_stack+0x45/0x70 [ 27.217712] kasan_save_track+0x18/0x40 [ 27.218217] kasan_save_free_info+0x3f/0x60 [ 27.218560] __kasan_slab_free+0x56/0x70 [ 27.218715] kfree+0x222/0x3f0 [ 27.218855] kfree_sensitive+0x67/0x90 [ 27.219365] kmalloc_double_kzfree+0x12b/0x350 [ 27.219837] kunit_try_run_case+0x1a5/0x480 [ 27.220269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.220846] kthread+0x337/0x6f0 [ 27.221041] ret_from_fork+0x116/0x1d0 [ 27.221424] ret_from_fork_asm+0x1a/0x30 [ 27.221613] [ 27.221681] The buggy address belongs to the object at ffff888105424ae0 [ 27.221681] which belongs to the cache kmalloc-16 of size 16 [ 27.222927] The buggy address is located 0 bytes inside of [ 27.222927] freed 16-byte region [ffff888105424ae0, ffff888105424af0) [ 27.223656] [ 27.223846] The buggy address belongs to the physical page: [ 27.224522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105424 [ 27.224964] flags: 0x200000000000000(node=0|zone=2) [ 27.225133] page_type: f5(slab) [ 27.225254] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.225478] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.225978] page dumped because: kasan: bad access detected [ 27.226560] [ 27.226717] Memory state around the buggy address: [ 27.227401] ffff888105424980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.228079] ffff888105424a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.228769] >ffff888105424a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.229512] ^ [ 27.229993] ffff888105424b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.230470] ffff888105424b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.230688] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 27.150958] ================================================================== [ 27.152170] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 27.152756] Read of size 1 at addr ffff8881054640a8 by task kunit_try_catch/236 [ 27.152996] [ 27.153087] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.153143] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.153157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.153180] Call Trace: [ 27.153193] <TASK> [ 27.153214] dump_stack_lvl+0x73/0xb0 [ 27.153246] print_report+0xd1/0x640 [ 27.153269] ? __virt_addr_valid+0x1db/0x2d0 [ 27.153293] ? kmalloc_uaf2+0x4a8/0x520 [ 27.153313] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.153339] ? kmalloc_uaf2+0x4a8/0x520 [ 27.153360] kasan_report+0x141/0x180 [ 27.153382] ? kmalloc_uaf2+0x4a8/0x520 [ 27.153408] __asan_report_load1_noabort+0x18/0x20 [ 27.153432] kmalloc_uaf2+0x4a8/0x520 [ 27.153452] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 27.153471] ? finish_task_switch.isra.0+0x153/0x700 [ 27.153492] ? __switch_to+0x47/0xf80 [ 27.153520] ? __schedule+0x10da/0x2b60 [ 27.153545] ? __pfx_read_tsc+0x10/0x10 [ 27.153566] ? ktime_get_ts64+0x86/0x230 [ 27.153602] kunit_try_run_case+0x1a5/0x480 [ 27.153630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.153654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.153679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.153703] ? __kthread_parkme+0x82/0x180 [ 27.153724] ? preempt_count_sub+0x50/0x80 [ 27.153747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.153770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.153793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.153816] kthread+0x337/0x6f0 [ 27.153838] ? trace_preempt_on+0x20/0xc0 [ 27.153862] ? __pfx_kthread+0x10/0x10 [ 27.153882] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.153905] ? calculate_sigpending+0x7b/0xa0 [ 27.153928] ? __pfx_kthread+0x10/0x10 [ 27.153949] ret_from_fork+0x116/0x1d0 [ 27.153968] ? __pfx_kthread+0x10/0x10 [ 27.153988] ret_from_fork_asm+0x1a/0x30 [ 27.154019] </TASK> [ 27.154030] [ 27.168198] Allocated by task 236: [ 27.168611] kasan_save_stack+0x45/0x70 [ 27.169142] kasan_save_track+0x18/0x40 [ 27.169619] kasan_save_alloc_info+0x3b/0x50 [ 27.170184] __kasan_kmalloc+0xb7/0xc0 [ 27.170608] __kmalloc_cache_noprof+0x189/0x420 [ 27.171157] kmalloc_uaf2+0xc6/0x520 [ 27.171569] kunit_try_run_case+0x1a5/0x480 [ 27.172067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.172641] kthread+0x337/0x6f0 [ 27.173044] ret_from_fork+0x116/0x1d0 [ 27.173457] ret_from_fork_asm+0x1a/0x30 [ 27.173889] [ 27.174137] Freed by task 236: [ 27.174442] kasan_save_stack+0x45/0x70 [ 27.174589] kasan_save_track+0x18/0x40 [ 27.174717] kasan_save_free_info+0x3f/0x60 [ 27.174864] __kasan_slab_free+0x56/0x70 [ 27.174996] kfree+0x222/0x3f0 [ 27.175108] kmalloc_uaf2+0x14c/0x520 [ 27.175232] kunit_try_run_case+0x1a5/0x480 [ 27.175382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.175548] kthread+0x337/0x6f0 [ 27.175670] ret_from_fork+0x116/0x1d0 [ 27.175796] ret_from_fork_asm+0x1a/0x30 [ 27.175932] [ 27.175997] The buggy address belongs to the object at ffff888105464080 [ 27.175997] which belongs to the cache kmalloc-64 of size 64 [ 27.176343] The buggy address is located 40 bytes inside of [ 27.176343] freed 64-byte region [ffff888105464080, ffff8881054640c0) [ 27.177749] [ 27.177922] The buggy address belongs to the physical page: [ 27.178497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105464 [ 27.179410] flags: 0x200000000000000(node=0|zone=2) [ 27.179918] page_type: f5(slab) [ 27.180217] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.181031] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.181696] page dumped because: kasan: bad access detected [ 27.182399] [ 27.182591] Memory state around the buggy address: [ 27.183067] ffff888105463f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.183817] ffff888105464000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.184558] >ffff888105464080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.185369] ^ [ 27.185795] ffff888105464100: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 27.186608] ffff888105464180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.187292] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 27.124621] ================================================================== [ 27.125184] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 27.125477] Write of size 33 at addr ffff888105464000 by task kunit_try_catch/234 [ 27.125778] [ 27.125946] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.125998] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.126012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.126033] Call Trace: [ 27.126046] <TASK> [ 27.126064] dump_stack_lvl+0x73/0xb0 [ 27.126092] print_report+0xd1/0x640 [ 27.126172] ? __virt_addr_valid+0x1db/0x2d0 [ 27.126197] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.126218] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.126242] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.126263] kasan_report+0x141/0x180 [ 27.126284] ? kmalloc_uaf_memset+0x1a3/0x360 [ 27.126309] kasan_check_range+0x10c/0x1c0 [ 27.126332] __asan_memset+0x27/0x50 [ 27.126354] kmalloc_uaf_memset+0x1a3/0x360 [ 27.126375] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 27.126396] ? __schedule+0x10da/0x2b60 [ 27.126425] ? __pfx_read_tsc+0x10/0x10 [ 27.126447] ? ktime_get_ts64+0x86/0x230 [ 27.126472] kunit_try_run_case+0x1a5/0x480 [ 27.126498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.126519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.126544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.126568] ? __kthread_parkme+0x82/0x180 [ 27.126600] ? preempt_count_sub+0x50/0x80 [ 27.126622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.126645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.126667] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.126690] kthread+0x337/0x6f0 [ 27.126709] ? trace_preempt_on+0x20/0xc0 [ 27.126733] ? __pfx_kthread+0x10/0x10 [ 27.126753] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.126775] ? calculate_sigpending+0x7b/0xa0 [ 27.126954] ? __pfx_kthread+0x10/0x10 [ 27.126976] ret_from_fork+0x116/0x1d0 [ 27.126996] ? __pfx_kthread+0x10/0x10 [ 27.127016] ret_from_fork_asm+0x1a/0x30 [ 27.127048] </TASK> [ 27.127058] [ 27.134180] Allocated by task 234: [ 27.134356] kasan_save_stack+0x45/0x70 [ 27.134534] kasan_save_track+0x18/0x40 [ 27.134689] kasan_save_alloc_info+0x3b/0x50 [ 27.134831] __kasan_kmalloc+0xb7/0xc0 [ 27.135237] __kmalloc_cache_noprof+0x189/0x420 [ 27.135492] kmalloc_uaf_memset+0xa9/0x360 [ 27.135674] kunit_try_run_case+0x1a5/0x480 [ 27.135980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.136248] kthread+0x337/0x6f0 [ 27.136363] ret_from_fork+0x116/0x1d0 [ 27.136487] ret_from_fork_asm+0x1a/0x30 [ 27.136653] [ 27.136744] Freed by task 234: [ 27.136890] kasan_save_stack+0x45/0x70 [ 27.137081] kasan_save_track+0x18/0x40 [ 27.137376] kasan_save_free_info+0x3f/0x60 [ 27.137672] __kasan_slab_free+0x56/0x70 [ 27.139153] kfree+0x222/0x3f0 [ 27.139365] kmalloc_uaf_memset+0x12b/0x360 [ 27.139570] kunit_try_run_case+0x1a5/0x480 [ 27.139746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.140036] kthread+0x337/0x6f0 [ 27.140209] ret_from_fork+0x116/0x1d0 [ 27.140357] ret_from_fork_asm+0x1a/0x30 [ 27.140555] [ 27.140649] The buggy address belongs to the object at ffff888105464000 [ 27.140649] which belongs to the cache kmalloc-64 of size 64 [ 27.141202] The buggy address is located 0 bytes inside of [ 27.141202] freed 64-byte region [ffff888105464000, ffff888105464040) [ 27.141557] [ 27.141663] The buggy address belongs to the physical page: [ 27.141924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105464 [ 27.142558] flags: 0x200000000000000(node=0|zone=2) [ 27.142739] page_type: f5(slab) [ 27.143044] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.143356] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.143650] page dumped because: kasan: bad access detected [ 27.143864] [ 27.143949] Memory state around the buggy address: [ 27.144134] ffff888105463f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.144680] ffff888105463f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.145080] >ffff888105464000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.145293] ^ [ 27.145433] ffff888105464080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.145756] ffff888105464100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.146055] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 27.097836] ================================================================== [ 27.098593] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 27.099227] Read of size 1 at addr ffff888105424ac8 by task kunit_try_catch/232 [ 27.099603] [ 27.099709] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.099761] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.099774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.099797] Call Trace: [ 27.099809] <TASK> [ 27.099913] dump_stack_lvl+0x73/0xb0 [ 27.099950] print_report+0xd1/0x640 [ 27.099974] ? __virt_addr_valid+0x1db/0x2d0 [ 27.099999] ? kmalloc_uaf+0x320/0x380 [ 27.100040] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.100079] ? kmalloc_uaf+0x320/0x380 [ 27.100099] kasan_report+0x141/0x180 [ 27.100121] ? kmalloc_uaf+0x320/0x380 [ 27.100146] __asan_report_load1_noabort+0x18/0x20 [ 27.100170] kmalloc_uaf+0x320/0x380 [ 27.100190] ? __pfx_kmalloc_uaf+0x10/0x10 [ 27.100210] ? __schedule+0x10da/0x2b60 [ 27.100236] ? __pfx_read_tsc+0x10/0x10 [ 27.100257] ? ktime_get_ts64+0x86/0x230 [ 27.100283] kunit_try_run_case+0x1a5/0x480 [ 27.100308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.100355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.100380] ? __kthread_parkme+0x82/0x180 [ 27.100400] ? preempt_count_sub+0x50/0x80 [ 27.100424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.100447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.100470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.100492] kthread+0x337/0x6f0 [ 27.100513] ? trace_preempt_on+0x20/0xc0 [ 27.100536] ? __pfx_kthread+0x10/0x10 [ 27.100556] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.100590] ? calculate_sigpending+0x7b/0xa0 [ 27.100613] ? __pfx_kthread+0x10/0x10 [ 27.100634] ret_from_fork+0x116/0x1d0 [ 27.100654] ? __pfx_kthread+0x10/0x10 [ 27.100674] ret_from_fork_asm+0x1a/0x30 [ 27.100705] </TASK> [ 27.100716] [ 27.108172] Allocated by task 232: [ 27.108308] kasan_save_stack+0x45/0x70 [ 27.108471] kasan_save_track+0x18/0x40 [ 27.108673] kasan_save_alloc_info+0x3b/0x50 [ 27.109059] __kasan_kmalloc+0xb7/0xc0 [ 27.109236] __kmalloc_cache_noprof+0x189/0x420 [ 27.109455] kmalloc_uaf+0xaa/0x380 [ 27.109636] kunit_try_run_case+0x1a5/0x480 [ 27.109841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.110311] kthread+0x337/0x6f0 [ 27.110462] ret_from_fork+0x116/0x1d0 [ 27.110598] ret_from_fork_asm+0x1a/0x30 [ 27.110845] [ 27.110964] Freed by task 232: [ 27.111113] kasan_save_stack+0x45/0x70 [ 27.111303] kasan_save_track+0x18/0x40 [ 27.111498] kasan_save_free_info+0x3f/0x60 [ 27.111663] __kasan_slab_free+0x56/0x70 [ 27.111961] kfree+0x222/0x3f0 [ 27.112103] kmalloc_uaf+0x12c/0x380 [ 27.112277] kunit_try_run_case+0x1a5/0x480 [ 27.112441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.112727] kthread+0x337/0x6f0 [ 27.112911] ret_from_fork+0x116/0x1d0 [ 27.113066] ret_from_fork_asm+0x1a/0x30 [ 27.113194] [ 27.113284] The buggy address belongs to the object at ffff888105424ac0 [ 27.113284] which belongs to the cache kmalloc-16 of size 16 [ 27.114177] The buggy address is located 8 bytes inside of [ 27.114177] freed 16-byte region [ffff888105424ac0, ffff888105424ad0) [ 27.114748] [ 27.114850] The buggy address belongs to the physical page: [ 27.115129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105424 [ 27.115476] flags: 0x200000000000000(node=0|zone=2) [ 27.115735] page_type: f5(slab) [ 27.115898] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.116222] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.116743] page dumped because: kasan: bad access detected [ 27.116981] [ 27.117061] Memory state around the buggy address: [ 27.117205] ffff888105424980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.117401] ffff888105424a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.117610] >ffff888105424a80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 27.117812] ^ [ 27.118329] ffff888105424b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.118649] ffff888105424b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.119294] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 27.068502] ================================================================== [ 27.069032] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.069553] Read of size 64 at addr ffff888104a01904 by task kunit_try_catch/230 [ 27.069885] [ 27.070061] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.070117] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.070363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.070389] Call Trace: [ 27.070426] <TASK> [ 27.070447] dump_stack_lvl+0x73/0xb0 [ 27.070558] print_report+0xd1/0x640 [ 27.070599] ? __virt_addr_valid+0x1db/0x2d0 [ 27.070625] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.070648] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.070673] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.070696] kasan_report+0x141/0x180 [ 27.070717] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.070745] kasan_check_range+0x10c/0x1c0 [ 27.070768] __asan_memmove+0x27/0x70 [ 27.070989] kmalloc_memmove_invalid_size+0x16f/0x330 [ 27.071016] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 27.071041] ? __schedule+0x10da/0x2b60 [ 27.071068] ? __pfx_read_tsc+0x10/0x10 [ 27.071091] ? ktime_get_ts64+0x86/0x230 [ 27.071117] kunit_try_run_case+0x1a5/0x480 [ 27.071144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.071165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.071189] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.071213] ? __kthread_parkme+0x82/0x180 [ 27.071234] ? preempt_count_sub+0x50/0x80 [ 27.071265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.071288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.071311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.071333] kthread+0x337/0x6f0 [ 27.071353] ? trace_preempt_on+0x20/0xc0 [ 27.071377] ? __pfx_kthread+0x10/0x10 [ 27.071396] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.071419] ? calculate_sigpending+0x7b/0xa0 [ 27.071442] ? __pfx_kthread+0x10/0x10 [ 27.071463] ret_from_fork+0x116/0x1d0 [ 27.071482] ? __pfx_kthread+0x10/0x10 [ 27.071502] ret_from_fork_asm+0x1a/0x30 [ 27.071534] </TASK> [ 27.071545] [ 27.082715] Allocated by task 230: [ 27.083210] kasan_save_stack+0x45/0x70 [ 27.083453] kasan_save_track+0x18/0x40 [ 27.083642] kasan_save_alloc_info+0x3b/0x50 [ 27.084482] __kasan_kmalloc+0xb7/0xc0 [ 27.084699] __kmalloc_cache_noprof+0x189/0x420 [ 27.085095] kmalloc_memmove_invalid_size+0xac/0x330 [ 27.085352] kunit_try_run_case+0x1a5/0x480 [ 27.085702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.086110] kthread+0x337/0x6f0 [ 27.086402] ret_from_fork+0x116/0x1d0 [ 27.086561] ret_from_fork_asm+0x1a/0x30 [ 27.086867] [ 27.087019] The buggy address belongs to the object at ffff888104a01900 [ 27.087019] which belongs to the cache kmalloc-64 of size 64 [ 27.087722] The buggy address is located 4 bytes inside of [ 27.087722] allocated 64-byte region [ffff888104a01900, ffff888104a01940) [ 27.088642] [ 27.088960] The buggy address belongs to the physical page: [ 27.089203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104a01 [ 27.089624] flags: 0x200000000000000(node=0|zone=2) [ 27.089879] page_type: f5(slab) [ 27.090190] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.090494] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.090881] page dumped because: kasan: bad access detected [ 27.091205] [ 27.091293] Memory state around the buggy address: [ 27.091524] ffff888104a01800: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 27.091858] ffff888104a01880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.092187] >ffff888104a01900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.092505] ^ [ 27.092747] ffff888104a01980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.092950] ffff888104a01a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.093315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 27.041219] ================================================================== [ 27.041687] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 27.042337] Read of size 18446744073709551614 at addr ffff88810545ee04 by task kunit_try_catch/228 [ 27.043105] [ 27.043227] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.043292] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.043305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.043328] Call Trace: [ 27.043341] <TASK> [ 27.043362] dump_stack_lvl+0x73/0xb0 [ 27.043399] print_report+0xd1/0x640 [ 27.043425] ? __virt_addr_valid+0x1db/0x2d0 [ 27.043451] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.043699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.043726] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.043776] kasan_report+0x141/0x180 [ 27.043879] ? kmalloc_memmove_negative_size+0x171/0x330 [ 27.043909] kasan_check_range+0x10c/0x1c0 [ 27.043933] __asan_memmove+0x27/0x70 [ 27.043956] kmalloc_memmove_negative_size+0x171/0x330 [ 27.043981] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 27.044006] ? __schedule+0x10da/0x2b60 [ 27.044032] ? __pfx_read_tsc+0x10/0x10 [ 27.044053] ? ktime_get_ts64+0x86/0x230 [ 27.044078] kunit_try_run_case+0x1a5/0x480 [ 27.044103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.044125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.044149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.044174] ? __kthread_parkme+0x82/0x180 [ 27.044195] ? preempt_count_sub+0x50/0x80 [ 27.044218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.044241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.044263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.044286] kthread+0x337/0x6f0 [ 27.044306] ? trace_preempt_on+0x20/0xc0 [ 27.044329] ? __pfx_kthread+0x10/0x10 [ 27.044349] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.044372] ? calculate_sigpending+0x7b/0xa0 [ 27.044396] ? __pfx_kthread+0x10/0x10 [ 27.044417] ret_from_fork+0x116/0x1d0 [ 27.044436] ? __pfx_kthread+0x10/0x10 [ 27.044456] ret_from_fork_asm+0x1a/0x30 [ 27.044488] </TASK> [ 27.044500] [ 27.054595] Allocated by task 228: [ 27.055077] kasan_save_stack+0x45/0x70 [ 27.055298] kasan_save_track+0x18/0x40 [ 27.055481] kasan_save_alloc_info+0x3b/0x50 [ 27.055683] __kasan_kmalloc+0xb7/0xc0 [ 27.056133] __kmalloc_cache_noprof+0x189/0x420 [ 27.056361] kmalloc_memmove_negative_size+0xac/0x330 [ 27.056653] kunit_try_run_case+0x1a5/0x480 [ 27.056821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.057296] kthread+0x337/0x6f0 [ 27.057446] ret_from_fork+0x116/0x1d0 [ 27.057637] ret_from_fork_asm+0x1a/0x30 [ 27.057807] [ 27.057902] The buggy address belongs to the object at ffff88810545ee00 [ 27.057902] which belongs to the cache kmalloc-64 of size 64 [ 27.058361] The buggy address is located 4 bytes inside of [ 27.058361] 64-byte region [ffff88810545ee00, ffff88810545ee40) [ 27.058787] [ 27.058880] The buggy address belongs to the physical page: [ 27.059149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10545e [ 27.060131] flags: 0x200000000000000(node=0|zone=2) [ 27.060434] page_type: f5(slab) [ 27.060586] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 27.060987] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.061542] page dumped because: kasan: bad access detected [ 27.061777] [ 27.062007] Memory state around the buggy address: [ 27.062331] ffff88810545ed00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 27.062723] ffff88810545ed80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.063259] >ffff88810545ee00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.063506] ^ [ 27.064017] ffff88810545ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.064437] ffff88810545ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.064693] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 27.015105] ================================================================== [ 27.015567] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 27.016177] Write of size 16 at addr ffff888104c4a869 by task kunit_try_catch/226 [ 27.016482] [ 27.016599] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 27.016657] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.016670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.016692] Call Trace: [ 27.016705] <TASK> [ 27.016726] dump_stack_lvl+0x73/0xb0 [ 27.016760] print_report+0xd1/0x640 [ 27.016783] ? __virt_addr_valid+0x1db/0x2d0 [ 27.016821] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.016842] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.016867] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.016888] kasan_report+0x141/0x180 [ 27.016909] ? kmalloc_oob_memset_16+0x166/0x330 [ 27.016945] kasan_check_range+0x10c/0x1c0 [ 27.016968] __asan_memset+0x27/0x50 [ 27.016991] kmalloc_oob_memset_16+0x166/0x330 [ 27.017013] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 27.017035] ? __schedule+0x10da/0x2b60 [ 27.017060] ? __pfx_read_tsc+0x10/0x10 [ 27.017081] ? ktime_get_ts64+0x86/0x230 [ 27.017107] kunit_try_run_case+0x1a5/0x480 [ 27.017133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.017154] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.017178] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.017202] ? __kthread_parkme+0x82/0x180 [ 27.017223] ? preempt_count_sub+0x50/0x80 [ 27.017246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.017269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.017292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.017314] kthread+0x337/0x6f0 [ 27.017334] ? trace_preempt_on+0x20/0xc0 [ 27.017358] ? __pfx_kthread+0x10/0x10 [ 27.017377] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.017400] ? calculate_sigpending+0x7b/0xa0 [ 27.017423] ? __pfx_kthread+0x10/0x10 [ 27.017443] ret_from_fork+0x116/0x1d0 [ 27.017463] ? __pfx_kthread+0x10/0x10 [ 27.017482] ret_from_fork_asm+0x1a/0x30 [ 27.017514] </TASK> [ 27.017525] [ 27.026862] Allocated by task 226: [ 27.027410] kasan_save_stack+0x45/0x70 [ 27.027639] kasan_save_track+0x18/0x40 [ 27.027837] kasan_save_alloc_info+0x3b/0x50 [ 27.028088] __kasan_kmalloc+0xb7/0xc0 [ 27.028253] __kmalloc_cache_noprof+0x189/0x420 [ 27.028458] kmalloc_oob_memset_16+0xac/0x330 [ 27.028675] kunit_try_run_case+0x1a5/0x480 [ 27.028876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.029557] kthread+0x337/0x6f0 [ 27.029698] ret_from_fork+0x116/0x1d0 [ 27.030027] ret_from_fork_asm+0x1a/0x30 [ 27.030369] [ 27.030451] The buggy address belongs to the object at ffff888104c4a800 [ 27.030451] which belongs to the cache kmalloc-128 of size 128 [ 27.031040] The buggy address is located 105 bytes inside of [ 27.031040] allocated 120-byte region [ffff888104c4a800, ffff888104c4a878) [ 27.031584] [ 27.031658] The buggy address belongs to the physical page: [ 27.032024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 27.032339] flags: 0x200000000000000(node=0|zone=2) [ 27.032555] page_type: f5(slab) [ 27.032714] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.033571] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.033936] page dumped because: kasan: bad access detected [ 27.034220] [ 27.034292] Memory state around the buggy address: [ 27.034507] ffff888104c4a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.034839] ffff888104c4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.035174] >ffff888104c4a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.035469] ^ [ 27.035766] ffff888104c4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.036139] ffff888104c4a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.036424] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 26.988749] ================================================================== [ 26.989402] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 26.989730] Write of size 8 at addr ffff888105454871 by task kunit_try_catch/224 [ 26.990364] [ 26.990487] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.990539] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.990552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.990585] Call Trace: [ 26.990597] <TASK> [ 26.990614] dump_stack_lvl+0x73/0xb0 [ 26.990644] print_report+0xd1/0x640 [ 26.990667] ? __virt_addr_valid+0x1db/0x2d0 [ 26.990691] ? kmalloc_oob_memset_8+0x166/0x330 [ 26.990711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.990736] ? kmalloc_oob_memset_8+0x166/0x330 [ 26.990757] kasan_report+0x141/0x180 [ 26.990779] ? kmalloc_oob_memset_8+0x166/0x330 [ 26.990998] kasan_check_range+0x10c/0x1c0 [ 26.991032] __asan_memset+0x27/0x50 [ 26.991056] kmalloc_oob_memset_8+0x166/0x330 [ 26.991078] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 26.991100] ? __schedule+0x10da/0x2b60 [ 26.991125] ? __pfx_read_tsc+0x10/0x10 [ 26.991147] ? ktime_get_ts64+0x86/0x230 [ 26.991171] kunit_try_run_case+0x1a5/0x480 [ 26.991195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.991217] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.991242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.991274] ? __kthread_parkme+0x82/0x180 [ 26.991294] ? preempt_count_sub+0x50/0x80 [ 26.991317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.991341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.991363] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.991386] kthread+0x337/0x6f0 [ 26.991407] ? trace_preempt_on+0x20/0xc0 [ 26.991430] ? __pfx_kthread+0x10/0x10 [ 26.991450] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.991473] ? calculate_sigpending+0x7b/0xa0 [ 26.991497] ? __pfx_kthread+0x10/0x10 [ 26.991517] ret_from_fork+0x116/0x1d0 [ 26.991536] ? __pfx_kthread+0x10/0x10 [ 26.991556] ret_from_fork_asm+0x1a/0x30 [ 26.991599] </TASK> [ 26.991610] [ 26.999481] Allocated by task 224: [ 26.999649] kasan_save_stack+0x45/0x70 [ 26.999961] kasan_save_track+0x18/0x40 [ 27.000151] kasan_save_alloc_info+0x3b/0x50 [ 27.000465] __kasan_kmalloc+0xb7/0xc0 [ 27.001452] __kmalloc_cache_noprof+0x189/0x420 [ 27.002061] kmalloc_oob_memset_8+0xac/0x330 [ 27.002255] kunit_try_run_case+0x1a5/0x480 [ 27.002440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.003049] kthread+0x337/0x6f0 [ 27.003181] ret_from_fork+0x116/0x1d0 [ 27.003548] ret_from_fork_asm+0x1a/0x30 [ 27.003905] [ 27.003992] The buggy address belongs to the object at ffff888105454800 [ 27.003992] which belongs to the cache kmalloc-128 of size 128 [ 27.004678] The buggy address is located 113 bytes inside of [ 27.004678] allocated 120-byte region [ffff888105454800, ffff888105454878) [ 27.005500] [ 27.005623] The buggy address belongs to the physical page: [ 27.005832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 27.006455] flags: 0x200000000000000(node=0|zone=2) [ 27.006683] page_type: f5(slab) [ 27.007052] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.007342] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.007648] page dumped because: kasan: bad access detected [ 27.007855] [ 27.008219] Memory state around the buggy address: [ 27.008414] ffff888105454700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.008727] ffff888105454780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.009278] >ffff888105454800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.009524] ^ [ 27.009844] ffff888105454880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.010179] ffff888105454900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.011046] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 26.963552] ================================================================== [ 26.964379] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 26.964710] Write of size 4 at addr ffff888104c4a775 by task kunit_try_catch/222 [ 26.965003] [ 26.965219] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.965270] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.965284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.965315] Call Trace: [ 26.965326] <TASK> [ 26.965343] dump_stack_lvl+0x73/0xb0 [ 26.965371] print_report+0xd1/0x640 [ 26.965452] ? __virt_addr_valid+0x1db/0x2d0 [ 26.965477] ? kmalloc_oob_memset_4+0x166/0x330 [ 26.965498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.965531] ? kmalloc_oob_memset_4+0x166/0x330 [ 26.965553] kasan_report+0x141/0x180 [ 26.965589] ? kmalloc_oob_memset_4+0x166/0x330 [ 26.965615] kasan_check_range+0x10c/0x1c0 [ 26.965638] __asan_memset+0x27/0x50 [ 26.965661] kmalloc_oob_memset_4+0x166/0x330 [ 26.965682] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 26.965704] ? __schedule+0x10da/0x2b60 [ 26.965729] ? __pfx_read_tsc+0x10/0x10 [ 26.965750] ? ktime_get_ts64+0x86/0x230 [ 26.965774] kunit_try_run_case+0x1a5/0x480 [ 26.965843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.965865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.965889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.965914] ? __kthread_parkme+0x82/0x180 [ 26.965933] ? preempt_count_sub+0x50/0x80 [ 26.965967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.965990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.966013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.966046] kthread+0x337/0x6f0 [ 26.966081] ? trace_preempt_on+0x20/0xc0 [ 26.966104] ? __pfx_kthread+0x10/0x10 [ 26.966124] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.966147] ? calculate_sigpending+0x7b/0xa0 [ 26.966179] ? __pfx_kthread+0x10/0x10 [ 26.966199] ret_from_fork+0x116/0x1d0 [ 26.966218] ? __pfx_kthread+0x10/0x10 [ 26.966238] ret_from_fork_asm+0x1a/0x30 [ 26.966279] </TASK> [ 26.966289] [ 26.975788] Allocated by task 222: [ 26.975918] kasan_save_stack+0x45/0x70 [ 26.976213] kasan_save_track+0x18/0x40 [ 26.976411] kasan_save_alloc_info+0x3b/0x50 [ 26.976626] __kasan_kmalloc+0xb7/0xc0 [ 26.976856] __kmalloc_cache_noprof+0x189/0x420 [ 26.977087] kmalloc_oob_memset_4+0xac/0x330 [ 26.977399] kunit_try_run_case+0x1a5/0x480 [ 26.977623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.977804] kthread+0x337/0x6f0 [ 26.977919] ret_from_fork+0x116/0x1d0 [ 26.978172] ret_from_fork_asm+0x1a/0x30 [ 26.978378] [ 26.978542] The buggy address belongs to the object at ffff888104c4a700 [ 26.978542] which belongs to the cache kmalloc-128 of size 128 [ 26.979181] The buggy address is located 117 bytes inside of [ 26.979181] allocated 120-byte region [ffff888104c4a700, ffff888104c4a778) [ 26.979694] [ 26.979765] The buggy address belongs to the physical page: [ 26.980246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 26.980534] flags: 0x200000000000000(node=0|zone=2) [ 26.980704] page_type: f5(slab) [ 26.980911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.981491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.981750] page dumped because: kasan: bad access detected [ 26.981914] [ 26.982050] Memory state around the buggy address: [ 26.982272] ffff888104c4a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.982640] ffff888104c4a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.983103] >ffff888104c4a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.983374] ^ [ 26.983683] ffff888104c4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984075] ffff888104c4a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.984365] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 26.395090] ================================================================== [ 26.395841] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 26.396390] Read of size 1 at addr ffff888106190000 by task kunit_try_catch/202 [ 26.397222] [ 26.397614] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.397672] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.397686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.397708] Call Trace: [ 26.397720] <TASK> [ 26.397739] dump_stack_lvl+0x73/0xb0 [ 26.397769] print_report+0xd1/0x640 [ 26.397836] ? __virt_addr_valid+0x1db/0x2d0 [ 26.397862] ? page_alloc_uaf+0x356/0x3d0 [ 26.397883] ? kasan_addr_to_slab+0x11/0xa0 [ 26.397904] ? page_alloc_uaf+0x356/0x3d0 [ 26.397938] kasan_report+0x141/0x180 [ 26.397960] ? page_alloc_uaf+0x356/0x3d0 [ 26.397986] __asan_report_load1_noabort+0x18/0x20 [ 26.398010] page_alloc_uaf+0x356/0x3d0 [ 26.398030] ? __pfx_page_alloc_uaf+0x10/0x10 [ 26.398055] ? __pfx_page_alloc_uaf+0x10/0x10 [ 26.398080] kunit_try_run_case+0x1a5/0x480 [ 26.398105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.398127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.398152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.398177] ? __kthread_parkme+0x82/0x180 [ 26.398197] ? preempt_count_sub+0x50/0x80 [ 26.398220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.398243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.398266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.398288] kthread+0x337/0x6f0 [ 26.398308] ? trace_preempt_on+0x20/0xc0 [ 26.398331] ? __pfx_kthread+0x10/0x10 [ 26.398352] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.398376] ? calculate_sigpending+0x7b/0xa0 [ 26.398399] ? __pfx_kthread+0x10/0x10 [ 26.398422] ret_from_fork+0x116/0x1d0 [ 26.398441] ? __pfx_kthread+0x10/0x10 [ 26.398461] ret_from_fork_asm+0x1a/0x30 [ 26.398492] </TASK> [ 26.398503] [ 26.409221] The buggy address belongs to the physical page: [ 26.409529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106190 [ 26.409878] flags: 0x200000000000000(node=0|zone=2) [ 26.410442] page_type: f0(buddy) [ 26.410710] raw: 0200000000000000 ffff88817fffc460 ffff88817fffc460 0000000000000000 [ 26.411117] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 26.411512] page dumped because: kasan: bad access detected [ 26.411710] [ 26.412329] Memory state around the buggy address: [ 26.412526] ffff88810618ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.413018] ffff88810618ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.413480] >ffff888106190000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.413785] ^ [ 26.414165] ffff888106190080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.414552] ffff888106190100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.414807] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 26.371739] ================================================================== [ 26.372497] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 26.372790] Free of addr ffff888104970001 by task kunit_try_catch/198 [ 26.373075] [ 26.373190] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.373267] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.373280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.373303] Call Trace: [ 26.373316] <TASK> [ 26.373335] dump_stack_lvl+0x73/0xb0 [ 26.373365] print_report+0xd1/0x640 [ 26.373388] ? __virt_addr_valid+0x1db/0x2d0 [ 26.373413] ? kasan_addr_to_slab+0x11/0xa0 [ 26.373445] ? kfree+0x274/0x3f0 [ 26.373469] kasan_report_invalid_free+0x10a/0x130 [ 26.373506] ? kfree+0x274/0x3f0 [ 26.373530] ? kfree+0x274/0x3f0 [ 26.373549] __kasan_kfree_large+0x86/0xd0 [ 26.373570] free_large_kmalloc+0x52/0x110 [ 26.373605] kfree+0x274/0x3f0 [ 26.373630] kmalloc_large_invalid_free+0x120/0x2b0 [ 26.373661] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 26.373683] ? __schedule+0x10da/0x2b60 [ 26.373707] ? __pfx_read_tsc+0x10/0x10 [ 26.373742] ? ktime_get_ts64+0x86/0x230 [ 26.373766] kunit_try_run_case+0x1a5/0x480 [ 26.373792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.373813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.373876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.373902] ? __kthread_parkme+0x82/0x180 [ 26.373923] ? preempt_count_sub+0x50/0x80 [ 26.373952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.374028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.374051] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.374074] kthread+0x337/0x6f0 [ 26.374094] ? trace_preempt_on+0x20/0xc0 [ 26.374118] ? __pfx_kthread+0x10/0x10 [ 26.374138] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.374160] ? calculate_sigpending+0x7b/0xa0 [ 26.374183] ? __pfx_kthread+0x10/0x10 [ 26.374204] ret_from_fork+0x116/0x1d0 [ 26.374233] ? __pfx_kthread+0x10/0x10 [ 26.374253] ret_from_fork_asm+0x1a/0x30 [ 26.374285] </TASK> [ 26.374306] [ 26.381974] The buggy address belongs to the physical page: [ 26.382313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104970 [ 26.382792] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.383320] flags: 0x200000000000040(head|node=0|zone=2) [ 26.383622] page_type: f8(unknown) [ 26.383857] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.384493] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.384777] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.385354] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.385713] head: 0200000000000002 ffffea0004125c01 00000000ffffffff 00000000ffffffff [ 26.386267] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.386607] page dumped because: kasan: bad access detected [ 26.386844] [ 26.387002] Memory state around the buggy address: [ 26.387257] ffff88810496ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.387586] ffff88810496ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.388011] >ffff888104970000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.388325] ^ [ 26.388459] ffff888104970080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.388891] ffff888104970100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.389436] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 26.343514] ================================================================== [ 26.344190] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 26.344416] Read of size 1 at addr ffff888106168000 by task kunit_try_catch/196 [ 26.344636] [ 26.344723] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.344776] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.344849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.344874] Call Trace: [ 26.344887] <TASK> [ 26.344908] dump_stack_lvl+0x73/0xb0 [ 26.344939] print_report+0xd1/0x640 [ 26.344962] ? __virt_addr_valid+0x1db/0x2d0 [ 26.344988] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.345008] ? kasan_addr_to_slab+0x11/0xa0 [ 26.345028] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.345281] kasan_report+0x141/0x180 [ 26.345442] ? kmalloc_large_uaf+0x2f1/0x340 [ 26.345469] __asan_report_load1_noabort+0x18/0x20 [ 26.345493] kmalloc_large_uaf+0x2f1/0x340 [ 26.345513] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 26.345534] ? __schedule+0x10da/0x2b60 [ 26.345561] ? __pfx_read_tsc+0x10/0x10 [ 26.345595] ? ktime_get_ts64+0x86/0x230 [ 26.345621] kunit_try_run_case+0x1a5/0x480 [ 26.345647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.345669] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.345693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.345717] ? __kthread_parkme+0x82/0x180 [ 26.345738] ? preempt_count_sub+0x50/0x80 [ 26.345761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.345992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.346026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.346050] kthread+0x337/0x6f0 [ 26.346070] ? trace_preempt_on+0x20/0xc0 [ 26.346095] ? __pfx_kthread+0x10/0x10 [ 26.346115] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.346138] ? calculate_sigpending+0x7b/0xa0 [ 26.346162] ? __pfx_kthread+0x10/0x10 [ 26.346182] ret_from_fork+0x116/0x1d0 [ 26.346201] ? __pfx_kthread+0x10/0x10 [ 26.346221] ret_from_fork_asm+0x1a/0x30 [ 26.346253] </TASK> [ 26.346263] [ 26.360747] The buggy address belongs to the physical page: [ 26.361434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106168 [ 26.362237] flags: 0x200000000000000(node=0|zone=2) [ 26.362549] raw: 0200000000000000 ffffea0004185b08 ffff88815b139fc0 0000000000000000 [ 26.363341] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 26.363880] page dumped because: kasan: bad access detected [ 26.364444] [ 26.364639] Memory state around the buggy address: [ 26.365123] ffff888106167f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.365344] ffff888106167f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.366103] >ffff888106168000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.366753] ^ [ 26.366932] ffff888106168080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.367639] ffff888106168100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 26.368135] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 26.313454] ================================================================== [ 26.313929] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 26.314176] Write of size 1 at addr ffff88810496e00a by task kunit_try_catch/194 [ 26.314396] [ 26.314483] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.314537] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.314551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.314583] Call Trace: [ 26.314596] <TASK> [ 26.314616] dump_stack_lvl+0x73/0xb0 [ 26.314645] print_report+0xd1/0x640 [ 26.314671] ? __virt_addr_valid+0x1db/0x2d0 [ 26.314696] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.314717] ? kasan_addr_to_slab+0x11/0xa0 [ 26.314736] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.314757] kasan_report+0x141/0x180 [ 26.314781] ? kmalloc_large_oob_right+0x2e9/0x330 [ 26.314806] __asan_report_store1_noabort+0x1b/0x30 [ 26.314829] kmalloc_large_oob_right+0x2e9/0x330 [ 26.314849] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 26.314871] ? __schedule+0x10da/0x2b60 [ 26.314894] ? __pfx_read_tsc+0x10/0x10 [ 26.314915] ? ktime_get_ts64+0x86/0x230 [ 26.314939] kunit_try_run_case+0x1a5/0x480 [ 26.314963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.314984] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.315008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.315032] ? __kthread_parkme+0x82/0x180 [ 26.315051] ? preempt_count_sub+0x50/0x80 [ 26.315074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.315096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.315118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.315140] kthread+0x337/0x6f0 [ 26.315160] ? trace_preempt_on+0x20/0xc0 [ 26.315183] ? __pfx_kthread+0x10/0x10 [ 26.315202] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.315224] ? calculate_sigpending+0x7b/0xa0 [ 26.315246] ? __pfx_kthread+0x10/0x10 [ 26.315274] ret_from_fork+0x116/0x1d0 [ 26.315292] ? __pfx_kthread+0x10/0x10 [ 26.315311] ret_from_fork_asm+0x1a/0x30 [ 26.315342] </TASK> [ 26.315352] [ 26.330495] The buggy address belongs to the physical page: [ 26.330700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10496c [ 26.331244] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.331561] flags: 0x200000000000040(head|node=0|zone=2) [ 26.332209] page_type: f8(unknown) [ 26.332431] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.332760] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.333455] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.333801] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 26.334305] head: 0200000000000002 ffffea0004125b01 00000000ffffffff 00000000ffffffff [ 26.334781] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 26.335332] page dumped because: kasan: bad access detected [ 26.335554] [ 26.335650] Memory state around the buggy address: [ 26.335801] ffff88810496df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.336087] ffff88810496df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.336368] >ffff88810496e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.336681] ^ [ 26.337058] ffff88810496e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.337403] ffff88810496e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.337682] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 26.282258] ================================================================== [ 26.282995] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 26.283385] Write of size 1 at addr ffff8881060b1f00 by task kunit_try_catch/192 [ 26.283730] [ 26.284112] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.284170] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.284184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.284223] Call Trace: [ 26.284389] <TASK> [ 26.284479] dump_stack_lvl+0x73/0xb0 [ 26.284516] print_report+0xd1/0x640 [ 26.284539] ? __virt_addr_valid+0x1db/0x2d0 [ 26.284564] ? kmalloc_big_oob_right+0x316/0x370 [ 26.284598] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.284622] ? kmalloc_big_oob_right+0x316/0x370 [ 26.284644] kasan_report+0x141/0x180 [ 26.284665] ? kmalloc_big_oob_right+0x316/0x370 [ 26.284691] __asan_report_store1_noabort+0x1b/0x30 [ 26.284715] kmalloc_big_oob_right+0x316/0x370 [ 26.284736] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 26.284759] ? __schedule+0x10da/0x2b60 [ 26.284784] ? __pfx_read_tsc+0x10/0x10 [ 26.284806] ? ktime_get_ts64+0x86/0x230 [ 26.284832] kunit_try_run_case+0x1a5/0x480 [ 26.284857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.284879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.284903] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.284939] ? __kthread_parkme+0x82/0x180 [ 26.284959] ? preempt_count_sub+0x50/0x80 [ 26.284982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.285005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.285027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.285050] kthread+0x337/0x6f0 [ 26.285070] ? trace_preempt_on+0x20/0xc0 [ 26.285094] ? __pfx_kthread+0x10/0x10 [ 26.285124] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.285155] ? calculate_sigpending+0x7b/0xa0 [ 26.285178] ? __pfx_kthread+0x10/0x10 [ 26.285198] ret_from_fork+0x116/0x1d0 [ 26.285217] ? __pfx_kthread+0x10/0x10 [ 26.285238] ret_from_fork_asm+0x1a/0x30 [ 26.285270] </TASK> [ 26.285280] [ 26.296829] Allocated by task 192: [ 26.297478] kasan_save_stack+0x45/0x70 [ 26.297715] kasan_save_track+0x18/0x40 [ 26.297859] kasan_save_alloc_info+0x3b/0x50 [ 26.298003] __kasan_kmalloc+0xb7/0xc0 [ 26.298130] __kmalloc_cache_noprof+0x189/0x420 [ 26.298285] kmalloc_big_oob_right+0xa9/0x370 [ 26.298432] kunit_try_run_case+0x1a5/0x480 [ 26.298584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.298753] kthread+0x337/0x6f0 [ 26.298869] ret_from_fork+0x116/0x1d0 [ 26.298995] ret_from_fork_asm+0x1a/0x30 [ 26.299132] [ 26.299198] The buggy address belongs to the object at ffff8881060b0000 [ 26.299198] which belongs to the cache kmalloc-8k of size 8192 [ 26.299560] The buggy address is located 0 bytes to the right of [ 26.299560] allocated 7936-byte region [ffff8881060b0000, ffff8881060b1f00) [ 26.300419] [ 26.300505] The buggy address belongs to the physical page: [ 26.300700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b0 [ 26.301390] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.302090] flags: 0x200000000000040(head|node=0|zone=2) [ 26.302570] page_type: f5(slab) [ 26.302931] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 26.303442] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 26.303680] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 26.304256] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 26.305258] head: 0200000000000003 ffffea0004182c01 00000000ffffffff 00000000ffffffff [ 26.306012] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 26.306344] page dumped because: kasan: bad access detected [ 26.306511] [ 26.306584] Memory state around the buggy address: [ 26.306736] ffff8881060b1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.307404] ffff8881060b1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.308085] >ffff8881060b1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.308682] ^ [ 26.309055] ffff8881060b1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.309661] ffff8881060b2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.310213] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 26.249077] ================================================================== [ 26.249421] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.249854] Write of size 1 at addr ffff888104c4a578 by task kunit_try_catch/190 [ 26.250260] [ 26.250347] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.250398] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.250410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.250431] Call Trace: [ 26.250444] <TASK> [ 26.250462] dump_stack_lvl+0x73/0xb0 [ 26.250491] print_report+0xd1/0x640 [ 26.250514] ? __virt_addr_valid+0x1db/0x2d0 [ 26.250539] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.250563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.250601] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.250625] kasan_report+0x141/0x180 [ 26.250646] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.250675] __asan_report_store1_noabort+0x1b/0x30 [ 26.250699] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 26.250723] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 26.250748] ? __schedule+0x10da/0x2b60 [ 26.250773] ? __pfx_read_tsc+0x10/0x10 [ 26.250795] ? ktime_get_ts64+0x86/0x230 [ 26.250819] kunit_try_run_case+0x1a5/0x480 [ 26.250844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.250867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.250893] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.250919] ? __kthread_parkme+0x82/0x180 [ 26.251164] ? preempt_count_sub+0x50/0x80 [ 26.251203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.251229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.251263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.251287] kthread+0x337/0x6f0 [ 26.251309] ? trace_preempt_on+0x20/0xc0 [ 26.251333] ? __pfx_kthread+0x10/0x10 [ 26.251354] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.251378] ? calculate_sigpending+0x7b/0xa0 [ 26.251401] ? __pfx_kthread+0x10/0x10 [ 26.251422] ret_from_fork+0x116/0x1d0 [ 26.251442] ? __pfx_kthread+0x10/0x10 [ 26.251462] ret_from_fork_asm+0x1a/0x30 [ 26.251494] </TASK> [ 26.251505] [ 26.259916] Allocated by task 190: [ 26.260064] kasan_save_stack+0x45/0x70 [ 26.260329] kasan_save_track+0x18/0x40 [ 26.261941] kasan_save_alloc_info+0x3b/0x50 [ 26.262647] __kasan_kmalloc+0xb7/0xc0 [ 26.263197] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.263844] kmalloc_track_caller_oob_right+0x19a/0x520 [ 26.264556] kunit_try_run_case+0x1a5/0x480 [ 26.264915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.265104] kthread+0x337/0x6f0 [ 26.265225] ret_from_fork+0x116/0x1d0 [ 26.265354] ret_from_fork_asm+0x1a/0x30 [ 26.265490] [ 26.265557] The buggy address belongs to the object at ffff888104c4a500 [ 26.265557] which belongs to the cache kmalloc-128 of size 128 [ 26.265922] The buggy address is located 0 bytes to the right of [ 26.265922] allocated 120-byte region [ffff888104c4a500, ffff888104c4a578) [ 26.266280] [ 26.266347] The buggy address belongs to the physical page: [ 26.266522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 26.268058] flags: 0x200000000000000(node=0|zone=2) [ 26.268751] page_type: f5(slab) [ 26.269407] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.270486] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.271449] page dumped because: kasan: bad access detected [ 26.272193] [ 26.272537] Memory state around the buggy address: [ 26.273168] ffff888104c4a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.274144] ffff888104c4a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.275006] >ffff888104c4a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.276004] ^ [ 26.277166] ffff888104c4a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.277984] ffff888104c4a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.278785] ================================================================== [ 26.229557] ================================================================== [ 26.230281] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 26.230648] Write of size 1 at addr ffff888104c4a478 by task kunit_try_catch/190 [ 26.230954] [ 26.231397] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.231457] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.231470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.231491] Call Trace: [ 26.231503] <TASK> [ 26.231521] dump_stack_lvl+0x73/0xb0 [ 26.231553] print_report+0xd1/0x640 [ 26.231592] ? __virt_addr_valid+0x1db/0x2d0 [ 26.231618] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 26.231643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.231668] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 26.231692] kasan_report+0x141/0x180 [ 26.231714] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 26.231742] __asan_report_store1_noabort+0x1b/0x30 [ 26.231766] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 26.231789] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 26.231814] ? __schedule+0x10da/0x2b60 [ 26.231839] ? __pfx_read_tsc+0x10/0x10 [ 26.231861] ? ktime_get_ts64+0x86/0x230 [ 26.231885] kunit_try_run_case+0x1a5/0x480 [ 26.231911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.232011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.232038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.232062] ? __kthread_parkme+0x82/0x180 [ 26.232082] ? preempt_count_sub+0x50/0x80 [ 26.232107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.232131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.232155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.232178] kthread+0x337/0x6f0 [ 26.232198] ? trace_preempt_on+0x20/0xc0 [ 26.232223] ? __pfx_kthread+0x10/0x10 [ 26.232244] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.232266] ? calculate_sigpending+0x7b/0xa0 [ 26.232289] ? __pfx_kthread+0x10/0x10 [ 26.232310] ret_from_fork+0x116/0x1d0 [ 26.232329] ? __pfx_kthread+0x10/0x10 [ 26.232349] ret_from_fork_asm+0x1a/0x30 [ 26.232380] </TASK> [ 26.232391] [ 26.239840] Allocated by task 190: [ 26.240173] kasan_save_stack+0x45/0x70 [ 26.240381] kasan_save_track+0x18/0x40 [ 26.240566] kasan_save_alloc_info+0x3b/0x50 [ 26.240786] __kasan_kmalloc+0xb7/0xc0 [ 26.240958] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.241193] kmalloc_track_caller_oob_right+0x99/0x520 [ 26.241563] kunit_try_run_case+0x1a5/0x480 [ 26.241722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.242335] kthread+0x337/0x6f0 [ 26.242653] ret_from_fork+0x116/0x1d0 [ 26.242958] ret_from_fork_asm+0x1a/0x30 [ 26.243135] [ 26.243220] The buggy address belongs to the object at ffff888104c4a400 [ 26.243220] which belongs to the cache kmalloc-128 of size 128 [ 26.243707] The buggy address is located 0 bytes to the right of [ 26.243707] allocated 120-byte region [ffff888104c4a400, ffff888104c4a478) [ 26.244231] [ 26.244329] The buggy address belongs to the physical page: [ 26.244600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a [ 26.244909] flags: 0x200000000000000(node=0|zone=2) [ 26.245069] page_type: f5(slab) [ 26.245187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.245409] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.245688] page dumped because: kasan: bad access detected [ 26.245955] [ 26.246127] Memory state around the buggy address: [ 26.246347] ffff888104c4a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.246666] ffff888104c4a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.247224] >ffff888104c4a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.247555] ^ [ 26.247975] ffff888104c4a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.248256] ffff888104c4a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.248494] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 26.205006] ================================================================== [ 26.205496] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 26.205890] Read of size 1 at addr ffff888106007000 by task kunit_try_catch/188 [ 26.206644] [ 26.206783] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.206837] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.206851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.206873] Call Trace: [ 26.206886] <TASK> [ 26.206904] dump_stack_lvl+0x73/0xb0 [ 26.207132] print_report+0xd1/0x640 [ 26.207159] ? __virt_addr_valid+0x1db/0x2d0 [ 26.207186] ? kmalloc_node_oob_right+0x369/0x3c0 [ 26.207210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.207236] ? kmalloc_node_oob_right+0x369/0x3c0 [ 26.207266] kasan_report+0x141/0x180 [ 26.207287] ? kmalloc_node_oob_right+0x369/0x3c0 [ 26.207314] __asan_report_load1_noabort+0x18/0x20 [ 26.207338] kmalloc_node_oob_right+0x369/0x3c0 [ 26.207363] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 26.207388] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 26.207416] kunit_try_run_case+0x1a5/0x480 [ 26.207442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.207493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.207517] ? __kthread_parkme+0x82/0x180 [ 26.207538] ? preempt_count_sub+0x50/0x80 [ 26.207563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.207601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.207625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.207648] kthread+0x337/0x6f0 [ 26.207668] ? trace_preempt_on+0x20/0xc0 [ 26.207693] ? __pfx_kthread+0x10/0x10 [ 26.207713] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.207735] ? calculate_sigpending+0x7b/0xa0 [ 26.207758] ? __pfx_kthread+0x10/0x10 [ 26.207843] ret_from_fork+0x116/0x1d0 [ 26.207868] ? __pfx_kthread+0x10/0x10 [ 26.207889] ret_from_fork_asm+0x1a/0x30 [ 26.207920] </TASK> [ 26.207931] [ 26.214629] Allocated by task 188: [ 26.214803] kasan_save_stack+0x45/0x70 [ 26.215111] kasan_save_track+0x18/0x40 [ 26.215352] kasan_save_alloc_info+0x3b/0x50 [ 26.215548] __kasan_kmalloc+0xb7/0xc0 [ 26.215716] __kmalloc_cache_node_noprof+0x188/0x420 [ 26.215974] kmalloc_node_oob_right+0xab/0x3c0 [ 26.216184] kunit_try_run_case+0x1a5/0x480 [ 26.216389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.216632] kthread+0x337/0x6f0 [ 26.216755] ret_from_fork+0x116/0x1d0 [ 26.216943] ret_from_fork_asm+0x1a/0x30 [ 26.217104] [ 26.217168] The buggy address belongs to the object at ffff888106006000 [ 26.217168] which belongs to the cache kmalloc-4k of size 4096 [ 26.217694] The buggy address is located 0 bytes to the right of [ 26.217694] allocated 4096-byte region [ffff888106006000, ffff888106007000) [ 26.218199] [ 26.218520] The buggy address belongs to the physical page: [ 26.218926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106000 [ 26.219383] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.219687] flags: 0x200000000000040(head|node=0|zone=2) [ 26.220110] page_type: f5(slab) [ 26.220256] raw: 0200000000000040 ffff888100042140 ffffea0004180400 dead000000000002 [ 26.220542] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 26.220936] head: 0200000000000040 ffff888100042140 ffffea0004180400 dead000000000002 [ 26.221229] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 26.221509] head: 0200000000000003 ffffea0004180001 00000000ffffffff 00000000ffffffff [ 26.221831] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 26.222190] page dumped because: kasan: bad access detected [ 26.222592] [ 26.222680] Memory state around the buggy address: [ 26.222993] ffff888106006f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.223265] ffff888106006f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.223546] >ffff888106007000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224020] ^ [ 26.224189] ffff888106007080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224473] ffff888106007100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.224766] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 26.138698] ================================================================== [ 26.139444] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 26.139806] Read of size 1 at addr ffff8881046259bf by task kunit_try_catch/186 [ 26.140168] [ 26.140281] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.140338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.140351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.140374] Call Trace: [ 26.140388] <TASK> [ 26.140409] dump_stack_lvl+0x73/0xb0 [ 26.140443] print_report+0xd1/0x640 [ 26.140467] ? __virt_addr_valid+0x1db/0x2d0 [ 26.140493] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140514] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.140539] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140560] kasan_report+0x141/0x180 [ 26.140593] ? kmalloc_oob_left+0x361/0x3c0 [ 26.140618] __asan_report_load1_noabort+0x18/0x20 [ 26.140643] kmalloc_oob_left+0x361/0x3c0 [ 26.140664] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.140686] ? __schedule+0x10da/0x2b60 [ 26.140711] ? __pfx_read_tsc+0x10/0x10 [ 26.140732] ? ktime_get_ts64+0x86/0x230 [ 26.140758] kunit_try_run_case+0x1a5/0x480 [ 26.140783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.140831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.140867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.140891] ? __kthread_parkme+0x82/0x180 [ 26.140912] ? preempt_count_sub+0x50/0x80 [ 26.140935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.140959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.140982] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.141005] kthread+0x337/0x6f0 [ 26.141024] ? trace_preempt_on+0x20/0xc0 [ 26.141048] ? __pfx_kthread+0x10/0x10 [ 26.141068] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.141090] ? calculate_sigpending+0x7b/0xa0 [ 26.141113] ? __pfx_kthread+0x10/0x10 [ 26.141134] ret_from_fork+0x116/0x1d0 [ 26.141153] ? __pfx_kthread+0x10/0x10 [ 26.141172] ret_from_fork_asm+0x1a/0x30 [ 26.141204] </TASK> [ 26.141215] [ 26.151177] Allocated by task 118: [ 26.151500] kasan_save_stack+0x45/0x70 [ 26.152017] kasan_save_track+0x18/0x40 [ 26.152557] kasan_save_alloc_info+0x3b/0x50 [ 26.153122] __kasan_kmalloc+0xb7/0xc0 [ 26.153500] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 26.154090] kvasprintf+0xc5/0x150 [ 26.154428] kasprintf+0xb6/0xf0 [ 26.154735] miscdev_test_can_open+0x9a/0x2e0 [ 26.155217] miscdev_test_collision_reverse+0x402/0x750 [ 26.155789] kunit_try_run_case+0x1a5/0x480 [ 26.156300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.156832] kthread+0x337/0x6f0 [ 26.157192] ret_from_fork+0x116/0x1d0 [ 26.157544] ret_from_fork_asm+0x1a/0x30 [ 26.158014] [ 26.158289] Freed by task 73554304: [ 26.158767] ------------[ cut here ]------------ [ 26.159280] pool index 100480 out of bounds (155) for stack id ffff8881 [ 26.160491] WARNING: lib/stackdepot.c:500 at depot_fetch_stack+0x68/0x80, CPU#1: kunit_try_catch/186 [ 26.161658] Modules linked in: [ 26.162151] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.163265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.163651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.164631] RIP: 0010:depot_fetch_stack+0x68/0x80 [ 26.165183] Code: d2 74 05 e9 4a f8 69 02 90 0f 0b 90 31 c0 e9 3f f8 69 02 55 48 89 e5 90 89 f9 44 89 c2 48 c7 c7 c0 7e ba a9 e8 29 1b b9 fe 90 <0f> 0b 90 90 31 c0 5d c3 cc cc cc cc 90 0f 0b 90 31 c0 e9 11 f8 69 [ 26.166601] RSP: 0000:ffff8881060a7b28 EFLAGS: 00010082 [ 26.167166] RAX: 0000000000000000 RBX: ffff8881060a7b50 RCX: 1ffffffff53e4aac [ 26.167428] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 26.167685] RBP: ffff8881060a7b28 R08: 0000000000000000 R09: fffffbfff53e4aac [ 26.167925] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881046259bf [ 26.168666] R13: ffff8881049a4000 R14: ffffea0004118940 R15: 0000000000000001 [ 26.169429] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 26.170198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.170825] CR2: 0000000000000000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 26.171555] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 26.172298] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 26.172953] Call Trace: [ 26.173240] <TASK> [ 26.173343] stack_depot_fetch+0x2c/0x60 [ 26.173523] stack_depot_print+0x23/0x50 [ 26.173687] print_report+0x61a/0x640 [ 26.173883] ? __virt_addr_valid+0x1db/0x2d0 [ 26.174193] ? kmalloc_oob_left+0x361/0x3c0 [ 26.174360] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.174710] ? kmalloc_oob_left+0x361/0x3c0 [ 26.175013] kasan_report+0x141/0x180 [ 26.175157] ? kmalloc_oob_left+0x361/0x3c0 [ 26.175308] __asan_report_load1_noabort+0x18/0x20 [ 26.175536] kmalloc_oob_left+0x361/0x3c0 [ 26.175728] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.175914] ? __schedule+0x10da/0x2b60 [ 26.176144] ? __pfx_read_tsc+0x10/0x10 [ 26.176341] ? ktime_get_ts64+0x86/0x230 [ 26.176544] kunit_try_run_case+0x1a5/0x480 [ 26.176715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.176936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.177252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.177465] ? __kthread_parkme+0x82/0x180 [ 26.177618] ? preempt_count_sub+0x50/0x80 [ 26.177760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.177956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.178329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.178533] kthread+0x337/0x6f0 [ 26.178866] ? trace_preempt_on+0x20/0xc0 [ 26.179113] ? __pfx_kthread+0x10/0x10 [ 26.179310] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.179477] ? calculate_sigpending+0x7b/0xa0 [ 26.179667] ? __pfx_kthread+0x10/0x10 [ 26.179926] ret_from_fork+0x116/0x1d0 [ 26.180115] ? __pfx_kthread+0x10/0x10 [ 26.180263] ret_from_fork_asm+0x1a/0x30 [ 26.180471] </TASK> [ 26.180669] ---[ end trace 0000000000000000 ]--- [ 26.181204] ------------[ cut here ]------------ [ 26.181435] corrupt handle or use after stack_depot_put() [ 26.181510] WARNING: lib/stackdepot.c:772 at stack_depot_fetch+0x53/0x60, CPU#1: kunit_try_catch/186 [ 26.182161] Modules linked in: [ 26.182356] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.182804] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 26.182957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.183300] RIP: 0010:stack_depot_fetch+0x53/0x60 [ 26.183540] Code: ff ff ff 48 85 c0 74 14 48 8d 50 20 48 89 13 8b 40 14 48 8b 5d f8 c9 c3 cc cc cc cc 90 48 c7 c7 f8 7e ba a9 e8 ae 1a b9 fe 90 <0f> 0b 90 90 31 c0 eb e0 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 [ 26.184494] RSP: 0000:ffff8881060a7b38 EFLAGS: 00010082 [ 26.184763] RAX: 0000000000000000 RBX: ffff8881060a7b50 RCX: 1ffffffff53e4aac [ 26.185341] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 26.185621] RBP: ffff8881060a7b40 R08: 0000000000000000 R09: fffffbfff53e4aac [ 26.185949] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881046259bf [ 26.186207] R13: ffff8881049a4000 R14: ffffea0004118940 R15: 0000000000000001 [ 26.186415] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 26.186753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.187007] CR2: 0000000000000000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 26.187348] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 26.187559] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 26.187849] Call Trace: [ 26.188053] <TASK> [ 26.188174] stack_depot_print+0x23/0x50 [ 26.188376] print_report+0x61a/0x640 [ 26.188560] ? __virt_addr_valid+0x1db/0x2d0 [ 26.188787] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189041] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.189327] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189469] kasan_report+0x141/0x180 [ 26.189623] ? kmalloc_oob_left+0x361/0x3c0 [ 26.189823] __asan_report_load1_noabort+0x18/0x20 [ 26.190047] kmalloc_oob_left+0x361/0x3c0 [ 26.190352] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 26.190742] ? __schedule+0x10da/0x2b60 [ 26.190887] ? __pfx_read_tsc+0x10/0x10 [ 26.191064] ? ktime_get_ts64+0x86/0x230 [ 26.191437] kunit_try_run_case+0x1a5/0x480 [ 26.191659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.191933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.192119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.192351] ? __kthread_parkme+0x82/0x180 [ 26.192507] ? preempt_count_sub+0x50/0x80 [ 26.192695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.193019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.193242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.193485] kthread+0x337/0x6f0 [ 26.193661] ? trace_preempt_on+0x20/0xc0 [ 26.193800] ? __pfx_kthread+0x10/0x10 [ 26.193929] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.194076] ? calculate_sigpending+0x7b/0xa0 [ 26.194221] ? __pfx_kthread+0x10/0x10 [ 26.194388] ret_from_fork+0x116/0x1d0 [ 26.194713] ? __pfx_kthread+0x10/0x10 [ 26.194897] ret_from_fork_asm+0x1a/0x30 [ 26.195317] </TASK> [ 26.195404] ---[ end trace 0000000000000000 ]--- [ 26.195606] [ 26.195681] The buggy address belongs to the object at ffff8881046259a0 [ 26.195681] which belongs to the cache kmalloc-16 of size 16 [ 26.196331] The buggy address is located 15 bytes to the right of [ 26.196331] allocated 16-byte region [ffff8881046259a0, ffff8881046259b0) [ 26.197219] [ 26.197370] The buggy address belongs to the physical page: [ 26.197638] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104625 [ 26.198065] flags: 0x200000000000000(node=0|zone=2) [ 26.198282] page_type: f5(slab) [ 26.198450] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 26.198746] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.199081] page dumped because: kasan: bad access detected [ 26.199297] [ 26.199374] Memory state around the buggy address: [ 26.199594] ffff888104625880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.199853] ffff888104625900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.200185] >ffff888104625980: fa fb fc fc fa fb fc fc 00 07 fc fc fa fb fc fc [ 26.200386] ^ [ 26.200542] ffff888104625a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.201133] ffff888104625a80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.201426] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 26.065056] ================================================================== [ 26.066447] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 26.067535] Write of size 1 at addr ffff888105454673 by task kunit_try_catch/184 [ 26.067990] [ 26.068933] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.069367] Tainted: [N]=TEST [ 26.069400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.069649] Call Trace: [ 26.069723] <TASK> [ 26.070102] dump_stack_lvl+0x73/0xb0 [ 26.070202] print_report+0xd1/0x640 [ 26.070233] ? __virt_addr_valid+0x1db/0x2d0 [ 26.070259] ? kmalloc_oob_right+0x6f0/0x7f0 [ 26.070279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.070305] ? kmalloc_oob_right+0x6f0/0x7f0 [ 26.070327] kasan_report+0x141/0x180 [ 26.070349] ? kmalloc_oob_right+0x6f0/0x7f0 [ 26.070374] __asan_report_store1_noabort+0x1b/0x30 [ 26.070398] kmalloc_oob_right+0x6f0/0x7f0 [ 26.070419] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 26.070441] ? __schedule+0x10da/0x2b60 [ 26.070468] ? __pfx_read_tsc+0x10/0x10 [ 26.070491] ? ktime_get_ts64+0x86/0x230 [ 26.070517] kunit_try_run_case+0x1a5/0x480 [ 26.070543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.070564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.070605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.070630] ? __kthread_parkme+0x82/0x180 [ 26.070650] ? preempt_count_sub+0x50/0x80 [ 26.070675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.070698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.070721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.070744] kthread+0x337/0x6f0 [ 26.070764] ? trace_preempt_on+0x20/0xc0 [ 26.070841] ? __pfx_kthread+0x10/0x10 [ 26.070863] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.070886] ? calculate_sigpending+0x7b/0xa0 [ 26.070911] ? __pfx_kthread+0x10/0x10 [ 26.070945] ret_from_fork+0x116/0x1d0 [ 26.070965] ? __pfx_kthread+0x10/0x10 [ 26.070984] ret_from_fork_asm+0x1a/0x30 [ 26.071047] </TASK> [ 26.071115] [ 26.078977] Allocated by task 184: [ 26.079262] kasan_save_stack+0x45/0x70 [ 26.079486] kasan_save_track+0x18/0x40 [ 26.079775] kasan_save_alloc_info+0x3b/0x50 [ 26.080078] __kasan_kmalloc+0xb7/0xc0 [ 26.080249] __kmalloc_cache_noprof+0x189/0x420 [ 26.080413] kmalloc_oob_right+0xa9/0x7f0 [ 26.080545] kunit_try_run_case+0x1a5/0x480 [ 26.080737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.081184] kthread+0x337/0x6f0 [ 26.081352] ret_from_fork+0x116/0x1d0 [ 26.081514] ret_from_fork_asm+0x1a/0x30 [ 26.081742] [ 26.081889] The buggy address belongs to the object at ffff888105454600 [ 26.081889] which belongs to the cache kmalloc-128 of size 128 [ 26.082316] The buggy address is located 0 bytes to the right of [ 26.082316] allocated 115-byte region [ffff888105454600, ffff888105454673) [ 26.082902] [ 26.083108] The buggy address belongs to the physical page: [ 26.083765] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 26.084352] flags: 0x200000000000000(node=0|zone=2) [ 26.085079] page_type: f5(slab) [ 26.085665] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.086005] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.086373] page dumped because: kasan: bad access detected [ 26.086642] [ 26.086732] Memory state around the buggy address: [ 26.087208] ffff888105454500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.087542] ffff888105454580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.087923] >ffff888105454600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.088221] ^ [ 26.088509] ffff888105454680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.088730] ffff888105454700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.089063] ================================================================== [ 26.111944] ================================================================== [ 26.112281] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 26.112597] Read of size 1 at addr ffff888105454680 by task kunit_try_catch/184 [ 26.112919] [ 26.113197] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.113246] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.113258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.113279] Call Trace: [ 26.113296] <TASK> [ 26.113312] dump_stack_lvl+0x73/0xb0 [ 26.113339] print_report+0xd1/0x640 [ 26.113362] ? __virt_addr_valid+0x1db/0x2d0 [ 26.113386] ? kmalloc_oob_right+0x68a/0x7f0 [ 26.113406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.113430] ? kmalloc_oob_right+0x68a/0x7f0 [ 26.113451] kasan_report+0x141/0x180 [ 26.113472] ? kmalloc_oob_right+0x68a/0x7f0 [ 26.113497] __asan_report_load1_noabort+0x18/0x20 [ 26.113521] kmalloc_oob_right+0x68a/0x7f0 [ 26.113563] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 26.113598] ? __schedule+0x10da/0x2b60 [ 26.113622] ? __pfx_read_tsc+0x10/0x10 [ 26.113643] ? ktime_get_ts64+0x86/0x230 [ 26.113666] kunit_try_run_case+0x1a5/0x480 [ 26.113691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.113713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.113737] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.113761] ? __kthread_parkme+0x82/0x180 [ 26.114053] ? preempt_count_sub+0x50/0x80 [ 26.114086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.114111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.114134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.114157] kthread+0x337/0x6f0 [ 26.114176] ? trace_preempt_on+0x20/0xc0 [ 26.114199] ? __pfx_kthread+0x10/0x10 [ 26.114219] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.114242] ? calculate_sigpending+0x7b/0xa0 [ 26.114266] ? __pfx_kthread+0x10/0x10 [ 26.114286] ret_from_fork+0x116/0x1d0 [ 26.114305] ? __pfx_kthread+0x10/0x10 [ 26.114324] ret_from_fork_asm+0x1a/0x30 [ 26.114356] </TASK> [ 26.114366] [ 26.123797] Allocated by task 184: [ 26.124205] kasan_save_stack+0x45/0x70 [ 26.124390] kasan_save_track+0x18/0x40 [ 26.124563] kasan_save_alloc_info+0x3b/0x50 [ 26.124763] __kasan_kmalloc+0xb7/0xc0 [ 26.125303] __kmalloc_cache_noprof+0x189/0x420 [ 26.125479] kmalloc_oob_right+0xa9/0x7f0 [ 26.125749] kunit_try_run_case+0x1a5/0x480 [ 26.126126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.126499] kthread+0x337/0x6f0 [ 26.126677] ret_from_fork+0x116/0x1d0 [ 26.126833] ret_from_fork_asm+0x1a/0x30 [ 26.127161] [ 26.127381] The buggy address belongs to the object at ffff888105454600 [ 26.127381] which belongs to the cache kmalloc-128 of size 128 [ 26.127894] The buggy address is located 13 bytes to the right of [ 26.127894] allocated 115-byte region [ffff888105454600, ffff888105454673) [ 26.128826] [ 26.129023] The buggy address belongs to the physical page: [ 26.129256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 26.129612] flags: 0x200000000000000(node=0|zone=2) [ 26.129827] page_type: f5(slab) [ 26.130380] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.130708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.131197] page dumped because: kasan: bad access detected [ 26.131565] [ 26.131682] Memory state around the buggy address: [ 26.132156] ffff888105454580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.132549] ffff888105454600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.133154] >ffff888105454680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.133465] ^ [ 26.133801] ffff888105454700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.134176] ffff888105454780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.134836] ================================================================== [ 26.090420] ================================================================== [ 26.090739] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 26.091081] Write of size 1 at addr ffff888105454678 by task kunit_try_catch/184 [ 26.091443] [ 26.091527] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 26.091586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.091598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.091619] Call Trace: [ 26.091631] <TASK> [ 26.091648] dump_stack_lvl+0x73/0xb0 [ 26.091674] print_report+0xd1/0x640 [ 26.091697] ? __virt_addr_valid+0x1db/0x2d0 [ 26.091720] ? kmalloc_oob_right+0x6bd/0x7f0 [ 26.091741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.091767] ? kmalloc_oob_right+0x6bd/0x7f0 [ 26.091787] kasan_report+0x141/0x180 [ 26.091809] ? kmalloc_oob_right+0x6bd/0x7f0 [ 26.091834] __asan_report_store1_noabort+0x1b/0x30 [ 26.091857] kmalloc_oob_right+0x6bd/0x7f0 [ 26.091879] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 26.091901] ? __schedule+0x10da/0x2b60 [ 26.091937] ? __pfx_read_tsc+0x10/0x10 [ 26.091959] ? ktime_get_ts64+0x86/0x230 [ 26.091983] kunit_try_run_case+0x1a5/0x480 [ 26.092008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.092030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.092054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.092078] ? __kthread_parkme+0x82/0x180 [ 26.092098] ? preempt_count_sub+0x50/0x80 [ 26.092120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.092143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.092166] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.092189] kthread+0x337/0x6f0 [ 26.092208] ? trace_preempt_on+0x20/0xc0 [ 26.092247] ? __pfx_kthread+0x10/0x10 [ 26.092273] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.092298] ? calculate_sigpending+0x7b/0xa0 [ 26.092327] ? __pfx_kthread+0x10/0x10 [ 26.092348] ret_from_fork+0x116/0x1d0 [ 26.092366] ? __pfx_kthread+0x10/0x10 [ 26.092386] ret_from_fork_asm+0x1a/0x30 [ 26.092417] </TASK> [ 26.092428] [ 26.099262] Allocated by task 184: [ 26.099421] kasan_save_stack+0x45/0x70 [ 26.099557] kasan_save_track+0x18/0x40 [ 26.099694] kasan_save_alloc_info+0x3b/0x50 [ 26.099835] __kasan_kmalloc+0xb7/0xc0 [ 26.100059] __kmalloc_cache_noprof+0x189/0x420 [ 26.100276] kmalloc_oob_right+0xa9/0x7f0 [ 26.100472] kunit_try_run_case+0x1a5/0x480 [ 26.100881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.101280] kthread+0x337/0x6f0 [ 26.101435] ret_from_fork+0x116/0x1d0 [ 26.101611] ret_from_fork_asm+0x1a/0x30 [ 26.101757] [ 26.101820] The buggy address belongs to the object at ffff888105454600 [ 26.101820] which belongs to the cache kmalloc-128 of size 128 [ 26.102559] The buggy address is located 5 bytes to the right of [ 26.102559] allocated 115-byte region [ffff888105454600, ffff888105454673) [ 26.103516] [ 26.103601] The buggy address belongs to the physical page: [ 26.103771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105454 [ 26.104003] flags: 0x200000000000000(node=0|zone=2) [ 26.104229] page_type: f5(slab) [ 26.104388] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.105425] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.105783] page dumped because: kasan: bad access detected [ 26.106192] [ 26.106265] Memory state around the buggy address: [ 26.106483] ffff888105454500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.106778] ffff888105454580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.107455] >ffff888105454600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.107681] ^ [ 26.107887] ffff888105454680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.108094] ffff888105454700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.109518] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 199.679473] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2962 [ 199.680493] Modules linked in: [ 199.680909] CPU: 1 UID: 0 PID: 2962 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 199.682092] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.682520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.682792] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.682968] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 90 f3 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.684349] RSP: 0000:ffff88810ade7c78 EFLAGS: 00010286 [ 199.685086] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.686031] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa9264d74 [ 199.686765] RBP: ffff88810ade7ca0 R08: 0000000000000000 R09: ffffed1020379460 [ 199.687419] R10: ffff888101bca307 R11: 0000000000000000 R12: ffffffffa9264d60 [ 199.688684] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ade7d38 [ 199.689720] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 199.690680] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.691123] CR2: 00007ffff7ffe000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 199.691505] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 199.691733] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.692575] Call Trace: [ 199.692933] <TASK> [ 199.693272] drm_test_rect_calc_vscale+0x108/0x270 [ 199.693933] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.694491] ? __schedule+0x10da/0x2b60 [ 199.694792] ? __pfx_read_tsc+0x10/0x10 [ 199.695282] ? ktime_get_ts64+0x86/0x230 [ 199.695448] kunit_try_run_case+0x1a5/0x480 [ 199.695724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.696429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.697072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.697411] ? __kthread_parkme+0x82/0x180 [ 199.697576] ? preempt_count_sub+0x50/0x80 [ 199.697720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.697912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.698327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.698631] kthread+0x337/0x6f0 [ 199.698838] ? trace_preempt_on+0x20/0xc0 [ 199.699049] ? __pfx_kthread+0x10/0x10 [ 199.699245] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.699452] ? calculate_sigpending+0x7b/0xa0 [ 199.699651] ? __pfx_kthread+0x10/0x10 [ 199.700519] ret_from_fork+0x116/0x1d0 [ 199.700711] ? __pfx_kthread+0x10/0x10 [ 199.701200] ret_from_fork_asm+0x1a/0x30 [ 199.701612] </TASK> [ 199.701733] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.655128] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2960 [ 199.656295] Modules linked in: [ 199.656447] CPU: 1 UID: 0 PID: 2960 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 199.657680] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.658241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.659226] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 199.659521] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 90 f3 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.660577] RSP: 0000:ffff88810adbfc78 EFLAGS: 00010286 [ 199.661138] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.661559] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffa9264d3c [ 199.661899] RBP: ffff88810adbfca0 R08: 0000000000000000 R09: ffffed1020379420 [ 199.662670] R10: ffff888101bca107 R11: 0000000000000000 R12: ffffffffa9264d28 [ 199.663486] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810adbfd38 [ 199.664086] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 199.664328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.664501] CR2: 00007ffff7ffe000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 199.664723] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 199.665404] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.665799] Call Trace: [ 199.665890] <TASK> [ 199.666183] drm_test_rect_calc_vscale+0x108/0x270 [ 199.666428] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 199.666661] ? __schedule+0x10da/0x2b60 [ 199.667248] ? __pfx_read_tsc+0x10/0x10 [ 199.667519] ? ktime_get_ts64+0x86/0x230 [ 199.667722] kunit_try_run_case+0x1a5/0x480 [ 199.668203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.668391] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.668709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.669838] ? __kthread_parkme+0x82/0x180 [ 199.669999] ? preempt_count_sub+0x50/0x80 [ 199.670147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.670303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.670476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.670673] kthread+0x337/0x6f0 [ 199.670807] ? trace_preempt_on+0x20/0xc0 [ 199.671898] ? __pfx_kthread+0x10/0x10 [ 199.672295] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.672841] ? calculate_sigpending+0x7b/0xa0 [ 199.673199] ? __pfx_kthread+0x10/0x10 [ 199.673335] ret_from_fork+0x116/0x1d0 [ 199.673464] ? __pfx_kthread+0x10/0x10 [ 199.673601] ret_from_fork_asm+0x1a/0x30 [ 199.673745] </TASK> [ 199.673830] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 199.599583] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2948 [ 199.600586] Modules linked in: [ 199.601032] CPU: 1 UID: 0 PID: 2948 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 199.601587] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.601861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.602236] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.602480] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.603664] RSP: 0000:ffff88810ad5fc78 EFLAGS: 00010286 [ 199.604005] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 199.604483] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa9264d40 [ 199.604759] RBP: ffff88810ad5fca0 R08: 0000000000000000 R09: ffffed1020379fa0 [ 199.605111] R10: ffff888101bcfd07 R11: 0000000000000000 R12: ffffffffa9264d28 [ 199.605371] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ad5fd38 [ 199.605706] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 199.606001] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.606293] CR2: 00007ffff7ffe000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 199.606600] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 199.606864] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.607192] Call Trace: [ 199.607349] <TASK> [ 199.607526] drm_test_rect_calc_hscale+0x108/0x270 [ 199.607871] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.608200] ? __schedule+0x10da/0x2b60 [ 199.608521] ? __pfx_read_tsc+0x10/0x10 [ 199.608765] ? ktime_get_ts64+0x86/0x230 [ 199.609018] kunit_try_run_case+0x1a5/0x480 [ 199.609382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.609638] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.609852] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.610164] ? __kthread_parkme+0x82/0x180 [ 199.610382] ? preempt_count_sub+0x50/0x80 [ 199.610754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.611153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.611394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.611718] kthread+0x337/0x6f0 [ 199.611996] ? trace_preempt_on+0x20/0xc0 [ 199.612230] ? __pfx_kthread+0x10/0x10 [ 199.612402] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.612641] ? calculate_sigpending+0x7b/0xa0 [ 199.613103] ? __pfx_kthread+0x10/0x10 [ 199.613264] ret_from_fork+0x116/0x1d0 [ 199.613414] ? __pfx_kthread+0x10/0x10 [ 199.613621] ret_from_fork_asm+0x1a/0x30 [ 199.613827] </TASK> [ 199.614193] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 199.618488] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2950 [ 199.619642] Modules linked in: [ 199.619987] CPU: 0 UID: 0 PID: 2950 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 199.620762] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 199.621422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.621712] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 199.622450] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 199.623964] RSP: 0000:ffff88810adffc78 EFLAGS: 00010286 [ 199.624146] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 199.624347] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffa9264d78 [ 199.624563] RBP: ffff88810adffca0 R08: 0000000000000000 R09: ffffed10204e48a0 [ 199.625748] R10: ffff888102724507 R11: 0000000000000000 R12: ffffffffa9264d60 [ 199.626426] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810adffd38 [ 199.627110] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 199.627763] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 199.628226] CR2: ffffffffffffffff CR3: 000000013cebc000 CR4: 00000000000006f0 [ 199.628499] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 199.629126] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 199.629671] Call Trace: [ 199.630023] <TASK> [ 199.630301] drm_test_rect_calc_hscale+0x108/0x270 [ 199.630764] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 199.631302] ? __schedule+0x10da/0x2b60 [ 199.631458] ? __pfx_read_tsc+0x10/0x10 [ 199.631611] ? ktime_get_ts64+0x86/0x230 [ 199.631755] kunit_try_run_case+0x1a5/0x480 [ 199.632249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.632860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 199.633448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 199.634119] ? __kthread_parkme+0x82/0x180 [ 199.634641] ? preempt_count_sub+0x50/0x80 [ 199.635061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 199.635236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 199.635411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 199.635617] kthread+0x337/0x6f0 [ 199.635738] ? trace_preempt_on+0x20/0xc0 [ 199.636069] ? __pfx_kthread+0x10/0x10 [ 199.636402] ? _raw_spin_unlock_irq+0x47/0x80 [ 199.636580] ? calculate_sigpending+0x7b/0xa0 [ 199.636808] ? __pfx_kthread+0x10/0x10 [ 199.637085] ret_from_fork+0x116/0x1d0 [ 199.637342] ? __pfx_kthread+0x10/0x10 [ 199.637544] ret_from_fork_asm+0x1a/0x30 [ 199.637752] </TASK> [ 199.637840] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 198.838229] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 198.838330] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2753 [ 198.840138] Modules linked in: [ 198.840375] CPU: 0 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 198.841248] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.841653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.842150] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 198.842587] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d c8 81 00 48 c7 c1 a0 8c 21 a9 4c 89 f2 48 c7 c7 c0 88 21 a9 48 89 c6 e8 74 0c 70 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 198.843574] RSP: 0000:ffff88810a29fd18 EFLAGS: 00010286 [ 198.844052] RAX: 0000000000000000 RBX: ffff88810463e000 RCX: 1ffffffff53e4aac [ 198.844481] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.845067] RBP: ffff88810a29fd48 R08: 0000000000000000 R09: fffffbfff53e4aac [ 198.845464] R10: 0000000000000003 R11: 000000000004d1f0 R12: ffff88810a55f000 [ 198.845915] R13: ffff88810463e0f8 R14: ffff8881026f8980 R15: ffff8881003c7b48 [ 198.846351] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 198.846709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.847275] CR2: ffffffffffffffff CR3: 000000013cebc000 CR4: 00000000000006f0 [ 198.847685] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 198.848203] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.848635] Call Trace: [ 198.849121] <TASK> [ 198.849235] ? trace_preempt_on+0x20/0xc0 [ 198.849579] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 198.850066] drm_gem_shmem_free_wrapper+0x12/0x20 [ 198.850408] __kunit_action_free+0x57/0x70 [ 198.850720] kunit_remove_resource+0x133/0x200 [ 198.851125] ? preempt_count_sub+0x50/0x80 [ 198.851450] kunit_cleanup+0x7a/0x120 [ 198.851646] kunit_try_run_case_cleanup+0xbd/0xf0 [ 198.851967] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 198.852224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.852476] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.852722] kthread+0x337/0x6f0 [ 198.853071] ? trace_preempt_on+0x20/0xc0 [ 198.853342] ? __pfx_kthread+0x10/0x10 [ 198.853573] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.853840] ? calculate_sigpending+0x7b/0xa0 [ 198.853986] ? __pfx_kthread+0x10/0x10 [ 198.854648] ret_from_fork+0x116/0x1d0 [ 198.855038] ? __pfx_kthread+0x10/0x10 [ 198.855250] ret_from_fork_asm+0x1a/0x30 [ 198.855454] </TASK> [ 198.855586] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 198.690183] WARNING: drivers/gpu/drm/drm_framebuffer.c:870 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2734 [ 198.691333] Modules linked in: [ 198.691601] CPU: 0 UID: 0 PID: 2734 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 198.692588] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.693035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.693576] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 198.694064] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 198.695120] RSP: 0000:ffff88810a2dfb20 EFLAGS: 00010246 [ 198.695554] RAX: ffff88810a2dfba8 RBX: ffff88810a2dfc28 RCX: 1ffff1102145bf8e [ 198.696128] RDX: dffffc0000000000 RSI: ffff88810a45e000 RDI: ffff88810a45e000 [ 198.696509] RBP: ffff88810a2dfb70 R08: ffff88810a45e000 R09: ffffffffa9208ac0 [ 198.697201] R10: 0000000000000003 R11: 00000000be1ca5e4 R12: 1ffff1102145bf71 [ 198.697499] R13: ffff88810a2dfc70 R14: ffff88810a2dfdb8 R15: 0000000000000000 [ 198.698082] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 198.698514] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.698995] CR2: ffffffffffffffff CR3: 000000013cebc000 CR4: 00000000000006f0 [ 198.699366] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 198.699776] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.700411] Call Trace: [ 198.700547] <TASK> [ 198.700669] ? trace_preempt_on+0x20/0xc0 [ 198.700875] ? add_dr+0xc1/0x1d0 [ 198.701522] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 198.702009] ? add_dr+0x148/0x1d0 [ 198.702285] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 198.702646] ? __drmm_add_action+0x1a4/0x280 [ 198.703159] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.703461] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.703691] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.703974] ? __schedule+0x10da/0x2b60 [ 198.704399] ? __pfx_read_tsc+0x10/0x10 [ 198.704605] ? ktime_get_ts64+0x86/0x230 [ 198.704936] kunit_try_run_case+0x1a5/0x480 [ 198.705238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.705447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.705657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.706107] ? __kthread_parkme+0x82/0x180 [ 198.706353] ? preempt_count_sub+0x50/0x80 [ 198.706552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.706808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.707125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.707435] kthread+0x337/0x6f0 [ 198.707655] ? trace_preempt_on+0x20/0xc0 [ 198.708003] ? __pfx_kthread+0x10/0x10 [ 198.708299] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.708508] ? calculate_sigpending+0x7b/0xa0 [ 198.708726] ? __pfx_kthread+0x10/0x10 [ 198.708872] ret_from_fork+0x116/0x1d0 [ 198.709177] ? __pfx_kthread+0x10/0x10 [ 198.709356] ret_from_fork_asm+0x1a/0x30 [ 198.709578] </TASK> [ 198.709700] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 198.649814] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 198.649912] WARNING: drivers/gpu/drm/drm_framebuffer.c:833 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2730 [ 198.651376] Modules linked in: [ 198.651558] CPU: 0 UID: 0 PID: 2730 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 198.652281] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 198.652712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 198.653300] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 198.653653] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 5b 06 89 00 48 c7 c1 60 35 20 a9 4c 89 fa 48 c7 c7 c0 35 20 a9 48 89 c6 e8 62 4a 77 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 198.654754] RSP: 0000:ffff88810a44fb68 EFLAGS: 00010282 [ 198.655309] RAX: 0000000000000000 RBX: ffff88810a44fc40 RCX: 1ffffffff53e4aac [ 198.655955] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 198.656670] RBP: ffff88810a44fb90 R08: 0000000000000000 R09: fffffbfff53e4aac [ 198.657260] R10: 0000000000000003 R11: 000000000004b960 R12: ffff88810a44fc18 [ 198.657612] R13: ffff88810a558000 R14: ffff88810a45c000 R15: ffff888102e8a300 [ 198.658009] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 198.658701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.659180] CR2: ffffffffffffffff CR3: 000000013cebc000 CR4: 00000000000006f0 [ 198.659499] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 198.659719] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 198.660595] Call Trace: [ 198.660889] <TASK> [ 198.661253] drm_test_framebuffer_free+0x1ab/0x610 [ 198.661864] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 198.662055] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.662234] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 198.662410] ? __drmm_add_action_or_reset+0x22/0x50 [ 198.662598] ? __schedule+0x10da/0x2b60 [ 198.662740] ? __pfx_read_tsc+0x10/0x10 [ 198.663033] ? ktime_get_ts64+0x86/0x230 [ 198.663255] kunit_try_run_case+0x1a5/0x480 [ 198.663442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.663655] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 198.664522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 198.664749] ? __kthread_parkme+0x82/0x180 [ 198.664969] ? preempt_count_sub+0x50/0x80 [ 198.665494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 198.665742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 198.666234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 198.666617] kthread+0x337/0x6f0 [ 198.667000] ? trace_preempt_on+0x20/0xc0 [ 198.667229] ? __pfx_kthread+0x10/0x10 [ 198.667579] ? _raw_spin_unlock_irq+0x47/0x80 [ 198.668133] ? calculate_sigpending+0x7b/0xa0 [ 198.668373] ? __pfx_kthread+0x10/0x10 [ 198.668574] ret_from_fork+0x116/0x1d0 [ 198.668748] ? __pfx_kthread+0x10/0x10 [ 198.669319] ret_from_fork_asm+0x1a/0x30 [ 198.669677] </TASK> [ 198.669904] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 197.333681] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2178 [ 197.334483] Modules linked in: [ 197.334789] CPU: 0 UID: 0 PID: 2178 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 197.335433] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.335688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.336249] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 197.336522] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 51 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 197.337625] RSP: 0000:ffff888105f3fc90 EFLAGS: 00010246 [ 197.338061] RAX: dffffc0000000000 RBX: ffff888109972000 RCX: 0000000000000000 [ 197.338628] RDX: 1ffff1102132e434 RSI: ffffffffa640fce8 RDI: ffff8881099721a0 [ 197.338930] RBP: ffff888105f3fca0 R08: 1ffff11020078f6a R09: ffffed1020be7f65 [ 197.339443] R10: 0000000000000003 R11: ffffffffa5986a28 R12: 0000000000000000 [ 197.339742] R13: ffff888105f3fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 197.340178] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 197.340512] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.340756] CR2: ffffffffffffffff CR3: 000000013cebc000 CR4: 00000000000006f0 [ 197.341156] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 197.341446] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.341756] Call Trace: [ 197.341967] <TASK> [ 197.342124] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 197.342447] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 197.342712] ? __schedule+0x10da/0x2b60 [ 197.343227] ? __pfx_read_tsc+0x10/0x10 [ 197.343399] ? ktime_get_ts64+0x86/0x230 [ 197.343618] kunit_try_run_case+0x1a5/0x480 [ 197.343989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.344235] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.344425] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.344598] ? __kthread_parkme+0x82/0x180 [ 197.344806] ? preempt_count_sub+0x50/0x80 [ 197.345310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.345592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.345773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.346235] kthread+0x337/0x6f0 [ 197.346421] ? trace_preempt_on+0x20/0xc0 [ 197.346739] ? __pfx_kthread+0x10/0x10 [ 197.347017] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.347204] ? calculate_sigpending+0x7b/0xa0 [ 197.347372] ? __pfx_kthread+0x10/0x10 [ 197.347570] ret_from_fork+0x116/0x1d0 [ 197.347819] ? __pfx_kthread+0x10/0x10 [ 197.348203] ret_from_fork_asm+0x1a/0x30 [ 197.348391] </TASK> [ 197.348512] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 197.253223] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2170 [ 197.253661] Modules linked in: [ 197.253958] CPU: 1 UID: 0 PID: 2170 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 197.254555] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 197.254745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.256313] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 197.256752] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 82 51 2b 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 197.257867] RSP: 0000:ffff8881097efc90 EFLAGS: 00010246 [ 197.258305] RAX: dffffc0000000000 RBX: ffff8881060ba000 RCX: 0000000000000000 [ 197.258627] RDX: 1ffff11020c17434 RSI: ffffffffa640fce8 RDI: ffff8881060ba1a0 [ 197.259151] RBP: ffff8881097efca0 R08: 1ffff11020078f6a R09: ffffed10212fdf65 [ 197.259602] R10: 0000000000000003 R11: ffffffffa5986a28 R12: 0000000000000000 [ 197.260162] R13: ffff8881097efd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 197.260608] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 197.261084] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.261440] CR2: 00007ffff7ffe000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 197.261752] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 197.262401] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 197.262876] Call Trace: [ 197.263160] <TASK> [ 197.263300] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 197.263628] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 197.264387] ? __schedule+0x10da/0x2b60 [ 197.264706] ? __pfx_read_tsc+0x10/0x10 [ 197.265148] ? ktime_get_ts64+0x86/0x230 [ 197.265450] kunit_try_run_case+0x1a5/0x480 [ 197.265772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.266275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 197.266626] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 197.267089] ? __kthread_parkme+0x82/0x180 [ 197.267393] ? preempt_count_sub+0x50/0x80 [ 197.267680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 197.268157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 197.268435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 197.268712] kthread+0x337/0x6f0 [ 197.268877] ? trace_preempt_on+0x20/0xc0 [ 197.269262] ? __pfx_kthread+0x10/0x10 [ 197.269408] ? _raw_spin_unlock_irq+0x47/0x80 [ 197.269631] ? calculate_sigpending+0x7b/0xa0 [ 197.270049] ? __pfx_kthread+0x10/0x10 [ 197.270262] ret_from_fork+0x116/0x1d0 [ 197.270476] ? __pfx_kthread+0x10/0x10 [ 197.270642] ret_from_fork_asm+0x1a/0x30 [ 197.270898] </TASK> [ 197.271118] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 124.992665] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/706 [ 124.993966] Modules linked in: [ 124.994283] CPU: 0 UID: 0 PID: 706 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 124.995016] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 124.995403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.995884] RIP: 0010:intlog10+0x2a/0x40 [ 124.996304] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 47 ee 91 02 90 <0f> 0b 90 31 c0 e9 3c ee 91 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 124.997364] RSP: 0000:ffff88810932fcb0 EFLAGS: 00010246 [ 124.997799] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11021265fb4 [ 124.999530] RDX: 1ffffffff5213470 RSI: 1ffff11021265fb3 RDI: 0000000000000000 [ 124.999952] RBP: ffff88810932fd60 R08: 0000000000000000 R09: ffffed102014d400 [ 125.000324] R10: ffff888100a6a007 R11: 0000000000000000 R12: 1ffff11021265f97 [ 125.001105] R13: ffffffffa909a380 R14: 0000000000000000 R15: ffff88810932fd38 [ 125.001326] FS: 0000000000000000(0000) GS:ffff8881afe0d000(0000) knlGS:0000000000000000 [ 125.001570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.001742] CR2: dffffc0000000002 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 125.002011] DR0: ffffffffab2b9580 DR1: ffffffffab2b9581 DR2: ffffffffab2b9583 [ 125.002813] DR3: ffffffffab2b9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 125.003327] Call Trace: [ 125.003585] <TASK> [ 125.003723] ? intlog10_test+0xf2/0x220 [ 125.003948] ? __pfx_intlog10_test+0x10/0x10 [ 125.004347] ? __schedule+0x10da/0x2b60 [ 125.004650] ? __pfx_read_tsc+0x10/0x10 [ 125.004945] ? ktime_get_ts64+0x86/0x230 [ 125.005160] kunit_try_run_case+0x1a5/0x480 [ 125.005328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.005571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 125.005890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 125.006086] ? __kthread_parkme+0x82/0x180 [ 125.006257] ? preempt_count_sub+0x50/0x80 [ 125.006460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 125.006653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 125.006891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 125.007393] kthread+0x337/0x6f0 [ 125.007533] ? trace_preempt_on+0x20/0xc0 [ 125.007777] ? __pfx_kthread+0x10/0x10 [ 125.008008] ? _raw_spin_unlock_irq+0x47/0x80 [ 125.008210] ? calculate_sigpending+0x7b/0xa0 [ 125.008421] ? __pfx_kthread+0x10/0x10 [ 125.008617] ret_from_fork+0x116/0x1d0 [ 125.008753] ? __pfx_kthread+0x10/0x10 [ 125.009042] ret_from_fork_asm+0x1a/0x30 [ 125.009290] </TASK> [ 125.009415] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 124.947412] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/688 [ 124.948591] Modules linked in: [ 124.949048] CPU: 1 UID: 0 PID: 688 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) [ 124.949844] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 124.950423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 124.951108] RIP: 0010:intlog2+0xdf/0x110 [ 124.951287] Code: 09 a9 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 0f 47 55 ff 8b 45 e4 eb [ 124.952243] RSP: 0000:ffff888103c9fcb0 EFLAGS: 00010246 [ 124.952623] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff11020793fb4 [ 124.952985] RDX: 1ffffffff52134c4 RSI: 1ffff11020793fb3 RDI: 0000000000000000 [ 124.953910] RBP: ffff888103c9fd60 R08: 0000000000000000 R09: ffffed1020cdb240 [ 124.954687] R10: ffff8881066d9207 R11: 0000000000000000 R12: 1ffff11020793f97 [ 124.955353] R13: ffffffffa909a620 R14: 0000000000000000 R15: ffff888103c9fd38 [ 124.956178] FS: 0000000000000000(0000) GS:ffff8881aff0d000(0000) knlGS:0000000000000000 [ 124.956627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.956981] CR2: dffffc0000000000 CR3: 000000013cebc000 CR4: 00000000000006f0 [ 124.957694] DR0: ffffffffab2b9584 DR1: ffffffffab2b9589 DR2: ffffffffab2b958a [ 124.958249] DR3: ffffffffab2b958b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 124.958468] Call Trace: [ 124.958580] <TASK> [ 124.958664] ? intlog2_test+0xf2/0x220 [ 124.959024] ? __pfx_intlog2_test+0x10/0x10 [ 124.959493] ? __schedule+0x10da/0x2b60 [ 124.960012] ? __pfx_read_tsc+0x10/0x10 [ 124.960443] ? ktime_get_ts64+0x86/0x230 [ 124.961113] kunit_try_run_case+0x1a5/0x480 [ 124.961530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.962085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 124.962434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 124.962619] ? __kthread_parkme+0x82/0x180 [ 124.962763] ? preempt_count_sub+0x50/0x80 [ 124.963285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 124.963883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 124.964477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 124.965137] kthread+0x337/0x6f0 [ 124.965279] ? trace_preempt_on+0x20/0xc0 [ 124.965427] ? __pfx_kthread+0x10/0x10 [ 124.965586] ? _raw_spin_unlock_irq+0x47/0x80 [ 124.965795] ? calculate_sigpending+0x7b/0xa0 [ 124.966009] ? __pfx_kthread+0x10/0x10 [ 124.966294] ret_from_fork+0x116/0x1d0 [ 124.966429] ? __pfx_kthread+0x10/0x10 [ 124.966704] ret_from_fork_asm+0x1a/0x30 [ 124.966907] </TASK> [ 124.967140] ---[ end trace 0000000000000000 ]---
Failure - kunit/test_mb_mark_used_cost_ext4_mballoc_test
<8>[ 256.624247] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_ext4_mballoc_test RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_test_mb_mark_used_cost
<8>[ 256.507673] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_test_mb_mark_used_cost RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.389478] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.278052] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 256.164467] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/_test_mark_diskspace_used
<8>[ 256.050556] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_test_mark_diskspace_used RESULT=fail> _test_mark_diskspace_used fail
Failure - kunit/_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 255.935511] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 255.819133] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 255.707407] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 124.048603] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#21] SMP KASAN PTI [ 63.909242] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#9] SMP KASAN PTI [ 63.982360] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#11] SMP KASAN PTI [ 63.725334] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#3] SMP KASAN PTI [ 64.139331] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#16] SMP KASAN PTI [ 63.659336] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 64.020243] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#12] SMP KASAN PTI [ 63.782403] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#5] SMP KASAN PTI [ 63.688471] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#2] SMP KASAN PTI [ 64.106059] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#15] SMP KASAN PTI [ 63.806948] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#6] SMP KASAN PTI [ 63.952552] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#10] SMP KASAN PTI [ 64.167031] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#17] SMP KASAN PTI [ 64.199137] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#18] SMP KASAN PTI [ 63.845354] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#7] SMP KASAN PTI [ 64.076893] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#14] SMP KASAN PTI [ 63.751559] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#4] SMP KASAN PTI [ 63.875249] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#8] SMP KASAN PTI [ 64.050037] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#13] SMP KASAN PTI [ 94.174952] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#19] SMP KASAN PTI [ 124.016082] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#20] SMP KASAN PTI [ 124.310253] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#22] SMP KASAN PTI