Date
July 25, 2025, 3:13 a.m.
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 35.804372] ================================================================== [ 35.804756] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.804756] [ 35.805187] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#137): [ 35.805844] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.806135] kunit_try_run_case+0x1a5/0x480 [ 35.806343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.806581] kthread+0x337/0x6f0 [ 35.806757] ret_from_fork+0x116/0x1d0 [ 35.806959] ret_from_fork_asm+0x1a/0x30 [ 35.807200] [ 35.807288] kfence-#137: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.807288] [ 35.807703] allocated by task 374 on cpu 0 at 35.804100s (0.003600s ago): [ 35.807994] test_alloc+0x364/0x10f0 [ 35.808187] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 35.808421] kunit_try_run_case+0x1a5/0x480 [ 35.808619] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.808809] kthread+0x337/0x6f0 [ 35.808965] ret_from_fork+0x116/0x1d0 [ 35.809164] ret_from_fork_asm+0x1a/0x30 [ 35.809374] [ 35.809532] freed by task 374 on cpu 0 at 35.804246s (0.005271s ago): [ 35.809827] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 35.810040] kunit_try_run_case+0x1a5/0x480 [ 35.810266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.810533] kthread+0x337/0x6f0 [ 35.810685] ret_from_fork+0x116/0x1d0 [ 35.810880] ret_from_fork_asm+0x1a/0x30 [ 35.811047] [ 35.811189] CPU: 0 UID: 0 PID: 374 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 35.811679] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.811884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.812203] ==================================================================
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 61.611321] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#16] SMP KASAN PTI [ 61.427513] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#10] SMP KASAN PTI [ 61.529463] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#13] SMP KASAN PTI [ 61.188369] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#3] SMP KASAN PTI [ 61.284915] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#6] SMP KASAN PTI [ 61.559689] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#14] SMP KASAN PTI [ 90.638980] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#19] SMP KASAN PTI [ 119.775810] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#20] SMP KASAN PTI [ 61.252241] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#5] SMP KASAN PTI [ 61.494863] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#12] SMP KASAN PTI [ 61.669598] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#18] SMP KASAN PTI [ 61.320317] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#7] SMP KASAN PTI [ 61.159657] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#2] SMP KASAN PTI [ 61.636263] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#17] SMP KASAN PTI [ 120.044266] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#22] SMP KASAN PTI [ 61.455978] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#11] SMP KASAN PTI [ 61.356570] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#8] SMP KASAN PTI [ 61.129383] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 61.392114] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#9] SMP KASAN PTI [ 119.801539] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#21] SMP KASAN PTI [ 61.215537] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#4] SMP KASAN PTI [ 61.585700] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#15] SMP KASAN PTI
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 60.972641] ================================================================== [ 60.973149] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 60.973149] [ 60.973562] Use-after-free read at 0x(____ptrval____) (in kfence-#143): [ 60.973858] test_krealloc+0x6fc/0xbe0 [ 60.974067] kunit_try_run_case+0x1a5/0x480 [ 60.974349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.974624] kthread+0x337/0x6f0 [ 60.974787] ret_from_fork+0x116/0x1d0 [ 60.974993] ret_from_fork_asm+0x1a/0x30 [ 60.975236] [ 60.975379] kfence-#143: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 60.975379] [ 60.975734] allocated by task 386 on cpu 1 at 60.972025s (0.003706s ago): [ 60.976073] test_alloc+0x364/0x10f0 [ 60.976351] test_krealloc+0xad/0xbe0 [ 60.976566] kunit_try_run_case+0x1a5/0x480 [ 60.976796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.976999] kthread+0x337/0x6f0 [ 60.977133] ret_from_fork+0x116/0x1d0 [ 60.977359] ret_from_fork_asm+0x1a/0x30 [ 60.977571] [ 60.977697] freed by task 386 on cpu 1 at 60.972289s (0.005406s ago): [ 60.978154] krealloc_noprof+0x108/0x340 [ 60.978301] test_krealloc+0x226/0xbe0 [ 60.978451] kunit_try_run_case+0x1a5/0x480 [ 60.978660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.978975] kthread+0x337/0x6f0 [ 60.979221] ret_from_fork+0x116/0x1d0 [ 60.979482] ret_from_fork_asm+0x1a/0x30 [ 60.979640] [ 60.979734] CPU: 1 UID: 0 PID: 386 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 60.980510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.980674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.981084] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 60.892042] ================================================================== [ 60.892514] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.892514] [ 60.892931] Use-after-free read at 0x(____ptrval____) (in kfence-#142): [ 60.893771] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 60.894017] kunit_try_run_case+0x1a5/0x480 [ 60.894380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.894987] kthread+0x337/0x6f0 [ 60.895218] ret_from_fork+0x116/0x1d0 [ 60.895403] ret_from_fork_asm+0x1a/0x30 [ 60.895595] [ 60.895679] kfence-#142: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 60.895679] [ 60.896397] allocated by task 384 on cpu 1 at 60.869941s (0.026171s ago): [ 60.896836] test_alloc+0x2a6/0x10f0 [ 60.897316] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 60.897719] kunit_try_run_case+0x1a5/0x480 [ 60.897958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.898384] kthread+0x337/0x6f0 [ 60.898646] ret_from_fork+0x116/0x1d0 [ 60.898859] ret_from_fork_asm+0x1a/0x30 [ 60.899201] [ 60.899317] freed by task 384 on cpu 1 at 60.870055s (0.029260s ago): [ 60.899738] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 60.900005] kunit_try_run_case+0x1a5/0x480 [ 60.900413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 60.900753] kthread+0x337/0x6f0 [ 60.900940] ret_from_fork+0x116/0x1d0 [ 60.901308] ret_from_fork_asm+0x1a/0x30 [ 60.901607] [ 60.901743] CPU: 1 UID: 0 PID: 384 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 60.902484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 60.902785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.903303] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 36.027442] ================================================================== [ 36.028377] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 36.028377] [ 36.028764] Invalid read at 0x(____ptrval____): [ 36.029304] test_invalid_access+0xf0/0x210 [ 36.029532] kunit_try_run_case+0x1a5/0x480 [ 36.029735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 36.029972] kthread+0x337/0x6f0 [ 36.030205] ret_from_fork+0x116/0x1d0 [ 36.030434] ret_from_fork_asm+0x1a/0x30 [ 36.030697] [ 36.030908] CPU: 1 UID: 0 PID: 380 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 36.031379] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.031578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 36.032194] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 27.640189] ================================================================== [ 27.640886] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 27.641332] Read of size 1 at addr ffff88810632fd02 by task kunit_try_catch/298 [ 27.641654] [ 27.641763] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.641822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.641836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.641859] Call Trace: [ 27.641875] <TASK> [ 27.641894] dump_stack_lvl+0x73/0xb0 [ 27.642350] print_report+0xd1/0x640 [ 27.642377] ? __virt_addr_valid+0x1db/0x2d0 [ 27.642404] ? kasan_stack_oob+0x2b5/0x300 [ 27.642425] ? kasan_addr_to_slab+0x11/0xa0 [ 27.642447] ? kasan_stack_oob+0x2b5/0x300 [ 27.642469] kasan_report+0x141/0x180 [ 27.642493] ? kasan_stack_oob+0x2b5/0x300 [ 27.642520] __asan_report_load1_noabort+0x18/0x20 [ 27.642546] kasan_stack_oob+0x2b5/0x300 [ 27.642568] ? __pfx_kasan_stack_oob+0x10/0x10 [ 27.642588] ? __schedule+0x2070/0x2b60 [ 27.642610] ? schedule+0x7c/0x2e0 [ 27.642630] ? trace_hardirqs_on+0x37/0xe0 [ 27.642657] ? __schedule+0x2070/0x2b60 [ 27.642679] ? __pfx_read_tsc+0x10/0x10 [ 27.642704] ? ktime_get_ts64+0x86/0x230 [ 27.642731] kunit_try_run_case+0x1a5/0x480 [ 27.642759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.642783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.642807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.642893] ? __kthread_parkme+0x82/0x180 [ 27.642917] ? preempt_count_sub+0x50/0x80 [ 27.642954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.642980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.643006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.643031] kthread+0x337/0x6f0 [ 27.643064] ? trace_preempt_on+0x20/0xc0 [ 27.643088] ? __pfx_kthread+0x10/0x10 [ 27.643110] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.643136] ? calculate_sigpending+0x7b/0xa0 [ 27.643161] ? __pfx_kthread+0x10/0x10 [ 27.643184] ret_from_fork+0x116/0x1d0 [ 27.643205] ? __pfx_kthread+0x10/0x10 [ 27.643227] ret_from_fork_asm+0x1a/0x30 [ 27.643262] </TASK> [ 27.643277] [ 27.650755] The buggy address belongs to stack of task kunit_try_catch/298 [ 27.651423] and is located at offset 138 in frame: [ 27.651670] kasan_stack_oob+0x0/0x300 [ 27.652147] [ 27.652264] This frame has 4 objects: [ 27.652499] [48, 49) '__assertion' [ 27.652520] [64, 72) 'array' [ 27.652694] [96, 112) '__assertion' [ 27.652931] [128, 138) 'stack_array' [ 27.653120] [ 27.653355] The buggy address belongs to the physical page: [ 27.653600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10632f [ 27.654044] flags: 0x200000000000000(node=0|zone=2) [ 27.654259] raw: 0200000000000000 ffffea000418cbc8 ffffea000418cbc8 0000000000000000 [ 27.654572] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.655072] page dumped because: kasan: bad access detected [ 27.655309] [ 27.655403] Memory state around the buggy address: [ 27.655598] ffff88810632fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.655959] ffff88810632fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 27.656249] >ffff88810632fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.656534] ^ [ 27.656709] ffff88810632fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 27.657037] ffff88810632fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.657446] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 35.700373] ================================================================== [ 35.700795] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.700795] [ 35.701217] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#136): [ 35.701625] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 35.701862] kunit_try_run_case+0x1a5/0x480 [ 35.702074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.702291] kthread+0x337/0x6f0 [ 35.702472] ret_from_fork+0x116/0x1d0 [ 35.702665] ret_from_fork_asm+0x1a/0x30 [ 35.702869] [ 35.703669] kfence-#136: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 35.703669] [ 35.704105] allocated by task 372 on cpu 1 at 35.700141s (0.003961s ago): [ 35.704763] test_alloc+0x364/0x10f0 [ 35.704976] test_kmalloc_aligned_oob_read+0x105/0x560 [ 35.705399] kunit_try_run_case+0x1a5/0x480 [ 35.705718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.706008] kthread+0x337/0x6f0 [ 35.706365] ret_from_fork+0x116/0x1d0 [ 35.706656] ret_from_fork_asm+0x1a/0x30 [ 35.706868] [ 35.707230] CPU: 1 UID: 0 PID: 372 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 35.707750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.707980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.708598] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 32.476168] ================================================================== [ 32.476558] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 32.476558] [ 32.476859] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#105): [ 32.477357] test_corruption+0x216/0x3e0 [ 32.477508] kunit_try_run_case+0x1a5/0x480 [ 32.477720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.477997] kthread+0x337/0x6f0 [ 32.478153] ret_from_fork+0x116/0x1d0 [ 32.478289] ret_from_fork_asm+0x1a/0x30 [ 32.478554] [ 32.478660] kfence-#105: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.478660] [ 32.479020] allocated by task 362 on cpu 1 at 32.476055s (0.002962s ago): [ 32.479360] test_alloc+0x2a6/0x10f0 [ 32.479521] test_corruption+0x1cb/0x3e0 [ 32.479657] kunit_try_run_case+0x1a5/0x480 [ 32.479834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.480133] kthread+0x337/0x6f0 [ 32.480293] ret_from_fork+0x116/0x1d0 [ 32.480432] ret_from_fork_asm+0x1a/0x30 [ 32.480571] [ 32.480663] freed by task 362 on cpu 1 at 32.476091s (0.004570s ago): [ 32.480982] test_corruption+0x216/0x3e0 [ 32.481346] kunit_try_run_case+0x1a5/0x480 [ 32.481510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.481771] kthread+0x337/0x6f0 [ 32.481916] ret_from_fork+0x116/0x1d0 [ 32.482144] ret_from_fork_asm+0x1a/0x30 [ 32.482307] [ 32.482420] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 32.482839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.482990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.483344] ================================================================== [ 32.060374] ================================================================== [ 32.060775] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 32.060775] [ 32.061208] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#101): [ 32.062035] test_corruption+0x2df/0x3e0 [ 32.062291] kunit_try_run_case+0x1a5/0x480 [ 32.062665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.063136] kthread+0x337/0x6f0 [ 32.063419] ret_from_fork+0x116/0x1d0 [ 32.063639] ret_from_fork_asm+0x1a/0x30 [ 32.063969] [ 32.064135] kfence-#101: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.064135] [ 32.064645] allocated by task 360 on cpu 0 at 32.060133s (0.004509s ago): [ 32.065233] test_alloc+0x364/0x10f0 [ 32.065513] test_corruption+0x1cb/0x3e0 [ 32.065702] kunit_try_run_case+0x1a5/0x480 [ 32.066005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.066271] kthread+0x337/0x6f0 [ 32.066540] ret_from_fork+0x116/0x1d0 [ 32.066797] ret_from_fork_asm+0x1a/0x30 [ 32.067028] [ 32.067108] freed by task 360 on cpu 0 at 32.060215s (0.006891s ago): [ 32.067699] test_corruption+0x2df/0x3e0 [ 32.067905] kunit_try_run_case+0x1a5/0x480 [ 32.068273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.068609] kthread+0x337/0x6f0 [ 32.068868] ret_from_fork+0x116/0x1d0 [ 32.069070] ret_from_fork_asm+0x1a/0x30 [ 32.069435] [ 32.069564] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 32.070262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.070464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.070982] ================================================================== [ 31.956324] ================================================================== [ 31.956720] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 31.956720] [ 31.957387] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#100): [ 31.958212] test_corruption+0x2d2/0x3e0 [ 31.958412] kunit_try_run_case+0x1a5/0x480 [ 31.958624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.958864] kthread+0x337/0x6f0 [ 31.959501] ret_from_fork+0x116/0x1d0 [ 31.959669] ret_from_fork_asm+0x1a/0x30 [ 31.959899] [ 31.960026] kfence-#100: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.960026] [ 31.960698] allocated by task 360 on cpu 0 at 31.956085s (0.004610s ago): [ 31.961075] test_alloc+0x364/0x10f0 [ 31.961494] test_corruption+0xe6/0x3e0 [ 31.961782] kunit_try_run_case+0x1a5/0x480 [ 31.962077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.962315] kthread+0x337/0x6f0 [ 31.962443] ret_from_fork+0x116/0x1d0 [ 31.962814] ret_from_fork_asm+0x1a/0x30 [ 31.963037] [ 31.963256] freed by task 360 on cpu 0 at 31.956164s (0.007090s ago): [ 31.963568] test_corruption+0x2d2/0x3e0 [ 31.963873] kunit_try_run_case+0x1a5/0x480 [ 31.964226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.964505] kthread+0x337/0x6f0 [ 31.964785] ret_from_fork+0x116/0x1d0 [ 31.965094] ret_from_fork_asm+0x1a/0x30 [ 31.965294] [ 31.965402] CPU: 0 UID: 0 PID: 360 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.966157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.966380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.966893] ================================================================== [ 32.268209] ================================================================== [ 32.268607] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 32.268607] [ 32.268983] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#103): [ 32.269603] test_corruption+0x131/0x3e0 [ 32.269753] kunit_try_run_case+0x1a5/0x480 [ 32.269980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.270337] kthread+0x337/0x6f0 [ 32.270496] ret_from_fork+0x116/0x1d0 [ 32.270682] ret_from_fork_asm+0x1a/0x30 [ 32.270836] [ 32.270928] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 32.270928] [ 32.271374] allocated by task 362 on cpu 1 at 32.268087s (0.003284s ago): [ 32.271683] test_alloc+0x2a6/0x10f0 [ 32.271815] test_corruption+0xe6/0x3e0 [ 32.272026] kunit_try_run_case+0x1a5/0x480 [ 32.272226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.272406] kthread+0x337/0x6f0 [ 32.272526] ret_from_fork+0x116/0x1d0 [ 32.272717] ret_from_fork_asm+0x1a/0x30 [ 32.272916] [ 32.273017] freed by task 362 on cpu 1 at 32.268128s (0.004887s ago): [ 32.273355] test_corruption+0x131/0x3e0 [ 32.273537] kunit_try_run_case+0x1a5/0x480 [ 32.273734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.273970] kthread+0x337/0x6f0 [ 32.274144] ret_from_fork+0x116/0x1d0 [ 32.274277] ret_from_fork_asm+0x1a/0x30 [ 32.274416] [ 32.274514] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 32.275073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.275279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.275591] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 31.852261] ================================================================== [ 31.852633] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 31.852633] [ 31.852958] Invalid free of 0x(____ptrval____) (in kfence-#99): [ 31.853455] test_invalid_addr_free+0xfb/0x260 [ 31.853634] kunit_try_run_case+0x1a5/0x480 [ 31.853846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.854116] kthread+0x337/0x6f0 [ 31.854286] ret_from_fork+0x116/0x1d0 [ 31.854507] ret_from_fork_asm+0x1a/0x30 [ 31.854707] [ 31.854800] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.854800] [ 31.855213] allocated by task 358 on cpu 1 at 31.852163s (0.003048s ago): [ 31.855479] test_alloc+0x2a6/0x10f0 [ 31.855683] test_invalid_addr_free+0xdb/0x260 [ 31.855924] kunit_try_run_case+0x1a5/0x480 [ 31.856148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.856367] kthread+0x337/0x6f0 [ 31.856551] ret_from_fork+0x116/0x1d0 [ 31.856746] ret_from_fork_asm+0x1a/0x30 [ 31.856898] [ 31.857023] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.857563] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.857764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.858092] ================================================================== [ 31.748243] ================================================================== [ 31.748615] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 31.748615] [ 31.748926] Invalid free of 0x(____ptrval____) (in kfence-#98): [ 31.749446] test_invalid_addr_free+0x1e1/0x260 [ 31.749623] kunit_try_run_case+0x1a5/0x480 [ 31.749826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.750080] kthread+0x337/0x6f0 [ 31.750232] ret_from_fork+0x116/0x1d0 [ 31.750370] ret_from_fork_asm+0x1a/0x30 [ 31.750557] [ 31.750650] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.750650] [ 31.751033] allocated by task 356 on cpu 1 at 31.748114s (0.002916s ago): [ 31.751384] test_alloc+0x364/0x10f0 [ 31.751680] test_invalid_addr_free+0xdb/0x260 [ 31.751922] kunit_try_run_case+0x1a5/0x480 [ 31.752208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.752429] kthread+0x337/0x6f0 [ 31.752572] ret_from_fork+0x116/0x1d0 [ 31.752705] ret_from_fork_asm+0x1a/0x30 [ 31.752845] [ 31.752937] CPU: 1 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.753487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.753698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.754062] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 31.644239] ================================================================== [ 31.644628] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 31.644628] [ 31.644940] Invalid free of 0x(____ptrval____) (in kfence-#97): [ 31.645350] test_double_free+0x112/0x260 [ 31.645542] kunit_try_run_case+0x1a5/0x480 [ 31.645738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.645973] kthread+0x337/0x6f0 [ 31.646711] ret_from_fork+0x116/0x1d0 [ 31.647030] ret_from_fork_asm+0x1a/0x30 [ 31.647312] [ 31.647410] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.647410] [ 31.647912] allocated by task 354 on cpu 0 at 31.644094s (0.003815s ago): [ 31.648364] test_alloc+0x2a6/0x10f0 [ 31.648550] test_double_free+0xdb/0x260 [ 31.648730] kunit_try_run_case+0x1a5/0x480 [ 31.648909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.649474] kthread+0x337/0x6f0 [ 31.649651] ret_from_fork+0x116/0x1d0 [ 31.649974] ret_from_fork_asm+0x1a/0x30 [ 31.650262] [ 31.650346] freed by task 354 on cpu 0 at 31.644132s (0.006211s ago): [ 31.650733] test_double_free+0xfa/0x260 [ 31.651002] kunit_try_run_case+0x1a5/0x480 [ 31.651327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.651548] kthread+0x337/0x6f0 [ 31.651717] ret_from_fork+0x116/0x1d0 [ 31.651873] ret_from_fork_asm+0x1a/0x30 [ 31.652074] [ 31.652216] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.653026] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.653251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.653796] ================================================================== [ 31.540275] ================================================================== [ 31.540688] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 31.540688] [ 31.541139] Invalid free of 0x(____ptrval____) (in kfence-#96): [ 31.541469] test_double_free+0x1d3/0x260 [ 31.541700] kunit_try_run_case+0x1a5/0x480 [ 31.541850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.542038] kthread+0x337/0x6f0 [ 31.542226] ret_from_fork+0x116/0x1d0 [ 31.542438] ret_from_fork_asm+0x1a/0x30 [ 31.542659] [ 31.542767] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.542767] [ 31.543180] allocated by task 352 on cpu 1 at 31.540040s (0.003137s ago): [ 31.543439] test_alloc+0x364/0x10f0 [ 31.543643] test_double_free+0xdb/0x260 [ 31.543833] kunit_try_run_case+0x1a5/0x480 [ 31.544041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.544385] kthread+0x337/0x6f0 [ 31.544551] ret_from_fork+0x116/0x1d0 [ 31.544742] ret_from_fork_asm+0x1a/0x30 [ 31.544927] [ 31.545036] freed by task 352 on cpu 1 at 31.540083s (0.004950s ago): [ 31.545356] test_double_free+0x1e0/0x260 [ 31.545555] kunit_try_run_case+0x1a5/0x480 [ 31.545773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.546092] kthread+0x337/0x6f0 [ 31.546323] ret_from_fork+0x116/0x1d0 [ 31.546454] ret_from_fork_asm+0x1a/0x30 [ 31.546642] [ 31.546759] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.547310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.547512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.547901] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 31.124290] ================================================================== [ 31.124743] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.124743] [ 31.125321] Use-after-free read at 0x(____ptrval____) (in kfence-#92): [ 31.125582] test_use_after_free_read+0x129/0x270 [ 31.125789] kunit_try_run_case+0x1a5/0x480 [ 31.125954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.126271] kthread+0x337/0x6f0 [ 31.126455] ret_from_fork+0x116/0x1d0 [ 31.126599] ret_from_fork_asm+0x1a/0x30 [ 31.126764] [ 31.126862] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 31.126862] [ 31.127288] allocated by task 344 on cpu 1 at 31.124076s (0.003209s ago): [ 31.127595] test_alloc+0x364/0x10f0 [ 31.127741] test_use_after_free_read+0xdc/0x270 [ 31.127900] kunit_try_run_case+0x1a5/0x480 [ 31.128119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.128558] kthread+0x337/0x6f0 [ 31.128732] ret_from_fork+0x116/0x1d0 [ 31.128890] ret_from_fork_asm+0x1a/0x30 [ 31.129131] [ 31.129327] freed by task 344 on cpu 1 at 31.124137s (0.005111s ago): [ 31.129618] test_use_after_free_read+0x1e7/0x270 [ 31.129856] kunit_try_run_case+0x1a5/0x480 [ 31.130044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.130270] kthread+0x337/0x6f0 [ 31.130473] ret_from_fork+0x116/0x1d0 [ 31.130608] ret_from_fork_asm+0x1a/0x30 [ 31.130761] [ 31.130854] CPU: 1 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.131390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.131566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.131842] ================================================================== [ 31.228202] ================================================================== [ 31.228592] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 31.228592] [ 31.229064] Use-after-free read at 0x(____ptrval____) (in kfence-#93): [ 31.229533] test_use_after_free_read+0x129/0x270 [ 31.229787] kunit_try_run_case+0x1a5/0x480 [ 31.229967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.230332] kthread+0x337/0x6f0 [ 31.230894] ret_from_fork+0x116/0x1d0 [ 31.231075] ret_from_fork_asm+0x1a/0x30 [ 31.231280] [ 31.231445] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.231445] [ 31.231977] allocated by task 346 on cpu 1 at 31.228095s (0.003879s ago): [ 31.232471] test_alloc+0x2a6/0x10f0 [ 31.232619] test_use_after_free_read+0xdc/0x270 [ 31.232989] kunit_try_run_case+0x1a5/0x480 [ 31.233313] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.233555] kthread+0x337/0x6f0 [ 31.233700] ret_from_fork+0x116/0x1d0 [ 31.233874] ret_from_fork_asm+0x1a/0x30 [ 31.234293] [ 31.234402] freed by task 346 on cpu 1 at 31.228135s (0.006265s ago): [ 31.234774] test_use_after_free_read+0xfb/0x270 [ 31.234989] kunit_try_run_case+0x1a5/0x480 [ 31.235337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.235582] kthread+0x337/0x6f0 [ 31.235869] ret_from_fork+0x116/0x1d0 [ 31.236072] ret_from_fork_asm+0x1a/0x30 [ 31.236373] [ 31.236482] CPU: 1 UID: 0 PID: 346 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.237006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.237445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.237879] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 30.916164] ================================================================== [ 30.916562] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 30.916562] [ 30.917100] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#90): [ 30.917780] test_out_of_bounds_write+0x10d/0x260 [ 30.918049] kunit_try_run_case+0x1a5/0x480 [ 30.918282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.918509] kthread+0x337/0x6f0 [ 30.918676] ret_from_fork+0x116/0x1d0 [ 30.918854] ret_from_fork_asm+0x1a/0x30 [ 30.919045] [ 30.919580] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.919580] [ 30.920070] allocated by task 340 on cpu 1 at 30.916039s (0.004028s ago): [ 30.920529] test_alloc+0x364/0x10f0 [ 30.920740] test_out_of_bounds_write+0xd4/0x260 [ 30.921129] kunit_try_run_case+0x1a5/0x480 [ 30.921316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.921732] kthread+0x337/0x6f0 [ 30.921930] ret_from_fork+0x116/0x1d0 [ 30.922156] ret_from_fork_asm+0x1a/0x30 [ 30.922524] [ 30.922644] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.923314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.923604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.924081] ================================================================== [ 31.020158] ================================================================== [ 31.020532] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 31.020532] [ 31.020902] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#91): [ 31.021262] test_out_of_bounds_write+0x10d/0x260 [ 31.021463] kunit_try_run_case+0x1a5/0x480 [ 31.021679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.021900] kthread+0x337/0x6f0 [ 31.022063] ret_from_fork+0x116/0x1d0 [ 31.022282] ret_from_fork_asm+0x1a/0x30 [ 31.022464] [ 31.022536] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 31.022536] [ 31.022919] allocated by task 342 on cpu 0 at 31.020103s (0.002813s ago): [ 31.023270] test_alloc+0x2a6/0x10f0 [ 31.023452] test_out_of_bounds_write+0xd4/0x260 [ 31.023653] kunit_try_run_case+0x1a5/0x480 [ 31.023867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.024085] kthread+0x337/0x6f0 [ 31.024254] ret_from_fork+0x116/0x1d0 [ 31.024447] ret_from_fork_asm+0x1a/0x30 [ 31.024618] [ 31.024721] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 31.025108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.025274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.025723] ==================================================================
Failure - kunit/_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.389100] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - kunit/_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.291123] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 30.708130] ================================================================== [ 30.708540] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.708540] [ 30.708904] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#88): [ 30.709592] test_out_of_bounds_read+0x216/0x4e0 [ 30.710041] kunit_try_run_case+0x1a5/0x480 [ 30.710572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.710899] kthread+0x337/0x6f0 [ 30.711149] ret_from_fork+0x116/0x1d0 [ 30.711361] ret_from_fork_asm+0x1a/0x30 [ 30.711720] [ 30.711834] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.711834] [ 30.712446] allocated by task 338 on cpu 1 at 30.708078s (0.004365s ago): [ 30.712937] test_alloc+0x2a6/0x10f0 [ 30.713234] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.713456] kunit_try_run_case+0x1a5/0x480 [ 30.713630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.713893] kthread+0x337/0x6f0 [ 30.714061] ret_from_fork+0x116/0x1d0 [ 30.714505] ret_from_fork_asm+0x1a/0x30 [ 30.714766] [ 30.714909] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.715586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.715806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.716366] ================================================================== [ 30.396252] ================================================================== [ 30.396651] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 30.396651] [ 30.397112] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#85): [ 30.397466] test_out_of_bounds_read+0x216/0x4e0 [ 30.397706] kunit_try_run_case+0x1a5/0x480 [ 30.397977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.398329] kthread+0x337/0x6f0 [ 30.398540] ret_from_fork+0x116/0x1d0 [ 30.398707] ret_from_fork_asm+0x1a/0x30 [ 30.398880] [ 30.398985] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.398985] [ 30.399426] allocated by task 336 on cpu 0 at 30.396074s (0.003349s ago): [ 30.399794] test_alloc+0x364/0x10f0 [ 30.400031] test_out_of_bounds_read+0x1e2/0x4e0 [ 30.400272] kunit_try_run_case+0x1a5/0x480 [ 30.400451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.400744] kthread+0x337/0x6f0 [ 30.400925] ret_from_fork+0x116/0x1d0 [ 30.401280] ret_from_fork_asm+0x1a/0x30 [ 30.401516] [ 30.401660] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.402134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.402384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.402835] ================================================================== [ 30.500151] ================================================================== [ 30.500517] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 30.500517] [ 30.500860] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#86): [ 30.501993] test_out_of_bounds_read+0x126/0x4e0 [ 30.502356] kunit_try_run_case+0x1a5/0x480 [ 30.502670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.503022] kthread+0x337/0x6f0 [ 30.503228] ret_from_fork+0x116/0x1d0 [ 30.503561] ret_from_fork_asm+0x1a/0x30 [ 30.503851] [ 30.504049] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 30.504049] [ 30.504489] allocated by task 338 on cpu 1 at 30.500092s (0.004394s ago): [ 30.505116] test_alloc+0x2a6/0x10f0 [ 30.505318] test_out_of_bounds_read+0xed/0x4e0 [ 30.505631] kunit_try_run_case+0x1a5/0x480 [ 30.505926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.506318] kthread+0x337/0x6f0 [ 30.506454] ret_from_fork+0x116/0x1d0 [ 30.506845] ret_from_fork_asm+0x1a/0x30 [ 30.507077] [ 30.507276] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.507788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.508207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.508689] ================================================================== [ 30.293258] ================================================================== [ 30.293970] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 30.293970] [ 30.294350] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#84): [ 30.294709] test_out_of_bounds_read+0x126/0x4e0 [ 30.294883] kunit_try_run_case+0x1a5/0x480 [ 30.295054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.295236] kthread+0x337/0x6f0 [ 30.295376] ret_from_fork+0x116/0x1d0 [ 30.295640] ret_from_fork_asm+0x1a/0x30 [ 30.295874] [ 30.296177] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 30.296177] [ 30.296775] allocated by task 336 on cpu 0 at 30.292044s (0.004674s ago): [ 30.297420] test_alloc+0x364/0x10f0 [ 30.297664] test_out_of_bounds_read+0xed/0x4e0 [ 30.297894] kunit_try_run_case+0x1a5/0x480 [ 30.298181] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.298460] kthread+0x337/0x6f0 [ 30.298652] ret_from_fork+0x116/0x1d0 [ 30.298826] ret_from_fork_asm+0x1a/0x30 [ 30.299091] [ 30.299282] CPU: 0 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.299861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.300042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.300738] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 30.196760] ================================================================== [ 30.197191] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 30.197532] Write of size 1 at addr ffff888106253878 by task kunit_try_catch/334 [ 30.197869] [ 30.197982] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.198030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.198064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.198086] Call Trace: [ 30.198101] <TASK> [ 30.198115] dump_stack_lvl+0x73/0xb0 [ 30.198144] print_report+0xd1/0x640 [ 30.198168] ? __virt_addr_valid+0x1db/0x2d0 [ 30.198193] ? strncpy_from_user+0x1a5/0x1d0 [ 30.198218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.198246] ? strncpy_from_user+0x1a5/0x1d0 [ 30.198271] kasan_report+0x141/0x180 [ 30.198296] ? strncpy_from_user+0x1a5/0x1d0 [ 30.198325] __asan_report_store1_noabort+0x1b/0x30 [ 30.198352] strncpy_from_user+0x1a5/0x1d0 [ 30.198379] copy_user_test_oob+0x760/0x10f0 [ 30.198406] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.198431] ? finish_task_switch.isra.0+0x153/0x700 [ 30.198454] ? __switch_to+0x47/0xf80 [ 30.198481] ? __schedule+0x10da/0x2b60 [ 30.198504] ? __pfx_read_tsc+0x10/0x10 [ 30.198528] ? ktime_get_ts64+0x86/0x230 [ 30.198553] kunit_try_run_case+0x1a5/0x480 [ 30.198579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.198603] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.198628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.198655] ? __kthread_parkme+0x82/0x180 [ 30.198677] ? preempt_count_sub+0x50/0x80 [ 30.198701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.198727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.198754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.198780] kthread+0x337/0x6f0 [ 30.198801] ? trace_preempt_on+0x20/0xc0 [ 30.198825] ? __pfx_kthread+0x10/0x10 [ 30.198848] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.198873] ? calculate_sigpending+0x7b/0xa0 [ 30.198899] ? __pfx_kthread+0x10/0x10 [ 30.198922] ret_from_fork+0x116/0x1d0 [ 30.198952] ? __pfx_kthread+0x10/0x10 [ 30.198975] ret_from_fork_asm+0x1a/0x30 [ 30.199007] </TASK> [ 30.199019] [ 30.207524] Allocated by task 334: [ 30.207726] kasan_save_stack+0x45/0x70 [ 30.208015] kasan_save_track+0x18/0x40 [ 30.208223] kasan_save_alloc_info+0x3b/0x50 [ 30.208457] __kasan_kmalloc+0xb7/0xc0 [ 30.208616] __kmalloc_noprof+0x1ca/0x510 [ 30.208837] kunit_kmalloc_array+0x25/0x60 [ 30.209032] copy_user_test_oob+0xab/0x10f0 [ 30.209250] kunit_try_run_case+0x1a5/0x480 [ 30.209453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.209724] kthread+0x337/0x6f0 [ 30.210016] ret_from_fork+0x116/0x1d0 [ 30.210222] ret_from_fork_asm+0x1a/0x30 [ 30.210398] [ 30.210471] The buggy address belongs to the object at ffff888106253800 [ 30.210471] which belongs to the cache kmalloc-128 of size 128 [ 30.211163] The buggy address is located 0 bytes to the right of [ 30.211163] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.211638] [ 30.211711] The buggy address belongs to the physical page: [ 30.211911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.212397] flags: 0x200000000000000(node=0|zone=2) [ 30.212593] page_type: f5(slab) [ 30.212781] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.213187] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.213564] page dumped because: kasan: bad access detected [ 30.213847] [ 30.213969] Memory state around the buggy address: [ 30.214219] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.214598] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.215135] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.215452] ^ [ 30.215765] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.216097] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.216411] ================================================================== [ 30.176399] ================================================================== [ 30.176706] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 30.177168] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.177522] [ 30.177645] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.177707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.177721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.177757] Call Trace: [ 30.177805] <TASK> [ 30.177835] dump_stack_lvl+0x73/0xb0 [ 30.177878] print_report+0xd1/0x640 [ 30.177916] ? __virt_addr_valid+0x1db/0x2d0 [ 30.177966] ? strncpy_from_user+0x2e/0x1d0 [ 30.178004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.178064] ? strncpy_from_user+0x2e/0x1d0 [ 30.178090] kasan_report+0x141/0x180 [ 30.178114] ? strncpy_from_user+0x2e/0x1d0 [ 30.178143] kasan_check_range+0x10c/0x1c0 [ 30.178169] __kasan_check_write+0x18/0x20 [ 30.178194] strncpy_from_user+0x2e/0x1d0 [ 30.178218] ? __kasan_check_read+0x15/0x20 [ 30.178245] copy_user_test_oob+0x760/0x10f0 [ 30.178272] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.178297] ? finish_task_switch.isra.0+0x153/0x700 [ 30.178320] ? __switch_to+0x47/0xf80 [ 30.178346] ? __schedule+0x10da/0x2b60 [ 30.178370] ? __pfx_read_tsc+0x10/0x10 [ 30.178393] ? ktime_get_ts64+0x86/0x230 [ 30.178419] kunit_try_run_case+0x1a5/0x480 [ 30.178444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.178469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.178493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.178521] ? __kthread_parkme+0x82/0x180 [ 30.178544] ? preempt_count_sub+0x50/0x80 [ 30.178568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.178595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.178621] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.178647] kthread+0x337/0x6f0 [ 30.178668] ? trace_preempt_on+0x20/0xc0 [ 30.178693] ? __pfx_kthread+0x10/0x10 [ 30.178715] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.178741] ? calculate_sigpending+0x7b/0xa0 [ 30.178767] ? __pfx_kthread+0x10/0x10 [ 30.178790] ret_from_fork+0x116/0x1d0 [ 30.178825] ? __pfx_kthread+0x10/0x10 [ 30.178848] ret_from_fork_asm+0x1a/0x30 [ 30.178881] </TASK> [ 30.178893] [ 30.187445] Allocated by task 334: [ 30.187804] kasan_save_stack+0x45/0x70 [ 30.188082] kasan_save_track+0x18/0x40 [ 30.188233] kasan_save_alloc_info+0x3b/0x50 [ 30.188384] __kasan_kmalloc+0xb7/0xc0 [ 30.188515] __kmalloc_noprof+0x1ca/0x510 [ 30.188654] kunit_kmalloc_array+0x25/0x60 [ 30.188798] copy_user_test_oob+0xab/0x10f0 [ 30.189076] kunit_try_run_case+0x1a5/0x480 [ 30.189289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.189729] kthread+0x337/0x6f0 [ 30.189895] ret_from_fork+0x116/0x1d0 [ 30.190168] ret_from_fork_asm+0x1a/0x30 [ 30.190390] [ 30.190483] The buggy address belongs to the object at ffff888106253800 [ 30.190483] which belongs to the cache kmalloc-128 of size 128 [ 30.191148] The buggy address is located 0 bytes inside of [ 30.191148] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.191677] [ 30.191789] The buggy address belongs to the physical page: [ 30.192104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.192470] flags: 0x200000000000000(node=0|zone=2) [ 30.192672] page_type: f5(slab) [ 30.192902] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.193260] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.193568] page dumped because: kasan: bad access detected [ 30.193861] [ 30.193933] Memory state around the buggy address: [ 30.194219] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.194518] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.194854] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.195179] ^ [ 30.195478] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.195827] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.196182] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 30.152686] ================================================================== [ 30.153542] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 30.154134] Read of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.154729] [ 30.155033] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.155232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.155247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.155270] Call Trace: [ 30.155287] <TASK> [ 30.155304] dump_stack_lvl+0x73/0xb0 [ 30.155377] print_report+0xd1/0x640 [ 30.155402] ? __virt_addr_valid+0x1db/0x2d0 [ 30.155427] ? copy_user_test_oob+0x604/0x10f0 [ 30.155452] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.155481] ? copy_user_test_oob+0x604/0x10f0 [ 30.155506] kasan_report+0x141/0x180 [ 30.155530] ? copy_user_test_oob+0x604/0x10f0 [ 30.155560] kasan_check_range+0x10c/0x1c0 [ 30.155585] __kasan_check_read+0x15/0x20 [ 30.155611] copy_user_test_oob+0x604/0x10f0 [ 30.155639] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.155665] ? finish_task_switch.isra.0+0x153/0x700 [ 30.155689] ? __switch_to+0x47/0xf80 [ 30.155716] ? __schedule+0x10da/0x2b60 [ 30.155739] ? __pfx_read_tsc+0x10/0x10 [ 30.155762] ? ktime_get_ts64+0x86/0x230 [ 30.155809] kunit_try_run_case+0x1a5/0x480 [ 30.155836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.155861] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.155883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.155911] ? __kthread_parkme+0x82/0x180 [ 30.155933] ? preempt_count_sub+0x50/0x80 [ 30.155968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.155993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.156019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.156062] kthread+0x337/0x6f0 [ 30.156084] ? trace_preempt_on+0x20/0xc0 [ 30.156110] ? __pfx_kthread+0x10/0x10 [ 30.156133] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.156158] ? calculate_sigpending+0x7b/0xa0 [ 30.156184] ? __pfx_kthread+0x10/0x10 [ 30.156207] ret_from_fork+0x116/0x1d0 [ 30.156228] ? __pfx_kthread+0x10/0x10 [ 30.156250] ret_from_fork_asm+0x1a/0x30 [ 30.156282] </TASK> [ 30.156295] [ 30.166631] Allocated by task 334: [ 30.166803] kasan_save_stack+0x45/0x70 [ 30.167077] kasan_save_track+0x18/0x40 [ 30.167303] kasan_save_alloc_info+0x3b/0x50 [ 30.167545] __kasan_kmalloc+0xb7/0xc0 [ 30.167730] __kmalloc_noprof+0x1ca/0x510 [ 30.167927] kunit_kmalloc_array+0x25/0x60 [ 30.168153] copy_user_test_oob+0xab/0x10f0 [ 30.168395] kunit_try_run_case+0x1a5/0x480 [ 30.168651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.168999] kthread+0x337/0x6f0 [ 30.169154] ret_from_fork+0x116/0x1d0 [ 30.169465] ret_from_fork_asm+0x1a/0x30 [ 30.169692] [ 30.169793] The buggy address belongs to the object at ffff888106253800 [ 30.169793] which belongs to the cache kmalloc-128 of size 128 [ 30.170522] The buggy address is located 0 bytes inside of [ 30.170522] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.171124] [ 30.171286] The buggy address belongs to the physical page: [ 30.171510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.171883] flags: 0x200000000000000(node=0|zone=2) [ 30.172233] page_type: f5(slab) [ 30.172396] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.172750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.173105] page dumped because: kasan: bad access detected [ 30.173363] [ 30.173454] Memory state around the buggy address: [ 30.173675] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.173977] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.174317] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.174735] ^ [ 30.175079] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.175395] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.175755] ================================================================== [ 30.068477] ================================================================== [ 30.068821] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 30.069305] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.069542] [ 30.069621] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.069670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.069684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.069705] Call Trace: [ 30.069719] <TASK> [ 30.069735] dump_stack_lvl+0x73/0xb0 [ 30.069765] print_report+0xd1/0x640 [ 30.069820] ? __virt_addr_valid+0x1db/0x2d0 [ 30.069847] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.069872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.069923] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.069973] kasan_report+0x141/0x180 [ 30.070012] ? copy_user_test_oob+0x3fd/0x10f0 [ 30.070062] kasan_check_range+0x10c/0x1c0 [ 30.070088] __kasan_check_write+0x18/0x20 [ 30.070114] copy_user_test_oob+0x3fd/0x10f0 [ 30.070142] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.070168] ? finish_task_switch.isra.0+0x153/0x700 [ 30.070192] ? __switch_to+0x47/0xf80 [ 30.070219] ? __schedule+0x10da/0x2b60 [ 30.070241] ? __pfx_read_tsc+0x10/0x10 [ 30.070264] ? ktime_get_ts64+0x86/0x230 [ 30.070291] kunit_try_run_case+0x1a5/0x480 [ 30.070317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.070342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.070366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.070394] ? __kthread_parkme+0x82/0x180 [ 30.070415] ? preempt_count_sub+0x50/0x80 [ 30.070440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.070487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.070512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.070539] kthread+0x337/0x6f0 [ 30.070561] ? trace_preempt_on+0x20/0xc0 [ 30.070585] ? __pfx_kthread+0x10/0x10 [ 30.070608] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.070635] ? calculate_sigpending+0x7b/0xa0 [ 30.070676] ? __pfx_kthread+0x10/0x10 [ 30.070700] ret_from_fork+0x116/0x1d0 [ 30.070721] ? __pfx_kthread+0x10/0x10 [ 30.070744] ret_from_fork_asm+0x1a/0x30 [ 30.070793] </TASK> [ 30.070813] [ 30.084954] Allocated by task 334: [ 30.085357] kasan_save_stack+0x45/0x70 [ 30.085766] kasan_save_track+0x18/0x40 [ 30.086205] kasan_save_alloc_info+0x3b/0x50 [ 30.086610] __kasan_kmalloc+0xb7/0xc0 [ 30.087024] __kmalloc_noprof+0x1ca/0x510 [ 30.087451] kunit_kmalloc_array+0x25/0x60 [ 30.087910] copy_user_test_oob+0xab/0x10f0 [ 30.088322] kunit_try_run_case+0x1a5/0x480 [ 30.088738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.089292] kthread+0x337/0x6f0 [ 30.089623] ret_from_fork+0x116/0x1d0 [ 30.089977] ret_from_fork_asm+0x1a/0x30 [ 30.090386] [ 30.090557] The buggy address belongs to the object at ffff888106253800 [ 30.090557] which belongs to the cache kmalloc-128 of size 128 [ 30.091158] The buggy address is located 0 bytes inside of [ 30.091158] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.092482] [ 30.092639] The buggy address belongs to the physical page: [ 30.093235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.093657] flags: 0x200000000000000(node=0|zone=2) [ 30.093929] page_type: f5(slab) [ 30.094280] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.095047] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.095801] page dumped because: kasan: bad access detected [ 30.096054] [ 30.096244] Memory state around the buggy address: [ 30.096689] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.097214] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.097578] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.097811] ^ [ 30.098114] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.098871] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.099603] ================================================================== [ 30.100105] ================================================================== [ 30.100817] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 30.101512] Read of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.101772] [ 30.102025] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.102077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.102109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.102132] Call Trace: [ 30.102148] <TASK> [ 30.102165] dump_stack_lvl+0x73/0xb0 [ 30.102208] print_report+0xd1/0x640 [ 30.102247] ? __virt_addr_valid+0x1db/0x2d0 [ 30.102272] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.102325] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102351] kasan_report+0x141/0x180 [ 30.102375] ? copy_user_test_oob+0x4aa/0x10f0 [ 30.102405] kasan_check_range+0x10c/0x1c0 [ 30.102431] __kasan_check_read+0x15/0x20 [ 30.102455] copy_user_test_oob+0x4aa/0x10f0 [ 30.102483] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.102508] ? finish_task_switch.isra.0+0x153/0x700 [ 30.102532] ? __switch_to+0x47/0xf80 [ 30.102559] ? __schedule+0x10da/0x2b60 [ 30.102581] ? __pfx_read_tsc+0x10/0x10 [ 30.102604] ? ktime_get_ts64+0x86/0x230 [ 30.102630] kunit_try_run_case+0x1a5/0x480 [ 30.102656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.102681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.102705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.102733] ? __kthread_parkme+0x82/0x180 [ 30.102754] ? preempt_count_sub+0x50/0x80 [ 30.102779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.102806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.102831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.102857] kthread+0x337/0x6f0 [ 30.102879] ? trace_preempt_on+0x20/0xc0 [ 30.102904] ? __pfx_kthread+0x10/0x10 [ 30.102927] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.102976] ? calculate_sigpending+0x7b/0xa0 [ 30.103002] ? __pfx_kthread+0x10/0x10 [ 30.103026] ret_from_fork+0x116/0x1d0 [ 30.103047] ? __pfx_kthread+0x10/0x10 [ 30.103076] ret_from_fork_asm+0x1a/0x30 [ 30.103109] </TASK> [ 30.103122] [ 30.117739] Allocated by task 334: [ 30.117868] kasan_save_stack+0x45/0x70 [ 30.118049] kasan_save_track+0x18/0x40 [ 30.118434] kasan_save_alloc_info+0x3b/0x50 [ 30.118694] __kasan_kmalloc+0xb7/0xc0 [ 30.119059] __kmalloc_noprof+0x1ca/0x510 [ 30.119505] kunit_kmalloc_array+0x25/0x60 [ 30.119925] copy_user_test_oob+0xab/0x10f0 [ 30.120374] kunit_try_run_case+0x1a5/0x480 [ 30.120613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.120801] kthread+0x337/0x6f0 [ 30.121051] ret_from_fork+0x116/0x1d0 [ 30.121416] ret_from_fork_asm+0x1a/0x30 [ 30.121754] [ 30.121823] The buggy address belongs to the object at ffff888106253800 [ 30.121823] which belongs to the cache kmalloc-128 of size 128 [ 30.122743] The buggy address is located 0 bytes inside of [ 30.122743] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.123581] [ 30.123651] The buggy address belongs to the physical page: [ 30.123822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.124076] flags: 0x200000000000000(node=0|zone=2) [ 30.124416] page_type: f5(slab) [ 30.124573] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.124984] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.125250] page dumped because: kasan: bad access detected [ 30.125570] [ 30.125647] Memory state around the buggy address: [ 30.125875] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.126243] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.126580] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.126807] ^ [ 30.127207] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127542] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.127840] ================================================================== [ 30.128352] ================================================================== [ 30.128677] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 30.129289] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.129524] [ 30.129607] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.129656] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.129670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.129692] Call Trace: [ 30.129709] <TASK> [ 30.129725] dump_stack_lvl+0x73/0xb0 [ 30.129755] print_report+0xd1/0x640 [ 30.129780] ? __virt_addr_valid+0x1db/0x2d0 [ 30.129806] ? copy_user_test_oob+0x557/0x10f0 [ 30.129831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.129859] ? copy_user_test_oob+0x557/0x10f0 [ 30.129885] kasan_report+0x141/0x180 [ 30.130531] ? copy_user_test_oob+0x557/0x10f0 [ 30.130563] kasan_check_range+0x10c/0x1c0 [ 30.130590] __kasan_check_write+0x18/0x20 [ 30.130615] copy_user_test_oob+0x557/0x10f0 [ 30.130643] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.130669] ? finish_task_switch.isra.0+0x153/0x700 [ 30.130695] ? __switch_to+0x47/0xf80 [ 30.130723] ? __schedule+0x10da/0x2b60 [ 30.130747] ? __pfx_read_tsc+0x10/0x10 [ 30.130770] ? ktime_get_ts64+0x86/0x230 [ 30.130796] kunit_try_run_case+0x1a5/0x480 [ 30.130823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.130866] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.130890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.130918] ? __kthread_parkme+0x82/0x180 [ 30.130940] ? preempt_count_sub+0x50/0x80 [ 30.130977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.131003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.131029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.131079] kthread+0x337/0x6f0 [ 30.131101] ? trace_preempt_on+0x20/0xc0 [ 30.131128] ? __pfx_kthread+0x10/0x10 [ 30.131151] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.131176] ? calculate_sigpending+0x7b/0xa0 [ 30.131203] ? __pfx_kthread+0x10/0x10 [ 30.131226] ret_from_fork+0x116/0x1d0 [ 30.131248] ? __pfx_kthread+0x10/0x10 [ 30.131270] ret_from_fork_asm+0x1a/0x30 [ 30.131304] </TASK> [ 30.131316] [ 30.138622] Allocated by task 334: [ 30.138788] kasan_save_stack+0x45/0x70 [ 30.138977] kasan_save_track+0x18/0x40 [ 30.139148] kasan_save_alloc_info+0x3b/0x50 [ 30.139339] __kasan_kmalloc+0xb7/0xc0 [ 30.139495] __kmalloc_noprof+0x1ca/0x510 [ 30.139663] kunit_kmalloc_array+0x25/0x60 [ 30.139833] copy_user_test_oob+0xab/0x10f0 [ 30.140431] kunit_try_run_case+0x1a5/0x480 [ 30.141354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.141584] kthread+0x337/0x6f0 [ 30.141729] ret_from_fork+0x116/0x1d0 [ 30.142666] ret_from_fork_asm+0x1a/0x30 [ 30.143143] [ 30.143397] The buggy address belongs to the object at ffff888106253800 [ 30.143397] which belongs to the cache kmalloc-128 of size 128 [ 30.144268] The buggy address is located 0 bytes inside of [ 30.144268] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.145393] [ 30.145660] The buggy address belongs to the physical page: [ 30.146405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.147031] flags: 0x200000000000000(node=0|zone=2) [ 30.147507] page_type: f5(slab) [ 30.147675] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.147995] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.148293] page dumped because: kasan: bad access detected [ 30.148517] [ 30.148598] Memory state around the buggy address: [ 30.148796] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.149090] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.149366] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.149632] ^ [ 30.149899] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.150913] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.151553] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 30.044267] ================================================================== [ 30.044646] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 30.045034] Read of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.045422] [ 30.045541] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.045590] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.045604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.045626] Call Trace: [ 30.045639] <TASK> [ 30.045655] dump_stack_lvl+0x73/0xb0 [ 30.045684] print_report+0xd1/0x640 [ 30.045710] ? __virt_addr_valid+0x1db/0x2d0 [ 30.045756] ? _copy_to_user+0x3c/0x70 [ 30.045778] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.045807] ? _copy_to_user+0x3c/0x70 [ 30.045829] kasan_report+0x141/0x180 [ 30.045855] ? _copy_to_user+0x3c/0x70 [ 30.045882] kasan_check_range+0x10c/0x1c0 [ 30.045927] __kasan_check_read+0x15/0x20 [ 30.045962] _copy_to_user+0x3c/0x70 [ 30.046007] copy_user_test_oob+0x364/0x10f0 [ 30.046082] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.046121] ? finish_task_switch.isra.0+0x153/0x700 [ 30.046148] ? __switch_to+0x47/0xf80 [ 30.046195] ? __schedule+0x10da/0x2b60 [ 30.046218] ? __pfx_read_tsc+0x10/0x10 [ 30.046241] ? ktime_get_ts64+0x86/0x230 [ 30.046268] kunit_try_run_case+0x1a5/0x480 [ 30.046294] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.046318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.046342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.046370] ? __kthread_parkme+0x82/0x180 [ 30.046391] ? preempt_count_sub+0x50/0x80 [ 30.046417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.046443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.046469] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.046495] kthread+0x337/0x6f0 [ 30.046516] ? trace_preempt_on+0x20/0xc0 [ 30.046541] ? __pfx_kthread+0x10/0x10 [ 30.046564] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.046590] ? calculate_sigpending+0x7b/0xa0 [ 30.046615] ? __pfx_kthread+0x10/0x10 [ 30.046638] ret_from_fork+0x116/0x1d0 [ 30.046660] ? __pfx_kthread+0x10/0x10 [ 30.046682] ret_from_fork_asm+0x1a/0x30 [ 30.046733] </TASK> [ 30.046744] [ 30.054907] Allocated by task 334: [ 30.055293] kasan_save_stack+0x45/0x70 [ 30.055519] kasan_save_track+0x18/0x40 [ 30.055714] kasan_save_alloc_info+0x3b/0x50 [ 30.056035] __kasan_kmalloc+0xb7/0xc0 [ 30.056207] __kmalloc_noprof+0x1ca/0x510 [ 30.056347] kunit_kmalloc_array+0x25/0x60 [ 30.056569] copy_user_test_oob+0xab/0x10f0 [ 30.056800] kunit_try_run_case+0x1a5/0x480 [ 30.057078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.057352] kthread+0x337/0x6f0 [ 30.057509] ret_from_fork+0x116/0x1d0 [ 30.057703] ret_from_fork_asm+0x1a/0x30 [ 30.057887] [ 30.058013] The buggy address belongs to the object at ffff888106253800 [ 30.058013] which belongs to the cache kmalloc-128 of size 128 [ 30.058491] The buggy address is located 0 bytes inside of [ 30.058491] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.059038] [ 30.059153] The buggy address belongs to the physical page: [ 30.059397] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.059969] flags: 0x200000000000000(node=0|zone=2) [ 30.060208] page_type: f5(slab) [ 30.060395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.060720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.061117] page dumped because: kasan: bad access detected [ 30.061388] [ 30.061482] Memory state around the buggy address: [ 30.061731] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.062102] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.062418] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.062746] ^ [ 30.063226] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.063545] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.063852] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 30.021117] ================================================================== [ 30.021714] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 30.022096] Write of size 121 at addr ffff888106253800 by task kunit_try_catch/334 [ 30.022567] [ 30.022684] CPU: 1 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 30.022739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.022753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.022780] Call Trace: [ 30.022794] <TASK> [ 30.022816] dump_stack_lvl+0x73/0xb0 [ 30.022873] print_report+0xd1/0x640 [ 30.022900] ? __virt_addr_valid+0x1db/0x2d0 [ 30.022926] ? _copy_from_user+0x32/0x90 [ 30.022959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 30.022989] ? _copy_from_user+0x32/0x90 [ 30.023012] kasan_report+0x141/0x180 [ 30.023036] ? _copy_from_user+0x32/0x90 [ 30.023099] kasan_check_range+0x10c/0x1c0 [ 30.023126] __kasan_check_write+0x18/0x20 [ 30.023152] _copy_from_user+0x32/0x90 [ 30.023175] copy_user_test_oob+0x2be/0x10f0 [ 30.023262] ? __pfx_copy_user_test_oob+0x10/0x10 [ 30.023288] ? finish_task_switch.isra.0+0x153/0x700 [ 30.023313] ? __switch_to+0x47/0xf80 [ 30.023343] ? __schedule+0x10da/0x2b60 [ 30.023367] ? __pfx_read_tsc+0x10/0x10 [ 30.023410] ? ktime_get_ts64+0x86/0x230 [ 30.023437] kunit_try_run_case+0x1a5/0x480 [ 30.023464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.023488] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 30.023511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 30.023540] ? __kthread_parkme+0x82/0x180 [ 30.023562] ? preempt_count_sub+0x50/0x80 [ 30.023603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 30.023629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.023655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 30.023680] kthread+0x337/0x6f0 [ 30.023702] ? trace_preempt_on+0x20/0xc0 [ 30.023727] ? __pfx_kthread+0x10/0x10 [ 30.023750] ? _raw_spin_unlock_irq+0x47/0x80 [ 30.023804] ? calculate_sigpending+0x7b/0xa0 [ 30.023837] ? __pfx_kthread+0x10/0x10 [ 30.023860] ret_from_fork+0x116/0x1d0 [ 30.023881] ? __pfx_kthread+0x10/0x10 [ 30.023904] ret_from_fork_asm+0x1a/0x30 [ 30.023937] </TASK> [ 30.023961] [ 30.031768] Allocated by task 334: [ 30.032029] kasan_save_stack+0x45/0x70 [ 30.032279] kasan_save_track+0x18/0x40 [ 30.032469] kasan_save_alloc_info+0x3b/0x50 [ 30.032672] __kasan_kmalloc+0xb7/0xc0 [ 30.032852] __kmalloc_noprof+0x1ca/0x510 [ 30.033189] kunit_kmalloc_array+0x25/0x60 [ 30.033452] copy_user_test_oob+0xab/0x10f0 [ 30.033662] kunit_try_run_case+0x1a5/0x480 [ 30.033815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.034078] kthread+0x337/0x6f0 [ 30.034246] ret_from_fork+0x116/0x1d0 [ 30.034431] ret_from_fork_asm+0x1a/0x30 [ 30.034822] [ 30.034896] The buggy address belongs to the object at ffff888106253800 [ 30.034896] which belongs to the cache kmalloc-128 of size 128 [ 30.035591] The buggy address is located 0 bytes inside of [ 30.035591] allocated 120-byte region [ffff888106253800, ffff888106253878) [ 30.036119] [ 30.036232] The buggy address belongs to the physical page: [ 30.036515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.036891] flags: 0x200000000000000(node=0|zone=2) [ 30.037172] page_type: f5(slab) [ 30.037365] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.037708] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.038076] page dumped because: kasan: bad access detected [ 30.038334] [ 30.038416] Memory state around the buggy address: [ 30.038640] ffff888106253700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.038975] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.039307] >ffff888106253800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.039576] ^ [ 30.039925] ffff888106253880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.040244] ffff888106253900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.040557] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 29.976401] ================================================================== [ 29.976636] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 29.977290] Write of size 8 at addr ffff888106253778 by task kunit_try_catch/330 [ 29.978398] [ 29.978644] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.978697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.978711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.978733] Call Trace: [ 29.978747] <TASK> [ 29.978765] dump_stack_lvl+0x73/0xb0 [ 29.978796] print_report+0xd1/0x640 [ 29.978822] ? __virt_addr_valid+0x1db/0x2d0 [ 29.978847] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.978900] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978926] kasan_report+0x141/0x180 [ 29.978962] ? copy_to_kernel_nofault+0x99/0x260 [ 29.978992] kasan_check_range+0x10c/0x1c0 [ 29.979018] __kasan_check_write+0x18/0x20 [ 29.979043] copy_to_kernel_nofault+0x99/0x260 [ 29.979090] copy_to_kernel_nofault_oob+0x288/0x560 [ 29.979117] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.979163] ? finish_task_switch.isra.0+0x153/0x700 [ 29.979200] ? __schedule+0x10da/0x2b60 [ 29.979223] ? trace_hardirqs_on+0x37/0xe0 [ 29.979255] ? __pfx_read_tsc+0x10/0x10 [ 29.979279] ? ktime_get_ts64+0x86/0x230 [ 29.979305] kunit_try_run_case+0x1a5/0x480 [ 29.979331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.979378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.979406] ? __kthread_parkme+0x82/0x180 [ 29.979427] ? preempt_count_sub+0x50/0x80 [ 29.979453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.979478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.979503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.979529] kthread+0x337/0x6f0 [ 29.979551] ? trace_preempt_on+0x20/0xc0 [ 29.979575] ? __pfx_kthread+0x10/0x10 [ 29.979597] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.979623] ? calculate_sigpending+0x7b/0xa0 [ 29.979649] ? __pfx_kthread+0x10/0x10 [ 29.979673] ret_from_fork+0x116/0x1d0 [ 29.979694] ? __pfx_kthread+0x10/0x10 [ 29.979717] ret_from_fork_asm+0x1a/0x30 [ 29.979750] </TASK> [ 29.979762] [ 29.995790] Allocated by task 330: [ 29.996395] kasan_save_stack+0x45/0x70 [ 29.996925] kasan_save_track+0x18/0x40 [ 29.997390] kasan_save_alloc_info+0x3b/0x50 [ 29.997549] __kasan_kmalloc+0xb7/0xc0 [ 29.997681] __kmalloc_cache_noprof+0x189/0x420 [ 29.998026] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.998779] kunit_try_run_case+0x1a5/0x480 [ 29.999367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 30.000047] kthread+0x337/0x6f0 [ 30.000503] ret_from_fork+0x116/0x1d0 [ 30.000833] ret_from_fork_asm+0x1a/0x30 [ 30.000985] [ 30.001110] The buggy address belongs to the object at ffff888106253700 [ 30.001110] which belongs to the cache kmalloc-128 of size 128 [ 30.002299] The buggy address is located 0 bytes to the right of [ 30.002299] allocated 120-byte region [ffff888106253700, ffff888106253778) [ 30.002697] [ 30.002767] The buggy address belongs to the physical page: [ 30.002958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 30.003207] flags: 0x200000000000000(node=0|zone=2) [ 30.003573] page_type: f5(slab) [ 30.003819] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 30.004771] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.005149] page dumped because: kasan: bad access detected [ 30.005430] [ 30.005525] Memory state around the buggy address: [ 30.006026] ffff888106253600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.006426] ffff888106253680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.006829] >ffff888106253700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.007368] ^ [ 30.007752] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.008310] ffff888106253800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.008642] ================================================================== [ 29.939407] ================================================================== [ 29.939932] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 29.940204] Read of size 8 at addr ffff888106253778 by task kunit_try_catch/330 [ 29.940432] [ 29.940524] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.940579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.940593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.940618] Call Trace: [ 29.940632] <TASK> [ 29.940652] dump_stack_lvl+0x73/0xb0 [ 29.940684] print_report+0xd1/0x640 [ 29.940710] ? __virt_addr_valid+0x1db/0x2d0 [ 29.940735] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.940788] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940813] kasan_report+0x141/0x180 [ 29.940837] ? copy_to_kernel_nofault+0x225/0x260 [ 29.940867] __asan_report_load8_noabort+0x18/0x20 [ 29.940893] copy_to_kernel_nofault+0x225/0x260 [ 29.940919] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 29.941307] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 29.941347] ? finish_task_switch.isra.0+0x153/0x700 [ 29.941376] ? __schedule+0x10da/0x2b60 [ 29.941400] ? trace_hardirqs_on+0x37/0xe0 [ 29.941435] ? __pfx_read_tsc+0x10/0x10 [ 29.941669] ? ktime_get_ts64+0x86/0x230 [ 29.941700] kunit_try_run_case+0x1a5/0x480 [ 29.941731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.941756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.941927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.941982] ? __kthread_parkme+0x82/0x180 [ 29.942006] ? preempt_count_sub+0x50/0x80 [ 29.942031] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.942057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.942085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.942111] kthread+0x337/0x6f0 [ 29.942132] ? trace_preempt_on+0x20/0xc0 [ 29.942157] ? __pfx_kthread+0x10/0x10 [ 29.942180] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.942206] ? calculate_sigpending+0x7b/0xa0 [ 29.942232] ? __pfx_kthread+0x10/0x10 [ 29.942255] ret_from_fork+0x116/0x1d0 [ 29.942276] ? __pfx_kthread+0x10/0x10 [ 29.942299] ret_from_fork_asm+0x1a/0x30 [ 29.942333] </TASK> [ 29.942347] [ 29.960258] Allocated by task 330: [ 29.960632] kasan_save_stack+0x45/0x70 [ 29.960999] kasan_save_track+0x18/0x40 [ 29.961391] kasan_save_alloc_info+0x3b/0x50 [ 29.961811] __kasan_kmalloc+0xb7/0xc0 [ 29.962193] __kmalloc_cache_noprof+0x189/0x420 [ 29.962705] copy_to_kernel_nofault_oob+0x12f/0x560 [ 29.963188] kunit_try_run_case+0x1a5/0x480 [ 29.963595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.963835] kthread+0x337/0x6f0 [ 29.964053] ret_from_fork+0x116/0x1d0 [ 29.964400] ret_from_fork_asm+0x1a/0x30 [ 29.964634] [ 29.964704] The buggy address belongs to the object at ffff888106253700 [ 29.964704] which belongs to the cache kmalloc-128 of size 128 [ 29.965462] The buggy address is located 0 bytes to the right of [ 29.965462] allocated 120-byte region [ffff888106253700, ffff888106253778) [ 29.966538] [ 29.966887] The buggy address belongs to the physical page: [ 29.967520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 29.968366] flags: 0x200000000000000(node=0|zone=2) [ 29.968975] page_type: f5(slab) [ 29.969308] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 29.969541] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.969766] page dumped because: kasan: bad access detected [ 29.970607] [ 29.970814] Memory state around the buggy address: [ 29.971396] ffff888106253600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.972316] ffff888106253680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.973046] >ffff888106253700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.973539] ^ [ 29.973759] ffff888106253780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.974841] ffff888106253800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.975697] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 28.471578] ================================================================== [ 28.472032] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 28.472342] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.472633] [ 28.472736] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.472784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.472796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.472860] Call Trace: [ 28.472877] <TASK> [ 28.472892] dump_stack_lvl+0x73/0xb0 [ 28.472921] print_report+0xd1/0x640 [ 28.472957] ? __virt_addr_valid+0x1db/0x2d0 [ 28.472982] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.473004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.473033] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.473056] kasan_report+0x141/0x180 [ 28.473089] ? kasan_atomics_helper+0x4a0/0x5450 [ 28.473117] kasan_check_range+0x10c/0x1c0 [ 28.473147] __kasan_check_write+0x18/0x20 [ 28.473171] kasan_atomics_helper+0x4a0/0x5450 [ 28.473196] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.473220] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.473246] ? kasan_atomics+0x152/0x310 [ 28.473273] kasan_atomics+0x1dc/0x310 [ 28.473297] ? __pfx_kasan_atomics+0x10/0x10 [ 28.473322] ? __pfx_read_tsc+0x10/0x10 [ 28.473346] ? ktime_get_ts64+0x86/0x230 [ 28.473372] kunit_try_run_case+0x1a5/0x480 [ 28.473397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.473421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.473446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.473475] ? __kthread_parkme+0x82/0x180 [ 28.473498] ? preempt_count_sub+0x50/0x80 [ 28.473523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.473549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.473574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.473600] kthread+0x337/0x6f0 [ 28.473621] ? trace_preempt_on+0x20/0xc0 [ 28.473645] ? __pfx_kthread+0x10/0x10 [ 28.473667] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.473694] ? calculate_sigpending+0x7b/0xa0 [ 28.473719] ? __pfx_kthread+0x10/0x10 [ 28.473743] ret_from_fork+0x116/0x1d0 [ 28.473764] ? __pfx_kthread+0x10/0x10 [ 28.473905] ret_from_fork_asm+0x1a/0x30 [ 28.473962] </TASK> [ 28.473976] [ 28.482403] Allocated by task 314: [ 28.482563] kasan_save_stack+0x45/0x70 [ 28.482756] kasan_save_track+0x18/0x40 [ 28.482979] kasan_save_alloc_info+0x3b/0x50 [ 28.483248] __kasan_kmalloc+0xb7/0xc0 [ 28.483381] __kmalloc_cache_noprof+0x189/0x420 [ 28.483538] kasan_atomics+0x95/0x310 [ 28.483727] kunit_try_run_case+0x1a5/0x480 [ 28.484064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.484409] kthread+0x337/0x6f0 [ 28.484529] ret_from_fork+0x116/0x1d0 [ 28.484661] ret_from_fork_asm+0x1a/0x30 [ 28.484800] [ 28.484866] The buggy address belongs to the object at ffff888106266f00 [ 28.484866] which belongs to the cache kmalloc-64 of size 64 [ 28.485386] The buggy address is located 0 bytes to the right of [ 28.485386] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.486026] [ 28.486302] The buggy address belongs to the physical page: [ 28.486533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.486783] flags: 0x200000000000000(node=0|zone=2) [ 28.486960] page_type: f5(slab) [ 28.487116] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.487466] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.487809] page dumped because: kasan: bad access detected [ 28.488038] [ 28.488134] Memory state around the buggy address: [ 28.488342] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.488641] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.488863] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.489113] ^ [ 28.489344] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.489664] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.489992] ================================================================== [ 29.726367] ================================================================== [ 29.727069] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 29.727782] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.728405] [ 29.728583] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.728634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.728647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.728670] Call Trace: [ 29.728687] <TASK> [ 29.728704] dump_stack_lvl+0x73/0xb0 [ 29.728735] print_report+0xd1/0x640 [ 29.728794] ? __virt_addr_valid+0x1db/0x2d0 [ 29.728820] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.728856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.728885] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.728910] kasan_report+0x141/0x180 [ 29.728956] ? kasan_atomics_helper+0x4f71/0x5450 [ 29.728985] __asan_report_load8_noabort+0x18/0x20 [ 29.729012] kasan_atomics_helper+0x4f71/0x5450 [ 29.729039] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.729064] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.729092] ? kasan_atomics+0x152/0x310 [ 29.729121] kasan_atomics+0x1dc/0x310 [ 29.729153] ? __pfx_kasan_atomics+0x10/0x10 [ 29.729179] ? __pfx_read_tsc+0x10/0x10 [ 29.729216] ? ktime_get_ts64+0x86/0x230 [ 29.729243] kunit_try_run_case+0x1a5/0x480 [ 29.729270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.729296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.729320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.729350] ? __kthread_parkme+0x82/0x180 [ 29.729372] ? preempt_count_sub+0x50/0x80 [ 29.729398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.729425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.729452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.729479] kthread+0x337/0x6f0 [ 29.729502] ? trace_preempt_on+0x20/0xc0 [ 29.729527] ? __pfx_kthread+0x10/0x10 [ 29.729550] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.729578] ? calculate_sigpending+0x7b/0xa0 [ 29.729604] ? __pfx_kthread+0x10/0x10 [ 29.729628] ret_from_fork+0x116/0x1d0 [ 29.729650] ? __pfx_kthread+0x10/0x10 [ 29.729673] ret_from_fork_asm+0x1a/0x30 [ 29.729708] </TASK> [ 29.729720] [ 29.743410] Allocated by task 314: [ 29.743546] kasan_save_stack+0x45/0x70 [ 29.743691] kasan_save_track+0x18/0x40 [ 29.743829] kasan_save_alloc_info+0x3b/0x50 [ 29.744015] __kasan_kmalloc+0xb7/0xc0 [ 29.744213] __kmalloc_cache_noprof+0x189/0x420 [ 29.744589] kasan_atomics+0x95/0x310 [ 29.744828] kunit_try_run_case+0x1a5/0x480 [ 29.745022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.745264] kthread+0x337/0x6f0 [ 29.745434] ret_from_fork+0x116/0x1d0 [ 29.745585] ret_from_fork_asm+0x1a/0x30 [ 29.745872] [ 29.745967] The buggy address belongs to the object at ffff888106266f00 [ 29.745967] which belongs to the cache kmalloc-64 of size 64 [ 29.746621] The buggy address is located 0 bytes to the right of [ 29.746621] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.747264] [ 29.747361] The buggy address belongs to the physical page: [ 29.747633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.748202] flags: 0x200000000000000(node=0|zone=2) [ 29.748445] page_type: f5(slab) [ 29.748647] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.749235] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.749662] page dumped because: kasan: bad access detected [ 29.750117] [ 29.750251] Memory state around the buggy address: [ 29.750479] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.750856] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.751321] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.751705] ^ [ 29.752174] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.752450] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.752748] ================================================================== [ 29.796186] ================================================================== [ 29.796504] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 29.797137] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.797384] [ 29.797469] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.797518] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.797532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.797555] Call Trace: [ 29.797568] <TASK> [ 29.797584] dump_stack_lvl+0x73/0xb0 [ 29.797614] print_report+0xd1/0x640 [ 29.797638] ? __virt_addr_valid+0x1db/0x2d0 [ 29.797665] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.797689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.797717] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.797741] kasan_report+0x141/0x180 [ 29.797780] ? kasan_atomics_helper+0x20c8/0x5450 [ 29.797809] kasan_check_range+0x10c/0x1c0 [ 29.797848] __kasan_check_write+0x18/0x20 [ 29.797874] kasan_atomics_helper+0x20c8/0x5450 [ 29.797900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.797925] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.797961] ? kasan_atomics+0x152/0x310 [ 29.797990] kasan_atomics+0x1dc/0x310 [ 29.798015] ? __pfx_kasan_atomics+0x10/0x10 [ 29.798042] ? __pfx_read_tsc+0x10/0x10 [ 29.798074] ? ktime_get_ts64+0x86/0x230 [ 29.798101] kunit_try_run_case+0x1a5/0x480 [ 29.798127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.798153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.798176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.798205] ? __kthread_parkme+0x82/0x180 [ 29.798227] ? preempt_count_sub+0x50/0x80 [ 29.798253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.798279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.798305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.798331] kthread+0x337/0x6f0 [ 29.798353] ? trace_preempt_on+0x20/0xc0 [ 29.798378] ? __pfx_kthread+0x10/0x10 [ 29.798401] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.798426] ? calculate_sigpending+0x7b/0xa0 [ 29.798451] ? __pfx_kthread+0x10/0x10 [ 29.798486] ret_from_fork+0x116/0x1d0 [ 29.798507] ? __pfx_kthread+0x10/0x10 [ 29.798529] ret_from_fork_asm+0x1a/0x30 [ 29.798576] </TASK> [ 29.798588] [ 29.806640] Allocated by task 314: [ 29.806815] kasan_save_stack+0x45/0x70 [ 29.807029] kasan_save_track+0x18/0x40 [ 29.807238] kasan_save_alloc_info+0x3b/0x50 [ 29.807451] __kasan_kmalloc+0xb7/0xc0 [ 29.807637] __kmalloc_cache_noprof+0x189/0x420 [ 29.807843] kasan_atomics+0x95/0x310 [ 29.808051] kunit_try_run_case+0x1a5/0x480 [ 29.808297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.808558] kthread+0x337/0x6f0 [ 29.808723] ret_from_fork+0x116/0x1d0 [ 29.808925] ret_from_fork_asm+0x1a/0x30 [ 29.809140] [ 29.809223] The buggy address belongs to the object at ffff888106266f00 [ 29.809223] which belongs to the cache kmalloc-64 of size 64 [ 29.809652] The buggy address is located 0 bytes to the right of [ 29.809652] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.810309] [ 29.810467] The buggy address belongs to the physical page: [ 29.811018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.811927] flags: 0x200000000000000(node=0|zone=2) [ 29.812355] page_type: f5(slab) [ 29.812643] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.813241] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.813473] page dumped because: kasan: bad access detected [ 29.813640] [ 29.813706] Memory state around the buggy address: [ 29.813856] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.814149] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.814488] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.814823] ^ [ 29.815085] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.815437] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.815773] ================================================================== [ 29.855127] ================================================================== [ 29.855425] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 29.855734] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.856190] [ 29.856320] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.856383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.856396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.856419] Call Trace: [ 29.856436] <TASK> [ 29.856451] dump_stack_lvl+0x73/0xb0 [ 29.856483] print_report+0xd1/0x640 [ 29.856508] ? __virt_addr_valid+0x1db/0x2d0 [ 29.856533] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.856557] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.856596] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.856620] kasan_report+0x141/0x180 [ 29.856644] ? kasan_atomics_helper+0x4fa5/0x5450 [ 29.856683] __asan_report_load8_noabort+0x18/0x20 [ 29.856710] kasan_atomics_helper+0x4fa5/0x5450 [ 29.856735] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.856759] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.856786] ? kasan_atomics+0x152/0x310 [ 29.856814] kasan_atomics+0x1dc/0x310 [ 29.856838] ? __pfx_kasan_atomics+0x10/0x10 [ 29.856864] ? __pfx_read_tsc+0x10/0x10 [ 29.856888] ? ktime_get_ts64+0x86/0x230 [ 29.856913] kunit_try_run_case+0x1a5/0x480 [ 29.856940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.856973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.856997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.857026] ? __kthread_parkme+0x82/0x180 [ 29.857047] ? preempt_count_sub+0x50/0x80 [ 29.857084] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.857119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.857149] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.857187] kthread+0x337/0x6f0 [ 29.857210] ? trace_preempt_on+0x20/0xc0 [ 29.857234] ? __pfx_kthread+0x10/0x10 [ 29.857269] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.857295] ? calculate_sigpending+0x7b/0xa0 [ 29.857320] ? __pfx_kthread+0x10/0x10 [ 29.857355] ret_from_fork+0x116/0x1d0 [ 29.857377] ? __pfx_kthread+0x10/0x10 [ 29.857400] ret_from_fork_asm+0x1a/0x30 [ 29.857445] </TASK> [ 29.857456] [ 29.865289] Allocated by task 314: [ 29.865476] kasan_save_stack+0x45/0x70 [ 29.865665] kasan_save_track+0x18/0x40 [ 29.865846] kasan_save_alloc_info+0x3b/0x50 [ 29.866049] __kasan_kmalloc+0xb7/0xc0 [ 29.866281] __kmalloc_cache_noprof+0x189/0x420 [ 29.866512] kasan_atomics+0x95/0x310 [ 29.866660] kunit_try_run_case+0x1a5/0x480 [ 29.866807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.866996] kthread+0x337/0x6f0 [ 29.867245] ret_from_fork+0x116/0x1d0 [ 29.867470] ret_from_fork_asm+0x1a/0x30 [ 29.867670] [ 29.867762] The buggy address belongs to the object at ffff888106266f00 [ 29.867762] which belongs to the cache kmalloc-64 of size 64 [ 29.868486] The buggy address is located 0 bytes to the right of [ 29.868486] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.868999] [ 29.869130] The buggy address belongs to the physical page: [ 29.869370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.869706] flags: 0x200000000000000(node=0|zone=2) [ 29.869917] page_type: f5(slab) [ 29.870115] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.870444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.870761] page dumped because: kasan: bad access detected [ 29.871008] [ 29.871149] Memory state around the buggy address: [ 29.871330] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.871550] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.871771] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.872178] ^ [ 29.872617] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.873286] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.874157] ================================================================== [ 29.178157] ================================================================== [ 29.178651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 29.179021] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.179364] [ 29.179723] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.179773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.179846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.179872] Call Trace: [ 29.179887] <TASK> [ 29.179927] dump_stack_lvl+0x73/0xb0 [ 29.179972] print_report+0xd1/0x640 [ 29.179997] ? __virt_addr_valid+0x1db/0x2d0 [ 29.180022] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.180045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.180082] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.180105] kasan_report+0x141/0x180 [ 29.180129] ? kasan_atomics_helper+0x4eae/0x5450 [ 29.180157] __asan_report_load8_noabort+0x18/0x20 [ 29.180183] kasan_atomics_helper+0x4eae/0x5450 [ 29.180207] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.180232] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.180258] ? kasan_atomics+0x152/0x310 [ 29.180286] kasan_atomics+0x1dc/0x310 [ 29.180310] ? __pfx_kasan_atomics+0x10/0x10 [ 29.180336] ? __pfx_read_tsc+0x10/0x10 [ 29.180359] ? ktime_get_ts64+0x86/0x230 [ 29.180386] kunit_try_run_case+0x1a5/0x480 [ 29.180412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.180437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.180461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.180489] ? __kthread_parkme+0x82/0x180 [ 29.180532] ? preempt_count_sub+0x50/0x80 [ 29.180557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.180585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.180611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.180638] kthread+0x337/0x6f0 [ 29.180660] ? trace_preempt_on+0x20/0xc0 [ 29.180685] ? __pfx_kthread+0x10/0x10 [ 29.180707] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.180734] ? calculate_sigpending+0x7b/0xa0 [ 29.180759] ? __pfx_kthread+0x10/0x10 [ 29.180827] ret_from_fork+0x116/0x1d0 [ 29.180853] ? __pfx_kthread+0x10/0x10 [ 29.180876] ret_from_fork_asm+0x1a/0x30 [ 29.180909] </TASK> [ 29.180921] [ 29.189583] Allocated by task 314: [ 29.190381] kasan_save_stack+0x45/0x70 [ 29.190548] kasan_save_track+0x18/0x40 [ 29.190688] kasan_save_alloc_info+0x3b/0x50 [ 29.191666] __kasan_kmalloc+0xb7/0xc0 [ 29.191939] __kmalloc_cache_noprof+0x189/0x420 [ 29.192327] kasan_atomics+0x95/0x310 [ 29.192527] kunit_try_run_case+0x1a5/0x480 [ 29.192955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.193323] kthread+0x337/0x6f0 [ 29.193499] ret_from_fork+0x116/0x1d0 [ 29.193822] ret_from_fork_asm+0x1a/0x30 [ 29.194308] [ 29.194394] The buggy address belongs to the object at ffff888106266f00 [ 29.194394] which belongs to the cache kmalloc-64 of size 64 [ 29.195285] The buggy address is located 0 bytes to the right of [ 29.195285] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.195893] [ 29.195993] The buggy address belongs to the physical page: [ 29.196533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.197159] flags: 0x200000000000000(node=0|zone=2) [ 29.197354] page_type: f5(slab) [ 29.197665] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.198356] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.198766] page dumped because: kasan: bad access detected [ 29.199221] [ 29.199324] Memory state around the buggy address: [ 29.199526] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.200110] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.200468] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.201025] ^ [ 29.201377] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.201691] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.202232] ================================================================== [ 28.663519] ================================================================== [ 28.663933] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 28.664453] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.665198] [ 28.665444] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.665503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.665518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.665543] Call Trace: [ 28.665567] <TASK> [ 28.665586] dump_stack_lvl+0x73/0xb0 [ 28.665618] print_report+0xd1/0x640 [ 28.665643] ? __virt_addr_valid+0x1db/0x2d0 [ 28.665670] ? kasan_atomics_helper+0x992/0x5450 [ 28.665692] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.665720] ? kasan_atomics_helper+0x992/0x5450 [ 28.665744] kasan_report+0x141/0x180 [ 28.665768] ? kasan_atomics_helper+0x992/0x5450 [ 28.665852] kasan_check_range+0x10c/0x1c0 [ 28.665885] __kasan_check_write+0x18/0x20 [ 28.665910] kasan_atomics_helper+0x992/0x5450 [ 28.665937] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.665972] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.666000] ? kasan_atomics+0x152/0x310 [ 28.666029] kasan_atomics+0x1dc/0x310 [ 28.666066] ? __pfx_kasan_atomics+0x10/0x10 [ 28.666094] ? __pfx_read_tsc+0x10/0x10 [ 28.666118] ? ktime_get_ts64+0x86/0x230 [ 28.666146] kunit_try_run_case+0x1a5/0x480 [ 28.666174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.666200] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.666226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.666255] ? __kthread_parkme+0x82/0x180 [ 28.666278] ? preempt_count_sub+0x50/0x80 [ 28.666304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.666331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.666357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.666385] kthread+0x337/0x6f0 [ 28.666407] ? trace_preempt_on+0x20/0xc0 [ 28.666432] ? __pfx_kthread+0x10/0x10 [ 28.666455] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.666482] ? calculate_sigpending+0x7b/0xa0 [ 28.666509] ? __pfx_kthread+0x10/0x10 [ 28.666532] ret_from_fork+0x116/0x1d0 [ 28.666554] ? __pfx_kthread+0x10/0x10 [ 28.666577] ret_from_fork_asm+0x1a/0x30 [ 28.666611] </TASK> [ 28.666624] [ 28.681210] Allocated by task 314: [ 28.681536] kasan_save_stack+0x45/0x70 [ 28.681935] kasan_save_track+0x18/0x40 [ 28.682357] kasan_save_alloc_info+0x3b/0x50 [ 28.682745] __kasan_kmalloc+0xb7/0xc0 [ 28.683305] __kmalloc_cache_noprof+0x189/0x420 [ 28.683483] kasan_atomics+0x95/0x310 [ 28.683618] kunit_try_run_case+0x1a5/0x480 [ 28.683767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.684294] kthread+0x337/0x6f0 [ 28.684665] ret_from_fork+0x116/0x1d0 [ 28.685075] ret_from_fork_asm+0x1a/0x30 [ 28.685481] [ 28.685653] The buggy address belongs to the object at ffff888106266f00 [ 28.685653] which belongs to the cache kmalloc-64 of size 64 [ 28.686961] The buggy address is located 0 bytes to the right of [ 28.686961] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.688078] [ 28.688162] The buggy address belongs to the physical page: [ 28.688345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.688594] flags: 0x200000000000000(node=0|zone=2) [ 28.688761] page_type: f5(slab) [ 28.689114] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.689780] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.690528] page dumped because: kasan: bad access detected [ 28.691142] [ 28.691333] Memory state around the buggy address: [ 28.691910] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.692659] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.693348] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.694017] ^ [ 28.694580] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.695239] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.695751] ================================================================== [ 29.510855] ================================================================== [ 29.511387] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 29.511880] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.512601] [ 29.512720] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.512772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.512785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.512807] Call Trace: [ 29.512823] <TASK> [ 29.512839] dump_stack_lvl+0x73/0xb0 [ 29.512870] print_report+0xd1/0x640 [ 29.512894] ? __virt_addr_valid+0x1db/0x2d0 [ 29.512920] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.512954] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.512983] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.513006] kasan_report+0x141/0x180 [ 29.513030] ? kasan_atomics_helper+0x1c18/0x5450 [ 29.513058] kasan_check_range+0x10c/0x1c0 [ 29.513085] __kasan_check_write+0x18/0x20 [ 29.513294] kasan_atomics_helper+0x1c18/0x5450 [ 29.513325] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.513351] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.513377] ? kasan_atomics+0x152/0x310 [ 29.513405] kasan_atomics+0x1dc/0x310 [ 29.513429] ? __pfx_kasan_atomics+0x10/0x10 [ 29.513455] ? __pfx_read_tsc+0x10/0x10 [ 29.513479] ? ktime_get_ts64+0x86/0x230 [ 29.513505] kunit_try_run_case+0x1a5/0x480 [ 29.513531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.513556] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.513580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.513608] ? __kthread_parkme+0x82/0x180 [ 29.513630] ? preempt_count_sub+0x50/0x80 [ 29.513656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.513682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.513708] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.513733] kthread+0x337/0x6f0 [ 29.513756] ? trace_preempt_on+0x20/0xc0 [ 29.513789] ? __pfx_kthread+0x10/0x10 [ 29.513818] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.513844] ? calculate_sigpending+0x7b/0xa0 [ 29.513870] ? __pfx_kthread+0x10/0x10 [ 29.513893] ret_from_fork+0x116/0x1d0 [ 29.513914] ? __pfx_kthread+0x10/0x10 [ 29.513937] ret_from_fork_asm+0x1a/0x30 [ 29.513983] </TASK> [ 29.513996] [ 29.526557] Allocated by task 314: [ 29.526765] kasan_save_stack+0x45/0x70 [ 29.527184] kasan_save_track+0x18/0x40 [ 29.527335] kasan_save_alloc_info+0x3b/0x50 [ 29.527610] __kasan_kmalloc+0xb7/0xc0 [ 29.528072] __kmalloc_cache_noprof+0x189/0x420 [ 29.528397] kasan_atomics+0x95/0x310 [ 29.528575] kunit_try_run_case+0x1a5/0x480 [ 29.528766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.529281] kthread+0x337/0x6f0 [ 29.529417] ret_from_fork+0x116/0x1d0 [ 29.529771] ret_from_fork_asm+0x1a/0x30 [ 29.530182] [ 29.530281] The buggy address belongs to the object at ffff888106266f00 [ 29.530281] which belongs to the cache kmalloc-64 of size 64 [ 29.531197] The buggy address is located 0 bytes to the right of [ 29.531197] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.531750] [ 29.532104] The buggy address belongs to the physical page: [ 29.532487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.533034] flags: 0x200000000000000(node=0|zone=2) [ 29.533295] page_type: f5(slab) [ 29.533560] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.534174] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.534452] page dumped because: kasan: bad access detected [ 29.534850] [ 29.534955] Memory state around the buggy address: [ 29.535525] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.535847] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.536384] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.536725] ^ [ 29.537205] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.537545] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.538080] ================================================================== [ 29.594421] ================================================================== [ 29.594668] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 29.595666] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.596328] [ 29.596424] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.596477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.596491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.596513] Call Trace: [ 29.596529] <TASK> [ 29.596545] dump_stack_lvl+0x73/0xb0 [ 29.596576] print_report+0xd1/0x640 [ 29.596600] ? __virt_addr_valid+0x1db/0x2d0 [ 29.596625] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.596648] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.596676] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.596699] kasan_report+0x141/0x180 [ 29.596724] ? kasan_atomics_helper+0x1d7a/0x5450 [ 29.596752] kasan_check_range+0x10c/0x1c0 [ 29.596778] __kasan_check_write+0x18/0x20 [ 29.596804] kasan_atomics_helper+0x1d7a/0x5450 [ 29.596829] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.596853] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.596879] ? kasan_atomics+0x152/0x310 [ 29.596907] kasan_atomics+0x1dc/0x310 [ 29.596931] ? __pfx_kasan_atomics+0x10/0x10 [ 29.596966] ? __pfx_read_tsc+0x10/0x10 [ 29.596990] ? ktime_get_ts64+0x86/0x230 [ 29.597021] kunit_try_run_case+0x1a5/0x480 [ 29.597047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.597073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.597096] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.597129] ? __kthread_parkme+0x82/0x180 [ 29.597151] ? preempt_count_sub+0x50/0x80 [ 29.597176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.597202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.597228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.597253] kthread+0x337/0x6f0 [ 29.597275] ? trace_preempt_on+0x20/0xc0 [ 29.597299] ? __pfx_kthread+0x10/0x10 [ 29.597322] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.597347] ? calculate_sigpending+0x7b/0xa0 [ 29.597373] ? __pfx_kthread+0x10/0x10 [ 29.597396] ret_from_fork+0x116/0x1d0 [ 29.597417] ? __pfx_kthread+0x10/0x10 [ 29.597439] ret_from_fork_asm+0x1a/0x30 [ 29.597472] </TASK> [ 29.597484] [ 29.608906] Allocated by task 314: [ 29.609277] kasan_save_stack+0x45/0x70 [ 29.609715] kasan_save_track+0x18/0x40 [ 29.610270] kasan_save_alloc_info+0x3b/0x50 [ 29.610829] __kasan_kmalloc+0xb7/0xc0 [ 29.611243] __kmalloc_cache_noprof+0x189/0x420 [ 29.611779] kasan_atomics+0x95/0x310 [ 29.612141] kunit_try_run_case+0x1a5/0x480 [ 29.612542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.613147] kthread+0x337/0x6f0 [ 29.613530] ret_from_fork+0x116/0x1d0 [ 29.613951] ret_from_fork_asm+0x1a/0x30 [ 29.614496] [ 29.614671] The buggy address belongs to the object at ffff888106266f00 [ 29.614671] which belongs to the cache kmalloc-64 of size 64 [ 29.615917] The buggy address is located 0 bytes to the right of [ 29.615917] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.617293] [ 29.617489] The buggy address belongs to the physical page: [ 29.618114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.618964] flags: 0x200000000000000(node=0|zone=2) [ 29.619422] page_type: f5(slab) [ 29.619739] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.620689] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.621479] page dumped because: kasan: bad access detected [ 29.622002] [ 29.622185] Memory state around the buggy address: [ 29.622581] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.622811] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.623350] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.623572] ^ [ 29.623730] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.624037] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.624648] ================================================================== [ 29.056743] ================================================================== [ 29.057259] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 29.057637] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.058092] [ 29.058250] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.058298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.058311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.058332] Call Trace: [ 29.058348] <TASK> [ 29.058362] dump_stack_lvl+0x73/0xb0 [ 29.058392] print_report+0xd1/0x640 [ 29.058417] ? __virt_addr_valid+0x1db/0x2d0 [ 29.058441] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.058465] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.058493] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.058517] kasan_report+0x141/0x180 [ 29.058541] ? kasan_atomics_helper+0x4a02/0x5450 [ 29.058568] __asan_report_load4_noabort+0x18/0x20 [ 29.058595] kasan_atomics_helper+0x4a02/0x5450 [ 29.058621] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.058644] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.058671] ? kasan_atomics+0x152/0x310 [ 29.058698] kasan_atomics+0x1dc/0x310 [ 29.058722] ? __pfx_kasan_atomics+0x10/0x10 [ 29.058750] ? __pfx_read_tsc+0x10/0x10 [ 29.058774] ? ktime_get_ts64+0x86/0x230 [ 29.058799] kunit_try_run_case+0x1a5/0x480 [ 29.058825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.058851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.058875] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.058903] ? __kthread_parkme+0x82/0x180 [ 29.058925] ? preempt_count_sub+0x50/0x80 [ 29.058968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.058995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.059020] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.059047] kthread+0x337/0x6f0 [ 29.059069] ? trace_preempt_on+0x20/0xc0 [ 29.059094] ? __pfx_kthread+0x10/0x10 [ 29.059117] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.059143] ? calculate_sigpending+0x7b/0xa0 [ 29.059168] ? __pfx_kthread+0x10/0x10 [ 29.059192] ret_from_fork+0x116/0x1d0 [ 29.059214] ? __pfx_kthread+0x10/0x10 [ 29.059236] ret_from_fork_asm+0x1a/0x30 [ 29.059270] </TASK> [ 29.059282] [ 29.067538] Allocated by task 314: [ 29.067719] kasan_save_stack+0x45/0x70 [ 29.068000] kasan_save_track+0x18/0x40 [ 29.068228] kasan_save_alloc_info+0x3b/0x50 [ 29.068442] __kasan_kmalloc+0xb7/0xc0 [ 29.068632] __kmalloc_cache_noprof+0x189/0x420 [ 29.068891] kasan_atomics+0x95/0x310 [ 29.069112] kunit_try_run_case+0x1a5/0x480 [ 29.069354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.069634] kthread+0x337/0x6f0 [ 29.070022] ret_from_fork+0x116/0x1d0 [ 29.070272] ret_from_fork_asm+0x1a/0x30 [ 29.070424] [ 29.070493] The buggy address belongs to the object at ffff888106266f00 [ 29.070493] which belongs to the cache kmalloc-64 of size 64 [ 29.070953] The buggy address is located 0 bytes to the right of [ 29.070953] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.071571] [ 29.071663] The buggy address belongs to the physical page: [ 29.072002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.072395] flags: 0x200000000000000(node=0|zone=2) [ 29.072589] page_type: f5(slab) [ 29.072711] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.073120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.073499] page dumped because: kasan: bad access detected [ 29.073817] [ 29.073912] Memory state around the buggy address: [ 29.074321] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.074603] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.075081] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.075381] ^ [ 29.075575] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.075905] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.076141] ================================================================== [ 29.342749] ================================================================== [ 29.343294] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 29.343562] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.343803] [ 29.343904] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.343963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.343976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.343998] Call Trace: [ 29.344011] <TASK> [ 29.344026] dump_stack_lvl+0x73/0xb0 [ 29.344054] print_report+0xd1/0x640 [ 29.344077] ? __virt_addr_valid+0x1db/0x2d0 [ 29.344102] ? kasan_atomics_helper+0x177f/0x5450 [ 29.344139] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.344167] ? kasan_atomics_helper+0x177f/0x5450 [ 29.344191] kasan_report+0x141/0x180 [ 29.344215] ? kasan_atomics_helper+0x177f/0x5450 [ 29.344243] kasan_check_range+0x10c/0x1c0 [ 29.344268] __kasan_check_write+0x18/0x20 [ 29.344294] kasan_atomics_helper+0x177f/0x5450 [ 29.344318] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.344342] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.344369] ? kasan_atomics+0x152/0x310 [ 29.344397] kasan_atomics+0x1dc/0x310 [ 29.344421] ? __pfx_kasan_atomics+0x10/0x10 [ 29.344448] ? __pfx_read_tsc+0x10/0x10 [ 29.344470] ? ktime_get_ts64+0x86/0x230 [ 29.344497] kunit_try_run_case+0x1a5/0x480 [ 29.344523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.344548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.344572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.344600] ? __kthread_parkme+0x82/0x180 [ 29.344623] ? preempt_count_sub+0x50/0x80 [ 29.344648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.344674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.344700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.344726] kthread+0x337/0x6f0 [ 29.344748] ? trace_preempt_on+0x20/0xc0 [ 29.344772] ? __pfx_kthread+0x10/0x10 [ 29.344795] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.344821] ? calculate_sigpending+0x7b/0xa0 [ 29.344846] ? __pfx_kthread+0x10/0x10 [ 29.344869] ret_from_fork+0x116/0x1d0 [ 29.344890] ? __pfx_kthread+0x10/0x10 [ 29.344912] ret_from_fork_asm+0x1a/0x30 [ 29.344954] </TASK> [ 29.344966] [ 29.353255] Allocated by task 314: [ 29.353443] kasan_save_stack+0x45/0x70 [ 29.353608] kasan_save_track+0x18/0x40 [ 29.353747] kasan_save_alloc_info+0x3b/0x50 [ 29.354232] __kasan_kmalloc+0xb7/0xc0 [ 29.354403] __kmalloc_cache_noprof+0x189/0x420 [ 29.354601] kasan_atomics+0x95/0x310 [ 29.354769] kunit_try_run_case+0x1a5/0x480 [ 29.354961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.355397] kthread+0x337/0x6f0 [ 29.355586] ret_from_fork+0x116/0x1d0 [ 29.355733] ret_from_fork_asm+0x1a/0x30 [ 29.356096] [ 29.356178] The buggy address belongs to the object at ffff888106266f00 [ 29.356178] which belongs to the cache kmalloc-64 of size 64 [ 29.356637] The buggy address is located 0 bytes to the right of [ 29.356637] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.357031] [ 29.357100] The buggy address belongs to the physical page: [ 29.357625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.358005] flags: 0x200000000000000(node=0|zone=2) [ 29.358241] page_type: f5(slab) [ 29.358417] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.358760] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.359075] page dumped because: kasan: bad access detected [ 29.359250] [ 29.359316] Memory state around the buggy address: [ 29.359473] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.359694] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.360126] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.360461] ^ [ 29.360684] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.361012] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.361296] ================================================================== [ 28.725598] ================================================================== [ 28.725999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 28.726245] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.726674] [ 28.726758] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.726928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.726959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.726981] Call Trace: [ 28.726998] <TASK> [ 28.727014] dump_stack_lvl+0x73/0xb0 [ 28.727045] print_report+0xd1/0x640 [ 28.727078] ? __virt_addr_valid+0x1db/0x2d0 [ 28.727103] ? kasan_atomics_helper+0xac7/0x5450 [ 28.727127] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.727156] ? kasan_atomics_helper+0xac7/0x5450 [ 28.727180] kasan_report+0x141/0x180 [ 28.727203] ? kasan_atomics_helper+0xac7/0x5450 [ 28.727231] kasan_check_range+0x10c/0x1c0 [ 28.727256] __kasan_check_write+0x18/0x20 [ 28.727282] kasan_atomics_helper+0xac7/0x5450 [ 28.727306] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.727331] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.727356] ? kasan_atomics+0x152/0x310 [ 28.727385] kasan_atomics+0x1dc/0x310 [ 28.727409] ? __pfx_kasan_atomics+0x10/0x10 [ 28.727437] ? __pfx_read_tsc+0x10/0x10 [ 28.727461] ? ktime_get_ts64+0x86/0x230 [ 28.727487] kunit_try_run_case+0x1a5/0x480 [ 28.727512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.727537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.727560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.727588] ? __kthread_parkme+0x82/0x180 [ 28.727611] ? preempt_count_sub+0x50/0x80 [ 28.727636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.727662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.727688] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.727714] kthread+0x337/0x6f0 [ 28.727735] ? trace_preempt_on+0x20/0xc0 [ 28.727761] ? __pfx_kthread+0x10/0x10 [ 28.727796] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.727824] ? calculate_sigpending+0x7b/0xa0 [ 28.727849] ? __pfx_kthread+0x10/0x10 [ 28.727873] ret_from_fork+0x116/0x1d0 [ 28.727894] ? __pfx_kthread+0x10/0x10 [ 28.727917] ret_from_fork_asm+0x1a/0x30 [ 28.727960] </TASK> [ 28.727972] [ 28.735704] Allocated by task 314: [ 28.735856] kasan_save_stack+0x45/0x70 [ 28.736066] kasan_save_track+0x18/0x40 [ 28.736260] kasan_save_alloc_info+0x3b/0x50 [ 28.736469] __kasan_kmalloc+0xb7/0xc0 [ 28.736656] __kmalloc_cache_noprof+0x189/0x420 [ 28.736875] kasan_atomics+0x95/0x310 [ 28.737324] kunit_try_run_case+0x1a5/0x480 [ 28.737487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.737692] kthread+0x337/0x6f0 [ 28.737999] ret_from_fork+0x116/0x1d0 [ 28.738376] ret_from_fork_asm+0x1a/0x30 [ 28.738577] [ 28.738671] The buggy address belongs to the object at ffff888106266f00 [ 28.738671] which belongs to the cache kmalloc-64 of size 64 [ 28.739349] The buggy address is located 0 bytes to the right of [ 28.739349] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.739738] [ 28.740516] The buggy address belongs to the physical page: [ 28.740884] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.741262] flags: 0x200000000000000(node=0|zone=2) [ 28.741499] page_type: f5(slab) [ 28.742219] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.742997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.743705] page dumped because: kasan: bad access detected [ 28.744859] [ 28.745359] Memory state around the buggy address: [ 28.746375] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.747031] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.747620] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.748239] ^ [ 28.748925] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.749767] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.750542] ================================================================== [ 29.203072] ================================================================== [ 29.203800] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 29.204742] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.205267] [ 29.205371] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.205423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.205589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.205614] Call Trace: [ 29.205628] <TASK> [ 29.205646] dump_stack_lvl+0x73/0xb0 [ 29.205677] print_report+0xd1/0x640 [ 29.205702] ? __virt_addr_valid+0x1db/0x2d0 [ 29.205728] ? kasan_atomics_helper+0x1467/0x5450 [ 29.205750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.205779] ? kasan_atomics_helper+0x1467/0x5450 [ 29.205908] kasan_report+0x141/0x180 [ 29.205936] ? kasan_atomics_helper+0x1467/0x5450 [ 29.205980] kasan_check_range+0x10c/0x1c0 [ 29.206006] __kasan_check_write+0x18/0x20 [ 29.206032] kasan_atomics_helper+0x1467/0x5450 [ 29.206056] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.206081] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.206107] ? kasan_atomics+0x152/0x310 [ 29.206135] kasan_atomics+0x1dc/0x310 [ 29.206160] ? __pfx_kasan_atomics+0x10/0x10 [ 29.206185] ? __pfx_read_tsc+0x10/0x10 [ 29.206210] ? ktime_get_ts64+0x86/0x230 [ 29.206236] kunit_try_run_case+0x1a5/0x480 [ 29.206262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.206287] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.206310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.206339] ? __kthread_parkme+0x82/0x180 [ 29.206361] ? preempt_count_sub+0x50/0x80 [ 29.206385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.206412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.206438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.206464] kthread+0x337/0x6f0 [ 29.206486] ? trace_preempt_on+0x20/0xc0 [ 29.206512] ? __pfx_kthread+0x10/0x10 [ 29.206534] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.206560] ? calculate_sigpending+0x7b/0xa0 [ 29.206585] ? __pfx_kthread+0x10/0x10 [ 29.206609] ret_from_fork+0x116/0x1d0 [ 29.206630] ? __pfx_kthread+0x10/0x10 [ 29.206653] ret_from_fork_asm+0x1a/0x30 [ 29.206686] </TASK> [ 29.206698] [ 29.218761] Allocated by task 314: [ 29.219271] kasan_save_stack+0x45/0x70 [ 29.219556] kasan_save_track+0x18/0x40 [ 29.219725] kasan_save_alloc_info+0x3b/0x50 [ 29.220130] __kasan_kmalloc+0xb7/0xc0 [ 29.220304] __kmalloc_cache_noprof+0x189/0x420 [ 29.220518] kasan_atomics+0x95/0x310 [ 29.220700] kunit_try_run_case+0x1a5/0x480 [ 29.220902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.221635] kthread+0x337/0x6f0 [ 29.221794] ret_from_fork+0x116/0x1d0 [ 29.222319] ret_from_fork_asm+0x1a/0x30 [ 29.222668] [ 29.222763] The buggy address belongs to the object at ffff888106266f00 [ 29.222763] which belongs to the cache kmalloc-64 of size 64 [ 29.223839] The buggy address is located 0 bytes to the right of [ 29.223839] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.224530] [ 29.224640] The buggy address belongs to the physical page: [ 29.225307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.225650] flags: 0x200000000000000(node=0|zone=2) [ 29.226019] page_type: f5(slab) [ 29.226266] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.226757] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.227320] page dumped because: kasan: bad access detected [ 29.227649] [ 29.227725] Memory state around the buggy address: [ 29.228017] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.228610] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.229241] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.229649] ^ [ 29.230066] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.230545] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.231040] ================================================================== [ 29.566089] ================================================================== [ 29.566772] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 29.567337] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.568007] [ 29.568175] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.568226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.568240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.568263] Call Trace: [ 29.568280] <TASK> [ 29.568297] dump_stack_lvl+0x73/0xb0 [ 29.568329] print_report+0xd1/0x640 [ 29.568354] ? __virt_addr_valid+0x1db/0x2d0 [ 29.568377] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.568400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.568536] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.568570] kasan_report+0x141/0x180 [ 29.568596] ? kasan_atomics_helper+0x1ce1/0x5450 [ 29.568625] kasan_check_range+0x10c/0x1c0 [ 29.568651] __kasan_check_write+0x18/0x20 [ 29.568677] kasan_atomics_helper+0x1ce1/0x5450 [ 29.568703] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.568726] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.568753] ? kasan_atomics+0x152/0x310 [ 29.568780] kasan_atomics+0x1dc/0x310 [ 29.568805] ? __pfx_kasan_atomics+0x10/0x10 [ 29.568831] ? __pfx_read_tsc+0x10/0x10 [ 29.568855] ? ktime_get_ts64+0x86/0x230 [ 29.568881] kunit_try_run_case+0x1a5/0x480 [ 29.568906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.568930] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.568966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.569070] ? __kthread_parkme+0x82/0x180 [ 29.569095] ? preempt_count_sub+0x50/0x80 [ 29.569121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.569152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.569178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.569204] kthread+0x337/0x6f0 [ 29.569226] ? trace_preempt_on+0x20/0xc0 [ 29.569250] ? __pfx_kthread+0x10/0x10 [ 29.569273] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.569298] ? calculate_sigpending+0x7b/0xa0 [ 29.569324] ? __pfx_kthread+0x10/0x10 [ 29.569347] ret_from_fork+0x116/0x1d0 [ 29.569368] ? __pfx_kthread+0x10/0x10 [ 29.569390] ret_from_fork_asm+0x1a/0x30 [ 29.569423] </TASK> [ 29.569435] [ 29.581798] Allocated by task 314: [ 29.581971] kasan_save_stack+0x45/0x70 [ 29.582582] kasan_save_track+0x18/0x40 [ 29.582804] kasan_save_alloc_info+0x3b/0x50 [ 29.583138] __kasan_kmalloc+0xb7/0xc0 [ 29.583604] __kmalloc_cache_noprof+0x189/0x420 [ 29.583996] kasan_atomics+0x95/0x310 [ 29.584206] kunit_try_run_case+0x1a5/0x480 [ 29.584406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.585107] kthread+0x337/0x6f0 [ 29.585596] ret_from_fork+0x116/0x1d0 [ 29.585780] ret_from_fork_asm+0x1a/0x30 [ 29.586019] [ 29.586257] The buggy address belongs to the object at ffff888106266f00 [ 29.586257] which belongs to the cache kmalloc-64 of size 64 [ 29.587167] The buggy address is located 0 bytes to the right of [ 29.587167] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.587831] [ 29.587978] The buggy address belongs to the physical page: [ 29.588231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.588840] flags: 0x200000000000000(node=0|zone=2) [ 29.589145] page_type: f5(slab) [ 29.589495] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.589876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.590482] page dumped because: kasan: bad access detected [ 29.590689] [ 29.591023] Memory state around the buggy address: [ 29.591270] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.591671] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.592156] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.592568] ^ [ 29.592777] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.593348] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.593758] ================================================================== [ 29.694752] ================================================================== [ 29.695641] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 29.696377] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.697092] [ 29.697342] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.697428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.697443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.697466] Call Trace: [ 29.697487] <TASK> [ 29.697518] dump_stack_lvl+0x73/0xb0 [ 29.697550] print_report+0xd1/0x640 [ 29.697575] ? __virt_addr_valid+0x1db/0x2d0 [ 29.697601] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.697625] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.697654] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.697678] kasan_report+0x141/0x180 [ 29.697702] ? kasan_atomics_helper+0x1f43/0x5450 [ 29.697730] kasan_check_range+0x10c/0x1c0 [ 29.697756] __kasan_check_write+0x18/0x20 [ 29.697782] kasan_atomics_helper+0x1f43/0x5450 [ 29.697806] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.697849] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.697878] ? kasan_atomics+0x152/0x310 [ 29.697907] kasan_atomics+0x1dc/0x310 [ 29.697932] ? __pfx_kasan_atomics+0x10/0x10 [ 29.697967] ? __pfx_read_tsc+0x10/0x10 [ 29.697991] ? ktime_get_ts64+0x86/0x230 [ 29.698018] kunit_try_run_case+0x1a5/0x480 [ 29.698044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.698078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.698102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.698131] ? __kthread_parkme+0x82/0x180 [ 29.698153] ? preempt_count_sub+0x50/0x80 [ 29.698180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.698208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.698234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.698261] kthread+0x337/0x6f0 [ 29.698284] ? trace_preempt_on+0x20/0xc0 [ 29.698310] ? __pfx_kthread+0x10/0x10 [ 29.698334] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.698361] ? calculate_sigpending+0x7b/0xa0 [ 29.698387] ? __pfx_kthread+0x10/0x10 [ 29.698412] ret_from_fork+0x116/0x1d0 [ 29.698433] ? __pfx_kthread+0x10/0x10 [ 29.698457] ret_from_fork_asm+0x1a/0x30 [ 29.698491] </TASK> [ 29.698504] [ 29.711151] Allocated by task 314: [ 29.711551] kasan_save_stack+0x45/0x70 [ 29.711953] kasan_save_track+0x18/0x40 [ 29.712256] kasan_save_alloc_info+0x3b/0x50 [ 29.712780] __kasan_kmalloc+0xb7/0xc0 [ 29.713173] __kmalloc_cache_noprof+0x189/0x420 [ 29.713350] kasan_atomics+0x95/0x310 [ 29.713491] kunit_try_run_case+0x1a5/0x480 [ 29.713641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.713821] kthread+0x337/0x6f0 [ 29.714229] ret_from_fork+0x116/0x1d0 [ 29.714685] ret_from_fork_asm+0x1a/0x30 [ 29.715129] [ 29.715458] The buggy address belongs to the object at ffff888106266f00 [ 29.715458] which belongs to the cache kmalloc-64 of size 64 [ 29.716734] The buggy address is located 0 bytes to the right of [ 29.716734] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.718142] [ 29.718269] The buggy address belongs to the physical page: [ 29.718467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.718724] flags: 0x200000000000000(node=0|zone=2) [ 29.719078] page_type: f5(slab) [ 29.719395] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.720094] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.720852] page dumped because: kasan: bad access detected [ 29.721490] [ 29.721656] Memory state around the buggy address: [ 29.721975] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.722627] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.723336] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.723959] ^ [ 29.724338] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.725032] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.725396] ================================================================== [ 29.258918] ================================================================== [ 29.259218] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 29.259565] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.259938] [ 29.260082] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.260132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.260145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.260168] Call Trace: [ 29.260183] <TASK> [ 29.260198] dump_stack_lvl+0x73/0xb0 [ 29.260249] print_report+0xd1/0x640 [ 29.260274] ? __virt_addr_valid+0x1db/0x2d0 [ 29.260298] ? kasan_atomics_helper+0x151d/0x5450 [ 29.260321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.260349] ? kasan_atomics_helper+0x151d/0x5450 [ 29.260373] kasan_report+0x141/0x180 [ 29.260413] ? kasan_atomics_helper+0x151d/0x5450 [ 29.260441] kasan_check_range+0x10c/0x1c0 [ 29.260467] __kasan_check_write+0x18/0x20 [ 29.260506] kasan_atomics_helper+0x151d/0x5450 [ 29.260544] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.260568] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.260608] ? kasan_atomics+0x152/0x310 [ 29.260650] kasan_atomics+0x1dc/0x310 [ 29.260675] ? __pfx_kasan_atomics+0x10/0x10 [ 29.260701] ? __pfx_read_tsc+0x10/0x10 [ 29.260724] ? ktime_get_ts64+0x86/0x230 [ 29.260750] kunit_try_run_case+0x1a5/0x480 [ 29.260776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.260988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.261015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.261043] ? __kthread_parkme+0x82/0x180 [ 29.261080] ? preempt_count_sub+0x50/0x80 [ 29.261135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.261162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.261204] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.261229] kthread+0x337/0x6f0 [ 29.261251] ? trace_preempt_on+0x20/0xc0 [ 29.261276] ? __pfx_kthread+0x10/0x10 [ 29.261298] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.261325] ? calculate_sigpending+0x7b/0xa0 [ 29.261349] ? __pfx_kthread+0x10/0x10 [ 29.261373] ret_from_fork+0x116/0x1d0 [ 29.261393] ? __pfx_kthread+0x10/0x10 [ 29.261416] ret_from_fork_asm+0x1a/0x30 [ 29.261449] </TASK> [ 29.261462] [ 29.270398] Allocated by task 314: [ 29.270546] kasan_save_stack+0x45/0x70 [ 29.270762] kasan_save_track+0x18/0x40 [ 29.270931] kasan_save_alloc_info+0x3b/0x50 [ 29.271239] __kasan_kmalloc+0xb7/0xc0 [ 29.271428] __kmalloc_cache_noprof+0x189/0x420 [ 29.271628] kasan_atomics+0x95/0x310 [ 29.271807] kunit_try_run_case+0x1a5/0x480 [ 29.272121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.272445] kthread+0x337/0x6f0 [ 29.272561] ret_from_fork+0x116/0x1d0 [ 29.272856] ret_from_fork_asm+0x1a/0x30 [ 29.273186] [ 29.273274] The buggy address belongs to the object at ffff888106266f00 [ 29.273274] which belongs to the cache kmalloc-64 of size 64 [ 29.273775] The buggy address is located 0 bytes to the right of [ 29.273775] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.274435] [ 29.274542] The buggy address belongs to the physical page: [ 29.274811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.275182] flags: 0x200000000000000(node=0|zone=2) [ 29.275425] page_type: f5(slab) [ 29.275629] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.275988] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.276310] page dumped because: kasan: bad access detected [ 29.276552] [ 29.276638] Memory state around the buggy address: [ 29.276852] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.277466] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.277700] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.278400] ^ [ 29.278634] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.279027] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.279405] ================================================================== [ 29.436364] ================================================================== [ 29.436653] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 29.436929] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.437622] [ 29.437721] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.437771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.438221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.438258] Call Trace: [ 29.438274] <TASK> [ 29.438413] dump_stack_lvl+0x73/0xb0 [ 29.438453] print_report+0xd1/0x640 [ 29.438602] ? __virt_addr_valid+0x1db/0x2d0 [ 29.438641] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.438665] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.438699] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.438723] kasan_report+0x141/0x180 [ 29.438747] ? kasan_atomics_helper+0x19e3/0x5450 [ 29.438775] kasan_check_range+0x10c/0x1c0 [ 29.438801] __kasan_check_write+0x18/0x20 [ 29.438828] kasan_atomics_helper+0x19e3/0x5450 [ 29.438854] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.438878] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.438974] ? kasan_atomics+0x152/0x310 [ 29.439008] kasan_atomics+0x1dc/0x310 [ 29.439104] ? __pfx_kasan_atomics+0x10/0x10 [ 29.439138] ? __pfx_read_tsc+0x10/0x10 [ 29.439163] ? ktime_get_ts64+0x86/0x230 [ 29.439190] kunit_try_run_case+0x1a5/0x480 [ 29.439215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.439240] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.439264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.439293] ? __kthread_parkme+0x82/0x180 [ 29.439315] ? preempt_count_sub+0x50/0x80 [ 29.439339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.439365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.439391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.439418] kthread+0x337/0x6f0 [ 29.439440] ? trace_preempt_on+0x20/0xc0 [ 29.439466] ? __pfx_kthread+0x10/0x10 [ 29.439489] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.439515] ? calculate_sigpending+0x7b/0xa0 [ 29.439541] ? __pfx_kthread+0x10/0x10 [ 29.439564] ret_from_fork+0x116/0x1d0 [ 29.439585] ? __pfx_kthread+0x10/0x10 [ 29.439608] ret_from_fork_asm+0x1a/0x30 [ 29.439641] </TASK> [ 29.439654] [ 29.448984] Allocated by task 314: [ 29.449120] kasan_save_stack+0x45/0x70 [ 29.449407] kasan_save_track+0x18/0x40 [ 29.449861] kasan_save_alloc_info+0x3b/0x50 [ 29.450118] __kasan_kmalloc+0xb7/0xc0 [ 29.450292] __kmalloc_cache_noprof+0x189/0x420 [ 29.450451] kasan_atomics+0x95/0x310 [ 29.450586] kunit_try_run_case+0x1a5/0x480 [ 29.450734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.451305] kthread+0x337/0x6f0 [ 29.451576] ret_from_fork+0x116/0x1d0 [ 29.451763] ret_from_fork_asm+0x1a/0x30 [ 29.452087] [ 29.452186] The buggy address belongs to the object at ffff888106266f00 [ 29.452186] which belongs to the cache kmalloc-64 of size 64 [ 29.452714] The buggy address is located 0 bytes to the right of [ 29.452714] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.453354] [ 29.453498] The buggy address belongs to the physical page: [ 29.453753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.454097] flags: 0x200000000000000(node=0|zone=2) [ 29.454333] page_type: f5(slab) [ 29.454455] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.454929] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.455255] page dumped because: kasan: bad access detected [ 29.455433] [ 29.455501] Memory state around the buggy address: [ 29.455659] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.455880] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.456406] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.456723] ^ [ 29.456953] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.457278] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.457898] ================================================================== [ 28.490633] ================================================================== [ 28.490860] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 28.491659] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.492218] [ 28.492331] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.492380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.492393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.492414] Call Trace: [ 28.492430] <TASK> [ 28.492446] dump_stack_lvl+0x73/0xb0 [ 28.492474] print_report+0xd1/0x640 [ 28.492497] ? __virt_addr_valid+0x1db/0x2d0 [ 28.492522] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.492545] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.492573] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.492597] kasan_report+0x141/0x180 [ 28.492621] ? kasan_atomics_helper+0x4b3a/0x5450 [ 28.492648] __asan_report_store4_noabort+0x1b/0x30 [ 28.492674] kasan_atomics_helper+0x4b3a/0x5450 [ 28.492699] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.492723] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.492750] ? kasan_atomics+0x152/0x310 [ 28.492778] kasan_atomics+0x1dc/0x310 [ 28.492853] ? __pfx_kasan_atomics+0x10/0x10 [ 28.492880] ? __pfx_read_tsc+0x10/0x10 [ 28.492904] ? ktime_get_ts64+0x86/0x230 [ 28.492930] kunit_try_run_case+0x1a5/0x480 [ 28.492967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.492992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.493015] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.493043] ? __kthread_parkme+0x82/0x180 [ 28.493074] ? preempt_count_sub+0x50/0x80 [ 28.493099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.493129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.493155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.493180] kthread+0x337/0x6f0 [ 28.493202] ? trace_preempt_on+0x20/0xc0 [ 28.493227] ? __pfx_kthread+0x10/0x10 [ 28.493249] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.493275] ? calculate_sigpending+0x7b/0xa0 [ 28.493300] ? __pfx_kthread+0x10/0x10 [ 28.493322] ret_from_fork+0x116/0x1d0 [ 28.493344] ? __pfx_kthread+0x10/0x10 [ 28.493365] ret_from_fork_asm+0x1a/0x30 [ 28.493397] </TASK> [ 28.493409] [ 28.502118] Allocated by task 314: [ 28.502248] kasan_save_stack+0x45/0x70 [ 28.502392] kasan_save_track+0x18/0x40 [ 28.502527] kasan_save_alloc_info+0x3b/0x50 [ 28.502678] __kasan_kmalloc+0xb7/0xc0 [ 28.502865] __kmalloc_cache_noprof+0x189/0x420 [ 28.503093] kasan_atomics+0x95/0x310 [ 28.503279] kunit_try_run_case+0x1a5/0x480 [ 28.503647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.504074] kthread+0x337/0x6f0 [ 28.504253] ret_from_fork+0x116/0x1d0 [ 28.504439] ret_from_fork_asm+0x1a/0x30 [ 28.504581] [ 28.504650] The buggy address belongs to the object at ffff888106266f00 [ 28.504650] which belongs to the cache kmalloc-64 of size 64 [ 28.505607] The buggy address is located 0 bytes to the right of [ 28.505607] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.506238] [ 28.506316] The buggy address belongs to the physical page: [ 28.506495] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.506742] flags: 0x200000000000000(node=0|zone=2) [ 28.506986] page_type: f5(slab) [ 28.507160] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.508119] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.508373] page dumped because: kasan: bad access detected [ 28.508552] [ 28.508643] Memory state around the buggy address: [ 28.509038] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.509376] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.509692] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.510044] ^ [ 28.510205] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.510426] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.511117] ================================================================== [ 28.447897] ================================================================== [ 28.448363] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 28.448604] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.449086] [ 28.449237] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.449285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.449299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.449320] Call Trace: [ 28.449335] <TASK> [ 28.449351] dump_stack_lvl+0x73/0xb0 [ 28.449379] print_report+0xd1/0x640 [ 28.449403] ? __virt_addr_valid+0x1db/0x2d0 [ 28.449428] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.449451] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.449479] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.449503] kasan_report+0x141/0x180 [ 28.449526] ? kasan_atomics_helper+0x4b54/0x5450 [ 28.449554] __asan_report_load4_noabort+0x18/0x20 [ 28.449580] kasan_atomics_helper+0x4b54/0x5450 [ 28.449604] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.449628] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.449654] ? kasan_atomics+0x152/0x310 [ 28.449682] kasan_atomics+0x1dc/0x310 [ 28.449706] ? __pfx_kasan_atomics+0x10/0x10 [ 28.449731] ? __pfx_read_tsc+0x10/0x10 [ 28.449754] ? ktime_get_ts64+0x86/0x230 [ 28.449780] kunit_try_run_case+0x1a5/0x480 [ 28.449805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.449829] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.449853] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.449881] ? __kthread_parkme+0x82/0x180 [ 28.449903] ? preempt_count_sub+0x50/0x80 [ 28.449928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.449976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.450003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.450029] kthread+0x337/0x6f0 [ 28.450051] ? trace_preempt_on+0x20/0xc0 [ 28.450444] ? __pfx_kthread+0x10/0x10 [ 28.450472] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.450499] ? calculate_sigpending+0x7b/0xa0 [ 28.450526] ? __pfx_kthread+0x10/0x10 [ 28.450550] ret_from_fork+0x116/0x1d0 [ 28.450581] ? __pfx_kthread+0x10/0x10 [ 28.450604] ret_from_fork_asm+0x1a/0x30 [ 28.450637] </TASK> [ 28.450650] [ 28.462197] Allocated by task 314: [ 28.462373] kasan_save_stack+0x45/0x70 [ 28.462545] kasan_save_track+0x18/0x40 [ 28.462713] kasan_save_alloc_info+0x3b/0x50 [ 28.463460] __kasan_kmalloc+0xb7/0xc0 [ 28.463668] __kmalloc_cache_noprof+0x189/0x420 [ 28.464272] kasan_atomics+0x95/0x310 [ 28.464504] kunit_try_run_case+0x1a5/0x480 [ 28.464666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.464924] kthread+0x337/0x6f0 [ 28.465122] ret_from_fork+0x116/0x1d0 [ 28.465265] ret_from_fork_asm+0x1a/0x30 [ 28.465464] [ 28.465559] The buggy address belongs to the object at ffff888106266f00 [ 28.465559] which belongs to the cache kmalloc-64 of size 64 [ 28.466002] The buggy address is located 0 bytes to the right of [ 28.466002] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.466544] [ 28.466734] The buggy address belongs to the physical page: [ 28.466920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.467291] flags: 0x200000000000000(node=0|zone=2) [ 28.467684] page_type: f5(slab) [ 28.467825] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.468197] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.468593] page dumped because: kasan: bad access detected [ 28.468811] [ 28.468901] Memory state around the buggy address: [ 28.469148] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.469445] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.469716] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.470008] ^ [ 28.470237] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.470837] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.471189] ================================================================== [ 28.791273] ================================================================== [ 28.791967] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 28.792544] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.792788] [ 28.792870] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.792919] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.792933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.793029] Call Trace: [ 28.793066] <TASK> [ 28.793084] dump_stack_lvl+0x73/0xb0 [ 28.793115] print_report+0xd1/0x640 [ 28.793145] ? __virt_addr_valid+0x1db/0x2d0 [ 28.793170] ? kasan_atomics_helper+0xc70/0x5450 [ 28.793193] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.793221] ? kasan_atomics_helper+0xc70/0x5450 [ 28.793245] kasan_report+0x141/0x180 [ 28.793269] ? kasan_atomics_helper+0xc70/0x5450 [ 28.793297] kasan_check_range+0x10c/0x1c0 [ 28.793322] __kasan_check_write+0x18/0x20 [ 28.793347] kasan_atomics_helper+0xc70/0x5450 [ 28.793372] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.793396] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.793423] ? kasan_atomics+0x152/0x310 [ 28.793451] kasan_atomics+0x1dc/0x310 [ 28.793475] ? __pfx_kasan_atomics+0x10/0x10 [ 28.793501] ? __pfx_read_tsc+0x10/0x10 [ 28.793525] ? ktime_get_ts64+0x86/0x230 [ 28.793550] kunit_try_run_case+0x1a5/0x480 [ 28.793577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.793602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.793625] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.793653] ? __kthread_parkme+0x82/0x180 [ 28.793677] ? preempt_count_sub+0x50/0x80 [ 28.793702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.793728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.793753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.793962] kthread+0x337/0x6f0 [ 28.793993] ? trace_preempt_on+0x20/0xc0 [ 28.794020] ? __pfx_kthread+0x10/0x10 [ 28.794063] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.794091] ? calculate_sigpending+0x7b/0xa0 [ 28.794117] ? __pfx_kthread+0x10/0x10 [ 28.794141] ret_from_fork+0x116/0x1d0 [ 28.794162] ? __pfx_kthread+0x10/0x10 [ 28.794185] ret_from_fork_asm+0x1a/0x30 [ 28.794219] </TASK> [ 28.794231] [ 28.807173] Allocated by task 314: [ 28.807329] kasan_save_stack+0x45/0x70 [ 28.807479] kasan_save_track+0x18/0x40 [ 28.807617] kasan_save_alloc_info+0x3b/0x50 [ 28.807767] __kasan_kmalloc+0xb7/0xc0 [ 28.807901] __kmalloc_cache_noprof+0x189/0x420 [ 28.808377] kasan_atomics+0x95/0x310 [ 28.808746] kunit_try_run_case+0x1a5/0x480 [ 28.809162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.809691] kthread+0x337/0x6f0 [ 28.810023] ret_from_fork+0x116/0x1d0 [ 28.810405] ret_from_fork_asm+0x1a/0x30 [ 28.810755] [ 28.810974] The buggy address belongs to the object at ffff888106266f00 [ 28.810974] which belongs to the cache kmalloc-64 of size 64 [ 28.812192] The buggy address is located 0 bytes to the right of [ 28.812192] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.813257] [ 28.813415] The buggy address belongs to the physical page: [ 28.813750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.814399] flags: 0x200000000000000(node=0|zone=2) [ 28.814713] page_type: f5(slab) [ 28.814858] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.815114] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.815370] page dumped because: kasan: bad access detected [ 28.815547] [ 28.815613] Memory state around the buggy address: [ 28.815769] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.816442] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.817188] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.817910] ^ [ 28.818398] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.819024] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.819662] ================================================================== [ 29.774835] ================================================================== [ 29.775195] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 29.775531] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.775814] [ 29.775892] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.775940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.775981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.776002] Call Trace: [ 29.776018] <TASK> [ 29.776033] dump_stack_lvl+0x73/0xb0 [ 29.776139] print_report+0xd1/0x640 [ 29.776167] ? __virt_addr_valid+0x1db/0x2d0 [ 29.776192] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.776215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.776244] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.776268] kasan_report+0x141/0x180 [ 29.776292] ? kasan_atomics_helper+0x4f98/0x5450 [ 29.776321] __asan_report_load8_noabort+0x18/0x20 [ 29.776347] kasan_atomics_helper+0x4f98/0x5450 [ 29.776371] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.776396] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.776422] ? kasan_atomics+0x152/0x310 [ 29.776451] kasan_atomics+0x1dc/0x310 [ 29.776476] ? __pfx_kasan_atomics+0x10/0x10 [ 29.776504] ? __pfx_read_tsc+0x10/0x10 [ 29.776527] ? ktime_get_ts64+0x86/0x230 [ 29.776565] kunit_try_run_case+0x1a5/0x480 [ 29.776592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.776617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.776653] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.776681] ? __kthread_parkme+0x82/0x180 [ 29.776703] ? preempt_count_sub+0x50/0x80 [ 29.776728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.776754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.776780] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.776806] kthread+0x337/0x6f0 [ 29.776827] ? trace_preempt_on+0x20/0xc0 [ 29.776852] ? __pfx_kthread+0x10/0x10 [ 29.776874] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.776899] ? calculate_sigpending+0x7b/0xa0 [ 29.776925] ? __pfx_kthread+0x10/0x10 [ 29.776956] ret_from_fork+0x116/0x1d0 [ 29.776977] ? __pfx_kthread+0x10/0x10 [ 29.776999] ret_from_fork_asm+0x1a/0x30 [ 29.777033] </TASK> [ 29.777044] [ 29.786162] Allocated by task 314: [ 29.786367] kasan_save_stack+0x45/0x70 [ 29.786591] kasan_save_track+0x18/0x40 [ 29.786817] kasan_save_alloc_info+0x3b/0x50 [ 29.787179] __kasan_kmalloc+0xb7/0xc0 [ 29.787370] __kmalloc_cache_noprof+0x189/0x420 [ 29.787523] kasan_atomics+0x95/0x310 [ 29.787698] kunit_try_run_case+0x1a5/0x480 [ 29.787983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.788402] kthread+0x337/0x6f0 [ 29.788527] ret_from_fork+0x116/0x1d0 [ 29.788787] ret_from_fork_asm+0x1a/0x30 [ 29.789018] [ 29.789101] The buggy address belongs to the object at ffff888106266f00 [ 29.789101] which belongs to the cache kmalloc-64 of size 64 [ 29.790020] The buggy address is located 0 bytes to the right of [ 29.790020] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.790564] [ 29.790659] The buggy address belongs to the physical page: [ 29.790980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.791362] flags: 0x200000000000000(node=0|zone=2) [ 29.791653] page_type: f5(slab) [ 29.791840] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.792261] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.792495] page dumped because: kasan: bad access detected [ 29.792664] [ 29.792728] Memory state around the buggy address: [ 29.792880] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.793233] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.793547] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.793851] ^ [ 29.794217] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.794885] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.795376] ================================================================== [ 29.875481] ================================================================== [ 29.876358] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 29.877026] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.877263] [ 29.877344] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.877393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.877405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.877427] Call Trace: [ 29.877442] <TASK> [ 29.877457] dump_stack_lvl+0x73/0xb0 [ 29.877486] print_report+0xd1/0x640 [ 29.877510] ? __virt_addr_valid+0x1db/0x2d0 [ 29.877536] ? kasan_atomics_helper+0x224c/0x5450 [ 29.877559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.877587] ? kasan_atomics_helper+0x224c/0x5450 [ 29.877611] kasan_report+0x141/0x180 [ 29.877636] ? kasan_atomics_helper+0x224c/0x5450 [ 29.877664] kasan_check_range+0x10c/0x1c0 [ 29.877689] __kasan_check_write+0x18/0x20 [ 29.877715] kasan_atomics_helper+0x224c/0x5450 [ 29.877739] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.877763] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.877790] ? kasan_atomics+0x152/0x310 [ 29.877817] kasan_atomics+0x1dc/0x310 [ 29.877842] ? __pfx_kasan_atomics+0x10/0x10 [ 29.877868] ? __pfx_read_tsc+0x10/0x10 [ 29.877891] ? ktime_get_ts64+0x86/0x230 [ 29.877917] kunit_try_run_case+0x1a5/0x480 [ 29.877953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.877978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.878002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.878031] ? __kthread_parkme+0x82/0x180 [ 29.878083] ? preempt_count_sub+0x50/0x80 [ 29.878120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.878147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.878184] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.878211] kthread+0x337/0x6f0 [ 29.878233] ? trace_preempt_on+0x20/0xc0 [ 29.878258] ? __pfx_kthread+0x10/0x10 [ 29.878281] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.878306] ? calculate_sigpending+0x7b/0xa0 [ 29.878332] ? __pfx_kthread+0x10/0x10 [ 29.878383] ret_from_fork+0x116/0x1d0 [ 29.878405] ? __pfx_kthread+0x10/0x10 [ 29.878427] ret_from_fork_asm+0x1a/0x30 [ 29.878471] </TASK> [ 29.878482] [ 29.890252] Allocated by task 314: [ 29.890470] kasan_save_stack+0x45/0x70 [ 29.890696] kasan_save_track+0x18/0x40 [ 29.890904] kasan_save_alloc_info+0x3b/0x50 [ 29.891156] __kasan_kmalloc+0xb7/0xc0 [ 29.891373] __kmalloc_cache_noprof+0x189/0x420 [ 29.891598] kasan_atomics+0x95/0x310 [ 29.891776] kunit_try_run_case+0x1a5/0x480 [ 29.892021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.892296] kthread+0x337/0x6f0 [ 29.892502] ret_from_fork+0x116/0x1d0 [ 29.892687] ret_from_fork_asm+0x1a/0x30 [ 29.892890] [ 29.893009] The buggy address belongs to the object at ffff888106266f00 [ 29.893009] which belongs to the cache kmalloc-64 of size 64 [ 29.893576] The buggy address is located 0 bytes to the right of [ 29.893576] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.894186] [ 29.894323] The buggy address belongs to the physical page: [ 29.894558] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.894935] flags: 0x200000000000000(node=0|zone=2) [ 29.895174] page_type: f5(slab) [ 29.895368] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.895716] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.896055] page dumped because: kasan: bad access detected [ 29.896376] [ 29.896441] Memory state around the buggy address: [ 29.896592] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.896923] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.897430] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.897733] ^ [ 29.897960] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.898375] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.898784] ================================================================== [ 29.011554] ================================================================== [ 29.011923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 29.012279] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.012510] [ 29.012591] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.012638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.012651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.012674] Call Trace: [ 29.012688] <TASK> [ 29.012703] dump_stack_lvl+0x73/0xb0 [ 29.012776] print_report+0xd1/0x640 [ 29.012827] ? __virt_addr_valid+0x1db/0x2d0 [ 29.012854] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.012878] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.012907] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.012930] kasan_report+0x141/0x180 [ 29.012966] ? kasan_atomics_helper+0x4a1c/0x5450 [ 29.012994] __asan_report_load4_noabort+0x18/0x20 [ 29.013021] kasan_atomics_helper+0x4a1c/0x5450 [ 29.013046] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.013070] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.013096] ? kasan_atomics+0x152/0x310 [ 29.013133] kasan_atomics+0x1dc/0x310 [ 29.013278] ? __pfx_kasan_atomics+0x10/0x10 [ 29.013311] ? __pfx_read_tsc+0x10/0x10 [ 29.013337] ? ktime_get_ts64+0x86/0x230 [ 29.013364] kunit_try_run_case+0x1a5/0x480 [ 29.013392] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.013417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.013441] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.013471] ? __kthread_parkme+0x82/0x180 [ 29.013492] ? preempt_count_sub+0x50/0x80 [ 29.013518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.013544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.013570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.013596] kthread+0x337/0x6f0 [ 29.013618] ? trace_preempt_on+0x20/0xc0 [ 29.013643] ? __pfx_kthread+0x10/0x10 [ 29.013700] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.013728] ? calculate_sigpending+0x7b/0xa0 [ 29.013754] ? __pfx_kthread+0x10/0x10 [ 29.013822] ret_from_fork+0x116/0x1d0 [ 29.013887] ? __pfx_kthread+0x10/0x10 [ 29.013912] ret_from_fork_asm+0x1a/0x30 [ 29.013957] </TASK> [ 29.013970] [ 29.023579] Allocated by task 314: [ 29.023901] kasan_save_stack+0x45/0x70 [ 29.024193] kasan_save_track+0x18/0x40 [ 29.024412] kasan_save_alloc_info+0x3b/0x50 [ 29.024634] __kasan_kmalloc+0xb7/0xc0 [ 29.024769] __kmalloc_cache_noprof+0x189/0x420 [ 29.024927] kasan_atomics+0x95/0x310 [ 29.025385] kunit_try_run_case+0x1a5/0x480 [ 29.025647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.025902] kthread+0x337/0x6f0 [ 29.026090] ret_from_fork+0x116/0x1d0 [ 29.026250] ret_from_fork_asm+0x1a/0x30 [ 29.026392] [ 29.026460] The buggy address belongs to the object at ffff888106266f00 [ 29.026460] which belongs to the cache kmalloc-64 of size 64 [ 29.027215] The buggy address is located 0 bytes to the right of [ 29.027215] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.027610] [ 29.027680] The buggy address belongs to the physical page: [ 29.028379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.028726] flags: 0x200000000000000(node=0|zone=2) [ 29.028956] page_type: f5(slab) [ 29.029486] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.029839] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.030287] page dumped because: kasan: bad access detected [ 29.030853] [ 29.030930] Memory state around the buggy address: [ 29.031201] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.031546] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.031955] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.032271] ^ [ 29.032436] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.032764] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.033422] ================================================================== [ 29.156354] ================================================================== [ 29.156693] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 29.157108] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.157408] [ 29.157511] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.157558] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.157593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.157615] Call Trace: [ 29.157630] <TASK> [ 29.157644] dump_stack_lvl+0x73/0xb0 [ 29.157673] print_report+0xd1/0x640 [ 29.157697] ? __virt_addr_valid+0x1db/0x2d0 [ 29.157721] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.157744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.157966] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.158026] kasan_report+0x141/0x180 [ 29.158071] ? kasan_atomics_helper+0x13b5/0x5450 [ 29.158101] kasan_check_range+0x10c/0x1c0 [ 29.158127] __kasan_check_read+0x15/0x20 [ 29.158152] kasan_atomics_helper+0x13b5/0x5450 [ 29.158176] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.158201] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.158227] ? kasan_atomics+0x152/0x310 [ 29.158255] kasan_atomics+0x1dc/0x310 [ 29.158279] ? __pfx_kasan_atomics+0x10/0x10 [ 29.158305] ? __pfx_read_tsc+0x10/0x10 [ 29.158330] ? ktime_get_ts64+0x86/0x230 [ 29.158355] kunit_try_run_case+0x1a5/0x480 [ 29.158402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.158428] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.158452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.158480] ? __kthread_parkme+0x82/0x180 [ 29.158502] ? preempt_count_sub+0x50/0x80 [ 29.158527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.158553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.158598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.158625] kthread+0x337/0x6f0 [ 29.158647] ? trace_preempt_on+0x20/0xc0 [ 29.158672] ? __pfx_kthread+0x10/0x10 [ 29.158695] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.158721] ? calculate_sigpending+0x7b/0xa0 [ 29.158746] ? __pfx_kthread+0x10/0x10 [ 29.158833] ret_from_fork+0x116/0x1d0 [ 29.158860] ? __pfx_kthread+0x10/0x10 [ 29.158883] ret_from_fork_asm+0x1a/0x30 [ 29.158917] </TASK> [ 29.158930] [ 29.167494] Allocated by task 314: [ 29.167693] kasan_save_stack+0x45/0x70 [ 29.167923] kasan_save_track+0x18/0x40 [ 29.168094] kasan_save_alloc_info+0x3b/0x50 [ 29.168420] __kasan_kmalloc+0xb7/0xc0 [ 29.168604] __kmalloc_cache_noprof+0x189/0x420 [ 29.170109] kasan_atomics+0x95/0x310 [ 29.170283] kunit_try_run_case+0x1a5/0x480 [ 29.170702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.171272] kthread+0x337/0x6f0 [ 29.171483] ret_from_fork+0x116/0x1d0 [ 29.171622] ret_from_fork_asm+0x1a/0x30 [ 29.171764] [ 29.171833] The buggy address belongs to the object at ffff888106266f00 [ 29.171833] which belongs to the cache kmalloc-64 of size 64 [ 29.172400] The buggy address is located 0 bytes to the right of [ 29.172400] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.172865] [ 29.173044] The buggy address belongs to the physical page: [ 29.173332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.173750] flags: 0x200000000000000(node=0|zone=2) [ 29.173915] page_type: f5(slab) [ 29.174049] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.174622] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.175151] page dumped because: kasan: bad access detected [ 29.175336] [ 29.175418] Memory state around the buggy address: [ 29.175671] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.176005] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.176351] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.176767] ^ [ 29.177001] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.177486] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.177813] ================================================================== [ 29.538719] ================================================================== [ 29.539103] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 29.539706] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.540640] [ 29.540910] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.540988] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.541003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.541025] Call Trace: [ 29.541042] <TASK> [ 29.541059] dump_stack_lvl+0x73/0xb0 [ 29.541092] print_report+0xd1/0x640 [ 29.541116] ? __virt_addr_valid+0x1db/0x2d0 [ 29.541146] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.541170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.541198] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.541223] kasan_report+0x141/0x180 [ 29.541246] ? kasan_atomics_helper+0x4f30/0x5450 [ 29.541275] __asan_report_load8_noabort+0x18/0x20 [ 29.541301] kasan_atomics_helper+0x4f30/0x5450 [ 29.541325] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.541349] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.541375] ? kasan_atomics+0x152/0x310 [ 29.541404] kasan_atomics+0x1dc/0x310 [ 29.541427] ? __pfx_kasan_atomics+0x10/0x10 [ 29.541453] ? __pfx_read_tsc+0x10/0x10 [ 29.541477] ? ktime_get_ts64+0x86/0x230 [ 29.541502] kunit_try_run_case+0x1a5/0x480 [ 29.541528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.541552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.541576] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.541603] ? __kthread_parkme+0x82/0x180 [ 29.541625] ? preempt_count_sub+0x50/0x80 [ 29.541650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.541676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.541702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.541728] kthread+0x337/0x6f0 [ 29.541750] ? trace_preempt_on+0x20/0xc0 [ 29.541775] ? __pfx_kthread+0x10/0x10 [ 29.541814] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.541840] ? calculate_sigpending+0x7b/0xa0 [ 29.541867] ? __pfx_kthread+0x10/0x10 [ 29.541890] ret_from_fork+0x116/0x1d0 [ 29.541911] ? __pfx_kthread+0x10/0x10 [ 29.541934] ret_from_fork_asm+0x1a/0x30 [ 29.541977] </TASK> [ 29.541989] [ 29.553896] Allocated by task 314: [ 29.554157] kasan_save_stack+0x45/0x70 [ 29.554580] kasan_save_track+0x18/0x40 [ 29.554777] kasan_save_alloc_info+0x3b/0x50 [ 29.555270] __kasan_kmalloc+0xb7/0xc0 [ 29.555469] __kmalloc_cache_noprof+0x189/0x420 [ 29.555654] kasan_atomics+0x95/0x310 [ 29.555930] kunit_try_run_case+0x1a5/0x480 [ 29.556377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.556720] kthread+0x337/0x6f0 [ 29.556993] ret_from_fork+0x116/0x1d0 [ 29.557236] ret_from_fork_asm+0x1a/0x30 [ 29.557629] [ 29.557734] The buggy address belongs to the object at ffff888106266f00 [ 29.557734] which belongs to the cache kmalloc-64 of size 64 [ 29.558418] The buggy address is located 0 bytes to the right of [ 29.558418] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.559253] [ 29.559336] The buggy address belongs to the physical page: [ 29.559775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.560291] flags: 0x200000000000000(node=0|zone=2) [ 29.560511] page_type: f5(slab) [ 29.560677] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.561391] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.561744] page dumped because: kasan: bad access detected [ 29.562047] [ 29.562441] Memory state around the buggy address: [ 29.562650] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.563202] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.563836] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.564104] ^ [ 29.564340] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.564646] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.565412] ================================================================== [ 28.964600] ================================================================== [ 28.965098] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 28.965490] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.965875] [ 28.965983] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.966030] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.966043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.966065] Call Trace: [ 28.966079] <TASK> [ 28.966182] dump_stack_lvl+0x73/0xb0 [ 28.966242] print_report+0xd1/0x640 [ 28.966267] ? __virt_addr_valid+0x1db/0x2d0 [ 28.966292] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.966316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.966343] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.966368] kasan_report+0x141/0x180 [ 28.966392] ? kasan_atomics_helper+0x4a36/0x5450 [ 28.966421] __asan_report_load4_noabort+0x18/0x20 [ 28.966447] kasan_atomics_helper+0x4a36/0x5450 [ 28.966472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.966496] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.966556] ? kasan_atomics+0x152/0x310 [ 28.966584] kasan_atomics+0x1dc/0x310 [ 28.966609] ? __pfx_kasan_atomics+0x10/0x10 [ 28.966635] ? __pfx_read_tsc+0x10/0x10 [ 28.966660] ? ktime_get_ts64+0x86/0x230 [ 28.966685] kunit_try_run_case+0x1a5/0x480 [ 28.966711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.966736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.966760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.966788] ? __kthread_parkme+0x82/0x180 [ 28.966839] ? preempt_count_sub+0x50/0x80 [ 28.966866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.966916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.966978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.967005] kthread+0x337/0x6f0 [ 28.967052] ? trace_preempt_on+0x20/0xc0 [ 28.967253] ? __pfx_kthread+0x10/0x10 [ 28.967289] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.967316] ? calculate_sigpending+0x7b/0xa0 [ 28.967342] ? __pfx_kthread+0x10/0x10 [ 28.967381] ret_from_fork+0x116/0x1d0 [ 28.967404] ? __pfx_kthread+0x10/0x10 [ 28.967427] ret_from_fork_asm+0x1a/0x30 [ 28.967461] </TASK> [ 28.967473] [ 28.977046] Allocated by task 314: [ 28.977191] kasan_save_stack+0x45/0x70 [ 28.977338] kasan_save_track+0x18/0x40 [ 28.977551] kasan_save_alloc_info+0x3b/0x50 [ 28.977760] __kasan_kmalloc+0xb7/0xc0 [ 28.977956] __kmalloc_cache_noprof+0x189/0x420 [ 28.978289] kasan_atomics+0x95/0x310 [ 28.978483] kunit_try_run_case+0x1a5/0x480 [ 28.978683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.979231] kthread+0x337/0x6f0 [ 28.979421] ret_from_fork+0x116/0x1d0 [ 28.979615] ret_from_fork_asm+0x1a/0x30 [ 28.979814] [ 28.979939] The buggy address belongs to the object at ffff888106266f00 [ 28.979939] which belongs to the cache kmalloc-64 of size 64 [ 28.980529] The buggy address is located 0 bytes to the right of [ 28.980529] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.981373] [ 28.981493] The buggy address belongs to the physical page: [ 28.981773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.982301] flags: 0x200000000000000(node=0|zone=2) [ 28.982581] page_type: f5(slab) [ 28.982767] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.983352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.983699] page dumped because: kasan: bad access detected [ 28.984077] [ 28.984255] Memory state around the buggy address: [ 28.984471] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.984696] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.985300] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.985795] ^ [ 28.986017] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.986241] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.986838] ================================================================== [ 29.413905] ================================================================== [ 29.414501] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 29.414912] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.415193] [ 29.415458] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.415665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.415681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.415703] Call Trace: [ 29.415727] <TASK> [ 29.415745] dump_stack_lvl+0x73/0xb0 [ 29.415775] print_report+0xd1/0x640 [ 29.415877] ? __virt_addr_valid+0x1db/0x2d0 [ 29.415904] ? kasan_atomics_helper+0x194a/0x5450 [ 29.415927] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.416005] ? kasan_atomics_helper+0x194a/0x5450 [ 29.416032] kasan_report+0x141/0x180 [ 29.416092] ? kasan_atomics_helper+0x194a/0x5450 [ 29.416122] kasan_check_range+0x10c/0x1c0 [ 29.416149] __kasan_check_write+0x18/0x20 [ 29.416185] kasan_atomics_helper+0x194a/0x5450 [ 29.416210] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.416235] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.416262] ? kasan_atomics+0x152/0x310 [ 29.416290] kasan_atomics+0x1dc/0x310 [ 29.416315] ? __pfx_kasan_atomics+0x10/0x10 [ 29.416341] ? __pfx_read_tsc+0x10/0x10 [ 29.416364] ? ktime_get_ts64+0x86/0x230 [ 29.416391] kunit_try_run_case+0x1a5/0x480 [ 29.416417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.416443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.416466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.416494] ? __kthread_parkme+0x82/0x180 [ 29.416517] ? preempt_count_sub+0x50/0x80 [ 29.416541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.416568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.416594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.416621] kthread+0x337/0x6f0 [ 29.416642] ? trace_preempt_on+0x20/0xc0 [ 29.416668] ? __pfx_kthread+0x10/0x10 [ 29.416691] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.416717] ? calculate_sigpending+0x7b/0xa0 [ 29.416742] ? __pfx_kthread+0x10/0x10 [ 29.416766] ret_from_fork+0x116/0x1d0 [ 29.416798] ? __pfx_kthread+0x10/0x10 [ 29.416822] ret_from_fork_asm+0x1a/0x30 [ 29.416854] </TASK> [ 29.416868] [ 29.426471] Allocated by task 314: [ 29.426913] kasan_save_stack+0x45/0x70 [ 29.427084] kasan_save_track+0x18/0x40 [ 29.427514] kasan_save_alloc_info+0x3b/0x50 [ 29.427926] __kasan_kmalloc+0xb7/0xc0 [ 29.428087] __kmalloc_cache_noprof+0x189/0x420 [ 29.428313] kasan_atomics+0x95/0x310 [ 29.428553] kunit_try_run_case+0x1a5/0x480 [ 29.428752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.428931] kthread+0x337/0x6f0 [ 29.429136] ret_from_fork+0x116/0x1d0 [ 29.429345] ret_from_fork_asm+0x1a/0x30 [ 29.429546] [ 29.429639] The buggy address belongs to the object at ffff888106266f00 [ 29.429639] which belongs to the cache kmalloc-64 of size 64 [ 29.430319] The buggy address is located 0 bytes to the right of [ 29.430319] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.431060] [ 29.431157] The buggy address belongs to the physical page: [ 29.431441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.431692] flags: 0x200000000000000(node=0|zone=2) [ 29.432119] page_type: f5(slab) [ 29.432294] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.432617] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.432931] page dumped because: kasan: bad access detected [ 29.433301] [ 29.433377] Memory state around the buggy address: [ 29.433643] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.433923] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.434153] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.434609] ^ [ 29.434875] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.435360] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.435694] ================================================================== [ 28.372368] ================================================================== [ 28.372963] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 28.373786] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.374610] [ 28.374808] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.374917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.374932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.375053] Call Trace: [ 28.375073] <TASK> [ 28.375092] dump_stack_lvl+0x73/0xb0 [ 28.375134] print_report+0xd1/0x640 [ 28.375159] ? __virt_addr_valid+0x1db/0x2d0 [ 28.375184] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.375209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.375236] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.375260] kasan_report+0x141/0x180 [ 28.375285] ? kasan_atomics_helper+0x4b88/0x5450 [ 28.375315] __asan_report_load4_noabort+0x18/0x20 [ 28.375342] kasan_atomics_helper+0x4b88/0x5450 [ 28.375368] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.375393] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.375420] ? kasan_atomics+0x152/0x310 [ 28.375449] kasan_atomics+0x1dc/0x310 [ 28.375474] ? __pfx_kasan_atomics+0x10/0x10 [ 28.375502] ? __pfx_read_tsc+0x10/0x10 [ 28.375528] ? ktime_get_ts64+0x86/0x230 [ 28.375555] kunit_try_run_case+0x1a5/0x480 [ 28.375581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.375609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.375634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.375663] ? __kthread_parkme+0x82/0x180 [ 28.375686] ? preempt_count_sub+0x50/0x80 [ 28.375712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.375738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.375764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.375792] kthread+0x337/0x6f0 [ 28.375821] ? trace_preempt_on+0x20/0xc0 [ 28.375847] ? __pfx_kthread+0x10/0x10 [ 28.375869] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.375895] ? calculate_sigpending+0x7b/0xa0 [ 28.375920] ? __pfx_kthread+0x10/0x10 [ 28.375957] ret_from_fork+0x116/0x1d0 [ 28.375979] ? __pfx_kthread+0x10/0x10 [ 28.376002] ret_from_fork_asm+0x1a/0x30 [ 28.376036] </TASK> [ 28.376049] [ 28.388773] Allocated by task 314: [ 28.389329] kasan_save_stack+0x45/0x70 [ 28.389636] kasan_save_track+0x18/0x40 [ 28.389784] kasan_save_alloc_info+0x3b/0x50 [ 28.390244] __kasan_kmalloc+0xb7/0xc0 [ 28.390433] __kmalloc_cache_noprof+0x189/0x420 [ 28.390789] kasan_atomics+0x95/0x310 [ 28.391255] kunit_try_run_case+0x1a5/0x480 [ 28.391424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.391752] kthread+0x337/0x6f0 [ 28.392206] ret_from_fork+0x116/0x1d0 [ 28.392403] ret_from_fork_asm+0x1a/0x30 [ 28.393066] [ 28.393218] The buggy address belongs to the object at ffff888106266f00 [ 28.393218] which belongs to the cache kmalloc-64 of size 64 [ 28.393734] The buggy address is located 0 bytes to the right of [ 28.393734] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.394655] [ 28.394770] The buggy address belongs to the physical page: [ 28.395273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.395701] flags: 0x200000000000000(node=0|zone=2) [ 28.396138] page_type: f5(slab) [ 28.396316] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.396763] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.397326] page dumped because: kasan: bad access detected [ 28.397570] [ 28.397875] Memory state around the buggy address: [ 28.398259] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.398567] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.398902] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.399528] ^ [ 28.399758] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.400418] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.400805] ================================================================== [ 28.820465] ================================================================== [ 28.821074] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 28.821777] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.822567] [ 28.822742] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.822790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.822804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.822825] Call Trace: [ 28.822851] <TASK> [ 28.822868] dump_stack_lvl+0x73/0xb0 [ 28.822896] print_report+0xd1/0x640 [ 28.822920] ? __virt_addr_valid+0x1db/0x2d0 [ 28.822956] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.822980] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.823008] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.823031] kasan_report+0x141/0x180 [ 28.823056] ? kasan_atomics_helper+0x4a84/0x5450 [ 28.823083] __asan_report_load4_noabort+0x18/0x20 [ 28.823133] kasan_atomics_helper+0x4a84/0x5450 [ 28.823274] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.823298] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.823325] ? kasan_atomics+0x152/0x310 [ 28.823353] kasan_atomics+0x1dc/0x310 [ 28.823378] ? __pfx_kasan_atomics+0x10/0x10 [ 28.823414] ? __pfx_read_tsc+0x10/0x10 [ 28.823437] ? ktime_get_ts64+0x86/0x230 [ 28.823462] kunit_try_run_case+0x1a5/0x480 [ 28.823489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.823513] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.823537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.823566] ? __kthread_parkme+0x82/0x180 [ 28.823587] ? preempt_count_sub+0x50/0x80 [ 28.823612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.823637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.823663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.823689] kthread+0x337/0x6f0 [ 28.823711] ? trace_preempt_on+0x20/0xc0 [ 28.823735] ? __pfx_kthread+0x10/0x10 [ 28.823758] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.823783] ? calculate_sigpending+0x7b/0xa0 [ 28.823820] ? __pfx_kthread+0x10/0x10 [ 28.823844] ret_from_fork+0x116/0x1d0 [ 28.823864] ? __pfx_kthread+0x10/0x10 [ 28.823887] ret_from_fork_asm+0x1a/0x30 [ 28.823919] </TASK> [ 28.823932] [ 28.836894] Allocated by task 314: [ 28.837259] kasan_save_stack+0x45/0x70 [ 28.837680] kasan_save_track+0x18/0x40 [ 28.837933] kasan_save_alloc_info+0x3b/0x50 [ 28.838283] __kasan_kmalloc+0xb7/0xc0 [ 28.838418] __kmalloc_cache_noprof+0x189/0x420 [ 28.838576] kasan_atomics+0x95/0x310 [ 28.838931] kunit_try_run_case+0x1a5/0x480 [ 28.839158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.839357] kthread+0x337/0x6f0 [ 28.839480] ret_from_fork+0x116/0x1d0 [ 28.839615] ret_from_fork_asm+0x1a/0x30 [ 28.839755] [ 28.839833] The buggy address belongs to the object at ffff888106266f00 [ 28.839833] which belongs to the cache kmalloc-64 of size 64 [ 28.840986] The buggy address is located 0 bytes to the right of [ 28.840986] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.842202] [ 28.842373] The buggy address belongs to the physical page: [ 28.842930] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.843716] flags: 0x200000000000000(node=0|zone=2) [ 28.844207] page_type: f5(slab) [ 28.844427] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.844739] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.845473] page dumped because: kasan: bad access detected [ 28.845957] [ 28.846258] Memory state around the buggy address: [ 28.846443] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.846665] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.846885] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.847137] ^ [ 28.847478] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.847816] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.848158] ================================================================== [ 29.385511] ================================================================== [ 29.386239] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 29.387170] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.387665] [ 29.387755] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.387915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.387931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.387962] Call Trace: [ 29.387981] <TASK> [ 29.387997] dump_stack_lvl+0x73/0xb0 [ 29.388029] print_report+0xd1/0x640 [ 29.388273] ? __virt_addr_valid+0x1db/0x2d0 [ 29.388313] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.388337] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.388365] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.388389] kasan_report+0x141/0x180 [ 29.388414] ? kasan_atomics_helper+0x18b1/0x5450 [ 29.388442] kasan_check_range+0x10c/0x1c0 [ 29.388468] __kasan_check_write+0x18/0x20 [ 29.388494] kasan_atomics_helper+0x18b1/0x5450 [ 29.388518] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.388543] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.388569] ? kasan_atomics+0x152/0x310 [ 29.388597] kasan_atomics+0x1dc/0x310 [ 29.388621] ? __pfx_kasan_atomics+0x10/0x10 [ 29.388647] ? __pfx_read_tsc+0x10/0x10 [ 29.388673] ? ktime_get_ts64+0x86/0x230 [ 29.388699] kunit_try_run_case+0x1a5/0x480 [ 29.388725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.388773] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.388812] ? __kthread_parkme+0x82/0x180 [ 29.388838] ? preempt_count_sub+0x50/0x80 [ 29.388865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.388891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.388918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.388957] kthread+0x337/0x6f0 [ 29.388979] ? trace_preempt_on+0x20/0xc0 [ 29.389004] ? __pfx_kthread+0x10/0x10 [ 29.389026] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.389060] ? calculate_sigpending+0x7b/0xa0 [ 29.389085] ? __pfx_kthread+0x10/0x10 [ 29.389108] ret_from_fork+0x116/0x1d0 [ 29.389134] ? __pfx_kthread+0x10/0x10 [ 29.389157] ret_from_fork_asm+0x1a/0x30 [ 29.389190] </TASK> [ 29.389202] [ 29.401998] Allocated by task 314: [ 29.402162] kasan_save_stack+0x45/0x70 [ 29.402380] kasan_save_track+0x18/0x40 [ 29.402935] kasan_save_alloc_info+0x3b/0x50 [ 29.403310] __kasan_kmalloc+0xb7/0xc0 [ 29.403603] __kmalloc_cache_noprof+0x189/0x420 [ 29.403991] kasan_atomics+0x95/0x310 [ 29.404226] kunit_try_run_case+0x1a5/0x480 [ 29.404597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.404896] kthread+0x337/0x6f0 [ 29.405038] ret_from_fork+0x116/0x1d0 [ 29.405362] ret_from_fork_asm+0x1a/0x30 [ 29.405625] [ 29.405721] The buggy address belongs to the object at ffff888106266f00 [ 29.405721] which belongs to the cache kmalloc-64 of size 64 [ 29.406656] The buggy address is located 0 bytes to the right of [ 29.406656] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.407681] [ 29.407780] The buggy address belongs to the physical page: [ 29.408453] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.409018] flags: 0x200000000000000(node=0|zone=2) [ 29.409321] page_type: f5(slab) [ 29.409464] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.409796] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.410214] page dumped because: kasan: bad access detected [ 29.410495] [ 29.410612] Memory state around the buggy address: [ 29.410893] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.411407] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.411738] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.412185] ^ [ 29.412465] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.412748] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.413365] ================================================================== [ 29.076683] ================================================================== [ 29.077135] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 29.077485] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.077756] [ 29.078102] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.078157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.078171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.078193] Call Trace: [ 29.078207] <TASK> [ 29.078224] dump_stack_lvl+0x73/0xb0 [ 29.078254] print_report+0xd1/0x640 [ 29.078277] ? __virt_addr_valid+0x1db/0x2d0 [ 29.078328] ? kasan_atomics_helper+0x1217/0x5450 [ 29.078352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.078380] ? kasan_atomics_helper+0x1217/0x5450 [ 29.078404] kasan_report+0x141/0x180 [ 29.078429] ? kasan_atomics_helper+0x1217/0x5450 [ 29.078458] kasan_check_range+0x10c/0x1c0 [ 29.078503] __kasan_check_write+0x18/0x20 [ 29.078529] kasan_atomics_helper+0x1217/0x5450 [ 29.078553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.078578] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.078604] ? kasan_atomics+0x152/0x310 [ 29.078632] kasan_atomics+0x1dc/0x310 [ 29.078656] ? __pfx_kasan_atomics+0x10/0x10 [ 29.078682] ? __pfx_read_tsc+0x10/0x10 [ 29.078706] ? ktime_get_ts64+0x86/0x230 [ 29.078731] kunit_try_run_case+0x1a5/0x480 [ 29.078757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.078788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.078812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.078840] ? __kthread_parkme+0x82/0x180 [ 29.078863] ? preempt_count_sub+0x50/0x80 [ 29.078888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.078913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.079023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.079075] kthread+0x337/0x6f0 [ 29.079099] ? trace_preempt_on+0x20/0xc0 [ 29.079124] ? __pfx_kthread+0x10/0x10 [ 29.079147] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.079173] ? calculate_sigpending+0x7b/0xa0 [ 29.079199] ? __pfx_kthread+0x10/0x10 [ 29.079223] ret_from_fork+0x116/0x1d0 [ 29.079244] ? __pfx_kthread+0x10/0x10 [ 29.079266] ret_from_fork_asm+0x1a/0x30 [ 29.079299] </TASK> [ 29.079312] [ 29.087319] Allocated by task 314: [ 29.087503] kasan_save_stack+0x45/0x70 [ 29.087704] kasan_save_track+0x18/0x40 [ 29.087991] kasan_save_alloc_info+0x3b/0x50 [ 29.088265] __kasan_kmalloc+0xb7/0xc0 [ 29.088454] __kmalloc_cache_noprof+0x189/0x420 [ 29.088675] kasan_atomics+0x95/0x310 [ 29.088909] kunit_try_run_case+0x1a5/0x480 [ 29.089091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.089375] kthread+0x337/0x6f0 [ 29.089547] ret_from_fork+0x116/0x1d0 [ 29.089755] ret_from_fork_asm+0x1a/0x30 [ 29.090115] [ 29.090260] The buggy address belongs to the object at ffff888106266f00 [ 29.090260] which belongs to the cache kmalloc-64 of size 64 [ 29.090732] The buggy address is located 0 bytes to the right of [ 29.090732] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.091367] [ 29.091466] The buggy address belongs to the physical page: [ 29.091722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.092059] flags: 0x200000000000000(node=0|zone=2) [ 29.092235] page_type: f5(slab) [ 29.092355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.092757] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.093198] page dumped because: kasan: bad access detected [ 29.093458] [ 29.093550] Memory state around the buggy address: [ 29.093767] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.094337] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.094603] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.095065] ^ [ 29.095270] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.095532] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.095934] ================================================================== [ 29.836233] ================================================================== [ 29.836685] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 29.837052] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.837413] [ 29.837529] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.837605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.837620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.837641] Call Trace: [ 29.837667] <TASK> [ 29.837687] dump_stack_lvl+0x73/0xb0 [ 29.837717] print_report+0xd1/0x640 [ 29.837742] ? __virt_addr_valid+0x1db/0x2d0 [ 29.837767] ? kasan_atomics_helper+0x218a/0x5450 [ 29.837791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.837820] ? kasan_atomics_helper+0x218a/0x5450 [ 29.837844] kasan_report+0x141/0x180 [ 29.837886] ? kasan_atomics_helper+0x218a/0x5450 [ 29.837928] kasan_check_range+0x10c/0x1c0 [ 29.837963] __kasan_check_write+0x18/0x20 [ 29.838003] kasan_atomics_helper+0x218a/0x5450 [ 29.838042] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.838086] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.838114] ? kasan_atomics+0x152/0x310 [ 29.838142] kasan_atomics+0x1dc/0x310 [ 29.838177] ? __pfx_kasan_atomics+0x10/0x10 [ 29.838204] ? __pfx_read_tsc+0x10/0x10 [ 29.838227] ? ktime_get_ts64+0x86/0x230 [ 29.838253] kunit_try_run_case+0x1a5/0x480 [ 29.838280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.838304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.838356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.838385] ? __kthread_parkme+0x82/0x180 [ 29.838407] ? preempt_count_sub+0x50/0x80 [ 29.838461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.838488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.838526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.838553] kthread+0x337/0x6f0 [ 29.838575] ? trace_preempt_on+0x20/0xc0 [ 29.838600] ? __pfx_kthread+0x10/0x10 [ 29.838649] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.838677] ? calculate_sigpending+0x7b/0xa0 [ 29.838713] ? __pfx_kthread+0x10/0x10 [ 29.838737] ret_from_fork+0x116/0x1d0 [ 29.838784] ? __pfx_kthread+0x10/0x10 [ 29.838807] ret_from_fork_asm+0x1a/0x30 [ 29.838840] </TASK> [ 29.838863] [ 29.847042] Allocated by task 314: [ 29.847167] kasan_save_stack+0x45/0x70 [ 29.847306] kasan_save_track+0x18/0x40 [ 29.847436] kasan_save_alloc_info+0x3b/0x50 [ 29.847580] __kasan_kmalloc+0xb7/0xc0 [ 29.847711] __kmalloc_cache_noprof+0x189/0x420 [ 29.847887] kasan_atomics+0x95/0x310 [ 29.848105] kunit_try_run_case+0x1a5/0x480 [ 29.848309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.848558] kthread+0x337/0x6f0 [ 29.848720] ret_from_fork+0x116/0x1d0 [ 29.848902] ret_from_fork_asm+0x1a/0x30 [ 29.849252] [ 29.849324] The buggy address belongs to the object at ffff888106266f00 [ 29.849324] which belongs to the cache kmalloc-64 of size 64 [ 29.849673] The buggy address is located 0 bytes to the right of [ 29.849673] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.850190] [ 29.850287] The buggy address belongs to the physical page: [ 29.850557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.850922] flags: 0x200000000000000(node=0|zone=2) [ 29.851295] page_type: f5(slab) [ 29.851488] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.851801] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.852147] page dumped because: kasan: bad access detected [ 29.852396] [ 29.852464] Memory state around the buggy address: [ 29.852690] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.852988] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.853378] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.853686] ^ [ 29.853887] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.854276] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.854590] ================================================================== [ 28.609117] ================================================================== [ 28.609495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 28.609913] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.610291] [ 28.610401] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.610450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.610463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.610486] Call Trace: [ 28.610501] <TASK> [ 28.610518] dump_stack_lvl+0x73/0xb0 [ 28.610548] print_report+0xd1/0x640 [ 28.610573] ? __virt_addr_valid+0x1db/0x2d0 [ 28.610598] ? kasan_atomics_helper+0x860/0x5450 [ 28.610621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.610650] ? kasan_atomics_helper+0x860/0x5450 [ 28.610674] kasan_report+0x141/0x180 [ 28.610699] ? kasan_atomics_helper+0x860/0x5450 [ 28.610728] kasan_check_range+0x10c/0x1c0 [ 28.610753] __kasan_check_write+0x18/0x20 [ 28.610847] kasan_atomics_helper+0x860/0x5450 [ 28.610875] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.610900] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.610927] ? kasan_atomics+0x152/0x310 [ 28.610966] kasan_atomics+0x1dc/0x310 [ 28.610990] ? __pfx_kasan_atomics+0x10/0x10 [ 28.611017] ? __pfx_read_tsc+0x10/0x10 [ 28.611042] ? ktime_get_ts64+0x86/0x230 [ 28.611068] kunit_try_run_case+0x1a5/0x480 [ 28.611112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.611162] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.611191] ? __kthread_parkme+0x82/0x180 [ 28.611213] ? preempt_count_sub+0x50/0x80 [ 28.611238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.611264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.611289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.611342] kthread+0x337/0x6f0 [ 28.611364] ? trace_preempt_on+0x20/0xc0 [ 28.611390] ? __pfx_kthread+0x10/0x10 [ 28.611412] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.611438] ? calculate_sigpending+0x7b/0xa0 [ 28.611464] ? __pfx_kthread+0x10/0x10 [ 28.611488] ret_from_fork+0x116/0x1d0 [ 28.611528] ? __pfx_kthread+0x10/0x10 [ 28.611551] ret_from_fork_asm+0x1a/0x30 [ 28.611584] </TASK> [ 28.611596] [ 28.620678] Allocated by task 314: [ 28.620816] kasan_save_stack+0x45/0x70 [ 28.620972] kasan_save_track+0x18/0x40 [ 28.621166] kasan_save_alloc_info+0x3b/0x50 [ 28.621374] __kasan_kmalloc+0xb7/0xc0 [ 28.621558] __kmalloc_cache_noprof+0x189/0x420 [ 28.621780] kasan_atomics+0x95/0x310 [ 28.621969] kunit_try_run_case+0x1a5/0x480 [ 28.622180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.622434] kthread+0x337/0x6f0 [ 28.622601] ret_from_fork+0x116/0x1d0 [ 28.622759] ret_from_fork_asm+0x1a/0x30 [ 28.622895] [ 28.623246] The buggy address belongs to the object at ffff888106266f00 [ 28.623246] which belongs to the cache kmalloc-64 of size 64 [ 28.623890] The buggy address is located 0 bytes to the right of [ 28.623890] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.624497] [ 28.624593] The buggy address belongs to the physical page: [ 28.624915] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.625270] flags: 0x200000000000000(node=0|zone=2) [ 28.625434] page_type: f5(slab) [ 28.625552] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.625856] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.626224] page dumped because: kasan: bad access detected [ 28.626504] [ 28.626613] Memory state around the buggy address: [ 28.627044] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.627454] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.627905] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.628266] ^ [ 28.628517] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.628903] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.629167] ================================================================== [ 29.280155] ================================================================== [ 29.280627] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 29.281361] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.281955] [ 29.282068] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.282118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.282131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.282153] Call Trace: [ 29.282177] <TASK> [ 29.282192] dump_stack_lvl+0x73/0xb0 [ 29.282222] print_report+0xd1/0x640 [ 29.282246] ? __virt_addr_valid+0x1db/0x2d0 [ 29.282271] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.282294] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.282323] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.282367] kasan_report+0x141/0x180 [ 29.282391] ? kasan_atomics_helper+0x15b6/0x5450 [ 29.282420] kasan_check_range+0x10c/0x1c0 [ 29.282445] __kasan_check_write+0x18/0x20 [ 29.282471] kasan_atomics_helper+0x15b6/0x5450 [ 29.282495] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.282535] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.282561] ? kasan_atomics+0x152/0x310 [ 29.282604] kasan_atomics+0x1dc/0x310 [ 29.282641] ? __pfx_kasan_atomics+0x10/0x10 [ 29.282680] ? __pfx_read_tsc+0x10/0x10 [ 29.282717] ? ktime_get_ts64+0x86/0x230 [ 29.282743] kunit_try_run_case+0x1a5/0x480 [ 29.282783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.282885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.282910] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.282939] ? __kthread_parkme+0x82/0x180 [ 29.282974] ? preempt_count_sub+0x50/0x80 [ 29.282999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.283026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.283052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.283078] kthread+0x337/0x6f0 [ 29.283100] ? trace_preempt_on+0x20/0xc0 [ 29.283125] ? __pfx_kthread+0x10/0x10 [ 29.283155] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.283182] ? calculate_sigpending+0x7b/0xa0 [ 29.283207] ? __pfx_kthread+0x10/0x10 [ 29.283231] ret_from_fork+0x116/0x1d0 [ 29.283253] ? __pfx_kthread+0x10/0x10 [ 29.283276] ret_from_fork_asm+0x1a/0x30 [ 29.283309] </TASK> [ 29.283322] [ 29.293804] Allocated by task 314: [ 29.294112] kasan_save_stack+0x45/0x70 [ 29.294378] kasan_save_track+0x18/0x40 [ 29.294617] kasan_save_alloc_info+0x3b/0x50 [ 29.294824] __kasan_kmalloc+0xb7/0xc0 [ 29.295049] __kmalloc_cache_noprof+0x189/0x420 [ 29.295273] kasan_atomics+0x95/0x310 [ 29.295455] kunit_try_run_case+0x1a5/0x480 [ 29.295656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.296248] kthread+0x337/0x6f0 [ 29.296440] ret_from_fork+0x116/0x1d0 [ 29.296627] ret_from_fork_asm+0x1a/0x30 [ 29.296778] [ 29.296952] The buggy address belongs to the object at ffff888106266f00 [ 29.296952] which belongs to the cache kmalloc-64 of size 64 [ 29.297484] The buggy address is located 0 bytes to the right of [ 29.297484] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.298059] [ 29.298184] The buggy address belongs to the physical page: [ 29.298413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.298770] flags: 0x200000000000000(node=0|zone=2) [ 29.298994] page_type: f5(slab) [ 29.299266] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.299511] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.299763] page dumped because: kasan: bad access detected [ 29.300014] [ 29.300330] Memory state around the buggy address: [ 29.300604] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.301010] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.301265] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.301476] ^ [ 29.301630] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.301974] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.302832] ================================================================== [ 29.664269] ================================================================== [ 29.665230] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 29.665918] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.666642] [ 29.666863] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.666921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.667057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.667084] Call Trace: [ 29.667103] <TASK> [ 29.667121] dump_stack_lvl+0x73/0xb0 [ 29.667154] print_report+0xd1/0x640 [ 29.667180] ? __virt_addr_valid+0x1db/0x2d0 [ 29.667245] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.667268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.667297] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.667320] kasan_report+0x141/0x180 [ 29.667345] ? kasan_atomics_helper+0x1eaa/0x5450 [ 29.667373] kasan_check_range+0x10c/0x1c0 [ 29.667399] __kasan_check_write+0x18/0x20 [ 29.667424] kasan_atomics_helper+0x1eaa/0x5450 [ 29.667449] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.667473] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.667499] ? kasan_atomics+0x152/0x310 [ 29.667527] kasan_atomics+0x1dc/0x310 [ 29.667551] ? __pfx_kasan_atomics+0x10/0x10 [ 29.667576] ? __pfx_read_tsc+0x10/0x10 [ 29.667601] ? ktime_get_ts64+0x86/0x230 [ 29.667627] kunit_try_run_case+0x1a5/0x480 [ 29.667654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.667679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.667703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.667731] ? __kthread_parkme+0x82/0x180 [ 29.667753] ? preempt_count_sub+0x50/0x80 [ 29.667779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.667818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.667844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.667870] kthread+0x337/0x6f0 [ 29.667891] ? trace_preempt_on+0x20/0xc0 [ 29.667916] ? __pfx_kthread+0x10/0x10 [ 29.667938] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.667975] ? calculate_sigpending+0x7b/0xa0 [ 29.667999] ? __pfx_kthread+0x10/0x10 [ 29.668023] ret_from_fork+0x116/0x1d0 [ 29.668044] ? __pfx_kthread+0x10/0x10 [ 29.668076] ret_from_fork_asm+0x1a/0x30 [ 29.668109] </TASK> [ 29.668122] [ 29.680631] Allocated by task 314: [ 29.680858] kasan_save_stack+0x45/0x70 [ 29.681033] kasan_save_track+0x18/0x40 [ 29.681210] kasan_save_alloc_info+0x3b/0x50 [ 29.681396] __kasan_kmalloc+0xb7/0xc0 [ 29.681562] __kmalloc_cache_noprof+0x189/0x420 [ 29.681758] kasan_atomics+0x95/0x310 [ 29.682418] kunit_try_run_case+0x1a5/0x480 [ 29.682833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.683333] kthread+0x337/0x6f0 [ 29.683622] ret_from_fork+0x116/0x1d0 [ 29.683969] ret_from_fork_asm+0x1a/0x30 [ 29.684369] [ 29.684468] The buggy address belongs to the object at ffff888106266f00 [ 29.684468] which belongs to the cache kmalloc-64 of size 64 [ 29.685477] The buggy address is located 0 bytes to the right of [ 29.685477] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.686382] [ 29.686477] The buggy address belongs to the physical page: [ 29.686668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.687455] flags: 0x200000000000000(node=0|zone=2) [ 29.688086] page_type: f5(slab) [ 29.688442] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.688851] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.689619] page dumped because: kasan: bad access detected [ 29.690190] [ 29.690328] Memory state around the buggy address: [ 29.690777] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.691361] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.691669] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.692231] ^ [ 29.692759] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.693492] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.694176] ================================================================== [ 29.816351] ================================================================== [ 29.816618] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 29.817216] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.817477] [ 29.817604] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.817666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.817679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.817715] Call Trace: [ 29.817731] <TASK> [ 29.817746] dump_stack_lvl+0x73/0xb0 [ 29.817800] print_report+0xd1/0x640 [ 29.817825] ? __virt_addr_valid+0x1db/0x2d0 [ 29.817862] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.817885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.817913] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.817937] kasan_report+0x141/0x180 [ 29.817970] ? kasan_atomics_helper+0x4fb2/0x5450 [ 29.817998] __asan_report_load8_noabort+0x18/0x20 [ 29.818025] kasan_atomics_helper+0x4fb2/0x5450 [ 29.818049] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.818084] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.818111] ? kasan_atomics+0x152/0x310 [ 29.818139] kasan_atomics+0x1dc/0x310 [ 29.818163] ? __pfx_kasan_atomics+0x10/0x10 [ 29.818218] ? __pfx_read_tsc+0x10/0x10 [ 29.818243] ? ktime_get_ts64+0x86/0x230 [ 29.818269] kunit_try_run_case+0x1a5/0x480 [ 29.818305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.818330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.818371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.818409] ? __kthread_parkme+0x82/0x180 [ 29.818431] ? preempt_count_sub+0x50/0x80 [ 29.818484] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.818511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.818536] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.818563] kthread+0x337/0x6f0 [ 29.818584] ? trace_preempt_on+0x20/0xc0 [ 29.818609] ? __pfx_kthread+0x10/0x10 [ 29.818631] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.818684] ? calculate_sigpending+0x7b/0xa0 [ 29.818710] ? __pfx_kthread+0x10/0x10 [ 29.818769] ret_from_fork+0x116/0x1d0 [ 29.818791] ? __pfx_kthread+0x10/0x10 [ 29.818813] ret_from_fork_asm+0x1a/0x30 [ 29.818856] </TASK> [ 29.818868] [ 29.827178] Allocated by task 314: [ 29.827327] kasan_save_stack+0x45/0x70 [ 29.827524] kasan_save_track+0x18/0x40 [ 29.827763] kasan_save_alloc_info+0x3b/0x50 [ 29.827994] __kasan_kmalloc+0xb7/0xc0 [ 29.828164] __kmalloc_cache_noprof+0x189/0x420 [ 29.828400] kasan_atomics+0x95/0x310 [ 29.828622] kunit_try_run_case+0x1a5/0x480 [ 29.828826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.829147] kthread+0x337/0x6f0 [ 29.829307] ret_from_fork+0x116/0x1d0 [ 29.829541] ret_from_fork_asm+0x1a/0x30 [ 29.829739] [ 29.829816] The buggy address belongs to the object at ffff888106266f00 [ 29.829816] which belongs to the cache kmalloc-64 of size 64 [ 29.830456] The buggy address is located 0 bytes to the right of [ 29.830456] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.830986] [ 29.831056] The buggy address belongs to the physical page: [ 29.831228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.831520] flags: 0x200000000000000(node=0|zone=2) [ 29.831749] page_type: f5(slab) [ 29.832062] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.832400] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.832728] page dumped because: kasan: bad access detected [ 29.832983] [ 29.833081] Memory state around the buggy address: [ 29.833285] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.833501] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.833738] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.834074] ^ [ 29.834348] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.834709] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.835018] ================================================================== [ 28.867493] ================================================================== [ 28.867915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 28.868521] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.868861] [ 28.868970] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.869017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.869030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.869051] Call Trace: [ 28.869065] <TASK> [ 28.869080] dump_stack_lvl+0x73/0xb0 [ 28.869106] print_report+0xd1/0x640 [ 28.869137] ? __virt_addr_valid+0x1db/0x2d0 [ 28.869162] ? kasan_atomics_helper+0xde0/0x5450 [ 28.869184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.869212] ? kasan_atomics_helper+0xde0/0x5450 [ 28.869236] kasan_report+0x141/0x180 [ 28.869260] ? kasan_atomics_helper+0xde0/0x5450 [ 28.869288] kasan_check_range+0x10c/0x1c0 [ 28.869324] __kasan_check_write+0x18/0x20 [ 28.869351] kasan_atomics_helper+0xde0/0x5450 [ 28.869383] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.869407] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.869434] ? kasan_atomics+0x152/0x310 [ 28.869462] kasan_atomics+0x1dc/0x310 [ 28.869486] ? __pfx_kasan_atomics+0x10/0x10 [ 28.869513] ? __pfx_read_tsc+0x10/0x10 [ 28.869536] ? ktime_get_ts64+0x86/0x230 [ 28.869562] kunit_try_run_case+0x1a5/0x480 [ 28.869588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.869612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.869636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.869673] ? __kthread_parkme+0x82/0x180 [ 28.869696] ? preempt_count_sub+0x50/0x80 [ 28.869721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.869748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.869773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.869799] kthread+0x337/0x6f0 [ 28.869821] ? trace_preempt_on+0x20/0xc0 [ 28.869845] ? __pfx_kthread+0x10/0x10 [ 28.869868] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.869894] ? calculate_sigpending+0x7b/0xa0 [ 28.869920] ? __pfx_kthread+0x10/0x10 [ 28.869955] ret_from_fork+0x116/0x1d0 [ 28.869978] ? __pfx_kthread+0x10/0x10 [ 28.870017] ret_from_fork_asm+0x1a/0x30 [ 28.870059] </TASK> [ 28.870071] [ 28.878685] Allocated by task 314: [ 28.878849] kasan_save_stack+0x45/0x70 [ 28.879101] kasan_save_track+0x18/0x40 [ 28.879999] kasan_save_alloc_info+0x3b/0x50 [ 28.880155] __kasan_kmalloc+0xb7/0xc0 [ 28.880287] __kmalloc_cache_noprof+0x189/0x420 [ 28.880442] kasan_atomics+0x95/0x310 [ 28.880576] kunit_try_run_case+0x1a5/0x480 [ 28.880722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.880960] kthread+0x337/0x6f0 [ 28.881135] ret_from_fork+0x116/0x1d0 [ 28.881322] ret_from_fork_asm+0x1a/0x30 [ 28.881529] [ 28.881617] The buggy address belongs to the object at ffff888106266f00 [ 28.881617] which belongs to the cache kmalloc-64 of size 64 [ 28.882764] The buggy address is located 0 bytes to the right of [ 28.882764] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.883277] [ 28.883347] The buggy address belongs to the physical page: [ 28.883525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.883772] flags: 0x200000000000000(node=0|zone=2) [ 28.883936] page_type: f5(slab) [ 28.884171] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.884970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.885453] page dumped because: kasan: bad access detected [ 28.885714] [ 28.885782] Memory state around the buggy address: [ 28.885939] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.886170] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.886390] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.886651] ^ [ 28.887062] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.887726] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.888106] ================================================================== [ 28.629571] ================================================================== [ 28.630019] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 28.630396] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.630722] [ 28.631018] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.631070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.631106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.631128] Call Trace: [ 28.631145] <TASK> [ 28.631160] dump_stack_lvl+0x73/0xb0 [ 28.631211] print_report+0xd1/0x640 [ 28.631236] ? __virt_addr_valid+0x1db/0x2d0 [ 28.631262] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.631303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.631333] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.631356] kasan_report+0x141/0x180 [ 28.631381] ? kasan_atomics_helper+0x8f9/0x5450 [ 28.631409] kasan_check_range+0x10c/0x1c0 [ 28.631436] __kasan_check_write+0x18/0x20 [ 28.631462] kasan_atomics_helper+0x8f9/0x5450 [ 28.631487] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.631529] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.631556] ? kasan_atomics+0x152/0x310 [ 28.631584] kasan_atomics+0x1dc/0x310 [ 28.631609] ? __pfx_kasan_atomics+0x10/0x10 [ 28.631636] ? __pfx_read_tsc+0x10/0x10 [ 28.631660] ? ktime_get_ts64+0x86/0x230 [ 28.631700] kunit_try_run_case+0x1a5/0x480 [ 28.631727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.631752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.631860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.631908] ? __kthread_parkme+0x82/0x180 [ 28.631954] ? preempt_count_sub+0x50/0x80 [ 28.631994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.632034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.632103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.632142] kthread+0x337/0x6f0 [ 28.632178] ? trace_preempt_on+0x20/0xc0 [ 28.632216] ? __pfx_kthread+0x10/0x10 [ 28.632252] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.632291] ? calculate_sigpending+0x7b/0xa0 [ 28.632330] ? __pfx_kthread+0x10/0x10 [ 28.632367] ret_from_fork+0x116/0x1d0 [ 28.632401] ? __pfx_kthread+0x10/0x10 [ 28.632436] ret_from_fork_asm+0x1a/0x30 [ 28.632497] </TASK> [ 28.632509] [ 28.645172] Allocated by task 314: [ 28.645894] kasan_save_stack+0x45/0x70 [ 28.646431] kasan_save_track+0x18/0x40 [ 28.646895] kasan_save_alloc_info+0x3b/0x50 [ 28.647573] __kasan_kmalloc+0xb7/0xc0 [ 28.648143] __kmalloc_cache_noprof+0x189/0x420 [ 28.648796] kasan_atomics+0x95/0x310 [ 28.649346] kunit_try_run_case+0x1a5/0x480 [ 28.649509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.649686] kthread+0x337/0x6f0 [ 28.650084] ret_from_fork+0x116/0x1d0 [ 28.650582] ret_from_fork_asm+0x1a/0x30 [ 28.651088] [ 28.651527] The buggy address belongs to the object at ffff888106266f00 [ 28.651527] which belongs to the cache kmalloc-64 of size 64 [ 28.652925] The buggy address is located 0 bytes to the right of [ 28.652925] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.654057] [ 28.654139] The buggy address belongs to the physical page: [ 28.654325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.654579] flags: 0x200000000000000(node=0|zone=2) [ 28.654748] page_type: f5(slab) [ 28.655324] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.656497] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.657411] page dumped because: kasan: bad access detected [ 28.658163] [ 28.658462] Memory state around the buggy address: [ 28.659070] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.659683] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.660234] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.660907] ^ [ 28.661426] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.661746] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.662517] ================================================================== [ 28.696412] ================================================================== [ 28.697040] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 28.697467] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.697707] [ 28.697828] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.697879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.697893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.697915] Call Trace: [ 28.697932] <TASK> [ 28.697960] dump_stack_lvl+0x73/0xb0 [ 28.697991] print_report+0xd1/0x640 [ 28.698015] ? __virt_addr_valid+0x1db/0x2d0 [ 28.698040] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.698064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.698092] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.698116] kasan_report+0x141/0x180 [ 28.698139] ? kasan_atomics_helper+0xa2b/0x5450 [ 28.698167] kasan_check_range+0x10c/0x1c0 [ 28.698193] __kasan_check_write+0x18/0x20 [ 28.698218] kasan_atomics_helper+0xa2b/0x5450 [ 28.698242] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.698267] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.698294] ? kasan_atomics+0x152/0x310 [ 28.698323] kasan_atomics+0x1dc/0x310 [ 28.698347] ? __pfx_kasan_atomics+0x10/0x10 [ 28.698384] ? __pfx_read_tsc+0x10/0x10 [ 28.698408] ? ktime_get_ts64+0x86/0x230 [ 28.698435] kunit_try_run_case+0x1a5/0x480 [ 28.698461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.698487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.698510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.698539] ? __kthread_parkme+0x82/0x180 [ 28.698561] ? preempt_count_sub+0x50/0x80 [ 28.698586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.698613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.698639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.698665] kthread+0x337/0x6f0 [ 28.698687] ? trace_preempt_on+0x20/0xc0 [ 28.698712] ? __pfx_kthread+0x10/0x10 [ 28.698734] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.698761] ? calculate_sigpending+0x7b/0xa0 [ 28.698925] ? __pfx_kthread+0x10/0x10 [ 28.698971] ret_from_fork+0x116/0x1d0 [ 28.698994] ? __pfx_kthread+0x10/0x10 [ 28.699016] ret_from_fork_asm+0x1a/0x30 [ 28.699050] </TASK> [ 28.699075] [ 28.713712] Allocated by task 314: [ 28.714135] kasan_save_stack+0x45/0x70 [ 28.714555] kasan_save_track+0x18/0x40 [ 28.714965] kasan_save_alloc_info+0x3b/0x50 [ 28.715473] __kasan_kmalloc+0xb7/0xc0 [ 28.715850] __kmalloc_cache_noprof+0x189/0x420 [ 28.716480] kasan_atomics+0x95/0x310 [ 28.716864] kunit_try_run_case+0x1a5/0x480 [ 28.717068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.717633] kthread+0x337/0x6f0 [ 28.717899] ret_from_fork+0x116/0x1d0 [ 28.718298] ret_from_fork_asm+0x1a/0x30 [ 28.718545] [ 28.718614] The buggy address belongs to the object at ffff888106266f00 [ 28.718614] which belongs to the cache kmalloc-64 of size 64 [ 28.719565] The buggy address is located 0 bytes to the right of [ 28.719565] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.720753] [ 28.720925] The buggy address belongs to the physical page: [ 28.721272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.721525] flags: 0x200000000000000(node=0|zone=2) [ 28.721691] page_type: f5(slab) [ 28.721828] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.722145] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.722519] page dumped because: kasan: bad access detected [ 28.722740] [ 28.722806] Memory state around the buggy address: [ 28.723198] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.723509] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.723890] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.724128] ^ [ 28.724371] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.724638] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.725178] ================================================================== [ 29.899567] ================================================================== [ 29.900306] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 29.900546] Read of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.900894] [ 29.901024] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.901072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.901086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.901107] Call Trace: [ 29.901128] <TASK> [ 29.901173] dump_stack_lvl+0x73/0xb0 [ 29.901203] print_report+0xd1/0x640 [ 29.901227] ? __virt_addr_valid+0x1db/0x2d0 [ 29.901265] ? kasan_atomics_helper+0x5115/0x5450 [ 29.901288] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.901343] ? kasan_atomics_helper+0x5115/0x5450 [ 29.901368] kasan_report+0x141/0x180 [ 29.901392] ? kasan_atomics_helper+0x5115/0x5450 [ 29.901431] __asan_report_load8_noabort+0x18/0x20 [ 29.901458] kasan_atomics_helper+0x5115/0x5450 [ 29.901509] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.901534] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.901571] ? kasan_atomics+0x152/0x310 [ 29.901599] kasan_atomics+0x1dc/0x310 [ 29.901624] ? __pfx_kasan_atomics+0x10/0x10 [ 29.901676] ? __pfx_read_tsc+0x10/0x10 [ 29.901700] ? ktime_get_ts64+0x86/0x230 [ 29.901727] kunit_try_run_case+0x1a5/0x480 [ 29.901763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.901788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.901838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.901867] ? __kthread_parkme+0x82/0x180 [ 29.901900] ? preempt_count_sub+0x50/0x80 [ 29.901925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.901977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.902003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.902042] kthread+0x337/0x6f0 [ 29.902075] ? trace_preempt_on+0x20/0xc0 [ 29.902100] ? __pfx_kthread+0x10/0x10 [ 29.902134] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.902160] ? calculate_sigpending+0x7b/0xa0 [ 29.902186] ? __pfx_kthread+0x10/0x10 [ 29.902210] ret_from_fork+0x116/0x1d0 [ 29.902231] ? __pfx_kthread+0x10/0x10 [ 29.902254] ret_from_fork_asm+0x1a/0x30 [ 29.902286] </TASK> [ 29.902298] [ 29.910595] Allocated by task 314: [ 29.910774] kasan_save_stack+0x45/0x70 [ 29.910990] kasan_save_track+0x18/0x40 [ 29.911242] kasan_save_alloc_info+0x3b/0x50 [ 29.911473] __kasan_kmalloc+0xb7/0xc0 [ 29.911686] __kmalloc_cache_noprof+0x189/0x420 [ 29.911961] kasan_atomics+0x95/0x310 [ 29.912194] kunit_try_run_case+0x1a5/0x480 [ 29.912432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.912704] kthread+0x337/0x6f0 [ 29.912873] ret_from_fork+0x116/0x1d0 [ 29.913066] ret_from_fork_asm+0x1a/0x30 [ 29.913224] [ 29.913291] The buggy address belongs to the object at ffff888106266f00 [ 29.913291] which belongs to the cache kmalloc-64 of size 64 [ 29.913824] The buggy address is located 0 bytes to the right of [ 29.913824] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.914408] [ 29.914509] The buggy address belongs to the physical page: [ 29.914810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.915215] flags: 0x200000000000000(node=0|zone=2) [ 29.915471] page_type: f5(slab) [ 29.915642] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.915995] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.916387] page dumped because: kasan: bad access detected [ 29.916639] [ 29.916771] Memory state around the buggy address: [ 29.916985] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.917314] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.917643] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.917995] ^ [ 29.918404] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.918718] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.919036] ================================================================== [ 29.322373] ================================================================== [ 29.322593] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 29.322822] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.323057] [ 29.323310] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.323363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.323377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.323398] Call Trace: [ 29.323415] <TASK> [ 29.323431] dump_stack_lvl+0x73/0xb0 [ 29.323462] print_report+0xd1/0x640 [ 29.323485] ? __virt_addr_valid+0x1db/0x2d0 [ 29.323510] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.323533] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.323562] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.323586] kasan_report+0x141/0x180 [ 29.323611] ? kasan_atomics_helper+0x16e7/0x5450 [ 29.323640] kasan_check_range+0x10c/0x1c0 [ 29.323665] __kasan_check_write+0x18/0x20 [ 29.323691] kasan_atomics_helper+0x16e7/0x5450 [ 29.323715] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.323739] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.323766] ? kasan_atomics+0x152/0x310 [ 29.323794] kasan_atomics+0x1dc/0x310 [ 29.323818] ? __pfx_kasan_atomics+0x10/0x10 [ 29.323844] ? __pfx_read_tsc+0x10/0x10 [ 29.323868] ? ktime_get_ts64+0x86/0x230 [ 29.323893] kunit_try_run_case+0x1a5/0x480 [ 29.323920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.323959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.323983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.324011] ? __kthread_parkme+0x82/0x180 [ 29.324053] ? preempt_count_sub+0x50/0x80 [ 29.324080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.324106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.324132] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.324158] kthread+0x337/0x6f0 [ 29.324180] ? trace_preempt_on+0x20/0xc0 [ 29.324206] ? __pfx_kthread+0x10/0x10 [ 29.324228] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.324254] ? calculate_sigpending+0x7b/0xa0 [ 29.324280] ? __pfx_kthread+0x10/0x10 [ 29.324304] ret_from_fork+0x116/0x1d0 [ 29.324325] ? __pfx_kthread+0x10/0x10 [ 29.324348] ret_from_fork_asm+0x1a/0x30 [ 29.324380] </TASK> [ 29.324393] [ 29.333580] Allocated by task 314: [ 29.333712] kasan_save_stack+0x45/0x70 [ 29.333857] kasan_save_track+0x18/0x40 [ 29.334006] kasan_save_alloc_info+0x3b/0x50 [ 29.334214] __kasan_kmalloc+0xb7/0xc0 [ 29.334534] __kmalloc_cache_noprof+0x189/0x420 [ 29.334753] kasan_atomics+0x95/0x310 [ 29.334934] kunit_try_run_case+0x1a5/0x480 [ 29.335154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.335611] kthread+0x337/0x6f0 [ 29.335925] ret_from_fork+0x116/0x1d0 [ 29.336157] ret_from_fork_asm+0x1a/0x30 [ 29.336338] [ 29.336424] The buggy address belongs to the object at ffff888106266f00 [ 29.336424] which belongs to the cache kmalloc-64 of size 64 [ 29.336798] The buggy address is located 0 bytes to the right of [ 29.336798] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.337653] [ 29.337750] The buggy address belongs to the physical page: [ 29.338006] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.338254] flags: 0x200000000000000(node=0|zone=2) [ 29.338417] page_type: f5(slab) [ 29.338536] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.338773] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.339027] page dumped because: kasan: bad access detected [ 29.339528] [ 29.339616] Memory state around the buggy address: [ 29.339834] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.340550] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.341179] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.341449] ^ [ 29.341652] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.342044] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.342346] ================================================================== [ 28.908312] ================================================================== [ 28.908692] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 28.909097] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.909433] [ 28.909540] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.909588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.909601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.909621] Call Trace: [ 28.909637] <TASK> [ 28.909652] dump_stack_lvl+0x73/0xb0 [ 28.909682] print_report+0xd1/0x640 [ 28.909707] ? __virt_addr_valid+0x1db/0x2d0 [ 28.909731] ? kasan_atomics_helper+0xf10/0x5450 [ 28.909755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.909783] ? kasan_atomics_helper+0xf10/0x5450 [ 28.909816] kasan_report+0x141/0x180 [ 28.909840] ? kasan_atomics_helper+0xf10/0x5450 [ 28.909868] kasan_check_range+0x10c/0x1c0 [ 28.909894] __kasan_check_write+0x18/0x20 [ 28.909919] kasan_atomics_helper+0xf10/0x5450 [ 28.909955] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.909979] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.910006] ? kasan_atomics+0x152/0x310 [ 28.910034] kasan_atomics+0x1dc/0x310 [ 28.910058] ? __pfx_kasan_atomics+0x10/0x10 [ 28.910084] ? __pfx_read_tsc+0x10/0x10 [ 28.910108] ? ktime_get_ts64+0x86/0x230 [ 28.910133] kunit_try_run_case+0x1a5/0x480 [ 28.910159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.910184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.910207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.910235] ? __kthread_parkme+0x82/0x180 [ 28.910258] ? preempt_count_sub+0x50/0x80 [ 28.910283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.910310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.910335] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.910363] kthread+0x337/0x6f0 [ 28.910384] ? trace_preempt_on+0x20/0xc0 [ 28.910410] ? __pfx_kthread+0x10/0x10 [ 28.910433] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.910459] ? calculate_sigpending+0x7b/0xa0 [ 28.910484] ? __pfx_kthread+0x10/0x10 [ 28.910507] ret_from_fork+0x116/0x1d0 [ 28.910528] ? __pfx_kthread+0x10/0x10 [ 28.910551] ret_from_fork_asm+0x1a/0x30 [ 28.910583] </TASK> [ 28.910595] [ 28.926410] Allocated by task 314: [ 28.926546] kasan_save_stack+0x45/0x70 [ 28.926696] kasan_save_track+0x18/0x40 [ 28.926846] kasan_save_alloc_info+0x3b/0x50 [ 28.927014] __kasan_kmalloc+0xb7/0xc0 [ 28.927149] __kmalloc_cache_noprof+0x189/0x420 [ 28.927306] kasan_atomics+0x95/0x310 [ 28.927439] kunit_try_run_case+0x1a5/0x480 [ 28.927586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.927762] kthread+0x337/0x6f0 [ 28.927881] ret_from_fork+0x116/0x1d0 [ 28.929010] ret_from_fork_asm+0x1a/0x30 [ 28.929652] [ 28.930085] The buggy address belongs to the object at ffff888106266f00 [ 28.930085] which belongs to the cache kmalloc-64 of size 64 [ 28.931746] The buggy address is located 0 bytes to the right of [ 28.931746] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.933592] [ 28.933939] The buggy address belongs to the physical page: [ 28.934790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.935744] flags: 0x200000000000000(node=0|zone=2) [ 28.936066] page_type: f5(slab) [ 28.936244] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.936602] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.937138] page dumped because: kasan: bad access detected [ 28.937415] [ 28.937544] Memory state around the buggy address: [ 28.937776] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.938373] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.938715] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.939323] ^ [ 28.939504] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.939985] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.940297] ================================================================== [ 29.458259] ================================================================== [ 29.458482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 29.458825] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.459447] [ 29.459626] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.459674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.459688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.459709] Call Trace: [ 29.459724] <TASK> [ 29.459739] dump_stack_lvl+0x73/0xb0 [ 29.459811] print_report+0xd1/0x640 [ 29.459837] ? __virt_addr_valid+0x1db/0x2d0 [ 29.459874] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.459898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.459926] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.459961] kasan_report+0x141/0x180 [ 29.459986] ? kasan_atomics_helper+0x1a7f/0x5450 [ 29.460024] kasan_check_range+0x10c/0x1c0 [ 29.460050] __kasan_check_write+0x18/0x20 [ 29.460075] kasan_atomics_helper+0x1a7f/0x5450 [ 29.460126] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.460150] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.460177] ? kasan_atomics+0x152/0x310 [ 29.460205] kasan_atomics+0x1dc/0x310 [ 29.460229] ? __pfx_kasan_atomics+0x10/0x10 [ 29.460255] ? __pfx_read_tsc+0x10/0x10 [ 29.460279] ? ktime_get_ts64+0x86/0x230 [ 29.460304] kunit_try_run_case+0x1a5/0x480 [ 29.460330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.460355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.460378] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.460406] ? __kthread_parkme+0x82/0x180 [ 29.460427] ? preempt_count_sub+0x50/0x80 [ 29.460453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.460479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.460504] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.460531] kthread+0x337/0x6f0 [ 29.460552] ? trace_preempt_on+0x20/0xc0 [ 29.460576] ? __pfx_kthread+0x10/0x10 [ 29.460599] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.460625] ? calculate_sigpending+0x7b/0xa0 [ 29.460651] ? __pfx_kthread+0x10/0x10 [ 29.460675] ret_from_fork+0x116/0x1d0 [ 29.460696] ? __pfx_kthread+0x10/0x10 [ 29.460719] ret_from_fork_asm+0x1a/0x30 [ 29.460751] </TASK> [ 29.460764] [ 29.471279] Allocated by task 314: [ 29.471505] kasan_save_stack+0x45/0x70 [ 29.471731] kasan_save_track+0x18/0x40 [ 29.472356] kasan_save_alloc_info+0x3b/0x50 [ 29.473010] __kasan_kmalloc+0xb7/0xc0 [ 29.473318] __kmalloc_cache_noprof+0x189/0x420 [ 29.473794] kasan_atomics+0x95/0x310 [ 29.474010] kunit_try_run_case+0x1a5/0x480 [ 29.474453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.474669] kthread+0x337/0x6f0 [ 29.475019] ret_from_fork+0x116/0x1d0 [ 29.475174] ret_from_fork_asm+0x1a/0x30 [ 29.475388] [ 29.475542] The buggy address belongs to the object at ffff888106266f00 [ 29.475542] which belongs to the cache kmalloc-64 of size 64 [ 29.476415] The buggy address is located 0 bytes to the right of [ 29.476415] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.477064] [ 29.477178] The buggy address belongs to the physical page: [ 29.477621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.478161] flags: 0x200000000000000(node=0|zone=2) [ 29.478403] page_type: f5(slab) [ 29.478707] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.479209] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.479540] page dumped because: kasan: bad access detected [ 29.479909] [ 29.480033] Memory state around the buggy address: [ 29.480456] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.480920] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.481254] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.481731] ^ [ 29.482100] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.482587] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.482914] ================================================================== [ 28.401968] ================================================================== [ 28.402591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 28.403013] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.403346] [ 28.403431] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.403970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.403986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.404009] Call Trace: [ 28.404028] <TASK> [ 28.404044] dump_stack_lvl+0x73/0xb0 [ 28.404089] print_report+0xd1/0x640 [ 28.404114] ? __virt_addr_valid+0x1db/0x2d0 [ 28.404140] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.404163] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.404191] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.404215] kasan_report+0x141/0x180 [ 28.404240] ? kasan_atomics_helper+0x4b6e/0x5450 [ 28.404268] __asan_report_store4_noabort+0x1b/0x30 [ 28.404295] kasan_atomics_helper+0x4b6e/0x5450 [ 28.404319] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.404343] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.404371] ? kasan_atomics+0x152/0x310 [ 28.404399] kasan_atomics+0x1dc/0x310 [ 28.404423] ? __pfx_kasan_atomics+0x10/0x10 [ 28.404449] ? __pfx_read_tsc+0x10/0x10 [ 28.404472] ? ktime_get_ts64+0x86/0x230 [ 28.404498] kunit_try_run_case+0x1a5/0x480 [ 28.404525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.404574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.404602] ? __kthread_parkme+0x82/0x180 [ 28.404624] ? preempt_count_sub+0x50/0x80 [ 28.404649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.404675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.404700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.404726] kthread+0x337/0x6f0 [ 28.404748] ? trace_preempt_on+0x20/0xc0 [ 28.404772] ? __pfx_kthread+0x10/0x10 [ 28.404865] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.404894] ? calculate_sigpending+0x7b/0xa0 [ 28.404921] ? __pfx_kthread+0x10/0x10 [ 28.404956] ret_from_fork+0x116/0x1d0 [ 28.404978] ? __pfx_kthread+0x10/0x10 [ 28.405001] ret_from_fork_asm+0x1a/0x30 [ 28.405034] </TASK> [ 28.405047] [ 28.417233] Allocated by task 314: [ 28.417568] kasan_save_stack+0x45/0x70 [ 28.417782] kasan_save_track+0x18/0x40 [ 28.418042] kasan_save_alloc_info+0x3b/0x50 [ 28.418487] __kasan_kmalloc+0xb7/0xc0 [ 28.418659] __kmalloc_cache_noprof+0x189/0x420 [ 28.419267] kasan_atomics+0x95/0x310 [ 28.419428] kunit_try_run_case+0x1a5/0x480 [ 28.419583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.419763] kthread+0x337/0x6f0 [ 28.419894] ret_from_fork+0x116/0x1d0 [ 28.420266] ret_from_fork_asm+0x1a/0x30 [ 28.420741] [ 28.421216] The buggy address belongs to the object at ffff888106266f00 [ 28.421216] which belongs to the cache kmalloc-64 of size 64 [ 28.421810] The buggy address is located 0 bytes to the right of [ 28.421810] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.422834] [ 28.423155] The buggy address belongs to the physical page: [ 28.423717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.424337] flags: 0x200000000000000(node=0|zone=2) [ 28.424512] page_type: f5(slab) [ 28.424635] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.424886] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.425361] page dumped because: kasan: bad access detected [ 28.425579] [ 28.425647] Memory state around the buggy address: [ 28.425873] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.426297] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.426610] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.426894] ^ [ 28.427138] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.427554] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.427956] ================================================================== [ 28.334993] ================================================================== [ 28.335894] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 28.336853] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.337662] [ 28.337940] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.338003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.338016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.338037] Call Trace: [ 28.338049] <TASK> [ 28.338064] dump_stack_lvl+0x73/0xb0 [ 28.338104] print_report+0xd1/0x640 [ 28.338219] ? __virt_addr_valid+0x1db/0x2d0 [ 28.338249] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.338270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.338297] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.338321] kasan_report+0x141/0x180 [ 28.338344] ? kasan_atomics_helper+0x4ba2/0x5450 [ 28.338371] __asan_report_store4_noabort+0x1b/0x30 [ 28.338397] kasan_atomics_helper+0x4ba2/0x5450 [ 28.338421] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.338444] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.338471] ? kasan_atomics+0x152/0x310 [ 28.338499] kasan_atomics+0x1dc/0x310 [ 28.338523] ? __pfx_kasan_atomics+0x10/0x10 [ 28.338548] ? __pfx_read_tsc+0x10/0x10 [ 28.338571] ? ktime_get_ts64+0x86/0x230 [ 28.338595] kunit_try_run_case+0x1a5/0x480 [ 28.338620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.338644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.338667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.338694] ? __kthread_parkme+0x82/0x180 [ 28.338715] ? preempt_count_sub+0x50/0x80 [ 28.338740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.338765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.338812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.338838] kthread+0x337/0x6f0 [ 28.338860] ? trace_preempt_on+0x20/0xc0 [ 28.338884] ? __pfx_kthread+0x10/0x10 [ 28.338907] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.338932] ? calculate_sigpending+0x7b/0xa0 [ 28.338966] ? __pfx_kthread+0x10/0x10 [ 28.338988] ret_from_fork+0x116/0x1d0 [ 28.339008] ? __pfx_kthread+0x10/0x10 [ 28.339030] ret_from_fork_asm+0x1a/0x30 [ 28.339063] </TASK> [ 28.339074] [ 28.355004] Allocated by task 314: [ 28.355578] kasan_save_stack+0x45/0x70 [ 28.356005] kasan_save_track+0x18/0x40 [ 28.356528] kasan_save_alloc_info+0x3b/0x50 [ 28.357096] __kasan_kmalloc+0xb7/0xc0 [ 28.357478] __kmalloc_cache_noprof+0x189/0x420 [ 28.357780] kasan_atomics+0x95/0x310 [ 28.358328] kunit_try_run_case+0x1a5/0x480 [ 28.358549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.359320] kthread+0x337/0x6f0 [ 28.359459] ret_from_fork+0x116/0x1d0 [ 28.359595] ret_from_fork_asm+0x1a/0x30 [ 28.359734] [ 28.359879] The buggy address belongs to the object at ffff888106266f00 [ 28.359879] which belongs to the cache kmalloc-64 of size 64 [ 28.361566] The buggy address is located 0 bytes to the right of [ 28.361566] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.362921] [ 28.363308] The buggy address belongs to the physical page: [ 28.363504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.363764] flags: 0x200000000000000(node=0|zone=2) [ 28.364548] page_type: f5(slab) [ 28.365011] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.365864] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.366541] page dumped because: kasan: bad access detected [ 28.366731] [ 28.366930] Memory state around the buggy address: [ 28.367643] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.368453] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.369016] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.369744] ^ [ 28.370166] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.370718] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.371580] ================================================================== [ 29.116173] ================================================================== [ 29.116514] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 29.116895] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.117280] [ 29.117390] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.117438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.117451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.117472] Call Trace: [ 29.117486] <TASK> [ 29.117501] dump_stack_lvl+0x73/0xb0 [ 29.117531] print_report+0xd1/0x640 [ 29.117577] ? __virt_addr_valid+0x1db/0x2d0 [ 29.117604] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.117627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.117656] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.117679] kasan_report+0x141/0x180 [ 29.117703] ? kasan_atomics_helper+0x12e6/0x5450 [ 29.117731] kasan_check_range+0x10c/0x1c0 [ 29.117979] __kasan_check_write+0x18/0x20 [ 29.118012] kasan_atomics_helper+0x12e6/0x5450 [ 29.118038] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.118084] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.118112] ? kasan_atomics+0x152/0x310 [ 29.118140] kasan_atomics+0x1dc/0x310 [ 29.118166] ? __pfx_kasan_atomics+0x10/0x10 [ 29.118191] ? __pfx_read_tsc+0x10/0x10 [ 29.118215] ? ktime_get_ts64+0x86/0x230 [ 29.118240] kunit_try_run_case+0x1a5/0x480 [ 29.118267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.118291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.118314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.118342] ? __kthread_parkme+0x82/0x180 [ 29.118364] ? preempt_count_sub+0x50/0x80 [ 29.118389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.118416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.118442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.118468] kthread+0x337/0x6f0 [ 29.118490] ? trace_preempt_on+0x20/0xc0 [ 29.118533] ? __pfx_kthread+0x10/0x10 [ 29.118556] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.118582] ? calculate_sigpending+0x7b/0xa0 [ 29.118608] ? __pfx_kthread+0x10/0x10 [ 29.118631] ret_from_fork+0x116/0x1d0 [ 29.118653] ? __pfx_kthread+0x10/0x10 [ 29.118676] ret_from_fork_asm+0x1a/0x30 [ 29.118708] </TASK> [ 29.118721] [ 29.127232] Allocated by task 314: [ 29.127397] kasan_save_stack+0x45/0x70 [ 29.127545] kasan_save_track+0x18/0x40 [ 29.127681] kasan_save_alloc_info+0x3b/0x50 [ 29.127894] __kasan_kmalloc+0xb7/0xc0 [ 29.128249] __kmalloc_cache_noprof+0x189/0x420 [ 29.128505] kasan_atomics+0x95/0x310 [ 29.128663] kunit_try_run_case+0x1a5/0x480 [ 29.128951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.129164] kthread+0x337/0x6f0 [ 29.129290] ret_from_fork+0x116/0x1d0 [ 29.129425] ret_from_fork_asm+0x1a/0x30 [ 29.129566] [ 29.129662] The buggy address belongs to the object at ffff888106266f00 [ 29.129662] which belongs to the cache kmalloc-64 of size 64 [ 29.130500] The buggy address is located 0 bytes to the right of [ 29.130500] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.131212] [ 29.131319] The buggy address belongs to the physical page: [ 29.131580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.132137] flags: 0x200000000000000(node=0|zone=2) [ 29.132340] page_type: f5(slab) [ 29.132497] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.132977] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.133291] page dumped because: kasan: bad access detected [ 29.133530] [ 29.133623] Memory state around the buggy address: [ 29.134012] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.134352] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.134629] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.135098] ^ [ 29.135293] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.135630] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.135972] ================================================================== [ 28.751463] ================================================================== [ 28.751703] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 28.752856] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.754070] [ 28.754412] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.754470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.754484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.754505] Call Trace: [ 28.754522] <TASK> [ 28.754539] dump_stack_lvl+0x73/0xb0 [ 28.754570] print_report+0xd1/0x640 [ 28.754595] ? __virt_addr_valid+0x1db/0x2d0 [ 28.754621] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.754644] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.754672] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.754696] kasan_report+0x141/0x180 [ 28.754719] ? kasan_atomics_helper+0xb6a/0x5450 [ 28.754747] kasan_check_range+0x10c/0x1c0 [ 28.754772] __kasan_check_write+0x18/0x20 [ 28.754927] kasan_atomics_helper+0xb6a/0x5450 [ 28.754980] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.755005] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.755033] ? kasan_atomics+0x152/0x310 [ 28.755094] kasan_atomics+0x1dc/0x310 [ 28.755119] ? __pfx_kasan_atomics+0x10/0x10 [ 28.755145] ? __pfx_read_tsc+0x10/0x10 [ 28.755170] ? ktime_get_ts64+0x86/0x230 [ 28.755196] kunit_try_run_case+0x1a5/0x480 [ 28.755223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.755248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.755271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.755300] ? __kthread_parkme+0x82/0x180 [ 28.755322] ? preempt_count_sub+0x50/0x80 [ 28.755346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.755372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.755398] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.755424] kthread+0x337/0x6f0 [ 28.755446] ? trace_preempt_on+0x20/0xc0 [ 28.755472] ? __pfx_kthread+0x10/0x10 [ 28.755494] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.755521] ? calculate_sigpending+0x7b/0xa0 [ 28.755546] ? __pfx_kthread+0x10/0x10 [ 28.755570] ret_from_fork+0x116/0x1d0 [ 28.755591] ? __pfx_kthread+0x10/0x10 [ 28.755614] ret_from_fork_asm+0x1a/0x30 [ 28.755647] </TASK> [ 28.755660] [ 28.773528] Allocated by task 314: [ 28.773673] kasan_save_stack+0x45/0x70 [ 28.774141] kasan_save_track+0x18/0x40 [ 28.774717] kasan_save_alloc_info+0x3b/0x50 [ 28.775459] __kasan_kmalloc+0xb7/0xc0 [ 28.775906] __kmalloc_cache_noprof+0x189/0x420 [ 28.776545] kasan_atomics+0x95/0x310 [ 28.776706] kunit_try_run_case+0x1a5/0x480 [ 28.777242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.777935] kthread+0x337/0x6f0 [ 28.778489] ret_from_fork+0x116/0x1d0 [ 28.779019] ret_from_fork_asm+0x1a/0x30 [ 28.779219] [ 28.779292] The buggy address belongs to the object at ffff888106266f00 [ 28.779292] which belongs to the cache kmalloc-64 of size 64 [ 28.779659] The buggy address is located 0 bytes to the right of [ 28.779659] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.781339] [ 28.781559] The buggy address belongs to the physical page: [ 28.782292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.783411] flags: 0x200000000000000(node=0|zone=2) [ 28.784100] page_type: f5(slab) [ 28.784277] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.784517] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.784751] page dumped because: kasan: bad access detected [ 28.785729] [ 28.785919] Memory state around the buggy address: [ 28.786635] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.787496] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.788180] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.788999] ^ [ 28.789413] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.789647] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.790298] ================================================================== [ 28.531517] ================================================================== [ 28.531897] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 28.532279] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.532589] [ 28.532680] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.532727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.532741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.532763] Call Trace: [ 28.532779] <TASK> [ 28.532935] dump_stack_lvl+0x73/0xb0 [ 28.532983] print_report+0xd1/0x640 [ 28.533009] ? __virt_addr_valid+0x1db/0x2d0 [ 28.533035] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.533068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.533097] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.533121] kasan_report+0x141/0x180 [ 28.533149] ? kasan_atomics_helper+0x5fe/0x5450 [ 28.533177] kasan_check_range+0x10c/0x1c0 [ 28.533203] __kasan_check_write+0x18/0x20 [ 28.533228] kasan_atomics_helper+0x5fe/0x5450 [ 28.533253] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.533276] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.533302] ? kasan_atomics+0x152/0x310 [ 28.533330] kasan_atomics+0x1dc/0x310 [ 28.533354] ? __pfx_kasan_atomics+0x10/0x10 [ 28.533379] ? __pfx_read_tsc+0x10/0x10 [ 28.533404] ? ktime_get_ts64+0x86/0x230 [ 28.533429] kunit_try_run_case+0x1a5/0x480 [ 28.533455] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.533480] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.533503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.533531] ? __kthread_parkme+0x82/0x180 [ 28.533553] ? preempt_count_sub+0x50/0x80 [ 28.533578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.533604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.533630] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.533656] kthread+0x337/0x6f0 [ 28.533677] ? trace_preempt_on+0x20/0xc0 [ 28.533702] ? __pfx_kthread+0x10/0x10 [ 28.533724] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.533750] ? calculate_sigpending+0x7b/0xa0 [ 28.533775] ? __pfx_kthread+0x10/0x10 [ 28.533852] ret_from_fork+0x116/0x1d0 [ 28.533873] ? __pfx_kthread+0x10/0x10 [ 28.533897] ret_from_fork_asm+0x1a/0x30 [ 28.533929] </TASK> [ 28.533942] [ 28.542372] Allocated by task 314: [ 28.542504] kasan_save_stack+0x45/0x70 [ 28.542650] kasan_save_track+0x18/0x40 [ 28.542927] kasan_save_alloc_info+0x3b/0x50 [ 28.543310] __kasan_kmalloc+0xb7/0xc0 [ 28.543513] __kmalloc_cache_noprof+0x189/0x420 [ 28.543691] kasan_atomics+0x95/0x310 [ 28.543824] kunit_try_run_case+0x1a5/0x480 [ 28.543984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.544165] kthread+0x337/0x6f0 [ 28.544286] ret_from_fork+0x116/0x1d0 [ 28.544418] ret_from_fork_asm+0x1a/0x30 [ 28.544558] [ 28.544625] The buggy address belongs to the object at ffff888106266f00 [ 28.544625] which belongs to the cache kmalloc-64 of size 64 [ 28.545231] The buggy address is located 0 bytes to the right of [ 28.545231] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.545868] [ 28.545982] The buggy address belongs to the physical page: [ 28.546483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.546940] flags: 0x200000000000000(node=0|zone=2) [ 28.547191] page_type: f5(slab) [ 28.547505] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.548253] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.548508] page dumped because: kasan: bad access detected [ 28.548684] [ 28.548752] Memory state around the buggy address: [ 28.549357] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.549710] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.550261] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.550519] ^ [ 28.550680] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.550981] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.551370] ================================================================== [ 29.361652] ================================================================== [ 29.361876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 29.362394] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.362741] [ 29.362850] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.362898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.362912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.362933] Call Trace: [ 29.362958] <TASK> [ 29.362973] dump_stack_lvl+0x73/0xb0 [ 29.363002] print_report+0xd1/0x640 [ 29.363027] ? __virt_addr_valid+0x1db/0x2d0 [ 29.363052] ? kasan_atomics_helper+0x1818/0x5450 [ 29.363170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.363198] ? kasan_atomics_helper+0x1818/0x5450 [ 29.363221] kasan_report+0x141/0x180 [ 29.363246] ? kasan_atomics_helper+0x1818/0x5450 [ 29.363275] kasan_check_range+0x10c/0x1c0 [ 29.363301] __kasan_check_write+0x18/0x20 [ 29.363326] kasan_atomics_helper+0x1818/0x5450 [ 29.363351] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.363374] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.363400] ? kasan_atomics+0x152/0x310 [ 29.363428] kasan_atomics+0x1dc/0x310 [ 29.363453] ? __pfx_kasan_atomics+0x10/0x10 [ 29.363478] ? __pfx_read_tsc+0x10/0x10 [ 29.363502] ? ktime_get_ts64+0x86/0x230 [ 29.363528] kunit_try_run_case+0x1a5/0x480 [ 29.363553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.363577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.363601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.363630] ? __kthread_parkme+0x82/0x180 [ 29.363652] ? preempt_count_sub+0x50/0x80 [ 29.363677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.363702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.363728] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.363754] kthread+0x337/0x6f0 [ 29.363776] ? trace_preempt_on+0x20/0xc0 [ 29.363957] ? __pfx_kthread+0x10/0x10 [ 29.363985] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.364012] ? calculate_sigpending+0x7b/0xa0 [ 29.364038] ? __pfx_kthread+0x10/0x10 [ 29.364061] ret_from_fork+0x116/0x1d0 [ 29.364083] ? __pfx_kthread+0x10/0x10 [ 29.364106] ret_from_fork_asm+0x1a/0x30 [ 29.364138] </TASK> [ 29.364151] [ 29.373955] Allocated by task 314: [ 29.374606] kasan_save_stack+0x45/0x70 [ 29.374828] kasan_save_track+0x18/0x40 [ 29.374978] kasan_save_alloc_info+0x3b/0x50 [ 29.375699] __kasan_kmalloc+0xb7/0xc0 [ 29.376013] __kmalloc_cache_noprof+0x189/0x420 [ 29.376463] kasan_atomics+0x95/0x310 [ 29.376643] kunit_try_run_case+0x1a5/0x480 [ 29.377021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.377257] kthread+0x337/0x6f0 [ 29.377404] ret_from_fork+0x116/0x1d0 [ 29.377571] ret_from_fork_asm+0x1a/0x30 [ 29.377755] [ 29.378331] The buggy address belongs to the object at ffff888106266f00 [ 29.378331] which belongs to the cache kmalloc-64 of size 64 [ 29.378777] The buggy address is located 0 bytes to the right of [ 29.378777] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.379398] [ 29.379485] The buggy address belongs to the physical page: [ 29.379704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.380542] flags: 0x200000000000000(node=0|zone=2) [ 29.380781] page_type: f5(slab) [ 29.381391] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.381767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.382219] page dumped because: kasan: bad access detected [ 29.382408] [ 29.382478] Memory state around the buggy address: [ 29.382640] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.382866] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.383696] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.384394] ^ [ 29.384570] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.384805] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.385037] ================================================================== [ 28.428554] ================================================================== [ 28.428985] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 28.429296] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.429613] [ 28.429719] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.429767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.429780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.429802] Call Trace: [ 28.429818] <TASK> [ 28.429833] dump_stack_lvl+0x73/0xb0 [ 28.429862] print_report+0xd1/0x640 [ 28.429886] ? __virt_addr_valid+0x1db/0x2d0 [ 28.429911] ? kasan_atomics_helper+0x3df/0x5450 [ 28.429934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.430055] ? kasan_atomics_helper+0x3df/0x5450 [ 28.430082] kasan_report+0x141/0x180 [ 28.430107] ? kasan_atomics_helper+0x3df/0x5450 [ 28.430135] kasan_check_range+0x10c/0x1c0 [ 28.430159] __kasan_check_read+0x15/0x20 [ 28.430184] kasan_atomics_helper+0x3df/0x5450 [ 28.430209] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.430232] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.430260] ? kasan_atomics+0x152/0x310 [ 28.430302] kasan_atomics+0x1dc/0x310 [ 28.430328] ? __pfx_kasan_atomics+0x10/0x10 [ 28.430354] ? __pfx_read_tsc+0x10/0x10 [ 28.430379] ? ktime_get_ts64+0x86/0x230 [ 28.430405] kunit_try_run_case+0x1a5/0x480 [ 28.430430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.430455] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.430480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.430508] ? __kthread_parkme+0x82/0x180 [ 28.430530] ? preempt_count_sub+0x50/0x80 [ 28.430554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.430580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.430606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.430632] kthread+0x337/0x6f0 [ 28.430654] ? trace_preempt_on+0x20/0xc0 [ 28.430678] ? __pfx_kthread+0x10/0x10 [ 28.430701] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.430727] ? calculate_sigpending+0x7b/0xa0 [ 28.430752] ? __pfx_kthread+0x10/0x10 [ 28.430776] ret_from_fork+0x116/0x1d0 [ 28.430921] ? __pfx_kthread+0x10/0x10 [ 28.430960] ret_from_fork_asm+0x1a/0x30 [ 28.430994] </TASK> [ 28.431005] [ 28.438874] Allocated by task 314: [ 28.439199] kasan_save_stack+0x45/0x70 [ 28.439427] kasan_save_track+0x18/0x40 [ 28.439621] kasan_save_alloc_info+0x3b/0x50 [ 28.439926] __kasan_kmalloc+0xb7/0xc0 [ 28.440190] __kmalloc_cache_noprof+0x189/0x420 [ 28.440369] kasan_atomics+0x95/0x310 [ 28.440543] kunit_try_run_case+0x1a5/0x480 [ 28.440689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.441133] kthread+0x337/0x6f0 [ 28.441312] ret_from_fork+0x116/0x1d0 [ 28.441568] ret_from_fork_asm+0x1a/0x30 [ 28.441746] [ 28.441837] The buggy address belongs to the object at ffff888106266f00 [ 28.441837] which belongs to the cache kmalloc-64 of size 64 [ 28.442340] The buggy address is located 0 bytes to the right of [ 28.442340] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.443052] [ 28.443165] The buggy address belongs to the physical page: [ 28.443375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.443708] flags: 0x200000000000000(node=0|zone=2) [ 28.443875] page_type: f5(slab) [ 28.444009] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.444248] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.444485] page dumped because: kasan: bad access detected [ 28.444922] [ 28.445023] Memory state around the buggy address: [ 28.445323] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.445722] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.446242] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.446510] ^ [ 28.446667] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.447157] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.447477] ================================================================== [ 28.570426] ================================================================== [ 28.570884] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 28.571403] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.571650] [ 28.571730] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.571777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.571840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.571864] Call Trace: [ 28.571879] <TASK> [ 28.571895] dump_stack_lvl+0x73/0xb0 [ 28.571924] print_report+0xd1/0x640 [ 28.571962] ? __virt_addr_valid+0x1db/0x2d0 [ 28.571988] ? kasan_atomics_helper+0x72f/0x5450 [ 28.572011] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.572039] ? kasan_atomics_helper+0x72f/0x5450 [ 28.572074] kasan_report+0x141/0x180 [ 28.572099] ? kasan_atomics_helper+0x72f/0x5450 [ 28.572127] kasan_check_range+0x10c/0x1c0 [ 28.572152] __kasan_check_write+0x18/0x20 [ 28.572178] kasan_atomics_helper+0x72f/0x5450 [ 28.572202] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.572227] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.572253] ? kasan_atomics+0x152/0x310 [ 28.572280] kasan_atomics+0x1dc/0x310 [ 28.572305] ? __pfx_kasan_atomics+0x10/0x10 [ 28.572331] ? __pfx_read_tsc+0x10/0x10 [ 28.572354] ? ktime_get_ts64+0x86/0x230 [ 28.572379] kunit_try_run_case+0x1a5/0x480 [ 28.572406] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.572431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.572455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.572482] ? __kthread_parkme+0x82/0x180 [ 28.572504] ? preempt_count_sub+0x50/0x80 [ 28.572529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.572555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.572582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.572608] kthread+0x337/0x6f0 [ 28.572630] ? trace_preempt_on+0x20/0xc0 [ 28.572654] ? __pfx_kthread+0x10/0x10 [ 28.572677] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.572703] ? calculate_sigpending+0x7b/0xa0 [ 28.572728] ? __pfx_kthread+0x10/0x10 [ 28.572751] ret_from_fork+0x116/0x1d0 [ 28.572772] ? __pfx_kthread+0x10/0x10 [ 28.572847] ret_from_fork_asm+0x1a/0x30 [ 28.572881] </TASK> [ 28.572893] [ 28.581570] Allocated by task 314: [ 28.581716] kasan_save_stack+0x45/0x70 [ 28.582050] kasan_save_track+0x18/0x40 [ 28.582229] kasan_save_alloc_info+0x3b/0x50 [ 28.582387] __kasan_kmalloc+0xb7/0xc0 [ 28.582520] __kmalloc_cache_noprof+0x189/0x420 [ 28.582692] kasan_atomics+0x95/0x310 [ 28.582999] kunit_try_run_case+0x1a5/0x480 [ 28.583401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.583599] kthread+0x337/0x6f0 [ 28.583719] ret_from_fork+0x116/0x1d0 [ 28.583856] ret_from_fork_asm+0x1a/0x30 [ 28.584069] [ 28.584289] The buggy address belongs to the object at ffff888106266f00 [ 28.584289] which belongs to the cache kmalloc-64 of size 64 [ 28.584830] The buggy address is located 0 bytes to the right of [ 28.584830] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.585373] [ 28.585475] The buggy address belongs to the physical page: [ 28.585712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.585974] flags: 0x200000000000000(node=0|zone=2) [ 28.586141] page_type: f5(slab) [ 28.586263] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.586499] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.586731] page dumped because: kasan: bad access detected [ 28.586906] [ 28.586996] Memory state around the buggy address: [ 28.587222] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.587567] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.587892] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.588427] ^ [ 28.588654] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.589131] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.589461] ================================================================== [ 28.987578] ================================================================== [ 28.987918] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 28.988571] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.989108] [ 28.989268] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.989319] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.989333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.989355] Call Trace: [ 28.989407] <TASK> [ 28.989423] dump_stack_lvl+0x73/0xb0 [ 28.989452] print_report+0xd1/0x640 [ 28.989476] ? __virt_addr_valid+0x1db/0x2d0 [ 28.989501] ? kasan_atomics_helper+0x1079/0x5450 [ 28.989556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.989585] ? kasan_atomics_helper+0x1079/0x5450 [ 28.989609] kasan_report+0x141/0x180 [ 28.989633] ? kasan_atomics_helper+0x1079/0x5450 [ 28.989686] kasan_check_range+0x10c/0x1c0 [ 28.989712] __kasan_check_write+0x18/0x20 [ 28.989738] kasan_atomics_helper+0x1079/0x5450 [ 28.989763] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.989841] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.989906] ? kasan_atomics+0x152/0x310 [ 28.989935] kasan_atomics+0x1dc/0x310 [ 28.989972] ? __pfx_kasan_atomics+0x10/0x10 [ 28.989998] ? __pfx_read_tsc+0x10/0x10 [ 28.990068] ? ktime_get_ts64+0x86/0x230 [ 28.990095] kunit_try_run_case+0x1a5/0x480 [ 28.990122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.990146] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.990170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.990233] ? __kthread_parkme+0x82/0x180 [ 28.990256] ? preempt_count_sub+0x50/0x80 [ 28.990282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.990309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.990335] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.990362] kthread+0x337/0x6f0 [ 28.990383] ? trace_preempt_on+0x20/0xc0 [ 28.990409] ? __pfx_kthread+0x10/0x10 [ 28.990431] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.990458] ? calculate_sigpending+0x7b/0xa0 [ 28.990484] ? __pfx_kthread+0x10/0x10 [ 28.990507] ret_from_fork+0x116/0x1d0 [ 28.990528] ? __pfx_kthread+0x10/0x10 [ 28.990551] ret_from_fork_asm+0x1a/0x30 [ 28.990584] </TASK> [ 28.990597] [ 29.001036] Allocated by task 314: [ 29.001237] kasan_save_stack+0x45/0x70 [ 29.001440] kasan_save_track+0x18/0x40 [ 29.001663] kasan_save_alloc_info+0x3b/0x50 [ 29.002013] __kasan_kmalloc+0xb7/0xc0 [ 29.002241] __kmalloc_cache_noprof+0x189/0x420 [ 29.002449] kasan_atomics+0x95/0x310 [ 29.002613] kunit_try_run_case+0x1a5/0x480 [ 29.003029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.003341] kthread+0x337/0x6f0 [ 29.003532] ret_from_fork+0x116/0x1d0 [ 29.003763] ret_from_fork_asm+0x1a/0x30 [ 29.004098] [ 29.004176] The buggy address belongs to the object at ffff888106266f00 [ 29.004176] which belongs to the cache kmalloc-64 of size 64 [ 29.004678] The buggy address is located 0 bytes to the right of [ 29.004678] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.005211] [ 29.005282] The buggy address belongs to the physical page: [ 29.005460] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.006191] flags: 0x200000000000000(node=0|zone=2) [ 29.006433] page_type: f5(slab) [ 29.006638] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.007340] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.007601] page dumped because: kasan: bad access detected [ 29.007778] [ 29.007845] Memory state around the buggy address: [ 29.008084] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.008510] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.009455] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.009856] ^ [ 29.010219] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.010557] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.011034] ================================================================== [ 28.298506] ================================================================== [ 28.299301] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 28.299865] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.300678] [ 28.300983] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.301038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.301077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.301099] Call Trace: [ 28.301112] <TASK> [ 28.301136] dump_stack_lvl+0x73/0xb0 [ 28.301170] print_report+0xd1/0x640 [ 28.301197] ? __virt_addr_valid+0x1db/0x2d0 [ 28.301328] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.301350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.301378] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.301401] kasan_report+0x141/0x180 [ 28.301424] ? kasan_atomics_helper+0x4bbc/0x5450 [ 28.301453] __asan_report_load4_noabort+0x18/0x20 [ 28.301479] kasan_atomics_helper+0x4bbc/0x5450 [ 28.301502] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.301526] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.301551] ? kasan_atomics+0x152/0x310 [ 28.301579] kasan_atomics+0x1dc/0x310 [ 28.301602] ? __pfx_kasan_atomics+0x10/0x10 [ 28.301627] ? __pfx_read_tsc+0x10/0x10 [ 28.301651] ? ktime_get_ts64+0x86/0x230 [ 28.301676] kunit_try_run_case+0x1a5/0x480 [ 28.301703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.301726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.301750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.301797] ? __kthread_parkme+0x82/0x180 [ 28.301822] ? preempt_count_sub+0x50/0x80 [ 28.301848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.301873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.301898] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.301923] kthread+0x337/0x6f0 [ 28.301952] ? trace_preempt_on+0x20/0xc0 [ 28.301977] ? __pfx_kthread+0x10/0x10 [ 28.301998] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.302023] ? calculate_sigpending+0x7b/0xa0 [ 28.302064] ? __pfx_kthread+0x10/0x10 [ 28.302086] ret_from_fork+0x116/0x1d0 [ 28.302107] ? __pfx_kthread+0x10/0x10 [ 28.302128] ret_from_fork_asm+0x1a/0x30 [ 28.302162] </TASK> [ 28.302173] [ 28.318587] Allocated by task 314: [ 28.319010] kasan_save_stack+0x45/0x70 [ 28.319540] kasan_save_track+0x18/0x40 [ 28.320019] kasan_save_alloc_info+0x3b/0x50 [ 28.320429] __kasan_kmalloc+0xb7/0xc0 [ 28.320572] __kmalloc_cache_noprof+0x189/0x420 [ 28.320730] kasan_atomics+0x95/0x310 [ 28.321014] kunit_try_run_case+0x1a5/0x480 [ 28.321651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.322251] kthread+0x337/0x6f0 [ 28.322662] ret_from_fork+0x116/0x1d0 [ 28.323144] ret_from_fork_asm+0x1a/0x30 [ 28.323593] [ 28.323752] The buggy address belongs to the object at ffff888106266f00 [ 28.323752] which belongs to the cache kmalloc-64 of size 64 [ 28.324593] The buggy address is located 0 bytes to the right of [ 28.324593] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.324997] [ 28.325100] The buggy address belongs to the physical page: [ 28.325891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.326892] flags: 0x200000000000000(node=0|zone=2) [ 28.327462] page_type: f5(slab) [ 28.327913] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.328791] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.329698] page dumped because: kasan: bad access detected [ 28.330358] [ 28.330623] Memory state around the buggy address: [ 28.331195] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.331633] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.332457] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.333114] ^ [ 28.333570] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.334308] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.334535] ================================================================== [ 28.551724] ================================================================== [ 28.552148] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 28.552557] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.552853] [ 28.552966] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.553014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.553027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.553049] Call Trace: [ 28.553079] <TASK> [ 28.553095] dump_stack_lvl+0x73/0xb0 [ 28.553129] print_report+0xd1/0x640 [ 28.553153] ? __virt_addr_valid+0x1db/0x2d0 [ 28.553178] ? kasan_atomics_helper+0x697/0x5450 [ 28.553201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.553229] ? kasan_atomics_helper+0x697/0x5450 [ 28.553253] kasan_report+0x141/0x180 [ 28.553277] ? kasan_atomics_helper+0x697/0x5450 [ 28.553305] kasan_check_range+0x10c/0x1c0 [ 28.553331] __kasan_check_write+0x18/0x20 [ 28.553357] kasan_atomics_helper+0x697/0x5450 [ 28.553382] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.553406] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.553432] ? kasan_atomics+0x152/0x310 [ 28.553459] kasan_atomics+0x1dc/0x310 [ 28.553483] ? __pfx_kasan_atomics+0x10/0x10 [ 28.553510] ? __pfx_read_tsc+0x10/0x10 [ 28.553533] ? ktime_get_ts64+0x86/0x230 [ 28.553559] kunit_try_run_case+0x1a5/0x480 [ 28.553585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.553609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.553634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.553662] ? __kthread_parkme+0x82/0x180 [ 28.553684] ? preempt_count_sub+0x50/0x80 [ 28.553708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.553735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.553761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.553787] kthread+0x337/0x6f0 [ 28.553808] ? trace_preempt_on+0x20/0xc0 [ 28.553832] ? __pfx_kthread+0x10/0x10 [ 28.553854] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.553880] ? calculate_sigpending+0x7b/0xa0 [ 28.553906] ? __pfx_kthread+0x10/0x10 [ 28.553929] ret_from_fork+0x116/0x1d0 [ 28.553959] ? __pfx_kthread+0x10/0x10 [ 28.553981] ret_from_fork_asm+0x1a/0x30 [ 28.554014] </TASK> [ 28.554026] [ 28.562388] Allocated by task 314: [ 28.562569] kasan_save_stack+0x45/0x70 [ 28.562740] kasan_save_track+0x18/0x40 [ 28.563056] kasan_save_alloc_info+0x3b/0x50 [ 28.563339] __kasan_kmalloc+0xb7/0xc0 [ 28.563480] __kmalloc_cache_noprof+0x189/0x420 [ 28.563636] kasan_atomics+0x95/0x310 [ 28.563769] kunit_try_run_case+0x1a5/0x480 [ 28.564075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.564335] kthread+0x337/0x6f0 [ 28.564502] ret_from_fork+0x116/0x1d0 [ 28.564688] ret_from_fork_asm+0x1a/0x30 [ 28.564856] [ 28.564952] The buggy address belongs to the object at ffff888106266f00 [ 28.564952] which belongs to the cache kmalloc-64 of size 64 [ 28.565508] The buggy address is located 0 bytes to the right of [ 28.565508] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.565895] [ 28.565990] The buggy address belongs to the physical page: [ 28.566344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.566961] flags: 0x200000000000000(node=0|zone=2) [ 28.567268] page_type: f5(slab) [ 28.567427] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.567695] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.568035] page dumped because: kasan: bad access detected [ 28.568317] [ 28.568383] Memory state around the buggy address: [ 28.568539] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.568758] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.568989] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.569212] ^ [ 28.569368] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.569672] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.569994] ================================================================== [ 28.589963] ================================================================== [ 28.590634] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 28.591043] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.591323] [ 28.591407] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.591454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.591468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.591490] Call Trace: [ 28.591505] <TASK> [ 28.591521] dump_stack_lvl+0x73/0xb0 [ 28.591549] print_report+0xd1/0x640 [ 28.591573] ? __virt_addr_valid+0x1db/0x2d0 [ 28.591598] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.591621] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.591650] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.591674] kasan_report+0x141/0x180 [ 28.591699] ? kasan_atomics_helper+0x7c7/0x5450 [ 28.591728] kasan_check_range+0x10c/0x1c0 [ 28.591754] __kasan_check_write+0x18/0x20 [ 28.591780] kasan_atomics_helper+0x7c7/0x5450 [ 28.591862] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.591887] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.591914] ? kasan_atomics+0x152/0x310 [ 28.591953] kasan_atomics+0x1dc/0x310 [ 28.591979] ? __pfx_kasan_atomics+0x10/0x10 [ 28.592005] ? __pfx_read_tsc+0x10/0x10 [ 28.592029] ? ktime_get_ts64+0x86/0x230 [ 28.592063] kunit_try_run_case+0x1a5/0x480 [ 28.592088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.592113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.592136] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.592164] ? __kthread_parkme+0x82/0x180 [ 28.592187] ? preempt_count_sub+0x50/0x80 [ 28.592212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.592239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.592265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.592291] kthread+0x337/0x6f0 [ 28.592313] ? trace_preempt_on+0x20/0xc0 [ 28.592337] ? __pfx_kthread+0x10/0x10 [ 28.592360] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.592385] ? calculate_sigpending+0x7b/0xa0 [ 28.592411] ? __pfx_kthread+0x10/0x10 [ 28.592434] ret_from_fork+0x116/0x1d0 [ 28.592456] ? __pfx_kthread+0x10/0x10 [ 28.592479] ret_from_fork_asm+0x1a/0x30 [ 28.592512] </TASK> [ 28.592524] [ 28.600459] Allocated by task 314: [ 28.600614] kasan_save_stack+0x45/0x70 [ 28.600772] kasan_save_track+0x18/0x40 [ 28.600907] kasan_save_alloc_info+0x3b/0x50 [ 28.601129] __kasan_kmalloc+0xb7/0xc0 [ 28.601332] __kmalloc_cache_noprof+0x189/0x420 [ 28.601554] kasan_atomics+0x95/0x310 [ 28.601705] kunit_try_run_case+0x1a5/0x480 [ 28.601916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.602233] kthread+0x337/0x6f0 [ 28.602361] ret_from_fork+0x116/0x1d0 [ 28.602504] ret_from_fork_asm+0x1a/0x30 [ 28.602705] [ 28.602797] The buggy address belongs to the object at ffff888106266f00 [ 28.602797] which belongs to the cache kmalloc-64 of size 64 [ 28.603307] The buggy address is located 0 bytes to the right of [ 28.603307] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.603788] [ 28.603884] The buggy address belongs to the physical page: [ 28.604173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.604495] flags: 0x200000000000000(node=0|zone=2) [ 28.604710] page_type: f5(slab) [ 28.604844] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.605390] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.605634] page dumped because: kasan: bad access detected [ 28.605824] [ 28.605914] Memory state around the buggy address: [ 28.606290] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.606621] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.607031] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.607403] ^ [ 28.607619] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.608061] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.608451] ================================================================== [ 28.888484] ================================================================== [ 28.888715] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 28.889331] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.889691] [ 28.889793] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.889840] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.889860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.889881] Call Trace: [ 28.889895] <TASK> [ 28.889910] dump_stack_lvl+0x73/0xb0 [ 28.889939] print_report+0xd1/0x640 [ 28.889974] ? __virt_addr_valid+0x1db/0x2d0 [ 28.889999] ? kasan_atomics_helper+0xe78/0x5450 [ 28.890021] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.890049] ? kasan_atomics_helper+0xe78/0x5450 [ 28.890082] kasan_report+0x141/0x180 [ 28.890106] ? kasan_atomics_helper+0xe78/0x5450 [ 28.890134] kasan_check_range+0x10c/0x1c0 [ 28.890160] __kasan_check_write+0x18/0x20 [ 28.890185] kasan_atomics_helper+0xe78/0x5450 [ 28.890210] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.890234] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.890260] ? kasan_atomics+0x152/0x310 [ 28.890288] kasan_atomics+0x1dc/0x310 [ 28.890312] ? __pfx_kasan_atomics+0x10/0x10 [ 28.890338] ? __pfx_read_tsc+0x10/0x10 [ 28.890362] ? ktime_get_ts64+0x86/0x230 [ 28.890388] kunit_try_run_case+0x1a5/0x480 [ 28.890414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.890438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.890463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.890491] ? __kthread_parkme+0x82/0x180 [ 28.890513] ? preempt_count_sub+0x50/0x80 [ 28.890538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.890564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.890589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.890615] kthread+0x337/0x6f0 [ 28.890637] ? trace_preempt_on+0x20/0xc0 [ 28.890662] ? __pfx_kthread+0x10/0x10 [ 28.890686] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.890712] ? calculate_sigpending+0x7b/0xa0 [ 28.890737] ? __pfx_kthread+0x10/0x10 [ 28.890760] ret_from_fork+0x116/0x1d0 [ 28.890781] ? __pfx_kthread+0x10/0x10 [ 28.890815] ret_from_fork_asm+0x1a/0x30 [ 28.890848] </TASK> [ 28.890862] [ 28.899378] Allocated by task 314: [ 28.899559] kasan_save_stack+0x45/0x70 [ 28.899804] kasan_save_track+0x18/0x40 [ 28.900179] kasan_save_alloc_info+0x3b/0x50 [ 28.900334] __kasan_kmalloc+0xb7/0xc0 [ 28.900466] __kmalloc_cache_noprof+0x189/0x420 [ 28.900622] kasan_atomics+0x95/0x310 [ 28.900831] kunit_try_run_case+0x1a5/0x480 [ 28.901055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.901368] kthread+0x337/0x6f0 [ 28.901536] ret_from_fork+0x116/0x1d0 [ 28.901724] ret_from_fork_asm+0x1a/0x30 [ 28.901988] [ 28.902080] The buggy address belongs to the object at ffff888106266f00 [ 28.902080] which belongs to the cache kmalloc-64 of size 64 [ 28.902557] The buggy address is located 0 bytes to the right of [ 28.902557] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.903246] [ 28.903344] The buggy address belongs to the physical page: [ 28.903553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.903897] flags: 0x200000000000000(node=0|zone=2) [ 28.904293] page_type: f5(slab) [ 28.904421] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.904735] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.905199] page dumped because: kasan: bad access detected [ 28.905467] [ 28.905559] Memory state around the buggy address: [ 28.905774] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.906229] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.906514] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.906730] ^ [ 28.907120] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.907477] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.907754] ================================================================== [ 28.941176] ================================================================== [ 28.941524] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 28.942039] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.942564] [ 28.942675] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.942724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.942738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.942760] Call Trace: [ 28.942889] <TASK> [ 28.942905] dump_stack_lvl+0x73/0xb0 [ 28.942937] print_report+0xd1/0x640 [ 28.943017] ? __virt_addr_valid+0x1db/0x2d0 [ 28.943043] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.943081] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.943111] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.943136] kasan_report+0x141/0x180 [ 28.943161] ? kasan_atomics_helper+0xfa9/0x5450 [ 28.943190] kasan_check_range+0x10c/0x1c0 [ 28.943249] __kasan_check_write+0x18/0x20 [ 28.943276] kasan_atomics_helper+0xfa9/0x5450 [ 28.943301] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.943325] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.943352] ? kasan_atomics+0x152/0x310 [ 28.943412] kasan_atomics+0x1dc/0x310 [ 28.943438] ? __pfx_kasan_atomics+0x10/0x10 [ 28.943465] ? __pfx_read_tsc+0x10/0x10 [ 28.943490] ? ktime_get_ts64+0x86/0x230 [ 28.943515] kunit_try_run_case+0x1a5/0x480 [ 28.943542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.943568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.943592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.943620] ? __kthread_parkme+0x82/0x180 [ 28.943642] ? preempt_count_sub+0x50/0x80 [ 28.943667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.943695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.943720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.943746] kthread+0x337/0x6f0 [ 28.943768] ? trace_preempt_on+0x20/0xc0 [ 28.943847] ? __pfx_kthread+0x10/0x10 [ 28.943873] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.943900] ? calculate_sigpending+0x7b/0xa0 [ 28.943926] ? __pfx_kthread+0x10/0x10 [ 28.943963] ret_from_fork+0x116/0x1d0 [ 28.943986] ? __pfx_kthread+0x10/0x10 [ 28.944008] ret_from_fork_asm+0x1a/0x30 [ 28.944042] </TASK> [ 28.944055] [ 28.953641] Allocated by task 314: [ 28.953998] kasan_save_stack+0x45/0x70 [ 28.954282] kasan_save_track+0x18/0x40 [ 28.954462] kasan_save_alloc_info+0x3b/0x50 [ 28.954693] __kasan_kmalloc+0xb7/0xc0 [ 28.955003] __kmalloc_cache_noprof+0x189/0x420 [ 28.955256] kasan_atomics+0x95/0x310 [ 28.955476] kunit_try_run_case+0x1a5/0x480 [ 28.955686] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.956021] kthread+0x337/0x6f0 [ 28.956144] ret_from_fork+0x116/0x1d0 [ 28.956277] ret_from_fork_asm+0x1a/0x30 [ 28.956695] [ 28.956893] The buggy address belongs to the object at ffff888106266f00 [ 28.956893] which belongs to the cache kmalloc-64 of size 64 [ 28.957619] The buggy address is located 0 bytes to the right of [ 28.957619] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.958016] [ 28.958088] The buggy address belongs to the physical page: [ 28.958313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.958768] flags: 0x200000000000000(node=0|zone=2) [ 28.959108] page_type: f5(slab) [ 28.959646] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.960291] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.960549] page dumped because: kasan: bad access detected [ 28.960725] [ 28.960909] Memory state around the buggy address: [ 28.961371] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.961736] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.962290] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.962610] ^ [ 28.962964] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.963476] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.963822] ================================================================== [ 28.848618] ================================================================== [ 28.848982] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 28.849331] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.849586] [ 28.849670] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.849717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.849730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.849752] Call Trace: [ 28.849767] <TASK> [ 28.849783] dump_stack_lvl+0x73/0xb0 [ 28.849812] print_report+0xd1/0x640 [ 28.849837] ? __virt_addr_valid+0x1db/0x2d0 [ 28.849863] ? kasan_atomics_helper+0xd47/0x5450 [ 28.849886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.849914] ? kasan_atomics_helper+0xd47/0x5450 [ 28.849938] kasan_report+0x141/0x180 [ 28.849974] ? kasan_atomics_helper+0xd47/0x5450 [ 28.850003] kasan_check_range+0x10c/0x1c0 [ 28.850038] __kasan_check_write+0x18/0x20 [ 28.850077] kasan_atomics_helper+0xd47/0x5450 [ 28.850102] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.850126] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.850152] ? kasan_atomics+0x152/0x310 [ 28.850180] kasan_atomics+0x1dc/0x310 [ 28.850205] ? __pfx_kasan_atomics+0x10/0x10 [ 28.850247] ? __pfx_read_tsc+0x10/0x10 [ 28.850276] ? ktime_get_ts64+0x86/0x230 [ 28.850302] kunit_try_run_case+0x1a5/0x480 [ 28.850328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.850353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.850376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.850404] ? __kthread_parkme+0x82/0x180 [ 28.850427] ? preempt_count_sub+0x50/0x80 [ 28.850451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.850478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.850503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.850529] kthread+0x337/0x6f0 [ 28.850551] ? trace_preempt_on+0x20/0xc0 [ 28.850575] ? __pfx_kthread+0x10/0x10 [ 28.850598] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.850624] ? calculate_sigpending+0x7b/0xa0 [ 28.850649] ? __pfx_kthread+0x10/0x10 [ 28.850672] ret_from_fork+0x116/0x1d0 [ 28.850694] ? __pfx_kthread+0x10/0x10 [ 28.850716] ret_from_fork_asm+0x1a/0x30 [ 28.850750] </TASK> [ 28.850762] [ 28.859197] Allocated by task 314: [ 28.859359] kasan_save_stack+0x45/0x70 [ 28.859537] kasan_save_track+0x18/0x40 [ 28.859673] kasan_save_alloc_info+0x3b/0x50 [ 28.859822] __kasan_kmalloc+0xb7/0xc0 [ 28.859963] __kmalloc_cache_noprof+0x189/0x420 [ 28.860165] kasan_atomics+0x95/0x310 [ 28.860484] kunit_try_run_case+0x1a5/0x480 [ 28.860701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.860960] kthread+0x337/0x6f0 [ 28.861286] ret_from_fork+0x116/0x1d0 [ 28.861484] ret_from_fork_asm+0x1a/0x30 [ 28.861625] [ 28.861692] The buggy address belongs to the object at ffff888106266f00 [ 28.861692] which belongs to the cache kmalloc-64 of size 64 [ 28.862314] The buggy address is located 0 bytes to the right of [ 28.862314] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.863008] [ 28.863119] The buggy address belongs to the physical page: [ 28.863406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.863698] flags: 0x200000000000000(node=0|zone=2) [ 28.863863] page_type: f5(slab) [ 28.863992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.864228] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.864460] page dumped because: kasan: bad access detected [ 28.864685] [ 28.864777] Memory state around the buggy address: [ 28.865020] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.865642] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.865882] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.866107] ^ [ 28.866264] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.866482] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.866696] ================================================================== [ 29.136411] ================================================================== [ 29.136927] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 29.137300] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.137624] [ 29.137747] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.137958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.137974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.137997] Call Trace: [ 29.138037] <TASK> [ 29.138060] dump_stack_lvl+0x73/0xb0 [ 29.138092] print_report+0xd1/0x640 [ 29.138116] ? __virt_addr_valid+0x1db/0x2d0 [ 29.138142] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.138165] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.138193] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.138217] kasan_report+0x141/0x180 [ 29.138241] ? kasan_atomics_helper+0x49ce/0x5450 [ 29.138269] __asan_report_load4_noabort+0x18/0x20 [ 29.138296] kasan_atomics_helper+0x49ce/0x5450 [ 29.138321] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.138345] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.138372] ? kasan_atomics+0x152/0x310 [ 29.138399] kasan_atomics+0x1dc/0x310 [ 29.138424] ? __pfx_kasan_atomics+0x10/0x10 [ 29.138449] ? __pfx_read_tsc+0x10/0x10 [ 29.138474] ? ktime_get_ts64+0x86/0x230 [ 29.138499] kunit_try_run_case+0x1a5/0x480 [ 29.138525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.138549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.138572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.138601] ? __kthread_parkme+0x82/0x180 [ 29.138658] ? preempt_count_sub+0x50/0x80 [ 29.138683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.138709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.138735] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.138761] kthread+0x337/0x6f0 [ 29.138872] ? trace_preempt_on+0x20/0xc0 [ 29.138898] ? __pfx_kthread+0x10/0x10 [ 29.138921] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.138959] ? calculate_sigpending+0x7b/0xa0 [ 29.138984] ? __pfx_kthread+0x10/0x10 [ 29.139008] ret_from_fork+0x116/0x1d0 [ 29.139028] ? __pfx_kthread+0x10/0x10 [ 29.139071] ret_from_fork_asm+0x1a/0x30 [ 29.139104] </TASK> [ 29.139117] [ 29.147345] Allocated by task 314: [ 29.147488] kasan_save_stack+0x45/0x70 [ 29.147711] kasan_save_track+0x18/0x40 [ 29.147975] kasan_save_alloc_info+0x3b/0x50 [ 29.148223] __kasan_kmalloc+0xb7/0xc0 [ 29.148372] __kmalloc_cache_noprof+0x189/0x420 [ 29.148530] kasan_atomics+0x95/0x310 [ 29.148663] kunit_try_run_case+0x1a5/0x480 [ 29.148961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.149275] kthread+0x337/0x6f0 [ 29.149448] ret_from_fork+0x116/0x1d0 [ 29.149634] ret_from_fork_asm+0x1a/0x30 [ 29.150019] [ 29.150123] The buggy address belongs to the object at ffff888106266f00 [ 29.150123] which belongs to the cache kmalloc-64 of size 64 [ 29.150637] The buggy address is located 0 bytes to the right of [ 29.150637] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.151242] [ 29.151345] The buggy address belongs to the physical page: [ 29.151640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.152113] flags: 0x200000000000000(node=0|zone=2) [ 29.152333] page_type: f5(slab) [ 29.152511] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.152929] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.153235] page dumped because: kasan: bad access detected [ 29.153460] [ 29.153554] Memory state around the buggy address: [ 29.153938] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.154326] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.154576] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.154921] ^ [ 29.155134] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.155397] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.155702] ================================================================== [ 29.231477] ================================================================== [ 29.231805] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 29.232462] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.233331] [ 29.233546] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.233602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.233616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.233639] Call Trace: [ 29.233657] <TASK> [ 29.233673] dump_stack_lvl+0x73/0xb0 [ 29.233704] print_report+0xd1/0x640 [ 29.233728] ? __virt_addr_valid+0x1db/0x2d0 [ 29.233753] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.233776] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.233936] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.233976] kasan_report+0x141/0x180 [ 29.234001] ? kasan_atomics_helper+0x50d4/0x5450 [ 29.234030] __asan_report_store8_noabort+0x1b/0x30 [ 29.234071] kasan_atomics_helper+0x50d4/0x5450 [ 29.234097] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.234123] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.234150] ? kasan_atomics+0x152/0x310 [ 29.234178] kasan_atomics+0x1dc/0x310 [ 29.234203] ? __pfx_kasan_atomics+0x10/0x10 [ 29.234229] ? __pfx_read_tsc+0x10/0x10 [ 29.234253] ? ktime_get_ts64+0x86/0x230 [ 29.234279] kunit_try_run_case+0x1a5/0x480 [ 29.234306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.234331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.234355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.234384] ? __kthread_parkme+0x82/0x180 [ 29.234406] ? preempt_count_sub+0x50/0x80 [ 29.234431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.234457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.234483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.234509] kthread+0x337/0x6f0 [ 29.234532] ? trace_preempt_on+0x20/0xc0 [ 29.234557] ? __pfx_kthread+0x10/0x10 [ 29.234579] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.234604] ? calculate_sigpending+0x7b/0xa0 [ 29.234630] ? __pfx_kthread+0x10/0x10 [ 29.234655] ret_from_fork+0x116/0x1d0 [ 29.234676] ? __pfx_kthread+0x10/0x10 [ 29.234700] ret_from_fork_asm+0x1a/0x30 [ 29.234733] </TASK> [ 29.234745] [ 29.247211] Allocated by task 314: [ 29.247349] kasan_save_stack+0x45/0x70 [ 29.247496] kasan_save_track+0x18/0x40 [ 29.247631] kasan_save_alloc_info+0x3b/0x50 [ 29.247778] __kasan_kmalloc+0xb7/0xc0 [ 29.247907] __kmalloc_cache_noprof+0x189/0x420 [ 29.248648] kasan_atomics+0x95/0x310 [ 29.248923] kunit_try_run_case+0x1a5/0x480 [ 29.249629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.250219] kthread+0x337/0x6f0 [ 29.250545] ret_from_fork+0x116/0x1d0 [ 29.250737] ret_from_fork_asm+0x1a/0x30 [ 29.251264] [ 29.251371] The buggy address belongs to the object at ffff888106266f00 [ 29.251371] which belongs to the cache kmalloc-64 of size 64 [ 29.252233] The buggy address is located 0 bytes to the right of [ 29.252233] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.252729] [ 29.252853] The buggy address belongs to the physical page: [ 29.253620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.254717] flags: 0x200000000000000(node=0|zone=2) [ 29.255031] page_type: f5(slab) [ 29.255195] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.255503] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.255825] page dumped because: kasan: bad access detected [ 29.256035] [ 29.256102] Memory state around the buggy address: [ 29.256255] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.256569] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.256884] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.257365] ^ [ 29.257572] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.257793] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.258271] ================================================================== [ 29.483617] ================================================================== [ 29.483984] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 29.484416] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.485174] [ 29.485287] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.485335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.485348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.485370] Call Trace: [ 29.485386] <TASK> [ 29.485402] dump_stack_lvl+0x73/0xb0 [ 29.485431] print_report+0xd1/0x640 [ 29.485456] ? __virt_addr_valid+0x1db/0x2d0 [ 29.485480] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.485727] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.485762] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.485787] kasan_report+0x141/0x180 [ 29.485812] ? kasan_atomics_helper+0x1b22/0x5450 [ 29.485840] kasan_check_range+0x10c/0x1c0 [ 29.485867] __kasan_check_write+0x18/0x20 [ 29.485893] kasan_atomics_helper+0x1b22/0x5450 [ 29.485918] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.485954] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.485980] ? kasan_atomics+0x152/0x310 [ 29.486008] kasan_atomics+0x1dc/0x310 [ 29.486033] ? __pfx_kasan_atomics+0x10/0x10 [ 29.486059] ? __pfx_read_tsc+0x10/0x10 [ 29.486098] ? ktime_get_ts64+0x86/0x230 [ 29.486126] kunit_try_run_case+0x1a5/0x480 [ 29.486169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.486193] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.486217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.486245] ? __kthread_parkme+0x82/0x180 [ 29.486267] ? preempt_count_sub+0x50/0x80 [ 29.486291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.486318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.486345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.486371] kthread+0x337/0x6f0 [ 29.486392] ? trace_preempt_on+0x20/0xc0 [ 29.486417] ? __pfx_kthread+0x10/0x10 [ 29.486441] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.486467] ? calculate_sigpending+0x7b/0xa0 [ 29.486492] ? __pfx_kthread+0x10/0x10 [ 29.486516] ret_from_fork+0x116/0x1d0 [ 29.486538] ? __pfx_kthread+0x10/0x10 [ 29.486560] ret_from_fork_asm+0x1a/0x30 [ 29.486594] </TASK> [ 29.486607] [ 29.498416] Allocated by task 314: [ 29.498841] kasan_save_stack+0x45/0x70 [ 29.499083] kasan_save_track+0x18/0x40 [ 29.499497] kasan_save_alloc_info+0x3b/0x50 [ 29.499690] __kasan_kmalloc+0xb7/0xc0 [ 29.500101] __kmalloc_cache_noprof+0x189/0x420 [ 29.500319] kasan_atomics+0x95/0x310 [ 29.500495] kunit_try_run_case+0x1a5/0x480 [ 29.500677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.501223] kthread+0x337/0x6f0 [ 29.501380] ret_from_fork+0x116/0x1d0 [ 29.501546] ret_from_fork_asm+0x1a/0x30 [ 29.501734] [ 29.501822] The buggy address belongs to the object at ffff888106266f00 [ 29.501822] which belongs to the cache kmalloc-64 of size 64 [ 29.502730] The buggy address is located 0 bytes to the right of [ 29.502730] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.503640] [ 29.503795] The buggy address belongs to the physical page: [ 29.504215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.504717] flags: 0x200000000000000(node=0|zone=2) [ 29.505113] page_type: f5(slab) [ 29.505348] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.505893] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.506421] page dumped because: kasan: bad access detected [ 29.506778] [ 29.506911] Memory state around the buggy address: [ 29.507210] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.507611] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.508321] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.508631] ^ [ 29.509024] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.509610] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.510090] ================================================================== [ 28.511608] ================================================================== [ 28.511981] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 28.513096] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 28.513409] [ 28.513510] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.513559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.513572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.513594] Call Trace: [ 28.513608] <TASK> [ 28.513624] dump_stack_lvl+0x73/0xb0 [ 28.513654] print_report+0xd1/0x640 [ 28.513678] ? __virt_addr_valid+0x1db/0x2d0 [ 28.513703] ? kasan_atomics_helper+0x565/0x5450 [ 28.513725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.513754] ? kasan_atomics_helper+0x565/0x5450 [ 28.513777] kasan_report+0x141/0x180 [ 28.513856] ? kasan_atomics_helper+0x565/0x5450 [ 28.513886] kasan_check_range+0x10c/0x1c0 [ 28.513912] __kasan_check_write+0x18/0x20 [ 28.513937] kasan_atomics_helper+0x565/0x5450 [ 28.513973] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 28.513997] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.514023] ? kasan_atomics+0x152/0x310 [ 28.514051] kasan_atomics+0x1dc/0x310 [ 28.514086] ? __pfx_kasan_atomics+0x10/0x10 [ 28.514113] ? __pfx_read_tsc+0x10/0x10 [ 28.514137] ? ktime_get_ts64+0x86/0x230 [ 28.514163] kunit_try_run_case+0x1a5/0x480 [ 28.514189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.514215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.514239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.514267] ? __kthread_parkme+0x82/0x180 [ 28.514288] ? preempt_count_sub+0x50/0x80 [ 28.514313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.514339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.514365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.514391] kthread+0x337/0x6f0 [ 28.514413] ? trace_preempt_on+0x20/0xc0 [ 28.514438] ? __pfx_kthread+0x10/0x10 [ 28.514460] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.514486] ? calculate_sigpending+0x7b/0xa0 [ 28.514511] ? __pfx_kthread+0x10/0x10 [ 28.514534] ret_from_fork+0x116/0x1d0 [ 28.514555] ? __pfx_kthread+0x10/0x10 [ 28.514577] ret_from_fork_asm+0x1a/0x30 [ 28.514611] </TASK> [ 28.514623] [ 28.523036] Allocated by task 314: [ 28.523186] kasan_save_stack+0x45/0x70 [ 28.523337] kasan_save_track+0x18/0x40 [ 28.523474] kasan_save_alloc_info+0x3b/0x50 [ 28.523655] __kasan_kmalloc+0xb7/0xc0 [ 28.524057] __kmalloc_cache_noprof+0x189/0x420 [ 28.524313] kasan_atomics+0x95/0x310 [ 28.524505] kunit_try_run_case+0x1a5/0x480 [ 28.524714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.525063] kthread+0x337/0x6f0 [ 28.525263] ret_from_fork+0x116/0x1d0 [ 28.525447] ret_from_fork_asm+0x1a/0x30 [ 28.525616] [ 28.525706] The buggy address belongs to the object at ffff888106266f00 [ 28.525706] which belongs to the cache kmalloc-64 of size 64 [ 28.526290] The buggy address is located 0 bytes to the right of [ 28.526290] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 28.526846] [ 28.526933] The buggy address belongs to the physical page: [ 28.527154] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 28.527400] flags: 0x200000000000000(node=0|zone=2) [ 28.527565] page_type: f5(slab) [ 28.527685] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 28.527920] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.528213] page dumped because: kasan: bad access detected [ 28.528471] [ 28.528560] Memory state around the buggy address: [ 28.528786] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.529302] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.529653] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.530126] ^ [ 28.530323] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.530591] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.530886] ================================================================== [ 29.034052] ================================================================== [ 29.034426] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 29.034772] Write of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.035221] [ 29.035370] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.035420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.035433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.035456] Call Trace: [ 29.035471] <TASK> [ 29.035488] dump_stack_lvl+0x73/0xb0 [ 29.035554] print_report+0xd1/0x640 [ 29.035579] ? __virt_addr_valid+0x1db/0x2d0 [ 29.035605] ? kasan_atomics_helper+0x1148/0x5450 [ 29.035627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.035687] ? kasan_atomics_helper+0x1148/0x5450 [ 29.035712] kasan_report+0x141/0x180 [ 29.035736] ? kasan_atomics_helper+0x1148/0x5450 [ 29.035765] kasan_check_range+0x10c/0x1c0 [ 29.035842] __kasan_check_write+0x18/0x20 [ 29.035870] kasan_atomics_helper+0x1148/0x5450 [ 29.035895] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.035919] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.036022] ? kasan_atomics+0x152/0x310 [ 29.036076] kasan_atomics+0x1dc/0x310 [ 29.036126] ? __pfx_kasan_atomics+0x10/0x10 [ 29.036153] ? __pfx_read_tsc+0x10/0x10 [ 29.036178] ? ktime_get_ts64+0x86/0x230 [ 29.036252] kunit_try_run_case+0x1a5/0x480 [ 29.036279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.036304] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.036328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.036356] ? __kthread_parkme+0x82/0x180 [ 29.036378] ? preempt_count_sub+0x50/0x80 [ 29.036404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.036429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.036455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.036481] kthread+0x337/0x6f0 [ 29.036503] ? trace_preempt_on+0x20/0xc0 [ 29.036528] ? __pfx_kthread+0x10/0x10 [ 29.036550] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.036585] ? calculate_sigpending+0x7b/0xa0 [ 29.036612] ? __pfx_kthread+0x10/0x10 [ 29.036636] ret_from_fork+0x116/0x1d0 [ 29.036657] ? __pfx_kthread+0x10/0x10 [ 29.036680] ret_from_fork_asm+0x1a/0x30 [ 29.036713] </TASK> [ 29.036725] [ 29.046663] Allocated by task 314: [ 29.046800] kasan_save_stack+0x45/0x70 [ 29.046981] kasan_save_track+0x18/0x40 [ 29.047416] kasan_save_alloc_info+0x3b/0x50 [ 29.047848] __kasan_kmalloc+0xb7/0xc0 [ 29.048015] __kmalloc_cache_noprof+0x189/0x420 [ 29.048252] kasan_atomics+0x95/0x310 [ 29.048470] kunit_try_run_case+0x1a5/0x480 [ 29.048670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.049017] kthread+0x337/0x6f0 [ 29.049208] ret_from_fork+0x116/0x1d0 [ 29.049431] ret_from_fork_asm+0x1a/0x30 [ 29.049646] [ 29.049741] The buggy address belongs to the object at ffff888106266f00 [ 29.049741] which belongs to the cache kmalloc-64 of size 64 [ 29.050512] The buggy address is located 0 bytes to the right of [ 29.050512] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.051273] [ 29.051377] The buggy address belongs to the physical page: [ 29.051650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.052152] flags: 0x200000000000000(node=0|zone=2) [ 29.052401] page_type: f5(slab) [ 29.052564] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.053031] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.053338] page dumped because: kasan: bad access detected [ 29.053519] [ 29.053586] Memory state around the buggy address: [ 29.053784] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.054341] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.054688] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.055283] ^ [ 29.055552] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.056001] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.056360] ================================================================== [ 29.625078] ================================================================== [ 29.625317] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 29.625552] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.626186] [ 29.626368] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.626416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.626429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.626451] Call Trace: [ 29.626467] <TASK> [ 29.626484] dump_stack_lvl+0x73/0xb0 [ 29.626512] print_report+0xd1/0x640 [ 29.626536] ? __virt_addr_valid+0x1db/0x2d0 [ 29.626561] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.626584] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.626612] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.626635] kasan_report+0x141/0x180 [ 29.626659] ? kasan_atomics_helper+0x1e12/0x5450 [ 29.626710] kasan_check_range+0x10c/0x1c0 [ 29.626750] __kasan_check_write+0x18/0x20 [ 29.626774] kasan_atomics_helper+0x1e12/0x5450 [ 29.626813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.626851] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.626878] ? kasan_atomics+0x152/0x310 [ 29.626905] kasan_atomics+0x1dc/0x310 [ 29.626955] ? __pfx_kasan_atomics+0x10/0x10 [ 29.626994] ? __pfx_read_tsc+0x10/0x10 [ 29.627018] ? ktime_get_ts64+0x86/0x230 [ 29.627044] kunit_try_run_case+0x1a5/0x480 [ 29.627083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.627122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.627147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.627175] ? __kthread_parkme+0x82/0x180 [ 29.627197] ? preempt_count_sub+0x50/0x80 [ 29.627222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.627259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.627285] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.627311] kthread+0x337/0x6f0 [ 29.627333] ? trace_preempt_on+0x20/0xc0 [ 29.627357] ? __pfx_kthread+0x10/0x10 [ 29.627380] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.627406] ? calculate_sigpending+0x7b/0xa0 [ 29.627431] ? __pfx_kthread+0x10/0x10 [ 29.627454] ret_from_fork+0x116/0x1d0 [ 29.627475] ? __pfx_kthread+0x10/0x10 [ 29.627497] ret_from_fork_asm+0x1a/0x30 [ 29.627530] </TASK> [ 29.627542] [ 29.644173] Allocated by task 314: [ 29.644636] kasan_save_stack+0x45/0x70 [ 29.645177] kasan_save_track+0x18/0x40 [ 29.645761] kasan_save_alloc_info+0x3b/0x50 [ 29.646398] __kasan_kmalloc+0xb7/0xc0 [ 29.646901] __kmalloc_cache_noprof+0x189/0x420 [ 29.647533] kasan_atomics+0x95/0x310 [ 29.648050] kunit_try_run_case+0x1a5/0x480 [ 29.648675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.649491] kthread+0x337/0x6f0 [ 29.649653] ret_from_fork+0x116/0x1d0 [ 29.650106] ret_from_fork_asm+0x1a/0x30 [ 29.650625] [ 29.651021] The buggy address belongs to the object at ffff888106266f00 [ 29.651021] which belongs to the cache kmalloc-64 of size 64 [ 29.651758] The buggy address is located 0 bytes to the right of [ 29.651758] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.653515] [ 29.653743] The buggy address belongs to the physical page: [ 29.654367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.655201] flags: 0x200000000000000(node=0|zone=2) [ 29.655588] page_type: f5(slab) [ 29.655724] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.656667] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.657673] page dumped because: kasan: bad access detected [ 29.658352] [ 29.658593] Memory state around the buggy address: [ 29.658774] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.659692] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.660586] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.661301] ^ [ 29.661751] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.662597] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.663095] ================================================================== [ 29.303374] ================================================================== [ 29.304059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 29.304367] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.304652] [ 29.304755] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.304802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.304816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.304837] Call Trace: [ 29.304852] <TASK> [ 29.304867] dump_stack_lvl+0x73/0xb0 [ 29.304895] print_report+0xd1/0x640 [ 29.304920] ? __virt_addr_valid+0x1db/0x2d0 [ 29.304958] ? kasan_atomics_helper+0x164f/0x5450 [ 29.304981] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.305010] ? kasan_atomics_helper+0x164f/0x5450 [ 29.305034] kasan_report+0x141/0x180 [ 29.305113] ? kasan_atomics_helper+0x164f/0x5450 [ 29.305152] kasan_check_range+0x10c/0x1c0 [ 29.305178] __kasan_check_write+0x18/0x20 [ 29.305203] kasan_atomics_helper+0x164f/0x5450 [ 29.305228] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.305253] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.305279] ? kasan_atomics+0x152/0x310 [ 29.305307] kasan_atomics+0x1dc/0x310 [ 29.305331] ? __pfx_kasan_atomics+0x10/0x10 [ 29.305357] ? __pfx_read_tsc+0x10/0x10 [ 29.305381] ? ktime_get_ts64+0x86/0x230 [ 29.305407] kunit_try_run_case+0x1a5/0x480 [ 29.305433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.305458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.305481] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.305509] ? __kthread_parkme+0x82/0x180 [ 29.305531] ? preempt_count_sub+0x50/0x80 [ 29.305557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.305582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.305608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.305634] kthread+0x337/0x6f0 [ 29.305656] ? trace_preempt_on+0x20/0xc0 [ 29.305682] ? __pfx_kthread+0x10/0x10 [ 29.305705] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.305731] ? calculate_sigpending+0x7b/0xa0 [ 29.305757] ? __pfx_kthread+0x10/0x10 [ 29.305780] ret_from_fork+0x116/0x1d0 [ 29.305880] ? __pfx_kthread+0x10/0x10 [ 29.305905] ret_from_fork_asm+0x1a/0x30 [ 29.305939] </TASK> [ 29.305962] [ 29.313703] Allocated by task 314: [ 29.313885] kasan_save_stack+0x45/0x70 [ 29.314146] kasan_save_track+0x18/0x40 [ 29.314318] kasan_save_alloc_info+0x3b/0x50 [ 29.314502] __kasan_kmalloc+0xb7/0xc0 [ 29.314669] __kmalloc_cache_noprof+0x189/0x420 [ 29.314861] kasan_atomics+0x95/0x310 [ 29.315031] kunit_try_run_case+0x1a5/0x480 [ 29.315225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.315404] kthread+0x337/0x6f0 [ 29.315524] ret_from_fork+0x116/0x1d0 [ 29.315657] ret_from_fork_asm+0x1a/0x30 [ 29.315853] [ 29.315953] The buggy address belongs to the object at ffff888106266f00 [ 29.315953] which belongs to the cache kmalloc-64 of size 64 [ 29.316484] The buggy address is located 0 bytes to the right of [ 29.316484] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.317234] [ 29.317324] The buggy address belongs to the physical page: [ 29.317578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.318004] flags: 0x200000000000000(node=0|zone=2) [ 29.318502] page_type: f5(slab) [ 29.318723] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.319020] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.319475] page dumped because: kasan: bad access detected [ 29.319716] [ 29.319855] Memory state around the buggy address: [ 29.320064] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.320288] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.320510] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.320727] ^ [ 29.320884] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.321197] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.321864] ================================================================== [ 29.753431] ================================================================== [ 29.753725] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 29.754225] Write of size 8 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.754645] [ 29.754753] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.754879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.754896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.754918] Call Trace: [ 29.754957] <TASK> [ 29.754977] dump_stack_lvl+0x73/0xb0 [ 29.755007] print_report+0xd1/0x640 [ 29.755033] ? __virt_addr_valid+0x1db/0x2d0 [ 29.755059] ? kasan_atomics_helper+0x2006/0x5450 [ 29.755083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.755113] ? kasan_atomics_helper+0x2006/0x5450 [ 29.755149] kasan_report+0x141/0x180 [ 29.755173] ? kasan_atomics_helper+0x2006/0x5450 [ 29.755214] kasan_check_range+0x10c/0x1c0 [ 29.755242] __kasan_check_write+0x18/0x20 [ 29.755268] kasan_atomics_helper+0x2006/0x5450 [ 29.755294] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.755319] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.755348] ? kasan_atomics+0x152/0x310 [ 29.755377] kasan_atomics+0x1dc/0x310 [ 29.755402] ? __pfx_kasan_atomics+0x10/0x10 [ 29.755440] ? __pfx_read_tsc+0x10/0x10 [ 29.755465] ? ktime_get_ts64+0x86/0x230 [ 29.755491] kunit_try_run_case+0x1a5/0x480 [ 29.755519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.755545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.755569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.755609] ? __kthread_parkme+0x82/0x180 [ 29.755632] ? preempt_count_sub+0x50/0x80 [ 29.755668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.755694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.755730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.755757] kthread+0x337/0x6f0 [ 29.755779] ? trace_preempt_on+0x20/0xc0 [ 29.756006] ? __pfx_kthread+0x10/0x10 [ 29.756031] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.756072] ? calculate_sigpending+0x7b/0xa0 [ 29.756099] ? __pfx_kthread+0x10/0x10 [ 29.756124] ret_from_fork+0x116/0x1d0 [ 29.756147] ? __pfx_kthread+0x10/0x10 [ 29.756170] ret_from_fork_asm+0x1a/0x30 [ 29.756204] </TASK> [ 29.756218] [ 29.765431] Allocated by task 314: [ 29.765615] kasan_save_stack+0x45/0x70 [ 29.765867] kasan_save_track+0x18/0x40 [ 29.766066] kasan_save_alloc_info+0x3b/0x50 [ 29.766290] __kasan_kmalloc+0xb7/0xc0 [ 29.766497] __kmalloc_cache_noprof+0x189/0x420 [ 29.766673] kasan_atomics+0x95/0x310 [ 29.766879] kunit_try_run_case+0x1a5/0x480 [ 29.767221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.767418] kthread+0x337/0x6f0 [ 29.767539] ret_from_fork+0x116/0x1d0 [ 29.767672] ret_from_fork_asm+0x1a/0x30 [ 29.767828] [ 29.767919] The buggy address belongs to the object at ffff888106266f00 [ 29.767919] which belongs to the cache kmalloc-64 of size 64 [ 29.768611] The buggy address is located 0 bytes to the right of [ 29.768611] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.769477] [ 29.769559] The buggy address belongs to the physical page: [ 29.769807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.770511] flags: 0x200000000000000(node=0|zone=2) [ 29.770729] page_type: f5(slab) [ 29.770896] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.771403] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.771742] page dumped because: kasan: bad access detected [ 29.771995] [ 29.772228] Memory state around the buggy address: [ 29.772464] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.772782] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.773269] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.773607] ^ [ 29.773819] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.774298] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.774528] ================================================================== [ 29.096412] ================================================================== [ 29.096665] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 29.097031] Read of size 4 at addr ffff888106266f30 by task kunit_try_catch/314 [ 29.097351] [ 29.097434] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 29.097572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.097588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 29.097610] Call Trace: [ 29.097625] <TASK> [ 29.097640] dump_stack_lvl+0x73/0xb0 [ 29.097692] print_report+0xd1/0x640 [ 29.097718] ? __virt_addr_valid+0x1db/0x2d0 [ 29.097741] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.097765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.098009] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.098034] kasan_report+0x141/0x180 [ 29.098084] ? kasan_atomics_helper+0x49e8/0x5450 [ 29.098112] __asan_report_load4_noabort+0x18/0x20 [ 29.098139] kasan_atomics_helper+0x49e8/0x5450 [ 29.098163] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 29.098188] ? __kmalloc_cache_noprof+0x189/0x420 [ 29.098234] ? kasan_atomics+0x152/0x310 [ 29.098262] kasan_atomics+0x1dc/0x310 [ 29.098288] ? __pfx_kasan_atomics+0x10/0x10 [ 29.098314] ? __pfx_read_tsc+0x10/0x10 [ 29.098338] ? ktime_get_ts64+0x86/0x230 [ 29.098364] kunit_try_run_case+0x1a5/0x480 [ 29.098389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.098414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.098438] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.098466] ? __kthread_parkme+0x82/0x180 [ 29.098488] ? preempt_count_sub+0x50/0x80 [ 29.098513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.098539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.098565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.098612] kthread+0x337/0x6f0 [ 29.098635] ? trace_preempt_on+0x20/0xc0 [ 29.098660] ? __pfx_kthread+0x10/0x10 [ 29.098682] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.098708] ? calculate_sigpending+0x7b/0xa0 [ 29.098733] ? __pfx_kthread+0x10/0x10 [ 29.098757] ret_from_fork+0x116/0x1d0 [ 29.098784] ? __pfx_kthread+0x10/0x10 [ 29.098806] ret_from_fork_asm+0x1a/0x30 [ 29.098839] </TASK> [ 29.098851] [ 29.107187] Allocated by task 314: [ 29.107366] kasan_save_stack+0x45/0x70 [ 29.107562] kasan_save_track+0x18/0x40 [ 29.107758] kasan_save_alloc_info+0x3b/0x50 [ 29.108072] __kasan_kmalloc+0xb7/0xc0 [ 29.108292] __kmalloc_cache_noprof+0x189/0x420 [ 29.108514] kasan_atomics+0x95/0x310 [ 29.108651] kunit_try_run_case+0x1a5/0x480 [ 29.108937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 29.109241] kthread+0x337/0x6f0 [ 29.109376] ret_from_fork+0x116/0x1d0 [ 29.109525] ret_from_fork_asm+0x1a/0x30 [ 29.109723] [ 29.110026] The buggy address belongs to the object at ffff888106266f00 [ 29.110026] which belongs to the cache kmalloc-64 of size 64 [ 29.110549] The buggy address is located 0 bytes to the right of [ 29.110549] allocated 48-byte region [ffff888106266f00, ffff888106266f30) [ 29.111056] [ 29.111183] The buggy address belongs to the physical page: [ 29.111443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 29.111864] flags: 0x200000000000000(node=0|zone=2) [ 29.112163] page_type: f5(slab) [ 29.112317] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 29.112556] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 29.112985] page dumped because: kasan: bad access detected [ 29.113287] [ 29.113380] Memory state around the buggy address: [ 29.113617] ffff888106266e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.114031] ffff888106266e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.114419] >ffff888106266f00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.114738] ^ [ 29.114990] ffff888106266f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.115213] ffff888106267000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.115628] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 28.127435] ================================================================== [ 28.127730] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.128602] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.129224] [ 28.129386] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.129431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.129442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.129463] Call Trace: [ 28.129479] <TASK> [ 28.129494] dump_stack_lvl+0x73/0xb0 [ 28.129520] print_report+0xd1/0x640 [ 28.129708] ? __virt_addr_valid+0x1db/0x2d0 [ 28.129734] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.129763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.129831] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.129862] kasan_report+0x141/0x180 [ 28.129886] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.129919] kasan_check_range+0x10c/0x1c0 [ 28.129958] __kasan_check_write+0x18/0x20 [ 28.129983] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 28.130012] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.130041] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.130077] ? trace_hardirqs_on+0x37/0xe0 [ 28.130101] ? kasan_bitops_generic+0x92/0x1c0 [ 28.130129] kasan_bitops_generic+0x121/0x1c0 [ 28.130153] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.130180] ? __pfx_read_tsc+0x10/0x10 [ 28.130203] ? ktime_get_ts64+0x86/0x230 [ 28.130229] kunit_try_run_case+0x1a5/0x480 [ 28.130254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.130279] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.130302] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.130330] ? __kthread_parkme+0x82/0x180 [ 28.130351] ? preempt_count_sub+0x50/0x80 [ 28.130376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.130402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.130427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.130452] kthread+0x337/0x6f0 [ 28.130473] ? trace_preempt_on+0x20/0xc0 [ 28.130497] ? __pfx_kthread+0x10/0x10 [ 28.130519] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.130544] ? calculate_sigpending+0x7b/0xa0 [ 28.130569] ? __pfx_kthread+0x10/0x10 [ 28.130592] ret_from_fork+0x116/0x1d0 [ 28.130612] ? __pfx_kthread+0x10/0x10 [ 28.130634] ret_from_fork_asm+0x1a/0x30 [ 28.130667] </TASK> [ 28.130678] [ 28.146017] Allocated by task 310: [ 28.146393] kasan_save_stack+0x45/0x70 [ 28.146881] kasan_save_track+0x18/0x40 [ 28.147375] kasan_save_alloc_info+0x3b/0x50 [ 28.147751] __kasan_kmalloc+0xb7/0xc0 [ 28.148149] __kmalloc_cache_noprof+0x189/0x420 [ 28.148349] kasan_bitops_generic+0x92/0x1c0 [ 28.148493] kunit_try_run_case+0x1a5/0x480 [ 28.148635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.148982] kthread+0x337/0x6f0 [ 28.149182] ret_from_fork+0x116/0x1d0 [ 28.149356] ret_from_fork_asm+0x1a/0x30 [ 28.149555] [ 28.149654] The buggy address belongs to the object at ffff8881057d7680 [ 28.149654] which belongs to the cache kmalloc-16 of size 16 [ 28.150251] The buggy address is located 8 bytes inside of [ 28.150251] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.151066] [ 28.151169] The buggy address belongs to the physical page: [ 28.151416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.151721] flags: 0x200000000000000(node=0|zone=2) [ 28.152010] page_type: f5(slab) [ 28.152273] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.152549] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.152992] page dumped because: kasan: bad access detected [ 28.153240] [ 28.153336] Memory state around the buggy address: [ 28.153509] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.153830] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.154287] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.154570] ^ [ 28.154748] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.155078] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.155472] ================================================================== [ 28.156239] ================================================================== [ 28.156572] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.157274] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.157615] [ 28.157721] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.157769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.157789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.157810] Call Trace: [ 28.157822] <TASK> [ 28.157837] dump_stack_lvl+0x73/0xb0 [ 28.157865] print_report+0xd1/0x640 [ 28.157888] ? __virt_addr_valid+0x1db/0x2d0 [ 28.157912] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.157939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.157979] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.158008] kasan_report+0x141/0x180 [ 28.158030] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.158064] kasan_check_range+0x10c/0x1c0 [ 28.158110] __kasan_check_write+0x18/0x20 [ 28.158135] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 28.158164] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.158211] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.158236] ? trace_hardirqs_on+0x37/0xe0 [ 28.158258] ? kasan_bitops_generic+0x92/0x1c0 [ 28.158287] kasan_bitops_generic+0x121/0x1c0 [ 28.158312] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.158337] ? __pfx_read_tsc+0x10/0x10 [ 28.158375] ? ktime_get_ts64+0x86/0x230 [ 28.158400] kunit_try_run_case+0x1a5/0x480 [ 28.158427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.158450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.158473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.158500] ? __kthread_parkme+0x82/0x180 [ 28.158521] ? preempt_count_sub+0x50/0x80 [ 28.158545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.158570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.158595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.158619] kthread+0x337/0x6f0 [ 28.158658] ? trace_preempt_on+0x20/0xc0 [ 28.158682] ? __pfx_kthread+0x10/0x10 [ 28.158703] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.158728] ? calculate_sigpending+0x7b/0xa0 [ 28.158753] ? __pfx_kthread+0x10/0x10 [ 28.158775] ret_from_fork+0x116/0x1d0 [ 28.158796] ? __pfx_kthread+0x10/0x10 [ 28.158833] ret_from_fork_asm+0x1a/0x30 [ 28.158865] </TASK> [ 28.158876] [ 28.167346] Allocated by task 310: [ 28.167542] kasan_save_stack+0x45/0x70 [ 28.167759] kasan_save_track+0x18/0x40 [ 28.167985] kasan_save_alloc_info+0x3b/0x50 [ 28.168217] __kasan_kmalloc+0xb7/0xc0 [ 28.168421] __kmalloc_cache_noprof+0x189/0x420 [ 28.168596] kasan_bitops_generic+0x92/0x1c0 [ 28.168741] kunit_try_run_case+0x1a5/0x480 [ 28.168951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.169407] kthread+0x337/0x6f0 [ 28.169539] ret_from_fork+0x116/0x1d0 [ 28.169741] ret_from_fork_asm+0x1a/0x30 [ 28.169935] [ 28.170023] The buggy address belongs to the object at ffff8881057d7680 [ 28.170023] which belongs to the cache kmalloc-16 of size 16 [ 28.170535] The buggy address is located 8 bytes inside of [ 28.170535] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.171010] [ 28.171144] The buggy address belongs to the physical page: [ 28.171363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.171706] flags: 0x200000000000000(node=0|zone=2) [ 28.171937] page_type: f5(slab) [ 28.172135] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.172445] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.172781] page dumped because: kasan: bad access detected [ 28.173019] [ 28.173130] Memory state around the buggy address: [ 28.173368] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.173792] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.174135] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.174411] ^ [ 28.174573] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.174912] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.175238] ================================================================== [ 28.272391] ================================================================== [ 28.272760] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.273389] Read of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.273710] [ 28.273906] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.273962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.273973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.273994] Call Trace: [ 28.274007] <TASK> [ 28.274021] dump_stack_lvl+0x73/0xb0 [ 28.274047] print_report+0xd1/0x640 [ 28.274078] ? __virt_addr_valid+0x1db/0x2d0 [ 28.274103] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.274130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.274157] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.274186] kasan_report+0x141/0x180 [ 28.274220] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.274253] __asan_report_load8_noabort+0x18/0x20 [ 28.274289] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 28.274318] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.274347] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.274372] ? trace_hardirqs_on+0x37/0xe0 [ 28.274395] ? kasan_bitops_generic+0x92/0x1c0 [ 28.274424] kasan_bitops_generic+0x121/0x1c0 [ 28.274449] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.274475] ? __pfx_read_tsc+0x10/0x10 [ 28.274498] ? ktime_get_ts64+0x86/0x230 [ 28.274522] kunit_try_run_case+0x1a5/0x480 [ 28.274547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.274571] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.274593] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.274620] ? __kthread_parkme+0x82/0x180 [ 28.274641] ? preempt_count_sub+0x50/0x80 [ 28.274664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.274690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.274724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.274750] kthread+0x337/0x6f0 [ 28.274770] ? trace_preempt_on+0x20/0xc0 [ 28.274803] ? __pfx_kthread+0x10/0x10 [ 28.274825] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.274850] ? calculate_sigpending+0x7b/0xa0 [ 28.274874] ? __pfx_kthread+0x10/0x10 [ 28.274897] ret_from_fork+0x116/0x1d0 [ 28.274916] ? __pfx_kthread+0x10/0x10 [ 28.274938] ret_from_fork_asm+0x1a/0x30 [ 28.274979] </TASK> [ 28.274989] [ 28.283606] Allocated by task 310: [ 28.283778] kasan_save_stack+0x45/0x70 [ 28.283937] kasan_save_track+0x18/0x40 [ 28.284082] kasan_save_alloc_info+0x3b/0x50 [ 28.284230] __kasan_kmalloc+0xb7/0xc0 [ 28.284363] __kmalloc_cache_noprof+0x189/0x420 [ 28.284519] kasan_bitops_generic+0x92/0x1c0 [ 28.284669] kunit_try_run_case+0x1a5/0x480 [ 28.284817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.285003] kthread+0x337/0x6f0 [ 28.285128] ret_from_fork+0x116/0x1d0 [ 28.285271] ret_from_fork_asm+0x1a/0x30 [ 28.285464] [ 28.285552] The buggy address belongs to the object at ffff8881057d7680 [ 28.285552] which belongs to the cache kmalloc-16 of size 16 [ 28.286089] The buggy address is located 8 bytes inside of [ 28.286089] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.286963] [ 28.287061] The buggy address belongs to the physical page: [ 28.287326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.287684] flags: 0x200000000000000(node=0|zone=2) [ 28.287921] page_type: f5(slab) [ 28.288064] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.288339] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.288570] page dumped because: kasan: bad access detected [ 28.288744] [ 28.288808] Memory state around the buggy address: [ 28.288980] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.289624] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.289968] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.290593] ^ [ 28.290790] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.291150] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.291473] ================================================================== [ 28.253166] ================================================================== [ 28.253646] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.254187] Read of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.254508] [ 28.254607] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.254654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.254665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.254686] Call Trace: [ 28.254709] <TASK> [ 28.254724] dump_stack_lvl+0x73/0xb0 [ 28.254751] print_report+0xd1/0x640 [ 28.254774] ? __virt_addr_valid+0x1db/0x2d0 [ 28.254810] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.254837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.254864] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.254900] kasan_report+0x141/0x180 [ 28.254924] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.254973] kasan_check_range+0x10c/0x1c0 [ 28.255000] __kasan_check_read+0x15/0x20 [ 28.255024] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 28.255063] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.255094] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.255127] ? trace_hardirqs_on+0x37/0xe0 [ 28.255149] ? kasan_bitops_generic+0x92/0x1c0 [ 28.255178] kasan_bitops_generic+0x121/0x1c0 [ 28.255213] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.255238] ? __pfx_read_tsc+0x10/0x10 [ 28.255262] ? ktime_get_ts64+0x86/0x230 [ 28.255287] kunit_try_run_case+0x1a5/0x480 [ 28.255313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.255338] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.255361] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.255388] ? __kthread_parkme+0x82/0x180 [ 28.255409] ? preempt_count_sub+0x50/0x80 [ 28.255434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.255459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.255484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.255509] kthread+0x337/0x6f0 [ 28.255529] ? trace_preempt_on+0x20/0xc0 [ 28.255553] ? __pfx_kthread+0x10/0x10 [ 28.255575] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.255600] ? calculate_sigpending+0x7b/0xa0 [ 28.255624] ? __pfx_kthread+0x10/0x10 [ 28.255646] ret_from_fork+0x116/0x1d0 [ 28.255666] ? __pfx_kthread+0x10/0x10 [ 28.255688] ret_from_fork_asm+0x1a/0x30 [ 28.255730] </TASK> [ 28.255740] [ 28.264154] Allocated by task 310: [ 28.264347] kasan_save_stack+0x45/0x70 [ 28.264532] kasan_save_track+0x18/0x40 [ 28.264724] kasan_save_alloc_info+0x3b/0x50 [ 28.264931] __kasan_kmalloc+0xb7/0xc0 [ 28.265075] __kmalloc_cache_noprof+0x189/0x420 [ 28.265237] kasan_bitops_generic+0x92/0x1c0 [ 28.265401] kunit_try_run_case+0x1a5/0x480 [ 28.265628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.265882] kthread+0x337/0x6f0 [ 28.266058] ret_from_fork+0x116/0x1d0 [ 28.266272] ret_from_fork_asm+0x1a/0x30 [ 28.266411] [ 28.266476] The buggy address belongs to the object at ffff8881057d7680 [ 28.266476] which belongs to the cache kmalloc-16 of size 16 [ 28.267329] The buggy address is located 8 bytes inside of [ 28.267329] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.267847] [ 28.267939] The buggy address belongs to the physical page: [ 28.268272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.268613] flags: 0x200000000000000(node=0|zone=2) [ 28.268826] page_type: f5(slab) [ 28.269020] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.269390] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.269715] page dumped because: kasan: bad access detected [ 28.269952] [ 28.270061] Memory state around the buggy address: [ 28.270280] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.270598] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.270916] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.271243] ^ [ 28.271415] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.271709] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.271966] ================================================================== [ 28.229446] ================================================================== [ 28.230147] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.231303] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.231966] [ 28.232136] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.232185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.232198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.232218] Call Trace: [ 28.232233] <TASK> [ 28.232250] dump_stack_lvl+0x73/0xb0 [ 28.232278] print_report+0xd1/0x640 [ 28.232302] ? __virt_addr_valid+0x1db/0x2d0 [ 28.232337] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.232365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.232391] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.232431] kasan_report+0x141/0x180 [ 28.232453] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.232486] kasan_check_range+0x10c/0x1c0 [ 28.232510] __kasan_check_write+0x18/0x20 [ 28.232534] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 28.232562] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.232595] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.232620] ? trace_hardirqs_on+0x37/0xe0 [ 28.232653] ? kasan_bitops_generic+0x92/0x1c0 [ 28.232681] kasan_bitops_generic+0x121/0x1c0 [ 28.232705] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.232731] ? __pfx_read_tsc+0x10/0x10 [ 28.232753] ? ktime_get_ts64+0x86/0x230 [ 28.232777] kunit_try_run_case+0x1a5/0x480 [ 28.232801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.232825] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.232847] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.232874] ? __kthread_parkme+0x82/0x180 [ 28.232896] ? preempt_count_sub+0x50/0x80 [ 28.232920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.232955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.232980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.233005] kthread+0x337/0x6f0 [ 28.233026] ? trace_preempt_on+0x20/0xc0 [ 28.233049] ? __pfx_kthread+0x10/0x10 [ 28.233080] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.233106] ? calculate_sigpending+0x7b/0xa0 [ 28.233136] ? __pfx_kthread+0x10/0x10 [ 28.233158] ret_from_fork+0x116/0x1d0 [ 28.233177] ? __pfx_kthread+0x10/0x10 [ 28.233199] ret_from_fork_asm+0x1a/0x30 [ 28.233231] </TASK> [ 28.233243] [ 28.245147] Allocated by task 310: [ 28.245302] kasan_save_stack+0x45/0x70 [ 28.245511] kasan_save_track+0x18/0x40 [ 28.245647] kasan_save_alloc_info+0x3b/0x50 [ 28.245797] __kasan_kmalloc+0xb7/0xc0 [ 28.245929] __kmalloc_cache_noprof+0x189/0x420 [ 28.246156] kasan_bitops_generic+0x92/0x1c0 [ 28.246361] kunit_try_run_case+0x1a5/0x480 [ 28.246572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.246823] kthread+0x337/0x6f0 [ 28.247028] ret_from_fork+0x116/0x1d0 [ 28.247222] ret_from_fork_asm+0x1a/0x30 [ 28.247363] [ 28.247451] The buggy address belongs to the object at ffff8881057d7680 [ 28.247451] which belongs to the cache kmalloc-16 of size 16 [ 28.247935] The buggy address is located 8 bytes inside of [ 28.247935] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.248534] [ 28.248648] The buggy address belongs to the physical page: [ 28.248872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.249226] flags: 0x200000000000000(node=0|zone=2) [ 28.249476] page_type: f5(slab) [ 28.249616] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.249937] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.250404] page dumped because: kasan: bad access detected [ 28.250630] [ 28.250741] Memory state around the buggy address: [ 28.250935] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.251274] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.251581] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.251800] ^ [ 28.251940] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.252285] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.252631] ================================================================== [ 28.198998] ================================================================== [ 28.199605] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.200569] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.201289] [ 28.201384] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.201433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.201446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.201467] Call Trace: [ 28.201482] <TASK> [ 28.201497] dump_stack_lvl+0x73/0xb0 [ 28.201527] print_report+0xd1/0x640 [ 28.201549] ? __virt_addr_valid+0x1db/0x2d0 [ 28.201572] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.201600] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.201627] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.201655] kasan_report+0x141/0x180 [ 28.201678] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.201711] kasan_check_range+0x10c/0x1c0 [ 28.201734] __kasan_check_write+0x18/0x20 [ 28.201759] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 28.201787] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.201816] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.201840] ? trace_hardirqs_on+0x37/0xe0 [ 28.201862] ? kasan_bitops_generic+0x92/0x1c0 [ 28.201890] kasan_bitops_generic+0x121/0x1c0 [ 28.201914] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.201940] ? __pfx_read_tsc+0x10/0x10 [ 28.202193] ? ktime_get_ts64+0x86/0x230 [ 28.202236] kunit_try_run_case+0x1a5/0x480 [ 28.202262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.202318] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.202342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.202369] ? __kthread_parkme+0x82/0x180 [ 28.202389] ? preempt_count_sub+0x50/0x80 [ 28.202414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.202439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.202464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.202491] kthread+0x337/0x6f0 [ 28.202512] ? trace_preempt_on+0x20/0xc0 [ 28.202535] ? __pfx_kthread+0x10/0x10 [ 28.202556] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.202581] ? calculate_sigpending+0x7b/0xa0 [ 28.202606] ? __pfx_kthread+0x10/0x10 [ 28.202630] ret_from_fork+0x116/0x1d0 [ 28.202650] ? __pfx_kthread+0x10/0x10 [ 28.202672] ret_from_fork_asm+0x1a/0x30 [ 28.202704] </TASK> [ 28.202715] [ 28.217798] Allocated by task 310: [ 28.218178] kasan_save_stack+0x45/0x70 [ 28.218491] kasan_save_track+0x18/0x40 [ 28.218639] kasan_save_alloc_info+0x3b/0x50 [ 28.218896] __kasan_kmalloc+0xb7/0xc0 [ 28.219297] __kmalloc_cache_noprof+0x189/0x420 [ 28.219714] kasan_bitops_generic+0x92/0x1c0 [ 28.220031] kunit_try_run_case+0x1a5/0x480 [ 28.220365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.220545] kthread+0x337/0x6f0 [ 28.220664] ret_from_fork+0x116/0x1d0 [ 28.220796] ret_from_fork_asm+0x1a/0x30 [ 28.220934] [ 28.221132] The buggy address belongs to the object at ffff8881057d7680 [ 28.221132] which belongs to the cache kmalloc-16 of size 16 [ 28.222239] The buggy address is located 8 bytes inside of [ 28.222239] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.223302] [ 28.223457] The buggy address belongs to the physical page: [ 28.223960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.224397] flags: 0x200000000000000(node=0|zone=2) [ 28.224565] page_type: f5(slab) [ 28.224686] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.224922] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.225176] page dumped because: kasan: bad access detected [ 28.225352] [ 28.225418] Memory state around the buggy address: [ 28.225574] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.225794] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.226215] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.226825] ^ [ 28.227174] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.227796] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.228498] ================================================================== [ 28.067052] ================================================================== [ 28.067565] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.068022] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.068639] [ 28.068807] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.068854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.068866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.068926] Call Trace: [ 28.068941] <TASK> [ 28.068968] dump_stack_lvl+0x73/0xb0 [ 28.068997] print_report+0xd1/0x640 [ 28.069020] ? __virt_addr_valid+0x1db/0x2d0 [ 28.069044] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.069084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.069112] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.069145] kasan_report+0x141/0x180 [ 28.069168] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.069201] kasan_check_range+0x10c/0x1c0 [ 28.069226] __kasan_check_write+0x18/0x20 [ 28.069250] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 28.069279] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.069309] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.069334] ? trace_hardirqs_on+0x37/0xe0 [ 28.069355] ? kasan_bitops_generic+0x92/0x1c0 [ 28.069384] kasan_bitops_generic+0x121/0x1c0 [ 28.069409] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.069434] ? __pfx_read_tsc+0x10/0x10 [ 28.069456] ? ktime_get_ts64+0x86/0x230 [ 28.069482] kunit_try_run_case+0x1a5/0x480 [ 28.069508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.069554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.069582] ? __kthread_parkme+0x82/0x180 [ 28.069603] ? preempt_count_sub+0x50/0x80 [ 28.069628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.069654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.069679] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.069705] kthread+0x337/0x6f0 [ 28.069725] ? trace_preempt_on+0x20/0xc0 [ 28.069748] ? __pfx_kthread+0x10/0x10 [ 28.069770] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.069837] ? calculate_sigpending+0x7b/0xa0 [ 28.069863] ? __pfx_kthread+0x10/0x10 [ 28.069887] ret_from_fork+0x116/0x1d0 [ 28.069908] ? __pfx_kthread+0x10/0x10 [ 28.069930] ret_from_fork_asm+0x1a/0x30 [ 28.069972] </TASK> [ 28.069984] [ 28.083711] Allocated by task 310: [ 28.084107] kasan_save_stack+0x45/0x70 [ 28.084475] kasan_save_track+0x18/0x40 [ 28.084632] kasan_save_alloc_info+0x3b/0x50 [ 28.084819] __kasan_kmalloc+0xb7/0xc0 [ 28.085179] __kmalloc_cache_noprof+0x189/0x420 [ 28.085596] kasan_bitops_generic+0x92/0x1c0 [ 28.086026] kunit_try_run_case+0x1a5/0x480 [ 28.086455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086670] kthread+0x337/0x6f0 [ 28.086808] ret_from_fork+0x116/0x1d0 [ 28.087383] ret_from_fork_asm+0x1a/0x30 [ 28.087747] [ 28.087928] The buggy address belongs to the object at ffff8881057d7680 [ 28.087928] which belongs to the cache kmalloc-16 of size 16 [ 28.088894] The buggy address is located 8 bytes inside of [ 28.088894] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.090116] [ 28.090317] The buggy address belongs to the physical page: [ 28.090499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.090745] flags: 0x200000000000000(node=0|zone=2) [ 28.090910] page_type: f5(slab) [ 28.091213] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.091967] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.092787] page dumped because: kasan: bad access detected [ 28.093417] [ 28.093579] Memory state around the buggy address: [ 28.094254] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.094889] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.095341] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.095567] ^ [ 28.095692] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.096020] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.096492] ================================================================== [ 28.176547] ================================================================== [ 28.177113] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.177536] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.177861] [ 28.177952] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.178001] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.178032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.178064] Call Trace: [ 28.178078] <TASK> [ 28.178092] dump_stack_lvl+0x73/0xb0 [ 28.178120] print_report+0xd1/0x640 [ 28.178143] ? __virt_addr_valid+0x1db/0x2d0 [ 28.178185] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.178213] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.178240] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.178269] kasan_report+0x141/0x180 [ 28.178292] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.178345] kasan_check_range+0x10c/0x1c0 [ 28.178371] __kasan_check_write+0x18/0x20 [ 28.178396] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 28.178425] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.178454] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.178479] ? trace_hardirqs_on+0x37/0xe0 [ 28.178518] ? kasan_bitops_generic+0x92/0x1c0 [ 28.178547] kasan_bitops_generic+0x121/0x1c0 [ 28.178572] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.178598] ? __pfx_read_tsc+0x10/0x10 [ 28.178622] ? ktime_get_ts64+0x86/0x230 [ 28.178647] kunit_try_run_case+0x1a5/0x480 [ 28.178674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.178698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.178721] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.178749] ? __kthread_parkme+0x82/0x180 [ 28.178769] ? preempt_count_sub+0x50/0x80 [ 28.178793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.178837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.178861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.178887] kthread+0x337/0x6f0 [ 28.178907] ? trace_preempt_on+0x20/0xc0 [ 28.178931] ? __pfx_kthread+0x10/0x10 [ 28.178962] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.178988] ? calculate_sigpending+0x7b/0xa0 [ 28.179029] ? __pfx_kthread+0x10/0x10 [ 28.179061] ret_from_fork+0x116/0x1d0 [ 28.179082] ? __pfx_kthread+0x10/0x10 [ 28.179104] ret_from_fork_asm+0x1a/0x30 [ 28.179137] </TASK> [ 28.179148] [ 28.187236] Allocated by task 310: [ 28.187434] kasan_save_stack+0x45/0x70 [ 28.187630] kasan_save_track+0x18/0x40 [ 28.187817] kasan_save_alloc_info+0x3b/0x50 [ 28.188063] __kasan_kmalloc+0xb7/0xc0 [ 28.188250] __kmalloc_cache_noprof+0x189/0x420 [ 28.188469] kasan_bitops_generic+0x92/0x1c0 [ 28.188673] kunit_try_run_case+0x1a5/0x480 [ 28.188847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.189033] kthread+0x337/0x6f0 [ 28.189213] ret_from_fork+0x116/0x1d0 [ 28.189396] ret_from_fork_asm+0x1a/0x30 [ 28.189586] [ 28.189671] The buggy address belongs to the object at ffff8881057d7680 [ 28.189671] which belongs to the cache kmalloc-16 of size 16 [ 28.190391] The buggy address is located 8 bytes inside of [ 28.190391] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.190878] [ 28.190979] The buggy address belongs to the physical page: [ 28.191220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.191560] flags: 0x200000000000000(node=0|zone=2) [ 28.191815] page_type: f5(slab) [ 28.191932] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.192293] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.192626] page dumped because: kasan: bad access detected [ 28.192871] [ 28.192979] Memory state around the buggy address: [ 28.193222] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.193436] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.193697] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.196036] ^ [ 28.196376] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.196711] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.197039] ================================================================== [ 28.097332] ================================================================== [ 28.097760] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.098521] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.099216] [ 28.099405] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.099455] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.099468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.099489] Call Trace: [ 28.099504] <TASK> [ 28.099520] dump_stack_lvl+0x73/0xb0 [ 28.099547] print_report+0xd1/0x640 [ 28.099570] ? __virt_addr_valid+0x1db/0x2d0 [ 28.099595] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.099623] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.099650] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.099678] kasan_report+0x141/0x180 [ 28.099702] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.099736] kasan_check_range+0x10c/0x1c0 [ 28.099761] __kasan_check_write+0x18/0x20 [ 28.099799] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 28.099828] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 28.099858] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.099883] ? trace_hardirqs_on+0x37/0xe0 [ 28.099906] ? kasan_bitops_generic+0x92/0x1c0 [ 28.099935] kasan_bitops_generic+0x121/0x1c0 [ 28.099970] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.099996] ? __pfx_read_tsc+0x10/0x10 [ 28.100019] ? ktime_get_ts64+0x86/0x230 [ 28.100051] kunit_try_run_case+0x1a5/0x480 [ 28.100077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.100110] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.100133] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.100161] ? __kthread_parkme+0x82/0x180 [ 28.100182] ? preempt_count_sub+0x50/0x80 [ 28.100207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.100232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.100256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.100282] kthread+0x337/0x6f0 [ 28.100303] ? trace_preempt_on+0x20/0xc0 [ 28.100325] ? __pfx_kthread+0x10/0x10 [ 28.100347] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.100372] ? calculate_sigpending+0x7b/0xa0 [ 28.100397] ? __pfx_kthread+0x10/0x10 [ 28.100420] ret_from_fork+0x116/0x1d0 [ 28.100440] ? __pfx_kthread+0x10/0x10 [ 28.100462] ret_from_fork_asm+0x1a/0x30 [ 28.100495] </TASK> [ 28.100507] [ 28.114565] Allocated by task 310: [ 28.114913] kasan_save_stack+0x45/0x70 [ 28.115188] kasan_save_track+0x18/0x40 [ 28.115545] kasan_save_alloc_info+0x3b/0x50 [ 28.116028] __kasan_kmalloc+0xb7/0xc0 [ 28.116278] __kmalloc_cache_noprof+0x189/0x420 [ 28.116436] kasan_bitops_generic+0x92/0x1c0 [ 28.116587] kunit_try_run_case+0x1a5/0x480 [ 28.116734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.117535] kthread+0x337/0x6f0 [ 28.117961] ret_from_fork+0x116/0x1d0 [ 28.118505] ret_from_fork_asm+0x1a/0x30 [ 28.118937] [ 28.119207] The buggy address belongs to the object at ffff8881057d7680 [ 28.119207] which belongs to the cache kmalloc-16 of size 16 [ 28.120515] The buggy address is located 8 bytes inside of [ 28.120515] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.121397] [ 28.121470] The buggy address belongs to the physical page: [ 28.121651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.122178] flags: 0x200000000000000(node=0|zone=2) [ 28.122630] page_type: f5(slab) [ 28.123087] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.123762] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.124496] page dumped because: kasan: bad access detected [ 28.125063] [ 28.125140] Memory state around the buggy address: [ 28.125300] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.125520] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.125739] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.125975] ^ [ 28.126169] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.126539] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.126961] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 27.842625] ================================================================== [ 27.843592] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.844375] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.844703] [ 27.845109] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.845191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.845205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.845228] Call Trace: [ 27.845242] <TASK> [ 27.845260] dump_stack_lvl+0x73/0xb0 [ 27.845293] print_report+0xd1/0x640 [ 27.845317] ? __virt_addr_valid+0x1db/0x2d0 [ 27.845343] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.845369] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.845397] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.845424] kasan_report+0x141/0x180 [ 27.845448] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.845479] kasan_check_range+0x10c/0x1c0 [ 27.845505] __kasan_check_write+0x18/0x20 [ 27.845530] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 27.845557] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.845585] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.845611] ? trace_hardirqs_on+0x37/0xe0 [ 27.845635] ? kasan_bitops_generic+0x92/0x1c0 [ 27.845665] kasan_bitops_generic+0x116/0x1c0 [ 27.845690] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.845716] ? __pfx_read_tsc+0x10/0x10 [ 27.845741] ? ktime_get_ts64+0x86/0x230 [ 27.845767] kunit_try_run_case+0x1a5/0x480 [ 27.845807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.845831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.845855] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.845882] ? __kthread_parkme+0x82/0x180 [ 27.845904] ? preempt_count_sub+0x50/0x80 [ 27.845928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.845963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.845989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.846013] kthread+0x337/0x6f0 [ 27.846034] ? trace_preempt_on+0x20/0xc0 [ 27.846069] ? __pfx_kthread+0x10/0x10 [ 27.846091] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.846116] ? calculate_sigpending+0x7b/0xa0 [ 27.846141] ? __pfx_kthread+0x10/0x10 [ 27.846163] ret_from_fork+0x116/0x1d0 [ 27.846184] ? __pfx_kthread+0x10/0x10 [ 27.846205] ret_from_fork_asm+0x1a/0x30 [ 27.846238] </TASK> [ 27.846251] [ 27.858425] Allocated by task 310: [ 27.858692] kasan_save_stack+0x45/0x70 [ 27.859049] kasan_save_track+0x18/0x40 [ 27.859227] kasan_save_alloc_info+0x3b/0x50 [ 27.859437] __kasan_kmalloc+0xb7/0xc0 [ 27.859614] __kmalloc_cache_noprof+0x189/0x420 [ 27.859829] kasan_bitops_generic+0x92/0x1c0 [ 27.860048] kunit_try_run_case+0x1a5/0x480 [ 27.860734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.861183] kthread+0x337/0x6f0 [ 27.861478] ret_from_fork+0x116/0x1d0 [ 27.861639] ret_from_fork_asm+0x1a/0x30 [ 27.862068] [ 27.862220] The buggy address belongs to the object at ffff8881057d7680 [ 27.862220] which belongs to the cache kmalloc-16 of size 16 [ 27.862993] The buggy address is located 8 bytes inside of [ 27.862993] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.863737] [ 27.863837] The buggy address belongs to the physical page: [ 27.864301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.864745] flags: 0x200000000000000(node=0|zone=2) [ 27.865274] page_type: f5(slab) [ 27.865424] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.865769] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.866321] page dumped because: kasan: bad access detected [ 27.866649] [ 27.866734] Memory state around the buggy address: [ 27.867005] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.867611] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.868076] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.868385] ^ [ 27.868525] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.868828] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.869425] ================================================================== [ 27.998941] ================================================================== [ 27.999436] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 27.999754] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.000288] [ 28.000591] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.000701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.000715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.000739] Call Trace: [ 28.000753] <TASK> [ 28.000769] dump_stack_lvl+0x73/0xb0 [ 28.000858] print_report+0xd1/0x640 [ 28.000882] ? __virt_addr_valid+0x1db/0x2d0 [ 28.000907] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.000933] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.000973] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.001000] kasan_report+0x141/0x180 [ 28.001023] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.001054] kasan_check_range+0x10c/0x1c0 [ 28.001079] __kasan_check_write+0x18/0x20 [ 28.001102] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 28.001136] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.001163] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.001188] ? trace_hardirqs_on+0x37/0xe0 [ 28.001210] ? kasan_bitops_generic+0x92/0x1c0 [ 28.001238] kasan_bitops_generic+0x116/0x1c0 [ 28.001263] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.001289] ? __pfx_read_tsc+0x10/0x10 [ 28.001312] ? ktime_get_ts64+0x86/0x230 [ 28.001336] kunit_try_run_case+0x1a5/0x480 [ 28.001361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.001384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.001407] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.001435] ? __kthread_parkme+0x82/0x180 [ 28.001456] ? preempt_count_sub+0x50/0x80 [ 28.001480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.001505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.001530] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.001554] kthread+0x337/0x6f0 [ 28.001575] ? trace_preempt_on+0x20/0xc0 [ 28.001598] ? __pfx_kthread+0x10/0x10 [ 28.001620] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.001644] ? calculate_sigpending+0x7b/0xa0 [ 28.001668] ? __pfx_kthread+0x10/0x10 [ 28.001691] ret_from_fork+0x116/0x1d0 [ 28.001711] ? __pfx_kthread+0x10/0x10 [ 28.001733] ret_from_fork_asm+0x1a/0x30 [ 28.001764] </TASK> [ 28.001776] [ 28.018451] Allocated by task 310: [ 28.018592] kasan_save_stack+0x45/0x70 [ 28.018740] kasan_save_track+0x18/0x40 [ 28.018880] kasan_save_alloc_info+0x3b/0x50 [ 28.019478] __kasan_kmalloc+0xb7/0xc0 [ 28.019991] __kmalloc_cache_noprof+0x189/0x420 [ 28.020667] kasan_bitops_generic+0x92/0x1c0 [ 28.021191] kunit_try_run_case+0x1a5/0x480 [ 28.021754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.022565] kthread+0x337/0x6f0 [ 28.022814] ret_from_fork+0x116/0x1d0 [ 28.022963] ret_from_fork_asm+0x1a/0x30 [ 28.023490] [ 28.023664] The buggy address belongs to the object at ffff8881057d7680 [ 28.023664] which belongs to the cache kmalloc-16 of size 16 [ 28.025195] The buggy address is located 8 bytes inside of [ 28.025195] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.025581] [ 28.025652] The buggy address belongs to the physical page: [ 28.025837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.026103] flags: 0x200000000000000(node=0|zone=2) [ 28.026270] page_type: f5(slab) [ 28.026475] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.027225] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.027987] page dumped because: kasan: bad access detected [ 28.028510] [ 28.028664] Memory state around the buggy address: [ 28.029115] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.029699] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.030021] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.030624] ^ [ 28.031138] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.031567] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.031837] ================================================================== [ 27.870147] ================================================================== [ 27.870455] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.871298] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.871703] [ 27.872020] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.872077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.872091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.872172] Call Trace: [ 27.872194] <TASK> [ 27.872213] dump_stack_lvl+0x73/0xb0 [ 27.872245] print_report+0xd1/0x640 [ 27.872269] ? __virt_addr_valid+0x1db/0x2d0 [ 27.872295] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.872321] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.872348] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.872375] kasan_report+0x141/0x180 [ 27.872398] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.872430] kasan_check_range+0x10c/0x1c0 [ 27.872455] __kasan_check_write+0x18/0x20 [ 27.872480] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 27.872506] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.872535] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.872559] ? trace_hardirqs_on+0x37/0xe0 [ 27.872583] ? kasan_bitops_generic+0x92/0x1c0 [ 27.872611] kasan_bitops_generic+0x116/0x1c0 [ 27.872636] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.872662] ? __pfx_read_tsc+0x10/0x10 [ 27.872686] ? ktime_get_ts64+0x86/0x230 [ 27.872712] kunit_try_run_case+0x1a5/0x480 [ 27.872738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.872762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.872842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.872872] ? __kthread_parkme+0x82/0x180 [ 27.872896] ? preempt_count_sub+0x50/0x80 [ 27.872921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.872959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.872983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.873009] kthread+0x337/0x6f0 [ 27.873031] ? trace_preempt_on+0x20/0xc0 [ 27.873054] ? __pfx_kthread+0x10/0x10 [ 27.873076] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.873102] ? calculate_sigpending+0x7b/0xa0 [ 27.873133] ? __pfx_kthread+0x10/0x10 [ 27.873156] ret_from_fork+0x116/0x1d0 [ 27.873176] ? __pfx_kthread+0x10/0x10 [ 27.873198] ret_from_fork_asm+0x1a/0x30 [ 27.873231] </TASK> [ 27.873243] [ 27.884440] Allocated by task 310: [ 27.884624] kasan_save_stack+0x45/0x70 [ 27.884788] kasan_save_track+0x18/0x40 [ 27.885016] kasan_save_alloc_info+0x3b/0x50 [ 27.885660] __kasan_kmalloc+0xb7/0xc0 [ 27.885880] __kmalloc_cache_noprof+0x189/0x420 [ 27.886282] kasan_bitops_generic+0x92/0x1c0 [ 27.886455] kunit_try_run_case+0x1a5/0x480 [ 27.886733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.887034] kthread+0x337/0x6f0 [ 27.887168] ret_from_fork+0x116/0x1d0 [ 27.887359] ret_from_fork_asm+0x1a/0x30 [ 27.887530] [ 27.887623] The buggy address belongs to the object at ffff8881057d7680 [ 27.887623] which belongs to the cache kmalloc-16 of size 16 [ 27.888600] The buggy address is located 8 bytes inside of [ 27.888600] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.889241] [ 27.889554] The buggy address belongs to the physical page: [ 27.890032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.890477] flags: 0x200000000000000(node=0|zone=2) [ 27.890694] page_type: f5(slab) [ 27.891042] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.891518] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.891878] page dumped because: kasan: bad access detected [ 27.892331] [ 27.892411] Memory state around the buggy address: [ 27.892624] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.893158] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.893541] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.893903] ^ [ 27.894220] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.894490] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.894817] ================================================================== [ 27.895686] ================================================================== [ 27.896001] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.896610] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.897284] [ 27.897400] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.897450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.897462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.897483] Call Trace: [ 27.897499] <TASK> [ 27.897514] dump_stack_lvl+0x73/0xb0 [ 27.897542] print_report+0xd1/0x640 [ 27.897567] ? __virt_addr_valid+0x1db/0x2d0 [ 27.897591] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.897617] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.897645] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.897672] kasan_report+0x141/0x180 [ 27.897696] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.897727] kasan_check_range+0x10c/0x1c0 [ 27.897752] __kasan_check_write+0x18/0x20 [ 27.897777] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 27.898034] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.898071] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.898097] ? trace_hardirqs_on+0x37/0xe0 [ 27.898120] ? kasan_bitops_generic+0x92/0x1c0 [ 27.898149] kasan_bitops_generic+0x116/0x1c0 [ 27.898174] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.898200] ? __pfx_read_tsc+0x10/0x10 [ 27.898225] ? ktime_get_ts64+0x86/0x230 [ 27.898252] kunit_try_run_case+0x1a5/0x480 [ 27.898278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.898302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.898326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.898353] ? __kthread_parkme+0x82/0x180 [ 27.898375] ? preempt_count_sub+0x50/0x80 [ 27.898399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.898424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.898449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.898474] kthread+0x337/0x6f0 [ 27.898495] ? trace_preempt_on+0x20/0xc0 [ 27.898519] ? __pfx_kthread+0x10/0x10 [ 27.898541] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.898567] ? calculate_sigpending+0x7b/0xa0 [ 27.898591] ? __pfx_kthread+0x10/0x10 [ 27.898613] ret_from_fork+0x116/0x1d0 [ 27.898634] ? __pfx_kthread+0x10/0x10 [ 27.898655] ret_from_fork_asm+0x1a/0x30 [ 27.898687] </TASK> [ 27.898699] [ 27.909676] Allocated by task 310: [ 27.909808] kasan_save_stack+0x45/0x70 [ 27.910533] kasan_save_track+0x18/0x40 [ 27.910869] kasan_save_alloc_info+0x3b/0x50 [ 27.911053] __kasan_kmalloc+0xb7/0xc0 [ 27.911395] __kmalloc_cache_noprof+0x189/0x420 [ 27.911563] kasan_bitops_generic+0x92/0x1c0 [ 27.911776] kunit_try_run_case+0x1a5/0x480 [ 27.912295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.912526] kthread+0x337/0x6f0 [ 27.912754] ret_from_fork+0x116/0x1d0 [ 27.913080] ret_from_fork_asm+0x1a/0x30 [ 27.913366] [ 27.913445] The buggy address belongs to the object at ffff8881057d7680 [ 27.913445] which belongs to the cache kmalloc-16 of size 16 [ 27.914144] The buggy address is located 8 bytes inside of [ 27.914144] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.914642] [ 27.914726] The buggy address belongs to the physical page: [ 27.914954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.915702] flags: 0x200000000000000(node=0|zone=2) [ 27.916093] page_type: f5(slab) [ 27.916230] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.916559] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.916873] page dumped because: kasan: bad access detected [ 27.917127] [ 27.917500] Memory state around the buggy address: [ 27.917700] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.918240] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.918655] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.919099] ^ [ 27.919233] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.919739] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.920294] ================================================================== [ 27.920938] ================================================================== [ 27.921626] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.922040] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.922663] [ 27.922755] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.922857] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.922873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.923034] Call Trace: [ 27.923050] <TASK> [ 27.923067] dump_stack_lvl+0x73/0xb0 [ 27.923097] print_report+0xd1/0x640 [ 27.923120] ? __virt_addr_valid+0x1db/0x2d0 [ 27.923144] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.923171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.923198] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.923225] kasan_report+0x141/0x180 [ 27.923249] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.923280] kasan_check_range+0x10c/0x1c0 [ 27.923305] __kasan_check_write+0x18/0x20 [ 27.923330] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 27.923356] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.923384] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.923410] ? trace_hardirqs_on+0x37/0xe0 [ 27.923433] ? kasan_bitops_generic+0x92/0x1c0 [ 27.923461] kasan_bitops_generic+0x116/0x1c0 [ 27.923486] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.923512] ? __pfx_read_tsc+0x10/0x10 [ 27.923534] ? ktime_get_ts64+0x86/0x230 [ 27.923560] kunit_try_run_case+0x1a5/0x480 [ 27.923585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.923609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.923632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.923660] ? __kthread_parkme+0x82/0x180 [ 27.923681] ? preempt_count_sub+0x50/0x80 [ 27.923706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.923731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.923756] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.923794] kthread+0x337/0x6f0 [ 27.923816] ? trace_preempt_on+0x20/0xc0 [ 27.923840] ? __pfx_kthread+0x10/0x10 [ 27.923862] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.923887] ? calculate_sigpending+0x7b/0xa0 [ 27.923911] ? __pfx_kthread+0x10/0x10 [ 27.923934] ret_from_fork+0x116/0x1d0 [ 27.923964] ? __pfx_kthread+0x10/0x10 [ 27.923985] ret_from_fork_asm+0x1a/0x30 [ 27.924017] </TASK> [ 27.924028] [ 27.935609] Allocated by task 310: [ 27.935976] kasan_save_stack+0x45/0x70 [ 27.936135] kasan_save_track+0x18/0x40 [ 27.936475] kasan_save_alloc_info+0x3b/0x50 [ 27.936693] __kasan_kmalloc+0xb7/0xc0 [ 27.936868] __kmalloc_cache_noprof+0x189/0x420 [ 27.937425] kasan_bitops_generic+0x92/0x1c0 [ 27.937602] kunit_try_run_case+0x1a5/0x480 [ 27.938017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.938328] kthread+0x337/0x6f0 [ 27.938572] ret_from_fork+0x116/0x1d0 [ 27.938732] ret_from_fork_asm+0x1a/0x30 [ 27.939149] [ 27.939227] The buggy address belongs to the object at ffff8881057d7680 [ 27.939227] which belongs to the cache kmalloc-16 of size 16 [ 27.939774] The buggy address is located 8 bytes inside of [ 27.939774] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.940545] [ 27.940747] The buggy address belongs to the physical page: [ 27.941114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.941469] flags: 0x200000000000000(node=0|zone=2) [ 27.941685] page_type: f5(slab) [ 27.942211] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.942527] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.943049] page dumped because: kasan: bad access detected [ 27.943405] [ 27.943479] Memory state around the buggy address: [ 27.943678] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.944362] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.944658] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.945153] ^ [ 27.945326] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.945621] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.946244] ================================================================== [ 28.032912] ================================================================== [ 28.033782] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.034801] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 28.035409] [ 28.035502] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 28.035551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.035564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.035584] Call Trace: [ 28.035597] <TASK> [ 28.035615] dump_stack_lvl+0x73/0xb0 [ 28.035643] print_report+0xd1/0x640 [ 28.035666] ? __virt_addr_valid+0x1db/0x2d0 [ 28.035692] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.035719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.035745] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.035772] kasan_report+0x141/0x180 [ 28.035857] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.035891] kasan_check_range+0x10c/0x1c0 [ 28.035915] __kasan_check_write+0x18/0x20 [ 28.035940] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 28.035981] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 28.036009] ? __kmalloc_cache_noprof+0x189/0x420 [ 28.036035] ? trace_hardirqs_on+0x37/0xe0 [ 28.036059] ? kasan_bitops_generic+0x92/0x1c0 [ 28.036088] kasan_bitops_generic+0x116/0x1c0 [ 28.036112] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 28.036138] ? __pfx_read_tsc+0x10/0x10 [ 28.036160] ? ktime_get_ts64+0x86/0x230 [ 28.036196] kunit_try_run_case+0x1a5/0x480 [ 28.036221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.036245] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.036268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.036295] ? __kthread_parkme+0x82/0x180 [ 28.036317] ? preempt_count_sub+0x50/0x80 [ 28.036341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.036366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.036391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.036416] kthread+0x337/0x6f0 [ 28.036437] ? trace_preempt_on+0x20/0xc0 [ 28.036461] ? __pfx_kthread+0x10/0x10 [ 28.036483] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.036509] ? calculate_sigpending+0x7b/0xa0 [ 28.036534] ? __pfx_kthread+0x10/0x10 [ 28.036556] ret_from_fork+0x116/0x1d0 [ 28.036577] ? __pfx_kthread+0x10/0x10 [ 28.036599] ret_from_fork_asm+0x1a/0x30 [ 28.036632] </TASK> [ 28.036643] [ 28.051637] Allocated by task 310: [ 28.051770] kasan_save_stack+0x45/0x70 [ 28.052178] kasan_save_track+0x18/0x40 [ 28.052517] kasan_save_alloc_info+0x3b/0x50 [ 28.052895] __kasan_kmalloc+0xb7/0xc0 [ 28.053256] __kmalloc_cache_noprof+0x189/0x420 [ 28.053955] kasan_bitops_generic+0x92/0x1c0 [ 28.054462] kunit_try_run_case+0x1a5/0x480 [ 28.054844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.055448] kthread+0x337/0x6f0 [ 28.055816] ret_from_fork+0x116/0x1d0 [ 28.056262] ret_from_fork_asm+0x1a/0x30 [ 28.056456] [ 28.056524] The buggy address belongs to the object at ffff8881057d7680 [ 28.056524] which belongs to the cache kmalloc-16 of size 16 [ 28.057118] The buggy address is located 8 bytes inside of [ 28.057118] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 28.058348] [ 28.058680] The buggy address belongs to the physical page: [ 28.059276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 28.060090] flags: 0x200000000000000(node=0|zone=2) [ 28.060266] page_type: f5(slab) [ 28.060389] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 28.060627] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 28.060858] page dumped because: kasan: bad access detected [ 28.061226] [ 28.061395] Memory state around the buggy address: [ 28.061810] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.062548] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 28.063267] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.064163] ^ [ 28.064496] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.065171] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.065874] ================================================================== [ 27.973107] ================================================================== [ 27.973516] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.974201] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.974499] [ 27.974607] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.974653] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.974665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.974685] Call Trace: [ 27.974700] <TASK> [ 27.974716] dump_stack_lvl+0x73/0xb0 [ 27.974742] print_report+0xd1/0x640 [ 27.974766] ? __virt_addr_valid+0x1db/0x2d0 [ 27.975031] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.975084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.975113] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.975141] kasan_report+0x141/0x180 [ 27.975166] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.975197] kasan_check_range+0x10c/0x1c0 [ 27.975223] __kasan_check_write+0x18/0x20 [ 27.975247] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 27.975274] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.975301] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.975325] ? trace_hardirqs_on+0x37/0xe0 [ 27.975348] ? kasan_bitops_generic+0x92/0x1c0 [ 27.975376] kasan_bitops_generic+0x116/0x1c0 [ 27.975401] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.975429] ? __pfx_read_tsc+0x10/0x10 [ 27.975451] ? ktime_get_ts64+0x86/0x230 [ 27.975478] kunit_try_run_case+0x1a5/0x480 [ 27.975502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.975527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.975549] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.975576] ? __kthread_parkme+0x82/0x180 [ 27.975597] ? preempt_count_sub+0x50/0x80 [ 27.975622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.975647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.975672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.975698] kthread+0x337/0x6f0 [ 27.975718] ? trace_preempt_on+0x20/0xc0 [ 27.975741] ? __pfx_kthread+0x10/0x10 [ 27.975763] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.975839] ? calculate_sigpending+0x7b/0xa0 [ 27.975865] ? __pfx_kthread+0x10/0x10 [ 27.975889] ret_from_fork+0x116/0x1d0 [ 27.975909] ? __pfx_kthread+0x10/0x10 [ 27.975931] ret_from_fork_asm+0x1a/0x30 [ 27.975974] </TASK> [ 27.975986] [ 27.987410] Allocated by task 310: [ 27.987589] kasan_save_stack+0x45/0x70 [ 27.988064] kasan_save_track+0x18/0x40 [ 27.988247] kasan_save_alloc_info+0x3b/0x50 [ 27.988446] __kasan_kmalloc+0xb7/0xc0 [ 27.988617] __kmalloc_cache_noprof+0x189/0x420 [ 27.988814] kasan_bitops_generic+0x92/0x1c0 [ 27.989334] kunit_try_run_case+0x1a5/0x480 [ 27.989496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.989827] kthread+0x337/0x6f0 [ 27.990218] ret_from_fork+0x116/0x1d0 [ 27.990408] ret_from_fork_asm+0x1a/0x30 [ 27.990584] [ 27.990666] The buggy address belongs to the object at ffff8881057d7680 [ 27.990666] which belongs to the cache kmalloc-16 of size 16 [ 27.991461] The buggy address is located 8 bytes inside of [ 27.991461] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.992236] [ 27.992317] The buggy address belongs to the physical page: [ 27.992585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.993282] flags: 0x200000000000000(node=0|zone=2) [ 27.993474] page_type: f5(slab) [ 27.993649] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.994044] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.994600] page dumped because: kasan: bad access detected [ 27.994833] [ 27.994993] Memory state around the buggy address: [ 27.995188] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.995493] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.996123] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.996423] ^ [ 27.996591] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.997088] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.997401] ================================================================== [ 27.946848] ================================================================== [ 27.947736] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.948298] Write of size 8 at addr ffff8881057d7688 by task kunit_try_catch/310 [ 27.948625] [ 27.948728] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.948777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.948789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.948810] Call Trace: [ 27.948825] <TASK> [ 27.948840] dump_stack_lvl+0x73/0xb0 [ 27.948869] print_report+0xd1/0x640 [ 27.948893] ? __virt_addr_valid+0x1db/0x2d0 [ 27.949268] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.949297] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.949324] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.949351] kasan_report+0x141/0x180 [ 27.949375] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.949409] kasan_check_range+0x10c/0x1c0 [ 27.949434] __kasan_check_write+0x18/0x20 [ 27.949458] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 27.949486] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 27.949514] ? __kmalloc_cache_noprof+0x189/0x420 [ 27.949539] ? trace_hardirqs_on+0x37/0xe0 [ 27.949562] ? kasan_bitops_generic+0x92/0x1c0 [ 27.949591] kasan_bitops_generic+0x116/0x1c0 [ 27.949616] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 27.949642] ? __pfx_read_tsc+0x10/0x10 [ 27.949665] ? ktime_get_ts64+0x86/0x230 [ 27.949690] kunit_try_run_case+0x1a5/0x480 [ 27.949716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.949740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.949763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.949837] ? __kthread_parkme+0x82/0x180 [ 27.949859] ? preempt_count_sub+0x50/0x80 [ 27.949885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.949909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.949935] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.949971] kthread+0x337/0x6f0 [ 27.949992] ? trace_preempt_on+0x20/0xc0 [ 27.950015] ? __pfx_kthread+0x10/0x10 [ 27.950036] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.950073] ? calculate_sigpending+0x7b/0xa0 [ 27.950098] ? __pfx_kthread+0x10/0x10 [ 27.950122] ret_from_fork+0x116/0x1d0 [ 27.950142] ? __pfx_kthread+0x10/0x10 [ 27.950164] ret_from_fork_asm+0x1a/0x30 [ 27.950196] </TASK> [ 27.950208] [ 27.961576] Allocated by task 310: [ 27.961742] kasan_save_stack+0x45/0x70 [ 27.961913] kasan_save_track+0x18/0x40 [ 27.962555] kasan_save_alloc_info+0x3b/0x50 [ 27.962742] __kasan_kmalloc+0xb7/0xc0 [ 27.962966] __kmalloc_cache_noprof+0x189/0x420 [ 27.963725] kasan_bitops_generic+0x92/0x1c0 [ 27.964050] kunit_try_run_case+0x1a5/0x480 [ 27.964233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.964489] kthread+0x337/0x6f0 [ 27.964639] ret_from_fork+0x116/0x1d0 [ 27.964817] ret_from_fork_asm+0x1a/0x30 [ 27.964996] [ 27.965063] The buggy address belongs to the object at ffff8881057d7680 [ 27.965063] which belongs to the cache kmalloc-16 of size 16 [ 27.965987] The buggy address is located 8 bytes inside of [ 27.965987] allocated 9-byte region [ffff8881057d7680, ffff8881057d7689) [ 27.966677] [ 27.966940] The buggy address belongs to the physical page: [ 27.967456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 27.967903] flags: 0x200000000000000(node=0|zone=2) [ 27.968338] page_type: f5(slab) [ 27.968491] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 27.969028] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.969312] page dumped because: kasan: bad access detected [ 27.969565] [ 27.969659] Memory state around the buggy address: [ 27.969862] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.970512] ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 27.970773] >ffff8881057d7680: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.971329] ^ [ 27.971479] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.972122] ffff8881057d7780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.972475] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 27.807593] ================================================================== [ 27.808234] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 27.808608] Read of size 1 at addr ffff88810625ff90 by task kunit_try_catch/308 [ 27.809242] [ 27.809348] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.809399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.809412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.809434] Call Trace: [ 27.809454] <TASK> [ 27.809470] dump_stack_lvl+0x73/0xb0 [ 27.809499] print_report+0xd1/0x640 [ 27.809522] ? __virt_addr_valid+0x1db/0x2d0 [ 27.809547] ? strnlen+0x73/0x80 [ 27.809567] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.809595] ? strnlen+0x73/0x80 [ 27.809616] kasan_report+0x141/0x180 [ 27.809640] ? strnlen+0x73/0x80 [ 27.809667] __asan_report_load1_noabort+0x18/0x20 [ 27.809694] strnlen+0x73/0x80 [ 27.809719] kasan_strings+0x615/0xe80 [ 27.809739] ? trace_hardirqs_on+0x37/0xe0 [ 27.809764] ? __pfx_kasan_strings+0x10/0x10 [ 27.809789] ? finish_task_switch.isra.0+0x153/0x700 [ 27.809814] ? __switch_to+0x47/0xf80 [ 27.809842] ? __schedule+0x10da/0x2b60 [ 27.809865] ? __pfx_read_tsc+0x10/0x10 [ 27.809888] ? ktime_get_ts64+0x86/0x230 [ 27.809914] kunit_try_run_case+0x1a5/0x480 [ 27.809940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.809976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.809999] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.810027] ? __kthread_parkme+0x82/0x180 [ 27.810049] ? preempt_count_sub+0x50/0x80 [ 27.810241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.810268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.810294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.810321] kthread+0x337/0x6f0 [ 27.810343] ? trace_preempt_on+0x20/0xc0 [ 27.810367] ? __pfx_kthread+0x10/0x10 [ 27.810389] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.810415] ? calculate_sigpending+0x7b/0xa0 [ 27.810439] ? __pfx_kthread+0x10/0x10 [ 27.810462] ret_from_fork+0x116/0x1d0 [ 27.810483] ? __pfx_kthread+0x10/0x10 [ 27.810506] ret_from_fork_asm+0x1a/0x30 [ 27.810538] </TASK> [ 27.810550] [ 27.822963] Allocated by task 308: [ 27.823188] kasan_save_stack+0x45/0x70 [ 27.823664] kasan_save_track+0x18/0x40 [ 27.824070] kasan_save_alloc_info+0x3b/0x50 [ 27.824420] __kasan_kmalloc+0xb7/0xc0 [ 27.824726] __kmalloc_cache_noprof+0x189/0x420 [ 27.825157] kasan_strings+0xc0/0xe80 [ 27.825445] kunit_try_run_case+0x1a5/0x480 [ 27.825616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.826193] kthread+0x337/0x6f0 [ 27.826382] ret_from_fork+0x116/0x1d0 [ 27.826535] ret_from_fork_asm+0x1a/0x30 [ 27.827093] [ 27.827181] Freed by task 308: [ 27.827501] kasan_save_stack+0x45/0x70 [ 27.827805] kasan_save_track+0x18/0x40 [ 27.828028] kasan_save_free_info+0x3f/0x60 [ 27.828646] __kasan_slab_free+0x5e/0x80 [ 27.828840] kfree+0x222/0x3f0 [ 27.829276] kasan_strings+0x2aa/0xe80 [ 27.829581] kunit_try_run_case+0x1a5/0x480 [ 27.829914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.830385] kthread+0x337/0x6f0 [ 27.830695] ret_from_fork+0x116/0x1d0 [ 27.831133] ret_from_fork_asm+0x1a/0x30 [ 27.831353] [ 27.831446] The buggy address belongs to the object at ffff88810625ff80 [ 27.831446] which belongs to the cache kmalloc-32 of size 32 [ 27.832062] The buggy address is located 16 bytes inside of [ 27.832062] freed 32-byte region [ffff88810625ff80, ffff88810625ffa0) [ 27.833064] [ 27.833188] The buggy address belongs to the physical page: [ 27.833624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625f [ 27.834235] flags: 0x200000000000000(node=0|zone=2) [ 27.834554] page_type: f5(slab) [ 27.834737] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.835408] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 27.835807] page dumped because: kasan: bad access detected [ 27.836254] [ 27.836356] Memory state around the buggy address: [ 27.836583] ffff88810625fe80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.836901] ffff88810625ff00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.837554] >ffff88810625ff80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.837993] ^ [ 27.838398] ffff888106260000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.839060] ffff888106260080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.839501] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 27.779717] ================================================================== [ 27.780113] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 27.780418] Read of size 1 at addr ffff88810625ff90 by task kunit_try_catch/308 [ 27.780761] [ 27.780862] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.780908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.780921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.780951] Call Trace: [ 27.780966] <TASK> [ 27.780981] dump_stack_lvl+0x73/0xb0 [ 27.781008] print_report+0xd1/0x640 [ 27.781031] ? __virt_addr_valid+0x1db/0x2d0 [ 27.781062] ? strlen+0x8f/0xb0 [ 27.781082] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.781110] ? strlen+0x8f/0xb0 [ 27.781140] kasan_report+0x141/0x180 [ 27.781163] ? strlen+0x8f/0xb0 [ 27.781188] __asan_report_load1_noabort+0x18/0x20 [ 27.781215] strlen+0x8f/0xb0 [ 27.781237] kasan_strings+0x57b/0xe80 [ 27.781258] ? trace_hardirqs_on+0x37/0xe0 [ 27.781282] ? __pfx_kasan_strings+0x10/0x10 [ 27.781304] ? finish_task_switch.isra.0+0x153/0x700 [ 27.781327] ? __switch_to+0x47/0xf80 [ 27.781354] ? __schedule+0x10da/0x2b60 [ 27.781377] ? __pfx_read_tsc+0x10/0x10 [ 27.781400] ? ktime_get_ts64+0x86/0x230 [ 27.781424] kunit_try_run_case+0x1a5/0x480 [ 27.781450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.781473] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.781496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.781523] ? __kthread_parkme+0x82/0x180 [ 27.781543] ? preempt_count_sub+0x50/0x80 [ 27.781567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.781592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.781616] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.781641] kthread+0x337/0x6f0 [ 27.781662] ? trace_preempt_on+0x20/0xc0 [ 27.781684] ? __pfx_kthread+0x10/0x10 [ 27.781706] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.781731] ? calculate_sigpending+0x7b/0xa0 [ 27.781755] ? __pfx_kthread+0x10/0x10 [ 27.781778] ret_from_fork+0x116/0x1d0 [ 27.781799] ? __pfx_kthread+0x10/0x10 [ 27.781820] ret_from_fork_asm+0x1a/0x30 [ 27.781852] </TASK> [ 27.781862] [ 27.789899] Allocated by task 308: [ 27.790127] kasan_save_stack+0x45/0x70 [ 27.790332] kasan_save_track+0x18/0x40 [ 27.790521] kasan_save_alloc_info+0x3b/0x50 [ 27.790732] __kasan_kmalloc+0xb7/0xc0 [ 27.791037] __kmalloc_cache_noprof+0x189/0x420 [ 27.791308] kasan_strings+0xc0/0xe80 [ 27.791442] kunit_try_run_case+0x1a5/0x480 [ 27.791651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.792017] kthread+0x337/0x6f0 [ 27.792231] ret_from_fork+0x116/0x1d0 [ 27.792431] ret_from_fork_asm+0x1a/0x30 [ 27.792603] [ 27.792711] Freed by task 308: [ 27.792914] kasan_save_stack+0x45/0x70 [ 27.793146] kasan_save_track+0x18/0x40 [ 27.793347] kasan_save_free_info+0x3f/0x60 [ 27.793531] __kasan_slab_free+0x5e/0x80 [ 27.793669] kfree+0x222/0x3f0 [ 27.793783] kasan_strings+0x2aa/0xe80 [ 27.793915] kunit_try_run_case+0x1a5/0x480 [ 27.795142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.795998] kthread+0x337/0x6f0 [ 27.796424] ret_from_fork+0x116/0x1d0 [ 27.796950] ret_from_fork_asm+0x1a/0x30 [ 27.797510] [ 27.797834] The buggy address belongs to the object at ffff88810625ff80 [ 27.797834] which belongs to the cache kmalloc-32 of size 32 [ 27.798715] The buggy address is located 16 bytes inside of [ 27.798715] freed 32-byte region [ffff88810625ff80, ffff88810625ffa0) [ 27.800266] [ 27.800410] The buggy address belongs to the physical page: [ 27.800684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625f [ 27.801056] flags: 0x200000000000000(node=0|zone=2) [ 27.801299] page_type: f5(slab) [ 27.801916] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.802451] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 27.802985] page dumped because: kasan: bad access detected [ 27.803397] [ 27.803500] Memory state around the buggy address: [ 27.804044] ffff88810625fe80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.804444] ffff88810625ff00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.804855] >ffff88810625ff80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.805438] ^ [ 27.805635] ffff888106260000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.806253] ffff888106260080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.806637] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 27.757374] ================================================================== [ 27.757708] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 27.758138] Read of size 1 at addr ffff88810625ff90 by task kunit_try_catch/308 [ 27.758405] [ 27.758498] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.758544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.758556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.758577] Call Trace: [ 27.758590] <TASK> [ 27.758604] dump_stack_lvl+0x73/0xb0 [ 27.758632] print_report+0xd1/0x640 [ 27.758656] ? __virt_addr_valid+0x1db/0x2d0 [ 27.758680] ? kasan_strings+0xcbc/0xe80 [ 27.758702] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.758729] ? kasan_strings+0xcbc/0xe80 [ 27.758753] kasan_report+0x141/0x180 [ 27.758843] ? kasan_strings+0xcbc/0xe80 [ 27.758875] __asan_report_load1_noabort+0x18/0x20 [ 27.758903] kasan_strings+0xcbc/0xe80 [ 27.758924] ? trace_hardirqs_on+0x37/0xe0 [ 27.758959] ? __pfx_kasan_strings+0x10/0x10 [ 27.758981] ? finish_task_switch.isra.0+0x153/0x700 [ 27.759005] ? __switch_to+0x47/0xf80 [ 27.759031] ? __schedule+0x10da/0x2b60 [ 27.759054] ? __pfx_read_tsc+0x10/0x10 [ 27.759093] ? ktime_get_ts64+0x86/0x230 [ 27.759120] kunit_try_run_case+0x1a5/0x480 [ 27.759146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.759170] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.759193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.759220] ? __kthread_parkme+0x82/0x180 [ 27.759241] ? preempt_count_sub+0x50/0x80 [ 27.759265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.759291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.759315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.759340] kthread+0x337/0x6f0 [ 27.759361] ? trace_preempt_on+0x20/0xc0 [ 27.759384] ? __pfx_kthread+0x10/0x10 [ 27.759406] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.759431] ? calculate_sigpending+0x7b/0xa0 [ 27.759456] ? __pfx_kthread+0x10/0x10 [ 27.759478] ret_from_fork+0x116/0x1d0 [ 27.759498] ? __pfx_kthread+0x10/0x10 [ 27.759519] ret_from_fork_asm+0x1a/0x30 [ 27.759553] </TASK> [ 27.759563] [ 27.767552] Allocated by task 308: [ 27.767736] kasan_save_stack+0x45/0x70 [ 27.768096] kasan_save_track+0x18/0x40 [ 27.768246] kasan_save_alloc_info+0x3b/0x50 [ 27.768396] __kasan_kmalloc+0xb7/0xc0 [ 27.768531] __kmalloc_cache_noprof+0x189/0x420 [ 27.768688] kasan_strings+0xc0/0xe80 [ 27.768887] kunit_try_run_case+0x1a5/0x480 [ 27.769160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.769418] kthread+0x337/0x6f0 [ 27.769587] ret_from_fork+0x116/0x1d0 [ 27.769835] ret_from_fork_asm+0x1a/0x30 [ 27.770056] [ 27.770187] Freed by task 308: [ 27.770341] kasan_save_stack+0x45/0x70 [ 27.770532] kasan_save_track+0x18/0x40 [ 27.770721] kasan_save_free_info+0x3f/0x60 [ 27.771014] __kasan_slab_free+0x5e/0x80 [ 27.771212] kfree+0x222/0x3f0 [ 27.771370] kasan_strings+0x2aa/0xe80 [ 27.771504] kunit_try_run_case+0x1a5/0x480 [ 27.771653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.771988] kthread+0x337/0x6f0 [ 27.772179] ret_from_fork+0x116/0x1d0 [ 27.772366] ret_from_fork_asm+0x1a/0x30 [ 27.772561] [ 27.772652] The buggy address belongs to the object at ffff88810625ff80 [ 27.772652] which belongs to the cache kmalloc-32 of size 32 [ 27.773348] The buggy address is located 16 bytes inside of [ 27.773348] freed 32-byte region [ffff88810625ff80, ffff88810625ffa0) [ 27.773937] [ 27.774022] The buggy address belongs to the physical page: [ 27.774220] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625f [ 27.774508] flags: 0x200000000000000(node=0|zone=2) [ 27.774754] page_type: f5(slab) [ 27.775017] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.775393] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 27.775732] page dumped because: kasan: bad access detected [ 27.776182] [ 27.776309] Memory state around the buggy address: [ 27.776513] ffff88810625fe80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.776737] ffff88810625ff00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.777069] >ffff88810625ff80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.777395] ^ [ 27.777679] ffff888106260000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.778022] ffff888106260080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.778391] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 27.735333] ================================================================== [ 27.736424] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 27.736699] Read of size 1 at addr ffff88810625ff90 by task kunit_try_catch/308 [ 27.737148] [ 27.737246] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.737299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.737312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.737335] Call Trace: [ 27.737349] <TASK> [ 27.737366] dump_stack_lvl+0x73/0xb0 [ 27.737395] print_report+0xd1/0x640 [ 27.737421] ? __virt_addr_valid+0x1db/0x2d0 [ 27.737447] ? strcmp+0xb0/0xc0 [ 27.737469] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.737496] ? strcmp+0xb0/0xc0 [ 27.737518] kasan_report+0x141/0x180 [ 27.737541] ? strcmp+0xb0/0xc0 [ 27.737567] __asan_report_load1_noabort+0x18/0x20 [ 27.737593] strcmp+0xb0/0xc0 [ 27.737616] kasan_strings+0x431/0xe80 [ 27.737637] ? trace_hardirqs_on+0x37/0xe0 [ 27.737662] ? __pfx_kasan_strings+0x10/0x10 [ 27.737683] ? finish_task_switch.isra.0+0x153/0x700 [ 27.737706] ? __switch_to+0x47/0xf80 [ 27.737735] ? __schedule+0x10da/0x2b60 [ 27.737757] ? __pfx_read_tsc+0x10/0x10 [ 27.737842] ? ktime_get_ts64+0x86/0x230 [ 27.737872] kunit_try_run_case+0x1a5/0x480 [ 27.737900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.737924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.737956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.737983] ? __kthread_parkme+0x82/0x180 [ 27.738005] ? preempt_count_sub+0x50/0x80 [ 27.738029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.738072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.738098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.738124] kthread+0x337/0x6f0 [ 27.738144] ? trace_preempt_on+0x20/0xc0 [ 27.738168] ? __pfx_kthread+0x10/0x10 [ 27.738189] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.738214] ? calculate_sigpending+0x7b/0xa0 [ 27.738239] ? __pfx_kthread+0x10/0x10 [ 27.738262] ret_from_fork+0x116/0x1d0 [ 27.738282] ? __pfx_kthread+0x10/0x10 [ 27.738303] ret_from_fork_asm+0x1a/0x30 [ 27.738336] </TASK> [ 27.738347] [ 27.746299] Allocated by task 308: [ 27.746483] kasan_save_stack+0x45/0x70 [ 27.746683] kasan_save_track+0x18/0x40 [ 27.746925] kasan_save_alloc_info+0x3b/0x50 [ 27.747144] __kasan_kmalloc+0xb7/0xc0 [ 27.747320] __kmalloc_cache_noprof+0x189/0x420 [ 27.747536] kasan_strings+0xc0/0xe80 [ 27.747710] kunit_try_run_case+0x1a5/0x480 [ 27.748063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.748360] kthread+0x337/0x6f0 [ 27.748500] ret_from_fork+0x116/0x1d0 [ 27.748678] ret_from_fork_asm+0x1a/0x30 [ 27.748926] [ 27.749035] Freed by task 308: [ 27.749210] kasan_save_stack+0x45/0x70 [ 27.749384] kasan_save_track+0x18/0x40 [ 27.749566] kasan_save_free_info+0x3f/0x60 [ 27.749752] __kasan_slab_free+0x5e/0x80 [ 27.749990] kfree+0x222/0x3f0 [ 27.750147] kasan_strings+0x2aa/0xe80 [ 27.750324] kunit_try_run_case+0x1a5/0x480 [ 27.750534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.750764] kthread+0x337/0x6f0 [ 27.750974] ret_from_fork+0x116/0x1d0 [ 27.751192] ret_from_fork_asm+0x1a/0x30 [ 27.751362] [ 27.751454] The buggy address belongs to the object at ffff88810625ff80 [ 27.751454] which belongs to the cache kmalloc-32 of size 32 [ 27.752108] The buggy address is located 16 bytes inside of [ 27.752108] freed 32-byte region [ffff88810625ff80, ffff88810625ffa0) [ 27.752638] [ 27.752736] The buggy address belongs to the physical page: [ 27.753032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625f [ 27.753314] flags: 0x200000000000000(node=0|zone=2) [ 27.753483] page_type: f5(slab) [ 27.753605] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.753911] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 27.754288] page dumped because: kasan: bad access detected [ 27.754543] [ 27.754631] Memory state around the buggy address: [ 27.754923] ffff88810625fe80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.755284] ffff88810625ff00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.755613] >ffff88810625ff80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 27.756109] ^ [ 27.756322] ffff888106260000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.756594] ffff888106260080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 27.756932] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 27.704229] ================================================================== [ 27.705743] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 27.707002] Read of size 1 at addr ffff88810625fe98 by task kunit_try_catch/306 [ 27.707790] [ 27.707911] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.707972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.707984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.708007] Call Trace: [ 27.708019] <TASK> [ 27.708035] dump_stack_lvl+0x73/0xb0 [ 27.708065] print_report+0xd1/0x640 [ 27.708090] ? __virt_addr_valid+0x1db/0x2d0 [ 27.708114] ? memcmp+0x1b4/0x1d0 [ 27.708136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.708166] ? memcmp+0x1b4/0x1d0 [ 27.708188] kasan_report+0x141/0x180 [ 27.708211] ? memcmp+0x1b4/0x1d0 [ 27.708240] __asan_report_load1_noabort+0x18/0x20 [ 27.708266] memcmp+0x1b4/0x1d0 [ 27.708290] kasan_memcmp+0x18f/0x390 [ 27.708312] ? trace_hardirqs_on+0x37/0xe0 [ 27.708466] ? __pfx_kasan_memcmp+0x10/0x10 [ 27.708498] ? finish_task_switch.isra.0+0x153/0x700 [ 27.708523] ? __switch_to+0x47/0xf80 [ 27.708555] ? __pfx_read_tsc+0x10/0x10 [ 27.708577] ? ktime_get_ts64+0x86/0x230 [ 27.708603] kunit_try_run_case+0x1a5/0x480 [ 27.708630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.708654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.708678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.708706] ? __kthread_parkme+0x82/0x180 [ 27.708726] ? preempt_count_sub+0x50/0x80 [ 27.708752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.708777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.708876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.708902] kthread+0x337/0x6f0 [ 27.708924] ? trace_preempt_on+0x20/0xc0 [ 27.708960] ? __pfx_kthread+0x10/0x10 [ 27.708983] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.709008] ? calculate_sigpending+0x7b/0xa0 [ 27.709033] ? __pfx_kthread+0x10/0x10 [ 27.709056] ret_from_fork+0x116/0x1d0 [ 27.709077] ? __pfx_kthread+0x10/0x10 [ 27.709098] ret_from_fork_asm+0x1a/0x30 [ 27.709136] </TASK> [ 27.709148] [ 27.717182] Allocated by task 306: [ 27.717351] kasan_save_stack+0x45/0x70 [ 27.717553] kasan_save_track+0x18/0x40 [ 27.717719] kasan_save_alloc_info+0x3b/0x50 [ 27.717899] __kasan_kmalloc+0xb7/0xc0 [ 27.718042] __kmalloc_cache_noprof+0x189/0x420 [ 27.718200] kasan_memcmp+0xb7/0x390 [ 27.718328] kunit_try_run_case+0x1a5/0x480 [ 27.718529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.718785] kthread+0x337/0x6f0 [ 27.718982] ret_from_fork+0x116/0x1d0 [ 27.719319] ret_from_fork_asm+0x1a/0x30 [ 27.719519] [ 27.719608] The buggy address belongs to the object at ffff88810625fe80 [ 27.719608] which belongs to the cache kmalloc-32 of size 32 [ 27.720113] The buggy address is located 0 bytes to the right of [ 27.720113] allocated 24-byte region [ffff88810625fe80, ffff88810625fe98) [ 27.720737] [ 27.720874] The buggy address belongs to the physical page: [ 27.721268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625f [ 27.721616] flags: 0x200000000000000(node=0|zone=2) [ 27.721807] page_type: f5(slab) [ 27.722040] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 27.722291] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 27.722520] page dumped because: kasan: bad access detected [ 27.722691] [ 27.722757] Memory state around the buggy address: [ 27.722914] ffff88810625fd80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 27.723203] ffff88810625fe00: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 27.723602] >ffff88810625fe80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.723923] ^ [ 27.724418] ffff88810625ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.724724] ffff88810625ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.725353] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 27.679632] ================================================================== [ 27.680394] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 27.680736] Read of size 1 at addr ffff8881061dfc4a by task kunit_try_catch/302 [ 27.681259] [ 27.681347] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.681398] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.681412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.681433] Call Trace: [ 27.681447] <TASK> [ 27.681462] dump_stack_lvl+0x73/0xb0 [ 27.681493] print_report+0xd1/0x640 [ 27.681518] ? __virt_addr_valid+0x1db/0x2d0 [ 27.681544] ? kasan_alloca_oob_right+0x329/0x390 [ 27.681567] ? kasan_addr_to_slab+0x11/0xa0 [ 27.681589] ? kasan_alloca_oob_right+0x329/0x390 [ 27.681614] kasan_report+0x141/0x180 [ 27.681637] ? kasan_alloca_oob_right+0x329/0x390 [ 27.681666] __asan_report_load1_noabort+0x18/0x20 [ 27.681692] kasan_alloca_oob_right+0x329/0x390 [ 27.681718] ? finish_task_switch.isra.0+0x153/0x700 [ 27.681742] ? mutex_lock_interruptible+0xbe/0xe0 [ 27.681768] ? trace_hardirqs_on+0x37/0xe0 [ 27.681852] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 27.681881] ? __schedule+0x10da/0x2b60 [ 27.681904] ? __pfx_read_tsc+0x10/0x10 [ 27.681928] ? ktime_get_ts64+0x86/0x230 [ 27.681969] kunit_try_run_case+0x1a5/0x480 [ 27.681995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.682019] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.682041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.682079] ? __kthread_parkme+0x82/0x180 [ 27.682100] ? preempt_count_sub+0x50/0x80 [ 27.682125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.682150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.682175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.682201] kthread+0x337/0x6f0 [ 27.682223] ? trace_preempt_on+0x20/0xc0 [ 27.682247] ? __pfx_kthread+0x10/0x10 [ 27.682269] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.682294] ? calculate_sigpending+0x7b/0xa0 [ 27.682318] ? __pfx_kthread+0x10/0x10 [ 27.682341] ret_from_fork+0x116/0x1d0 [ 27.682361] ? __pfx_kthread+0x10/0x10 [ 27.682383] ret_from_fork_asm+0x1a/0x30 [ 27.682415] </TASK> [ 27.682427] [ 27.690578] The buggy address belongs to stack of task kunit_try_catch/302 [ 27.691094] [ 27.691176] The buggy address belongs to the physical page: [ 27.691419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1061df [ 27.691734] flags: 0x200000000000000(node=0|zone=2) [ 27.692049] raw: 0200000000000000 ffffea00041877c8 ffffea00041877c8 0000000000000000 [ 27.692379] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.692669] page dumped because: kasan: bad access detected [ 27.692978] [ 27.693052] Memory state around the buggy address: [ 27.693364] ffff8881061dfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.693653] ffff8881061dfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.693988] >ffff8881061dfc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.694210] ^ [ 27.694388] ffff8881061dfc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.694609] ffff8881061dfd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.694917] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 27.662097] ================================================================== [ 27.662565] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 27.662875] Read of size 1 at addr ffff8881062e7c3f by task kunit_try_catch/300 [ 27.663245] [ 27.663359] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.663409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.663422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.663444] Call Trace: [ 27.663458] <TASK> [ 27.663473] dump_stack_lvl+0x73/0xb0 [ 27.663504] print_report+0xd1/0x640 [ 27.663528] ? __virt_addr_valid+0x1db/0x2d0 [ 27.663554] ? kasan_alloca_oob_left+0x320/0x380 [ 27.663578] ? kasan_addr_to_slab+0x11/0xa0 [ 27.663600] ? kasan_alloca_oob_left+0x320/0x380 [ 27.663624] kasan_report+0x141/0x180 [ 27.663647] ? kasan_alloca_oob_left+0x320/0x380 [ 27.663676] __asan_report_load1_noabort+0x18/0x20 [ 27.663702] kasan_alloca_oob_left+0x320/0x380 [ 27.663728] ? finish_task_switch.isra.0+0x153/0x700 [ 27.663752] ? mutex_lock_interruptible+0xbe/0xe0 [ 27.663778] ? trace_hardirqs_on+0x37/0xe0 [ 27.663804] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 27.663831] ? __schedule+0x10da/0x2b60 [ 27.663853] ? __pfx_read_tsc+0x10/0x10 [ 27.663877] ? ktime_get_ts64+0x86/0x230 [ 27.663903] kunit_try_run_case+0x1a5/0x480 [ 27.663930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.663965] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.663988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.664015] ? __kthread_parkme+0x82/0x180 [ 27.664036] ? preempt_count_sub+0x50/0x80 [ 27.664216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.664256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.664284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.664309] kthread+0x337/0x6f0 [ 27.664331] ? trace_preempt_on+0x20/0xc0 [ 27.664355] ? __pfx_kthread+0x10/0x10 [ 27.664378] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.664403] ? calculate_sigpending+0x7b/0xa0 [ 27.664428] ? __pfx_kthread+0x10/0x10 [ 27.664451] ret_from_fork+0x116/0x1d0 [ 27.664472] ? __pfx_kthread+0x10/0x10 [ 27.664495] ret_from_fork_asm+0x1a/0x30 [ 27.664528] </TASK> [ 27.664540] [ 27.672808] The buggy address belongs to stack of task kunit_try_catch/300 [ 27.673122] [ 27.673227] The buggy address belongs to the physical page: [ 27.673406] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062e7 [ 27.673686] flags: 0x200000000000000(node=0|zone=2) [ 27.673928] raw: 0200000000000000 ffffea000418b9c8 ffffea000418b9c8 0000000000000000 [ 27.674490] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.674720] page dumped because: kasan: bad access detected [ 27.674956] [ 27.675055] Memory state around the buggy address: [ 27.675287] ffff8881062e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.675614] ffff8881062e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.676095] >ffff8881062e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 27.676368] ^ [ 27.676611] ffff8881062e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 27.676924] ffff8881062e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 27.677228] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 27.619924] ================================================================== [ 27.620496] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 27.620833] Read of size 1 at addr ffffffffbaccb00d by task kunit_try_catch/294 [ 27.621154] [ 27.621282] CPU: 1 UID: 0 PID: 294 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.621332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.621345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.621366] Call Trace: [ 27.621378] <TASK> [ 27.621393] dump_stack_lvl+0x73/0xb0 [ 27.621421] print_report+0xd1/0x640 [ 27.621443] ? __virt_addr_valid+0x1db/0x2d0 [ 27.621468] ? kasan_global_oob_right+0x286/0x2d0 [ 27.621490] ? kasan_addr_to_slab+0x11/0xa0 [ 27.621512] ? kasan_global_oob_right+0x286/0x2d0 [ 27.621536] kasan_report+0x141/0x180 [ 27.621559] ? kasan_global_oob_right+0x286/0x2d0 [ 27.621587] __asan_report_load1_noabort+0x18/0x20 [ 27.621613] kasan_global_oob_right+0x286/0x2d0 [ 27.621637] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 27.621665] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 27.621692] kunit_try_run_case+0x1a5/0x480 [ 27.621718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.621742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.621764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.621792] ? __kthread_parkme+0x82/0x180 [ 27.621813] ? preempt_count_sub+0x50/0x80 [ 27.621837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.621863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.621888] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.621913] kthread+0x337/0x6f0 [ 27.621934] ? trace_preempt_on+0x20/0xc0 [ 27.621969] ? __pfx_kthread+0x10/0x10 [ 27.621990] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.622073] ? calculate_sigpending+0x7b/0xa0 [ 27.622099] ? __pfx_kthread+0x10/0x10 [ 27.622122] ret_from_fork+0x116/0x1d0 [ 27.622144] ? __pfx_kthread+0x10/0x10 [ 27.622166] ret_from_fork_asm+0x1a/0x30 [ 27.622199] </TASK> [ 27.622211] [ 27.629005] The buggy address belongs to the variable: [ 27.629504] global_array+0xd/0x40 [ 27.629699] [ 27.629812] The buggy address belongs to the physical page: [ 27.630108] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d0cb [ 27.630429] flags: 0x100000000002000(reserved|node=0|zone=1) [ 27.630640] raw: 0100000000002000 ffffea00013432c8 ffffea00013432c8 0000000000000000 [ 27.630991] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.631359] page dumped because: kasan: bad access detected [ 27.631588] [ 27.631681] Memory state around the buggy address: [ 27.631839] ffffffffbaccaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.632362] ffffffffbaccaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.632692] >ffffffffbaccb000: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 27.633166] ^ [ 27.633306] ffffffffbaccb080: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 27.633624] ffffffffbaccb100: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 27.633969] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 27.595661] ================================================================== [ 27.596519] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.596844] Free of addr ffff888106370001 by task kunit_try_catch/292 [ 27.597237] [ 27.597406] CPU: 0 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.597457] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.597470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.597491] Call Trace: [ 27.597505] <TASK> [ 27.597521] dump_stack_lvl+0x73/0xb0 [ 27.597551] print_report+0xd1/0x640 [ 27.597575] ? __virt_addr_valid+0x1db/0x2d0 [ 27.597601] ? kasan_addr_to_slab+0x11/0xa0 [ 27.597622] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.597650] kasan_report_invalid_free+0x10a/0x130 [ 27.597676] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.597707] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.597733] __kasan_mempool_poison_object+0x102/0x1d0 [ 27.597760] mempool_free+0x490/0x640 [ 27.597787] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.597870] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.597897] ? update_load_avg+0x1be/0x21b0 [ 27.597925] ? finish_task_switch.isra.0+0x153/0x700 [ 27.597964] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 27.597991] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 27.598020] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.598044] ? __pfx_mempool_kfree+0x10/0x10 [ 27.598071] ? __pfx_read_tsc+0x10/0x10 [ 27.598095] ? ktime_get_ts64+0x86/0x230 [ 27.598121] kunit_try_run_case+0x1a5/0x480 [ 27.598145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598169] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.598193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.598219] ? __kthread_parkme+0x82/0x180 [ 27.598241] ? preempt_count_sub+0x50/0x80 [ 27.598275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.598300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.598324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.598350] kthread+0x337/0x6f0 [ 27.598370] ? trace_preempt_on+0x20/0xc0 [ 27.598395] ? __pfx_kthread+0x10/0x10 [ 27.598416] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.598441] ? calculate_sigpending+0x7b/0xa0 [ 27.598465] ? __pfx_kthread+0x10/0x10 [ 27.598488] ret_from_fork+0x116/0x1d0 [ 27.598508] ? __pfx_kthread+0x10/0x10 [ 27.598529] ret_from_fork_asm+0x1a/0x30 [ 27.598563] </TASK> [ 27.598575] [ 27.607852] The buggy address belongs to the physical page: [ 27.608228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106370 [ 27.608526] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.608840] flags: 0x200000000000040(head|node=0|zone=2) [ 27.609261] page_type: f8(unknown) [ 27.609407] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.609648] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.609887] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.610229] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.610580] head: 0200000000000002 ffffea000418dc01 00000000ffffffff 00000000ffffffff [ 27.611097] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.611455] page dumped because: kasan: bad access detected [ 27.611675] [ 27.611741] Memory state around the buggy address: [ 27.611901] ffff88810636ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.612132] ffff88810636ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.612460] >ffff888106370000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.613048] ^ [ 27.613235] ffff888106370080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.613529] ffff888106370100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.613796] ================================================================== [ 27.570646] ================================================================== [ 27.571447] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.571784] Free of addr ffff888105820001 by task kunit_try_catch/290 [ 27.572129] [ 27.572225] CPU: 0 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.572290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.572303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.572324] Call Trace: [ 27.572338] <TASK> [ 27.572356] dump_stack_lvl+0x73/0xb0 [ 27.572386] print_report+0xd1/0x640 [ 27.572410] ? __virt_addr_valid+0x1db/0x2d0 [ 27.572437] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.572464] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572491] kasan_report_invalid_free+0x10a/0x130 [ 27.572517] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572546] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572572] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572598] check_slab_allocation+0x11f/0x130 [ 27.572620] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.572646] mempool_free+0x490/0x640 [ 27.572674] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 27.572700] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 27.572731] ? finish_task_switch.isra.0+0x153/0x700 [ 27.572759] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.572784] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 27.572813] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.572840] ? __pfx_mempool_kfree+0x10/0x10 [ 27.572866] ? __pfx_read_tsc+0x10/0x10 [ 27.572890] ? ktime_get_ts64+0x86/0x230 [ 27.572916] kunit_try_run_case+0x1a5/0x480 [ 27.572953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.572994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.573024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.573052] ? __kthread_parkme+0x82/0x180 [ 27.573083] ? preempt_count_sub+0x50/0x80 [ 27.573108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.573145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.573171] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.573195] kthread+0x337/0x6f0 [ 27.573215] ? trace_preempt_on+0x20/0xc0 [ 27.573240] ? __pfx_kthread+0x10/0x10 [ 27.573262] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.573287] ? calculate_sigpending+0x7b/0xa0 [ 27.573312] ? __pfx_kthread+0x10/0x10 [ 27.573335] ret_from_fork+0x116/0x1d0 [ 27.573355] ? __pfx_kthread+0x10/0x10 [ 27.573376] ret_from_fork_asm+0x1a/0x30 [ 27.573409] </TASK> [ 27.573422] [ 27.582601] Allocated by task 290: [ 27.582799] kasan_save_stack+0x45/0x70 [ 27.583023] kasan_save_track+0x18/0x40 [ 27.583274] kasan_save_alloc_info+0x3b/0x50 [ 27.583466] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.583648] remove_element+0x11e/0x190 [ 27.583966] mempool_alloc_preallocated+0x4d/0x90 [ 27.584177] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 27.584454] mempool_kmalloc_invalid_free+0xed/0x140 [ 27.584689] kunit_try_run_case+0x1a5/0x480 [ 27.584929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.585206] kthread+0x337/0x6f0 [ 27.585360] ret_from_fork+0x116/0x1d0 [ 27.585529] ret_from_fork_asm+0x1a/0x30 [ 27.585711] [ 27.585798] The buggy address belongs to the object at ffff888105820000 [ 27.585798] which belongs to the cache kmalloc-128 of size 128 [ 27.586396] The buggy address is located 1 bytes inside of [ 27.586396] 128-byte region [ffff888105820000, ffff888105820080) [ 27.587061] [ 27.587165] The buggy address belongs to the physical page: [ 27.587379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105820 [ 27.587717] flags: 0x200000000000000(node=0|zone=2) [ 27.588008] page_type: f5(slab) [ 27.588189] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.588487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.588815] page dumped because: kasan: bad access detected [ 27.589046] [ 27.589191] Memory state around the buggy address: [ 27.589376] ffff88810581ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.589676] ffff88810581ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.590041] >ffff888105820000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.590291] ^ [ 27.590408] ffff888105820080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.590627] ffff888105820100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.590879] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 27.549593] ================================================================== [ 27.550360] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.550686] Free of addr ffff888106370000 by task kunit_try_catch/288 [ 27.551027] [ 27.551302] CPU: 0 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.551356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.551370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.551393] Call Trace: [ 27.551407] <TASK> [ 27.551424] dump_stack_lvl+0x73/0xb0 [ 27.551454] print_report+0xd1/0x640 [ 27.551478] ? __virt_addr_valid+0x1db/0x2d0 [ 27.551504] ? kasan_addr_to_slab+0x11/0xa0 [ 27.551526] ? mempool_double_free_helper+0x184/0x370 [ 27.551551] kasan_report_invalid_free+0x10a/0x130 [ 27.551577] ? mempool_double_free_helper+0x184/0x370 [ 27.551604] ? mempool_double_free_helper+0x184/0x370 [ 27.551629] __kasan_mempool_poison_pages+0x115/0x130 [ 27.551655] mempool_free+0x430/0x640 [ 27.551682] mempool_double_free_helper+0x184/0x370 [ 27.551707] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.551735] ? finish_task_switch.isra.0+0x153/0x700 [ 27.551762] mempool_page_alloc_double_free+0xe8/0x140 [ 27.551835] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 27.551869] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.551893] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.551920] ? __pfx_read_tsc+0x10/0x10 [ 27.551957] ? ktime_get_ts64+0x86/0x230 [ 27.551981] kunit_try_run_case+0x1a5/0x480 [ 27.552007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.552031] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.552063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.552091] ? __kthread_parkme+0x82/0x180 [ 27.552112] ? preempt_count_sub+0x50/0x80 [ 27.552136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.552161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.552185] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.552210] kthread+0x337/0x6f0 [ 27.552231] ? trace_preempt_on+0x20/0xc0 [ 27.552255] ? __pfx_kthread+0x10/0x10 [ 27.552276] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.552301] ? calculate_sigpending+0x7b/0xa0 [ 27.552326] ? __pfx_kthread+0x10/0x10 [ 27.552349] ret_from_fork+0x116/0x1d0 [ 27.552370] ? __pfx_kthread+0x10/0x10 [ 27.552391] ret_from_fork_asm+0x1a/0x30 [ 27.552425] </TASK> [ 27.552436] [ 27.560859] The buggy address belongs to the physical page: [ 27.561139] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106370 [ 27.561390] flags: 0x200000000000000(node=0|zone=2) [ 27.561568] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.562147] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.562505] page dumped because: kasan: bad access detected [ 27.562758] [ 27.563004] Memory state around the buggy address: [ 27.563329] ffff88810636ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.563588] ffff88810636ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.563920] >ffff888106370000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.564276] ^ [ 27.564433] ffff888106370080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.564703] ffff888106370100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.565081] ================================================================== [ 27.520205] ================================================================== [ 27.520804] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.521291] Free of addr ffff888106370000 by task kunit_try_catch/286 [ 27.521579] [ 27.521674] CPU: 0 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.521727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.521740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.521763] Call Trace: [ 27.521776] <TASK> [ 27.521793] dump_stack_lvl+0x73/0xb0 [ 27.521825] print_report+0xd1/0x640 [ 27.521849] ? __virt_addr_valid+0x1db/0x2d0 [ 27.521875] ? kasan_addr_to_slab+0x11/0xa0 [ 27.521897] ? mempool_double_free_helper+0x184/0x370 [ 27.521922] kasan_report_invalid_free+0x10a/0x130 [ 27.521958] ? mempool_double_free_helper+0x184/0x370 [ 27.521986] ? mempool_double_free_helper+0x184/0x370 [ 27.522010] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 27.522036] mempool_free+0x490/0x640 [ 27.522064] mempool_double_free_helper+0x184/0x370 [ 27.522089] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.522421] ? dequeue_entities+0x23f/0x1630 [ 27.522449] ? __kasan_check_write+0x18/0x20 [ 27.522474] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.522497] ? finish_task_switch.isra.0+0x153/0x700 [ 27.522527] mempool_kmalloc_large_double_free+0xed/0x140 [ 27.522556] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 27.522585] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.522610] ? __pfx_mempool_kfree+0x10/0x10 [ 27.522636] ? __pfx_read_tsc+0x10/0x10 [ 27.522660] ? ktime_get_ts64+0x86/0x230 [ 27.522685] kunit_try_run_case+0x1a5/0x480 [ 27.522712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.522736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.522759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.522787] ? __kthread_parkme+0x82/0x180 [ 27.522808] ? preempt_count_sub+0x50/0x80 [ 27.522832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.522857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.522882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.522907] kthread+0x337/0x6f0 [ 27.522927] ? trace_preempt_on+0x20/0xc0 [ 27.522963] ? __pfx_kthread+0x10/0x10 [ 27.522984] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.523017] ? calculate_sigpending+0x7b/0xa0 [ 27.523042] ? __pfx_kthread+0x10/0x10 [ 27.523076] ret_from_fork+0x116/0x1d0 [ 27.523097] ? __pfx_kthread+0x10/0x10 [ 27.523118] ret_from_fork_asm+0x1a/0x30 [ 27.523150] </TASK> [ 27.523162] [ 27.536655] The buggy address belongs to the physical page: [ 27.536974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106370 [ 27.537654] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.538211] flags: 0x200000000000040(head|node=0|zone=2) [ 27.538559] page_type: f8(unknown) [ 27.538749] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.539318] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.539756] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.540302] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.540656] head: 0200000000000002 ffffea000418dc01 00000000ffffffff 00000000ffffffff [ 27.541310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.541622] page dumped because: kasan: bad access detected [ 27.542132] [ 27.542245] Memory state around the buggy address: [ 27.542446] ffff88810636ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.542903] ffff88810636ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.543433] >ffff888106370000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.543759] ^ [ 27.543999] ffff888106370080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.544562] ffff888106370100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.545098] ================================================================== [ 27.487680] ================================================================== [ 27.488427] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 27.488756] Free of addr ffff888106253400 by task kunit_try_catch/284 [ 27.489295] [ 27.489404] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.489456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.489470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.489493] Call Trace: [ 27.489505] <TASK> [ 27.489523] dump_stack_lvl+0x73/0xb0 [ 27.489559] print_report+0xd1/0x640 [ 27.489583] ? __virt_addr_valid+0x1db/0x2d0 [ 27.489610] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.489637] ? mempool_double_free_helper+0x184/0x370 [ 27.489663] kasan_report_invalid_free+0x10a/0x130 [ 27.489689] ? mempool_double_free_helper+0x184/0x370 [ 27.489715] ? mempool_double_free_helper+0x184/0x370 [ 27.489739] ? mempool_double_free_helper+0x184/0x370 [ 27.489763] check_slab_allocation+0x101/0x130 [ 27.489786] __kasan_mempool_poison_object+0x91/0x1d0 [ 27.489863] mempool_free+0x490/0x640 [ 27.489897] mempool_double_free_helper+0x184/0x370 [ 27.489923] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 27.489962] ? update_load_avg+0x1be/0x21b0 [ 27.489990] ? finish_task_switch.isra.0+0x153/0x700 [ 27.490016] mempool_kmalloc_double_free+0xed/0x140 [ 27.490040] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 27.490076] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.490100] ? __pfx_mempool_kfree+0x10/0x10 [ 27.490125] ? __pfx_read_tsc+0x10/0x10 [ 27.490149] ? ktime_get_ts64+0x86/0x230 [ 27.490174] kunit_try_run_case+0x1a5/0x480 [ 27.490201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.490225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.490248] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.490274] ? __kthread_parkme+0x82/0x180 [ 27.490295] ? preempt_count_sub+0x50/0x80 [ 27.490319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.490344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.490370] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.490395] kthread+0x337/0x6f0 [ 27.490415] ? trace_preempt_on+0x20/0xc0 [ 27.490439] ? __pfx_kthread+0x10/0x10 [ 27.490461] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.490486] ? calculate_sigpending+0x7b/0xa0 [ 27.490512] ? __pfx_kthread+0x10/0x10 [ 27.490533] ret_from_fork+0x116/0x1d0 [ 27.490554] ? __pfx_kthread+0x10/0x10 [ 27.490575] ret_from_fork_asm+0x1a/0x30 [ 27.490607] </TASK> [ 27.490619] [ 27.499553] Allocated by task 284: [ 27.499735] kasan_save_stack+0x45/0x70 [ 27.500176] kasan_save_track+0x18/0x40 [ 27.500350] kasan_save_alloc_info+0x3b/0x50 [ 27.500501] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.500754] remove_element+0x11e/0x190 [ 27.500958] mempool_alloc_preallocated+0x4d/0x90 [ 27.501257] mempool_double_free_helper+0x8a/0x370 [ 27.501448] mempool_kmalloc_double_free+0xed/0x140 [ 27.501679] kunit_try_run_case+0x1a5/0x480 [ 27.501959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.502276] kthread+0x337/0x6f0 [ 27.502434] ret_from_fork+0x116/0x1d0 [ 27.502605] ret_from_fork_asm+0x1a/0x30 [ 27.502834] [ 27.502925] Freed by task 284: [ 27.503073] kasan_save_stack+0x45/0x70 [ 27.503267] kasan_save_track+0x18/0x40 [ 27.503409] kasan_save_free_info+0x3f/0x60 [ 27.503555] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.503724] mempool_free+0x490/0x640 [ 27.504975] mempool_double_free_helper+0x109/0x370 [ 27.505710] mempool_kmalloc_double_free+0xed/0x140 [ 27.506583] kunit_try_run_case+0x1a5/0x480 [ 27.507343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.508165] kthread+0x337/0x6f0 [ 27.508647] ret_from_fork+0x116/0x1d0 [ 27.508864] ret_from_fork_asm+0x1a/0x30 [ 27.509031] [ 27.509121] The buggy address belongs to the object at ffff888106253400 [ 27.509121] which belongs to the cache kmalloc-128 of size 128 [ 27.509642] The buggy address is located 0 bytes inside of [ 27.509642] 128-byte region [ffff888106253400, ffff888106253480) [ 27.510143] [ 27.510236] The buggy address belongs to the physical page: [ 27.510479] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 27.510837] flags: 0x200000000000000(node=0|zone=2) [ 27.511694] page_type: f5(slab) [ 27.512186] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.512634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.513189] page dumped because: kasan: bad access detected [ 27.513513] [ 27.513608] Memory state around the buggy address: [ 27.514110] ffff888106253300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.514485] ffff888106253380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.515026] >ffff888106253400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.515344] ^ [ 27.515508] ffff888106253480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.516236] ffff888106253500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.516678] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 27.462087] ================================================================== [ 27.463555] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.464241] Read of size 1 at addr ffff888106370000 by task kunit_try_catch/282 [ 27.465006] [ 27.465231] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.465300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.465314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.465336] Call Trace: [ 27.465349] <TASK> [ 27.465369] dump_stack_lvl+0x73/0xb0 [ 27.465402] print_report+0xd1/0x640 [ 27.465426] ? __virt_addr_valid+0x1db/0x2d0 [ 27.465453] ? mempool_uaf_helper+0x392/0x400 [ 27.465476] ? kasan_addr_to_slab+0x11/0xa0 [ 27.465498] ? mempool_uaf_helper+0x392/0x400 [ 27.465522] kasan_report+0x141/0x180 [ 27.465545] ? mempool_uaf_helper+0x392/0x400 [ 27.465573] __asan_report_load1_noabort+0x18/0x20 [ 27.465599] mempool_uaf_helper+0x392/0x400 [ 27.465622] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.465646] ? dequeue_entities+0x23f/0x1630 [ 27.465672] ? __kasan_check_write+0x18/0x20 [ 27.465697] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.465719] ? finish_task_switch.isra.0+0x153/0x700 [ 27.465747] mempool_page_alloc_uaf+0xed/0x140 [ 27.465772] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 27.465848] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 27.465874] ? __pfx_mempool_free_pages+0x10/0x10 [ 27.465901] ? __pfx_read_tsc+0x10/0x10 [ 27.465925] ? ktime_get_ts64+0x86/0x230 [ 27.465962] kunit_try_run_case+0x1a5/0x480 [ 27.465988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.466013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.466037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.466070] ? __kthread_parkme+0x82/0x180 [ 27.466092] ? preempt_count_sub+0x50/0x80 [ 27.466116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.466141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.466166] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.466191] kthread+0x337/0x6f0 [ 27.466212] ? trace_preempt_on+0x20/0xc0 [ 27.466238] ? __pfx_kthread+0x10/0x10 [ 27.466259] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.466284] ? calculate_sigpending+0x7b/0xa0 [ 27.466309] ? __pfx_kthread+0x10/0x10 [ 27.466331] ret_from_fork+0x116/0x1d0 [ 27.466352] ? __pfx_kthread+0x10/0x10 [ 27.466373] ret_from_fork_asm+0x1a/0x30 [ 27.466408] </TASK> [ 27.466421] [ 27.478995] The buggy address belongs to the physical page: [ 27.479365] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106370 [ 27.479625] flags: 0x200000000000000(node=0|zone=2) [ 27.479826] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 27.480288] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.480626] page dumped because: kasan: bad access detected [ 27.480919] [ 27.481000] Memory state around the buggy address: [ 27.481448] ffff88810636ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.481718] ffff88810636ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.482306] >ffff888106370000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.482601] ^ [ 27.482759] ffff888106370080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.483165] ffff888106370100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.483441] ================================================================== [ 27.378707] ================================================================== [ 27.379614] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.380417] Read of size 1 at addr ffff888106370000 by task kunit_try_catch/278 [ 27.381339] [ 27.381661] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.381719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.381733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.381757] Call Trace: [ 27.381771] <TASK> [ 27.381789] dump_stack_lvl+0x73/0xb0 [ 27.381822] print_report+0xd1/0x640 [ 27.381848] ? __virt_addr_valid+0x1db/0x2d0 [ 27.381874] ? mempool_uaf_helper+0x392/0x400 [ 27.381897] ? kasan_addr_to_slab+0x11/0xa0 [ 27.381919] ? mempool_uaf_helper+0x392/0x400 [ 27.381954] kasan_report+0x141/0x180 [ 27.381978] ? mempool_uaf_helper+0x392/0x400 [ 27.382034] __asan_report_load1_noabort+0x18/0x20 [ 27.382227] mempool_uaf_helper+0x392/0x400 [ 27.382258] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.382287] ? finish_task_switch.isra.0+0x153/0x700 [ 27.382317] mempool_kmalloc_large_uaf+0xef/0x140 [ 27.382342] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 27.382369] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.382394] ? __pfx_mempool_kfree+0x10/0x10 [ 27.382420] ? __pfx_read_tsc+0x10/0x10 [ 27.382443] ? ktime_get_ts64+0x86/0x230 [ 27.382469] kunit_try_run_case+0x1a5/0x480 [ 27.382495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.382520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.382544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.382572] ? __kthread_parkme+0x82/0x180 [ 27.382596] ? preempt_count_sub+0x50/0x80 [ 27.382621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.382646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.382672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.382698] kthread+0x337/0x6f0 [ 27.382719] ? trace_preempt_on+0x20/0xc0 [ 27.382744] ? __pfx_kthread+0x10/0x10 [ 27.382766] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.382813] ? calculate_sigpending+0x7b/0xa0 [ 27.382839] ? __pfx_kthread+0x10/0x10 [ 27.382861] ret_from_fork+0x116/0x1d0 [ 27.382882] ? __pfx_kthread+0x10/0x10 [ 27.382903] ret_from_fork_asm+0x1a/0x30 [ 27.382936] </TASK> [ 27.382957] [ 27.398400] The buggy address belongs to the physical page: [ 27.398655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106370 [ 27.399400] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.399905] flags: 0x200000000000040(head|node=0|zone=2) [ 27.400387] page_type: f8(unknown) [ 27.400812] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.401466] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.402008] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.402503] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.402886] head: 0200000000000002 ffffea000418dc01 00000000ffffffff 00000000ffffffff [ 27.403522] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.404209] page dumped because: kasan: bad access detected [ 27.404613] [ 27.404712] Memory state around the buggy address: [ 27.405290] ffff88810636ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.405606] ffff88810636ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.406250] >ffff888106370000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.406706] ^ [ 27.407233] ffff888106370080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.407651] ffff888106370100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.408145] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 27.336153] ================================================================== [ 27.336554] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.336788] Read of size 1 at addr ffff888105800c00 by task kunit_try_catch/276 [ 27.337621] [ 27.338156] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.338218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.338232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.338255] Call Trace: [ 27.338318] <TASK> [ 27.338340] dump_stack_lvl+0x73/0xb0 [ 27.338394] print_report+0xd1/0x640 [ 27.338419] ? __virt_addr_valid+0x1db/0x2d0 [ 27.338446] ? mempool_uaf_helper+0x392/0x400 [ 27.338468] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.338495] ? mempool_uaf_helper+0x392/0x400 [ 27.338518] kasan_report+0x141/0x180 [ 27.338541] ? mempool_uaf_helper+0x392/0x400 [ 27.338570] __asan_report_load1_noabort+0x18/0x20 [ 27.338595] mempool_uaf_helper+0x392/0x400 [ 27.338619] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.338643] ? dequeue_entities+0x23f/0x1630 [ 27.338669] ? __kasan_check_write+0x18/0x20 [ 27.338693] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.338715] ? finish_task_switch.isra.0+0x153/0x700 [ 27.338743] mempool_kmalloc_uaf+0xef/0x140 [ 27.338767] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 27.338875] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.338902] ? __pfx_mempool_kfree+0x10/0x10 [ 27.338928] ? __pfx_read_tsc+0x10/0x10 [ 27.338964] ? ktime_get_ts64+0x86/0x230 [ 27.338990] kunit_try_run_case+0x1a5/0x480 [ 27.339015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.339039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.339073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.339100] ? __kthread_parkme+0x82/0x180 [ 27.339124] ? preempt_count_sub+0x50/0x80 [ 27.339150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.339176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.339203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.339228] kthread+0x337/0x6f0 [ 27.339250] ? trace_preempt_on+0x20/0xc0 [ 27.339275] ? __pfx_kthread+0x10/0x10 [ 27.339296] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.339322] ? calculate_sigpending+0x7b/0xa0 [ 27.339347] ? __pfx_kthread+0x10/0x10 [ 27.339370] ret_from_fork+0x116/0x1d0 [ 27.339391] ? __pfx_kthread+0x10/0x10 [ 27.339413] ret_from_fork_asm+0x1a/0x30 [ 27.339447] </TASK> [ 27.339459] [ 27.355822] Allocated by task 276: [ 27.356284] kasan_save_stack+0x45/0x70 [ 27.356447] kasan_save_track+0x18/0x40 [ 27.356588] kasan_save_alloc_info+0x3b/0x50 [ 27.356740] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.357366] remove_element+0x11e/0x190 [ 27.357774] mempool_alloc_preallocated+0x4d/0x90 [ 27.358448] mempool_uaf_helper+0x96/0x400 [ 27.358882] mempool_kmalloc_uaf+0xef/0x140 [ 27.359369] kunit_try_run_case+0x1a5/0x480 [ 27.359744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.360226] kthread+0x337/0x6f0 [ 27.360560] ret_from_fork+0x116/0x1d0 [ 27.360701] ret_from_fork_asm+0x1a/0x30 [ 27.361114] [ 27.361327] Freed by task 276: [ 27.361658] kasan_save_stack+0x45/0x70 [ 27.362125] kasan_save_track+0x18/0x40 [ 27.362274] kasan_save_free_info+0x3f/0x60 [ 27.362424] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.362595] mempool_free+0x490/0x640 [ 27.362732] mempool_uaf_helper+0x11a/0x400 [ 27.362882] mempool_kmalloc_uaf+0xef/0x140 [ 27.363707] kunit_try_run_case+0x1a5/0x480 [ 27.363933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.364170] kthread+0x337/0x6f0 [ 27.364316] ret_from_fork+0x116/0x1d0 [ 27.364495] ret_from_fork_asm+0x1a/0x30 [ 27.364673] [ 27.364760] The buggy address belongs to the object at ffff888105800c00 [ 27.364760] which belongs to the cache kmalloc-128 of size 128 [ 27.365270] The buggy address is located 0 bytes inside of [ 27.365270] freed 128-byte region [ffff888105800c00, ffff888105800c80) [ 27.365732] [ 27.365815] The buggy address belongs to the physical page: [ 27.367168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 27.367494] flags: 0x200000000000000(node=0|zone=2) [ 27.367664] page_type: f5(slab) [ 27.368302] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.369009] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.369939] page dumped because: kasan: bad access detected [ 27.370634] [ 27.370714] Memory state around the buggy address: [ 27.371416] ffff888105800b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.372215] ffff888105800b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.372451] >ffff888105800c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.372673] ^ [ 27.372835] ffff888105800c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.374080] ffff888105800d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.374913] ================================================================== [ 27.413449] ================================================================== [ 27.413982] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 27.414384] Read of size 1 at addr ffff888106266240 by task kunit_try_catch/280 [ 27.414698] [ 27.414798] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.414851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.414863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.414887] Call Trace: [ 27.414900] <TASK> [ 27.414918] dump_stack_lvl+0x73/0xb0 [ 27.414962] print_report+0xd1/0x640 [ 27.414986] ? __virt_addr_valid+0x1db/0x2d0 [ 27.415012] ? mempool_uaf_helper+0x392/0x400 [ 27.415036] ? kasan_complete_mode_report_info+0x64/0x200 [ 27.415159] ? mempool_uaf_helper+0x392/0x400 [ 27.415196] kasan_report+0x141/0x180 [ 27.415220] ? mempool_uaf_helper+0x392/0x400 [ 27.415248] __asan_report_load1_noabort+0x18/0x20 [ 27.415274] mempool_uaf_helper+0x392/0x400 [ 27.415300] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 27.415327] ? finish_task_switch.isra.0+0x153/0x700 [ 27.415355] mempool_slab_uaf+0xea/0x140 [ 27.415381] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 27.415408] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.415435] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.415462] ? __pfx_read_tsc+0x10/0x10 [ 27.415485] ? ktime_get_ts64+0x86/0x230 [ 27.415512] kunit_try_run_case+0x1a5/0x480 [ 27.415539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.415563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.415587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.415615] ? __kthread_parkme+0x82/0x180 [ 27.415636] ? preempt_count_sub+0x50/0x80 [ 27.415660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.415685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.415710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.415735] kthread+0x337/0x6f0 [ 27.415756] ? trace_preempt_on+0x20/0xc0 [ 27.415833] ? __pfx_kthread+0x10/0x10 [ 27.415859] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.415885] ? calculate_sigpending+0x7b/0xa0 [ 27.415910] ? __pfx_kthread+0x10/0x10 [ 27.415933] ret_from_fork+0x116/0x1d0 [ 27.415966] ? __pfx_kthread+0x10/0x10 [ 27.415987] ret_from_fork_asm+0x1a/0x30 [ 27.416020] </TASK> [ 27.416032] [ 27.428420] Allocated by task 280: [ 27.428591] kasan_save_stack+0x45/0x70 [ 27.428963] kasan_save_track+0x18/0x40 [ 27.429147] kasan_save_alloc_info+0x3b/0x50 [ 27.429305] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.429485] remove_element+0x11e/0x190 [ 27.429624] mempool_alloc_preallocated+0x4d/0x90 [ 27.429785] mempool_uaf_helper+0x96/0x400 [ 27.429926] mempool_slab_uaf+0xea/0x140 [ 27.431106] kunit_try_run_case+0x1a5/0x480 [ 27.431587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.431791] kthread+0x337/0x6f0 [ 27.432392] ret_from_fork+0x116/0x1d0 [ 27.432908] ret_from_fork_asm+0x1a/0x30 [ 27.433462] [ 27.433771] Freed by task 280: [ 27.433930] kasan_save_stack+0x45/0x70 [ 27.434157] kasan_save_track+0x18/0x40 [ 27.434588] kasan_save_free_info+0x3f/0x60 [ 27.434750] __kasan_mempool_poison_object+0x131/0x1d0 [ 27.435612] mempool_free+0x490/0x640 [ 27.436152] mempool_uaf_helper+0x11a/0x400 [ 27.436770] mempool_slab_uaf+0xea/0x140 [ 27.437274] kunit_try_run_case+0x1a5/0x480 [ 27.437622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.437837] kthread+0x337/0x6f0 [ 27.438385] ret_from_fork+0x116/0x1d0 [ 27.438675] ret_from_fork_asm+0x1a/0x30 [ 27.439043] [ 27.439436] The buggy address belongs to the object at ffff888106266240 [ 27.439436] which belongs to the cache test_cache of size 123 [ 27.440662] The buggy address is located 0 bytes inside of [ 27.440662] freed 123-byte region [ffff888106266240, ffff8881062662bb) [ 27.441562] [ 27.441645] The buggy address belongs to the physical page: [ 27.441855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106266 [ 27.442652] flags: 0x200000000000000(node=0|zone=2) [ 27.442996] page_type: f5(slab) [ 27.443553] raw: 0200000000000000 ffff88815a898f00 dead000000000122 0000000000000000 [ 27.444388] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.445160] page dumped because: kasan: bad access detected [ 27.445679] [ 27.445757] Memory state around the buggy address: [ 27.445932] ffff888106266100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.446855] ffff888106266180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.447683] >ffff888106266200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 27.448367] ^ [ 27.448557] ffff888106266280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.448782] ffff888106266300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.449647] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 27.234646] ================================================================== [ 27.235140] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.235475] Read of size 1 at addr ffff888105800873 by task kunit_try_catch/270 [ 27.235963] [ 27.236142] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.236201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.236214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.236238] Call Trace: [ 27.236252] <TASK> [ 27.236274] dump_stack_lvl+0x73/0xb0 [ 27.236308] print_report+0xd1/0x640 [ 27.236334] ? __virt_addr_valid+0x1db/0x2d0 [ 27.236362] ? mempool_oob_right_helper+0x318/0x380 [ 27.236386] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.236414] ? mempool_oob_right_helper+0x318/0x380 [ 27.236438] kasan_report+0x141/0x180 [ 27.236462] ? mempool_oob_right_helper+0x318/0x380 [ 27.236491] __asan_report_load1_noabort+0x18/0x20 [ 27.236516] mempool_oob_right_helper+0x318/0x380 [ 27.236542] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.236568] ? dequeue_entities+0x23f/0x1630 [ 27.236594] ? __kasan_check_write+0x18/0x20 [ 27.236619] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.236642] ? finish_task_switch.isra.0+0x153/0x700 [ 27.236670] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.236694] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 27.236722] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.236748] ? __pfx_mempool_kfree+0x10/0x10 [ 27.236774] ? __pfx_read_tsc+0x10/0x10 [ 27.237314] ? ktime_get_ts64+0x86/0x230 [ 27.237345] kunit_try_run_case+0x1a5/0x480 [ 27.237376] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237402] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.237427] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.237455] ? __kthread_parkme+0x82/0x180 [ 27.237477] ? preempt_count_sub+0x50/0x80 [ 27.237502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.237527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.237553] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.237578] kthread+0x337/0x6f0 [ 27.237600] ? trace_preempt_on+0x20/0xc0 [ 27.237626] ? __pfx_kthread+0x10/0x10 [ 27.237647] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.237675] ? calculate_sigpending+0x7b/0xa0 [ 27.237701] ? __pfx_kthread+0x10/0x10 [ 27.237723] ret_from_fork+0x116/0x1d0 [ 27.237745] ? __pfx_kthread+0x10/0x10 [ 27.237766] ret_from_fork_asm+0x1a/0x30 [ 27.237855] </TASK> [ 27.237869] [ 27.249782] Allocated by task 270: [ 27.250330] kasan_save_stack+0x45/0x70 [ 27.250517] kasan_save_track+0x18/0x40 [ 27.250691] kasan_save_alloc_info+0x3b/0x50 [ 27.251176] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 27.251657] remove_element+0x11e/0x190 [ 27.251827] mempool_alloc_preallocated+0x4d/0x90 [ 27.252282] mempool_oob_right_helper+0x8a/0x380 [ 27.252481] mempool_kmalloc_oob_right+0xf2/0x150 [ 27.252660] kunit_try_run_case+0x1a5/0x480 [ 27.252971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.253156] kthread+0x337/0x6f0 [ 27.253320] ret_from_fork+0x116/0x1d0 [ 27.253609] ret_from_fork_asm+0x1a/0x30 [ 27.253775] [ 27.253907] The buggy address belongs to the object at ffff888105800800 [ 27.253907] which belongs to the cache kmalloc-128 of size 128 [ 27.254414] The buggy address is located 0 bytes to the right of [ 27.254414] allocated 115-byte region [ffff888105800800, ffff888105800873) [ 27.254858] [ 27.254960] The buggy address belongs to the physical page: [ 27.255363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 27.255662] flags: 0x200000000000000(node=0|zone=2) [ 27.255831] page_type: f5(slab) [ 27.256050] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.256365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.256622] page dumped because: kasan: bad access detected [ 27.256995] [ 27.257081] Memory state around the buggy address: [ 27.257288] ffff888105800700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.257544] ffff888105800780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.257971] >ffff888105800800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.258256] ^ [ 27.258561] ffff888105800880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.258853] ffff888105800900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 27.259140] ================================================================== [ 27.263766] ================================================================== [ 27.264339] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.264659] Read of size 1 at addr ffff88810636e001 by task kunit_try_catch/272 [ 27.265558] [ 27.265677] CPU: 0 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.265732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.265745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.265768] Call Trace: [ 27.265782] <TASK> [ 27.265801] dump_stack_lvl+0x73/0xb0 [ 27.266019] print_report+0xd1/0x640 [ 27.266045] ? __virt_addr_valid+0x1db/0x2d0 [ 27.266086] ? mempool_oob_right_helper+0x318/0x380 [ 27.266110] ? kasan_addr_to_slab+0x11/0xa0 [ 27.266132] ? mempool_oob_right_helper+0x318/0x380 [ 27.266156] kasan_report+0x141/0x180 [ 27.266180] ? mempool_oob_right_helper+0x318/0x380 [ 27.266209] __asan_report_load1_noabort+0x18/0x20 [ 27.266234] mempool_oob_right_helper+0x318/0x380 [ 27.266259] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.266286] ? dequeue_entities+0x23f/0x1630 [ 27.266313] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.266335] ? finish_task_switch.isra.0+0x153/0x700 [ 27.266362] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 27.266388] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 27.266417] ? __pfx_mempool_kmalloc+0x10/0x10 [ 27.266441] ? __pfx_mempool_kfree+0x10/0x10 [ 27.266467] ? __pfx_read_tsc+0x10/0x10 [ 27.266490] ? ktime_get_ts64+0x86/0x230 [ 27.266515] kunit_try_run_case+0x1a5/0x480 [ 27.266540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.266565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.266590] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.266617] ? __kthread_parkme+0x82/0x180 [ 27.266639] ? preempt_count_sub+0x50/0x80 [ 27.266663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.266688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.266714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.266739] kthread+0x337/0x6f0 [ 27.266759] ? trace_preempt_on+0x20/0xc0 [ 27.266794] ? __pfx_kthread+0x10/0x10 [ 27.266817] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.266842] ? calculate_sigpending+0x7b/0xa0 [ 27.266868] ? __pfx_kthread+0x10/0x10 [ 27.266891] ret_from_fork+0x116/0x1d0 [ 27.266911] ? __pfx_kthread+0x10/0x10 [ 27.266933] ret_from_fork_asm+0x1a/0x30 [ 27.266977] </TASK> [ 27.266990] [ 27.278228] The buggy address belongs to the physical page: [ 27.278595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636c [ 27.279101] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.279415] flags: 0x200000000000040(head|node=0|zone=2) [ 27.279645] page_type: f8(unknown) [ 27.279890] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.280229] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.280506] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 27.280762] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 27.281186] head: 0200000000000002 ffffea000418db01 00000000ffffffff 00000000ffffffff [ 27.281650] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 27.282039] page dumped because: kasan: bad access detected [ 27.282369] [ 27.282440] Memory state around the buggy address: [ 27.282637] ffff88810636df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.283057] ffff88810636df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.283322] >ffff88810636e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.283599] ^ [ 27.283781] ffff88810636e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.284032] ffff88810636e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.284469] ================================================================== [ 27.288603] ================================================================== [ 27.289467] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 27.289795] Read of size 1 at addr ffff8881062632bb by task kunit_try_catch/274 [ 27.290530] [ 27.290634] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 27.290689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.290702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.290727] Call Trace: [ 27.290741] <TASK> [ 27.290874] dump_stack_lvl+0x73/0xb0 [ 27.290986] print_report+0xd1/0x640 [ 27.291013] ? __virt_addr_valid+0x1db/0x2d0 [ 27.291040] ? mempool_oob_right_helper+0x318/0x380 [ 27.291065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.291156] ? mempool_oob_right_helper+0x318/0x380 [ 27.291183] kasan_report+0x141/0x180 [ 27.291206] ? mempool_oob_right_helper+0x318/0x380 [ 27.291236] __asan_report_load1_noabort+0x18/0x20 [ 27.291260] mempool_oob_right_helper+0x318/0x380 [ 27.291286] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 27.291313] ? __pfx_sched_clock_cpu+0x10/0x10 [ 27.291337] ? finish_task_switch.isra.0+0x153/0x700 [ 27.291365] mempool_slab_oob_right+0xed/0x140 [ 27.291390] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 27.291417] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 27.291444] ? __pfx_mempool_free_slab+0x10/0x10 [ 27.291471] ? __pfx_read_tsc+0x10/0x10 [ 27.291494] ? ktime_get_ts64+0x86/0x230 [ 27.291520] kunit_try_run_case+0x1a5/0x480 [ 27.291548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.291572] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.291595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.291623] ? __kthread_parkme+0x82/0x180 [ 27.291646] ? preempt_count_sub+0x50/0x80 [ 27.291670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.291694] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.291719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.291744] kthread+0x337/0x6f0 [ 27.291765] ? trace_preempt_on+0x20/0xc0 [ 27.291809] ? __pfx_kthread+0x10/0x10 [ 27.291831] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.291856] ? calculate_sigpending+0x7b/0xa0 [ 27.291882] ? __pfx_kthread+0x10/0x10 [ 27.291904] ret_from_fork+0x116/0x1d0 [ 27.291923] ? __pfx_kthread+0x10/0x10 [ 27.291957] ret_from_fork_asm+0x1a/0x30 [ 27.291990] </TASK> [ 27.292002] [ 27.307836] Allocated by task 274: [ 27.308008] kasan_save_stack+0x45/0x70 [ 27.308705] kasan_save_track+0x18/0x40 [ 27.309099] kasan_save_alloc_info+0x3b/0x50 [ 27.309724] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 27.310417] remove_element+0x11e/0x190 [ 27.310580] mempool_alloc_preallocated+0x4d/0x90 [ 27.310750] mempool_oob_right_helper+0x8a/0x380 [ 27.311278] mempool_slab_oob_right+0xed/0x140 [ 27.311720] kunit_try_run_case+0x1a5/0x480 [ 27.312258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.312896] kthread+0x337/0x6f0 [ 27.313400] ret_from_fork+0x116/0x1d0 [ 27.313768] ret_from_fork_asm+0x1a/0x30 [ 27.314103] [ 27.314179] The buggy address belongs to the object at ffff888106263240 [ 27.314179] which belongs to the cache test_cache of size 123 [ 27.314567] The buggy address is located 0 bytes to the right of [ 27.314567] allocated 123-byte region [ffff888106263240, ffff8881062632bb) [ 27.314999] [ 27.315078] The buggy address belongs to the physical page: [ 27.315554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106263 [ 27.315873] flags: 0x200000000000000(node=0|zone=2) [ 27.316362] page_type: f5(slab) [ 27.316553] raw: 0200000000000000 ffff8881062583c0 dead000000000122 0000000000000000 [ 27.317104] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 27.317395] page dumped because: kasan: bad access detected [ 27.317756] [ 27.317955] Memory state around the buggy address: [ 27.318155] ffff888106263180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.318621] ffff888106263200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 27.318958] >ffff888106263280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 27.319221] ^ [ 27.319522] ffff888106263300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.319933] ffff888106263380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.320362] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 26.652924] ================================================================== [ 26.654191] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 26.654475] Read of size 1 at addr ffff888106258140 by task kunit_try_catch/264 [ 26.654706] [ 26.654809] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.654863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.654876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.654899] Call Trace: [ 26.654914] <TASK> [ 26.654934] dump_stack_lvl+0x73/0xb0 [ 26.654983] print_report+0xd1/0x640 [ 26.655007] ? __virt_addr_valid+0x1db/0x2d0 [ 26.655034] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.655058] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.655086] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.655180] kasan_report+0x141/0x180 [ 26.655205] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.655247] ? kmem_cache_double_destroy+0x1bf/0x380 [ 26.655273] __kasan_check_byte+0x3d/0x50 [ 26.655297] kmem_cache_destroy+0x25/0x1d0 [ 26.655326] kmem_cache_double_destroy+0x1bf/0x380 [ 26.655352] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 26.655377] ? finish_task_switch.isra.0+0x153/0x700 [ 26.655401] ? __switch_to+0x47/0xf80 [ 26.655432] ? __pfx_read_tsc+0x10/0x10 [ 26.655455] ? ktime_get_ts64+0x86/0x230 [ 26.655483] kunit_try_run_case+0x1a5/0x480 [ 26.655511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.655535] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.655557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.655585] ? __kthread_parkme+0x82/0x180 [ 26.655607] ? preempt_count_sub+0x50/0x80 [ 26.655632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.655657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.655692] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.655717] kthread+0x337/0x6f0 [ 26.655738] ? trace_preempt_on+0x20/0xc0 [ 26.655774] ? __pfx_kthread+0x10/0x10 [ 26.655795] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.655861] ? calculate_sigpending+0x7b/0xa0 [ 26.655891] ? __pfx_kthread+0x10/0x10 [ 26.655914] ret_from_fork+0x116/0x1d0 [ 26.655934] ? __pfx_kthread+0x10/0x10 [ 26.655966] ret_from_fork_asm+0x1a/0x30 [ 26.656001] </TASK> [ 26.656013] [ 26.664719] Allocated by task 264: [ 26.665153] kasan_save_stack+0x45/0x70 [ 26.665454] kasan_save_track+0x18/0x40 [ 26.665659] kasan_save_alloc_info+0x3b/0x50 [ 26.666965] __kasan_slab_alloc+0x91/0xa0 [ 26.667503] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.667677] __kmem_cache_create_args+0x169/0x240 [ 26.667836] kmem_cache_double_destroy+0xd5/0x380 [ 26.668004] kunit_try_run_case+0x1a5/0x480 [ 26.668155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.668327] kthread+0x337/0x6f0 [ 26.668444] ret_from_fork+0x116/0x1d0 [ 26.668573] ret_from_fork_asm+0x1a/0x30 [ 26.668708] [ 26.668774] Freed by task 264: [ 26.668882] kasan_save_stack+0x45/0x70 [ 26.669318] kasan_save_track+0x18/0x40 [ 26.669756] kasan_save_free_info+0x3f/0x60 [ 26.670339] __kasan_slab_free+0x5e/0x80 [ 26.670848] kmem_cache_free+0x249/0x420 [ 26.671332] slab_kmem_cache_release+0x2e/0x40 [ 26.671875] kmem_cache_release+0x16/0x20 [ 26.672276] kobject_put+0x181/0x450 [ 26.672665] sysfs_slab_release+0x16/0x20 [ 26.673202] kmem_cache_destroy+0xf0/0x1d0 [ 26.673601] kmem_cache_double_destroy+0x14e/0x380 [ 26.674192] kunit_try_run_case+0x1a5/0x480 [ 26.674659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.675297] kthread+0x337/0x6f0 [ 26.675634] ret_from_fork+0x116/0x1d0 [ 26.676110] ret_from_fork_asm+0x1a/0x30 [ 26.676509] [ 26.676679] The buggy address belongs to the object at ffff888106258140 [ 26.676679] which belongs to the cache kmem_cache of size 208 [ 26.677805] The buggy address is located 0 bytes inside of [ 26.677805] freed 208-byte region [ffff888106258140, ffff888106258210) [ 26.678180] [ 26.678249] The buggy address belongs to the physical page: [ 26.678434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 26.678683] flags: 0x200000000000000(node=0|zone=2) [ 26.678849] page_type: f5(slab) [ 26.678984] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 26.679222] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 26.679451] page dumped because: kasan: bad access detected [ 26.679623] [ 26.679687] Memory state around the buggy address: [ 26.679843] ffff888106258000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.680412] ffff888106258080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 26.681200] >ffff888106258100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 26.681840] ^ [ 26.682511] ffff888106258180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.683391] ffff888106258200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.684204] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 26.587047] ================================================================== [ 26.587504] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.587881] Read of size 1 at addr ffff88810581a000 by task kunit_try_catch/262 [ 26.588563] [ 26.588904] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.588978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.588992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.589017] Call Trace: [ 26.589033] <TASK> [ 26.589075] dump_stack_lvl+0x73/0xb0 [ 26.589234] print_report+0xd1/0x640 [ 26.589262] ? __virt_addr_valid+0x1db/0x2d0 [ 26.589291] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.589316] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.589346] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.589371] kasan_report+0x141/0x180 [ 26.589395] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.589426] __asan_report_load1_noabort+0x18/0x20 [ 26.589453] kmem_cache_rcu_uaf+0x3e3/0x510 [ 26.589479] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 26.589505] ? finish_task_switch.isra.0+0x153/0x700 [ 26.589531] ? __switch_to+0x47/0xf80 [ 26.589563] ? __pfx_read_tsc+0x10/0x10 [ 26.589587] ? ktime_get_ts64+0x86/0x230 [ 26.589616] kunit_try_run_case+0x1a5/0x480 [ 26.589644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.589669] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.589696] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.589724] ? __kthread_parkme+0x82/0x180 [ 26.589747] ? preempt_count_sub+0x50/0x80 [ 26.589772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.589814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.589842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.589870] kthread+0x337/0x6f0 [ 26.589892] ? trace_preempt_on+0x20/0xc0 [ 26.589918] ? __pfx_kthread+0x10/0x10 [ 26.589952] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.589978] ? calculate_sigpending+0x7b/0xa0 [ 26.590005] ? __pfx_kthread+0x10/0x10 [ 26.590029] ret_from_fork+0x116/0x1d0 [ 26.590050] ? __pfx_kthread+0x10/0x10 [ 26.590083] ret_from_fork_asm+0x1a/0x30 [ 26.590117] </TASK> [ 26.590130] [ 26.600477] Allocated by task 262: [ 26.600968] kasan_save_stack+0x45/0x70 [ 26.601296] kasan_save_track+0x18/0x40 [ 26.601619] kasan_save_alloc_info+0x3b/0x50 [ 26.601976] __kasan_slab_alloc+0x91/0xa0 [ 26.602364] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.602597] kmem_cache_rcu_uaf+0x155/0x510 [ 26.602783] kunit_try_run_case+0x1a5/0x480 [ 26.603341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.603562] kthread+0x337/0x6f0 [ 26.603941] ret_from_fork+0x116/0x1d0 [ 26.604182] ret_from_fork_asm+0x1a/0x30 [ 26.604499] [ 26.604600] Freed by task 0: [ 26.604969] kasan_save_stack+0x45/0x70 [ 26.605277] kasan_save_track+0x18/0x40 [ 26.605449] kasan_save_free_info+0x3f/0x60 [ 26.605968] __kasan_slab_free+0x5e/0x80 [ 26.606208] slab_free_after_rcu_debug+0xe4/0x310 [ 26.606430] rcu_core+0x66f/0x1c40 [ 26.606595] rcu_core_si+0x12/0x20 [ 26.606762] handle_softirqs+0x209/0x730 [ 26.607296] __irq_exit_rcu+0xc9/0x110 [ 26.607452] irq_exit_rcu+0x12/0x20 [ 26.607782] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.608197] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.608459] [ 26.608540] Last potentially related work creation: [ 26.608751] kasan_save_stack+0x45/0x70 [ 26.609236] kasan_record_aux_stack+0xb2/0xc0 [ 26.609421] kmem_cache_free+0x131/0x420 [ 26.610173] kmem_cache_rcu_uaf+0x194/0x510 [ 26.610497] kunit_try_run_case+0x1a5/0x480 [ 26.610805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.611253] kthread+0x337/0x6f0 [ 26.611460] ret_from_fork+0x116/0x1d0 [ 26.611740] ret_from_fork_asm+0x1a/0x30 [ 26.612017] [ 26.612198] The buggy address belongs to the object at ffff88810581a000 [ 26.612198] which belongs to the cache test_cache of size 200 [ 26.612728] The buggy address is located 0 bytes inside of [ 26.612728] freed 200-byte region [ffff88810581a000, ffff88810581a0c8) [ 26.613451] [ 26.613556] The buggy address belongs to the physical page: [ 26.614123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10581a [ 26.614443] flags: 0x200000000000000(node=0|zone=2) [ 26.614677] page_type: f5(slab) [ 26.614824] raw: 0200000000000000 ffff8881016a5c80 dead000000000122 0000000000000000 [ 26.615614] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.616068] page dumped because: kasan: bad access detected [ 26.616344] [ 26.616422] Memory state around the buggy address: [ 26.616601] ffff888105819f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.616909] ffff888105819f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.617253] >ffff88810581a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.617519] ^ [ 26.617680] ffff88810581a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.617982] ffff88810581a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.618340] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 26.518527] ================================================================== [ 26.518923] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 26.519177] Free of addr ffff88810625b001 by task kunit_try_catch/260 [ 26.519375] [ 26.519459] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.519507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.519520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.519541] Call Trace: [ 26.519555] <TASK> [ 26.519574] dump_stack_lvl+0x73/0xb0 [ 26.519604] print_report+0xd1/0x640 [ 26.519626] ? __virt_addr_valid+0x1db/0x2d0 [ 26.519652] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.519678] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.519702] kasan_report_invalid_free+0x10a/0x130 [ 26.519726] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.519752] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.519776] check_slab_allocation+0x11f/0x130 [ 26.519798] __kasan_slab_pre_free+0x28/0x40 [ 26.519818] kmem_cache_free+0xed/0x420 [ 26.519838] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.519863] ? kmem_cache_invalid_free+0x1d8/0x460 [ 26.519889] kmem_cache_invalid_free+0x1d8/0x460 [ 26.519913] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 26.519937] ? finish_task_switch.isra.0+0x153/0x700 [ 26.520009] ? __switch_to+0x47/0xf80 [ 26.520040] ? __pfx_read_tsc+0x10/0x10 [ 26.520064] ? ktime_get_ts64+0x86/0x230 [ 26.520091] kunit_try_run_case+0x1a5/0x480 [ 26.520121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.520145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.520168] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.520195] ? __kthread_parkme+0x82/0x180 [ 26.520215] ? preempt_count_sub+0x50/0x80 [ 26.520239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.520264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.520289] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.520314] kthread+0x337/0x6f0 [ 26.520334] ? trace_preempt_on+0x20/0xc0 [ 26.520360] ? __pfx_kthread+0x10/0x10 [ 26.520381] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.520406] ? calculate_sigpending+0x7b/0xa0 [ 26.520431] ? __pfx_kthread+0x10/0x10 [ 26.520453] ret_from_fork+0x116/0x1d0 [ 26.520473] ? __pfx_kthread+0x10/0x10 [ 26.520494] ret_from_fork_asm+0x1a/0x30 [ 26.520527] </TASK> [ 26.520538] [ 26.537621] Allocated by task 260: [ 26.537765] kasan_save_stack+0x45/0x70 [ 26.538284] kasan_save_track+0x18/0x40 [ 26.538673] kasan_save_alloc_info+0x3b/0x50 [ 26.539239] __kasan_slab_alloc+0x91/0xa0 [ 26.539625] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.540230] kmem_cache_invalid_free+0x157/0x460 [ 26.540666] kunit_try_run_case+0x1a5/0x480 [ 26.540826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.541456] kthread+0x337/0x6f0 [ 26.541734] ret_from_fork+0x116/0x1d0 [ 26.541871] ret_from_fork_asm+0x1a/0x30 [ 26.542369] [ 26.542549] The buggy address belongs to the object at ffff88810625b000 [ 26.542549] which belongs to the cache test_cache of size 200 [ 26.543533] The buggy address is located 1 bytes inside of [ 26.543533] 200-byte region [ffff88810625b000, ffff88810625b0c8) [ 26.544143] [ 26.544325] The buggy address belongs to the physical page: [ 26.544822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10625b [ 26.545499] flags: 0x200000000000000(node=0|zone=2) [ 26.545676] page_type: f5(slab) [ 26.545846] raw: 0200000000000000 ffff888106258000 dead000000000122 0000000000000000 [ 26.546622] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.547358] page dumped because: kasan: bad access detected [ 26.548000] [ 26.548071] Memory state around the buggy address: [ 26.548249] ffff88810625af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.548899] ffff88810625af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.549487] >ffff88810625b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.549703] ^ [ 26.549914] ffff88810625b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.550557] ffff88810625b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.551371] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 26.473732] ================================================================== [ 26.474225] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 26.474564] Free of addr ffff888106258000 by task kunit_try_catch/258 [ 26.474803] [ 26.474909] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.474972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.474983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.475004] Call Trace: [ 26.475017] <TASK> [ 26.475034] dump_stack_lvl+0x73/0xb0 [ 26.475066] print_report+0xd1/0x640 [ 26.475089] ? __virt_addr_valid+0x1db/0x2d0 [ 26.475140] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.475190] ? kmem_cache_double_free+0x1e5/0x480 [ 26.475219] kasan_report_invalid_free+0x10a/0x130 [ 26.475244] ? kmem_cache_double_free+0x1e5/0x480 [ 26.475271] ? kmem_cache_double_free+0x1e5/0x480 [ 26.475296] check_slab_allocation+0x101/0x130 [ 26.475318] __kasan_slab_pre_free+0x28/0x40 [ 26.475340] kmem_cache_free+0xed/0x420 [ 26.475372] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.475407] ? kmem_cache_double_free+0x1e5/0x480 [ 26.475435] kmem_cache_double_free+0x1e5/0x480 [ 26.475471] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 26.475496] ? finish_task_switch.isra.0+0x153/0x700 [ 26.475519] ? __switch_to+0x47/0xf80 [ 26.475548] ? __pfx_read_tsc+0x10/0x10 [ 26.475570] ? ktime_get_ts64+0x86/0x230 [ 26.475597] kunit_try_run_case+0x1a5/0x480 [ 26.475623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.475645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.475677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.475704] ? __kthread_parkme+0x82/0x180 [ 26.475725] ? preempt_count_sub+0x50/0x80 [ 26.475759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.475783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.475818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.475843] kthread+0x337/0x6f0 [ 26.475872] ? trace_preempt_on+0x20/0xc0 [ 26.475896] ? __pfx_kthread+0x10/0x10 [ 26.475917] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.475960] ? calculate_sigpending+0x7b/0xa0 [ 26.475985] ? __pfx_kthread+0x10/0x10 [ 26.476016] ret_from_fork+0x116/0x1d0 [ 26.476037] ? __pfx_kthread+0x10/0x10 [ 26.476057] ret_from_fork_asm+0x1a/0x30 [ 26.476090] </TASK> [ 26.476101] [ 26.487013] Allocated by task 258: [ 26.487613] kasan_save_stack+0x45/0x70 [ 26.487868] kasan_save_track+0x18/0x40 [ 26.488236] kasan_save_alloc_info+0x3b/0x50 [ 26.488567] __kasan_slab_alloc+0x91/0xa0 [ 26.488910] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.489198] kmem_cache_double_free+0x14f/0x480 [ 26.489653] kunit_try_run_case+0x1a5/0x480 [ 26.490014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.490494] kthread+0x337/0x6f0 [ 26.490674] ret_from_fork+0x116/0x1d0 [ 26.491119] ret_from_fork_asm+0x1a/0x30 [ 26.491277] [ 26.491519] Freed by task 258: [ 26.491902] kasan_save_stack+0x45/0x70 [ 26.492218] kasan_save_track+0x18/0x40 [ 26.492453] kasan_save_free_info+0x3f/0x60 [ 26.492718] __kasan_slab_free+0x5e/0x80 [ 26.492995] kmem_cache_free+0x249/0x420 [ 26.493285] kmem_cache_double_free+0x16a/0x480 [ 26.493726] kunit_try_run_case+0x1a5/0x480 [ 26.494216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.494481] kthread+0x337/0x6f0 [ 26.494638] ret_from_fork+0x116/0x1d0 [ 26.494832] ret_from_fork_asm+0x1a/0x30 [ 26.495336] [ 26.495410] The buggy address belongs to the object at ffff888106258000 [ 26.495410] which belongs to the cache test_cache of size 200 [ 26.496311] The buggy address is located 0 bytes inside of [ 26.496311] 200-byte region [ffff888106258000, ffff8881062580c8) [ 26.496969] [ 26.497290] The buggy address belongs to the physical page: [ 26.497550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106258 [ 26.498099] flags: 0x200000000000000(node=0|zone=2) [ 26.498450] page_type: f5(slab) [ 26.498633] raw: 0200000000000000 ffff888100f85dc0 dead000000000122 0000000000000000 [ 26.499199] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.499668] page dumped because: kasan: bad access detected [ 26.500043] [ 26.500124] Memory state around the buggy address: [ 26.500335] ffff888106257f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.500634] ffff888106257f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.500953] >ffff888106258000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.501594] ^ [ 26.501771] ffff888106258080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 26.502332] ffff888106258100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.502836] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 26.432066] ================================================================== [ 26.432485] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 26.432738] Read of size 1 at addr ffff8881062570c8 by task kunit_try_catch/256 [ 26.433121] [ 26.433292] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.433346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.433370] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.433392] Call Trace: [ 26.433406] <TASK> [ 26.433424] dump_stack_lvl+0x73/0xb0 [ 26.433469] print_report+0xd1/0x640 [ 26.433492] ? __virt_addr_valid+0x1db/0x2d0 [ 26.433518] ? kmem_cache_oob+0x402/0x530 [ 26.433540] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.433567] ? kmem_cache_oob+0x402/0x530 [ 26.433590] kasan_report+0x141/0x180 [ 26.433623] ? kmem_cache_oob+0x402/0x530 [ 26.433651] __asan_report_load1_noabort+0x18/0x20 [ 26.433687] kmem_cache_oob+0x402/0x530 [ 26.433709] ? trace_hardirqs_on+0x37/0xe0 [ 26.433734] ? __pfx_kmem_cache_oob+0x10/0x10 [ 26.433757] ? finish_task_switch.isra.0+0x153/0x700 [ 26.433823] ? __switch_to+0x47/0xf80 [ 26.433856] ? __pfx_read_tsc+0x10/0x10 [ 26.433890] ? ktime_get_ts64+0x86/0x230 [ 26.433915] kunit_try_run_case+0x1a5/0x480 [ 26.433958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.433982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.434006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.434033] ? __kthread_parkme+0x82/0x180 [ 26.434053] ? preempt_count_sub+0x50/0x80 [ 26.434077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.434111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.434135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.434160] kthread+0x337/0x6f0 [ 26.434191] ? trace_preempt_on+0x20/0xc0 [ 26.434224] ? __pfx_kthread+0x10/0x10 [ 26.434245] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.434269] ? calculate_sigpending+0x7b/0xa0 [ 26.434294] ? __pfx_kthread+0x10/0x10 [ 26.434316] ret_from_fork+0x116/0x1d0 [ 26.434336] ? __pfx_kthread+0x10/0x10 [ 26.434357] ret_from_fork_asm+0x1a/0x30 [ 26.434389] </TASK> [ 26.434401] [ 26.442691] Allocated by task 256: [ 26.442871] kasan_save_stack+0x45/0x70 [ 26.443138] kasan_save_track+0x18/0x40 [ 26.443364] kasan_save_alloc_info+0x3b/0x50 [ 26.443568] __kasan_slab_alloc+0x91/0xa0 [ 26.443722] kmem_cache_alloc_noprof+0x123/0x3f0 [ 26.443886] kmem_cache_oob+0x157/0x530 [ 26.444055] kunit_try_run_case+0x1a5/0x480 [ 26.444283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.444535] kthread+0x337/0x6f0 [ 26.444702] ret_from_fork+0x116/0x1d0 [ 26.444841] ret_from_fork_asm+0x1a/0x30 [ 26.444989] [ 26.445243] The buggy address belongs to the object at ffff888106257000 [ 26.445243] which belongs to the cache test_cache of size 200 [ 26.445968] The buggy address is located 0 bytes to the right of [ 26.445968] allocated 200-byte region [ffff888106257000, ffff8881062570c8) [ 26.446597] [ 26.446670] The buggy address belongs to the physical page: [ 26.446849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106257 [ 26.447201] flags: 0x200000000000000(node=0|zone=2) [ 26.447434] page_type: f5(slab) [ 26.447700] raw: 0200000000000000 ffff888100f85c80 dead000000000122 0000000000000000 [ 26.448143] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 26.448375] page dumped because: kasan: bad access detected [ 26.448546] [ 26.448692] Memory state around the buggy address: [ 26.449092] ffff888106256f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.449875] ffff888106257000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.450319] >ffff888106257080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 26.450586] ^ [ 26.450764] ffff888106257100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.451244] ffff888106257180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.451591] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 26.377691] ================================================================== [ 26.378644] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 26.378888] Read of size 8 at addr ffff888105810700 by task kunit_try_catch/249 [ 26.379728] [ 26.380102] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.380156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.380169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.380337] Call Trace: [ 26.380354] <TASK> [ 26.380384] dump_stack_lvl+0x73/0xb0 [ 26.380418] print_report+0xd1/0x640 [ 26.380478] ? __virt_addr_valid+0x1db/0x2d0 [ 26.380504] ? workqueue_uaf+0x4d6/0x560 [ 26.380526] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.380552] ? workqueue_uaf+0x4d6/0x560 [ 26.380575] kasan_report+0x141/0x180 [ 26.380598] ? workqueue_uaf+0x4d6/0x560 [ 26.380624] __asan_report_load8_noabort+0x18/0x20 [ 26.380649] workqueue_uaf+0x4d6/0x560 [ 26.380671] ? __pfx_workqueue_uaf+0x10/0x10 [ 26.380694] ? __schedule+0x10da/0x2b60 [ 26.380716] ? __pfx_read_tsc+0x10/0x10 [ 26.380738] ? ktime_get_ts64+0x86/0x230 [ 26.380764] kunit_try_run_case+0x1a5/0x480 [ 26.380860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.380885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.380908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.380934] ? __kthread_parkme+0x82/0x180 [ 26.380967] ? preempt_count_sub+0x50/0x80 [ 26.380991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.381016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.381040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.381072] kthread+0x337/0x6f0 [ 26.381092] ? trace_preempt_on+0x20/0xc0 [ 26.381116] ? __pfx_kthread+0x10/0x10 [ 26.381142] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.381167] ? calculate_sigpending+0x7b/0xa0 [ 26.381191] ? __pfx_kthread+0x10/0x10 [ 26.381213] ret_from_fork+0x116/0x1d0 [ 26.381232] ? __pfx_kthread+0x10/0x10 [ 26.381253] ret_from_fork_asm+0x1a/0x30 [ 26.381284] </TASK> [ 26.381296] [ 26.397636] Allocated by task 249: [ 26.397773] kasan_save_stack+0x45/0x70 [ 26.397920] kasan_save_track+0x18/0x40 [ 26.398305] kasan_save_alloc_info+0x3b/0x50 [ 26.398640] __kasan_kmalloc+0xb7/0xc0 [ 26.398775] __kmalloc_cache_noprof+0x189/0x420 [ 26.399332] workqueue_uaf+0x152/0x560 [ 26.399740] kunit_try_run_case+0x1a5/0x480 [ 26.400117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.400302] kthread+0x337/0x6f0 [ 26.400423] ret_from_fork+0x116/0x1d0 [ 26.400555] ret_from_fork_asm+0x1a/0x30 [ 26.400693] [ 26.400758] Freed by task 9: [ 26.400894] kasan_save_stack+0x45/0x70 [ 26.401037] kasan_save_track+0x18/0x40 [ 26.401236] kasan_save_free_info+0x3f/0x60 [ 26.401504] __kasan_slab_free+0x5e/0x80 [ 26.401699] kfree+0x222/0x3f0 [ 26.401957] workqueue_uaf_work+0x12/0x20 [ 26.402363] process_one_work+0x5ee/0xf60 [ 26.402603] worker_thread+0x758/0x1220 [ 26.402753] kthread+0x337/0x6f0 [ 26.402872] ret_from_fork+0x116/0x1d0 [ 26.403144] ret_from_fork_asm+0x1a/0x30 [ 26.403486] [ 26.403727] Last potentially related work creation: [ 26.404576] kasan_save_stack+0x45/0x70 [ 26.404848] kasan_record_aux_stack+0xb2/0xc0 [ 26.405254] __queue_work+0x61a/0xe70 [ 26.405473] queue_work_on+0xb6/0xc0 [ 26.405954] workqueue_uaf+0x26d/0x560 [ 26.406163] kunit_try_run_case+0x1a5/0x480 [ 26.406721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.407260] kthread+0x337/0x6f0 [ 26.407816] ret_from_fork+0x116/0x1d0 [ 26.408287] ret_from_fork_asm+0x1a/0x30 [ 26.408441] [ 26.408510] The buggy address belongs to the object at ffff888105810700 [ 26.408510] which belongs to the cache kmalloc-32 of size 32 [ 26.409203] The buggy address is located 0 bytes inside of [ 26.409203] freed 32-byte region [ffff888105810700, ffff888105810720) [ 26.410590] [ 26.410895] The buggy address belongs to the physical page: [ 26.411581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105810 [ 26.412109] flags: 0x200000000000000(node=0|zone=2) [ 26.412290] page_type: f5(slab) [ 26.412416] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.412652] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.413497] page dumped because: kasan: bad access detected [ 26.414169] [ 26.414482] Memory state around the buggy address: [ 26.415044] ffff888105810600: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 26.415801] ffff888105810680: 00 00 00 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 26.416628] >ffff888105810700: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 26.417396] ^ [ 26.417711] ffff888105810780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.418579] ffff888105810800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.419173] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 26.339063] ================================================================== [ 26.339541] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 26.339838] Read of size 4 at addr ffff888106252900 by task swapper/1/0 [ 26.340433] [ 26.340560] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.340682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.340697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.340718] Call Trace: [ 26.340741] <IRQ> [ 26.340775] dump_stack_lvl+0x73/0xb0 [ 26.340824] print_report+0xd1/0x640 [ 26.340991] ? __virt_addr_valid+0x1db/0x2d0 [ 26.341029] ? rcu_uaf_reclaim+0x50/0x60 [ 26.341062] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.341090] ? rcu_uaf_reclaim+0x50/0x60 [ 26.341112] kasan_report+0x141/0x180 [ 26.341141] ? rcu_uaf_reclaim+0x50/0x60 [ 26.341167] __asan_report_load4_noabort+0x18/0x20 [ 26.341192] rcu_uaf_reclaim+0x50/0x60 [ 26.341214] rcu_core+0x66f/0x1c40 [ 26.341244] ? __pfx_rcu_core+0x10/0x10 [ 26.341267] ? ktime_get+0x6b/0x150 [ 26.341294] rcu_core_si+0x12/0x20 [ 26.341315] handle_softirqs+0x209/0x730 [ 26.341337] ? hrtimer_interrupt+0x2fe/0x780 [ 26.341362] ? __pfx_handle_softirqs+0x10/0x10 [ 26.341388] __irq_exit_rcu+0xc9/0x110 [ 26.341409] irq_exit_rcu+0x12/0x20 [ 26.341429] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.341454] </IRQ> [ 26.341485] <TASK> [ 26.341496] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.341587] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 26.341803] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 e3 14 00 fb f4 <e9> bc 2a 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 26.341885] RSP: 0000:ffff88810087fdc8 EFLAGS: 00010216 [ 26.341993] RAX: ffff8881a050d000 RBX: ffff88810085b000 RCX: ffffffffb873d965 [ 26.342041] RDX: ffffed102b626193 RSI: 0000000000000004 RDI: 000000000002c11c [ 26.342085] RBP: ffff88810087fdd0 R08: 0000000000000001 R09: ffffed102b626192 [ 26.342127] R10: ffff88815b130c93 R11: ffff88815b1363c8 R12: 0000000000000001 [ 26.342170] R13: ffffed102010b600 R14: ffffffffba3ff4d0 R15: 0000000000000000 [ 26.342227] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 26.342280] ? default_idle+0xd/0x20 [ 26.342302] arch_cpu_idle+0xd/0x20 [ 26.342324] default_idle_call+0x48/0x80 [ 26.342346] do_idle+0x379/0x4f0 [ 26.342373] ? __pfx_do_idle+0x10/0x10 [ 26.342395] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 26.342422] ? complete+0x15b/0x1d0 [ 26.342450] cpu_startup_entry+0x5c/0x70 [ 26.342474] start_secondary+0x211/0x290 [ 26.342498] ? __pfx_start_secondary+0x10/0x10 [ 26.342526] common_startup_64+0x13e/0x148 [ 26.342560] </TASK> [ 26.342572] [ 26.356518] Allocated by task 247: [ 26.356712] kasan_save_stack+0x45/0x70 [ 26.356920] kasan_save_track+0x18/0x40 [ 26.357383] kasan_save_alloc_info+0x3b/0x50 [ 26.357582] __kasan_kmalloc+0xb7/0xc0 [ 26.357766] __kmalloc_cache_noprof+0x189/0x420 [ 26.358030] rcu_uaf+0xb0/0x330 [ 26.358151] kunit_try_run_case+0x1a5/0x480 [ 26.358298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.358669] kthread+0x337/0x6f0 [ 26.358960] ret_from_fork+0x116/0x1d0 [ 26.359218] ret_from_fork_asm+0x1a/0x30 [ 26.359461] [ 26.359571] Freed by task 0: [ 26.359734] kasan_save_stack+0x45/0x70 [ 26.360056] kasan_save_track+0x18/0x40 [ 26.360284] kasan_save_free_info+0x3f/0x60 [ 26.360432] __kasan_slab_free+0x5e/0x80 [ 26.360569] kfree+0x222/0x3f0 [ 26.360717] rcu_uaf_reclaim+0x1f/0x60 [ 26.361239] rcu_core+0x66f/0x1c40 [ 26.361461] rcu_core_si+0x12/0x20 [ 26.361697] handle_softirqs+0x209/0x730 [ 26.362074] __irq_exit_rcu+0xc9/0x110 [ 26.362291] irq_exit_rcu+0x12/0x20 [ 26.362420] sysvec_apic_timer_interrupt+0x81/0x90 [ 26.362611] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 26.362878] [ 26.363018] Last potentially related work creation: [ 26.363375] kasan_save_stack+0x45/0x70 [ 26.363593] kasan_record_aux_stack+0xb2/0xc0 [ 26.363835] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 26.364112] call_rcu+0x12/0x20 [ 26.364277] rcu_uaf+0x168/0x330 [ 26.364445] kunit_try_run_case+0x1a5/0x480 [ 26.365015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.365297] kthread+0x337/0x6f0 [ 26.365451] ret_from_fork+0x116/0x1d0 [ 26.365637] ret_from_fork_asm+0x1a/0x30 [ 26.365963] [ 26.366072] The buggy address belongs to the object at ffff888106252900 [ 26.366072] which belongs to the cache kmalloc-32 of size 32 [ 26.366614] The buggy address is located 0 bytes inside of [ 26.366614] freed 32-byte region [ffff888106252900, ffff888106252920) [ 26.367197] [ 26.367317] The buggy address belongs to the physical page: [ 26.367580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106252 [ 26.367935] flags: 0x200000000000000(node=0|zone=2) [ 26.368267] page_type: f5(slab) [ 26.368435] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 26.368689] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 26.369263] page dumped because: kasan: bad access detected [ 26.369523] [ 26.369597] Memory state around the buggy address: [ 26.369932] ffff888106252800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.370292] ffff888106252880: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 26.370613] >ffff888106252900: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 26.370994] ^ [ 26.371157] ffff888106252980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.371496] ffff888106252a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.371883] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 26.307202] ================================================================== [ 26.308106] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 26.308416] Read of size 1 at addr ffff888105800578 by task kunit_try_catch/245 [ 26.308716] [ 26.308899] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.308957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.308969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.308990] Call Trace: [ 26.309002] <TASK> [ 26.309016] dump_stack_lvl+0x73/0xb0 [ 26.309071] print_report+0xd1/0x640 [ 26.309094] ? __virt_addr_valid+0x1db/0x2d0 [ 26.309118] ? ksize_uaf+0x5e4/0x6c0 [ 26.309146] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.309172] ? ksize_uaf+0x5e4/0x6c0 [ 26.309194] kasan_report+0x141/0x180 [ 26.309217] ? ksize_uaf+0x5e4/0x6c0 [ 26.309243] __asan_report_load1_noabort+0x18/0x20 [ 26.309287] ksize_uaf+0x5e4/0x6c0 [ 26.309308] ? __pfx_ksize_uaf+0x10/0x10 [ 26.309331] ? __schedule+0x10da/0x2b60 [ 26.309352] ? __pfx_read_tsc+0x10/0x10 [ 26.309374] ? ktime_get_ts64+0x86/0x230 [ 26.309398] kunit_try_run_case+0x1a5/0x480 [ 26.309424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.309462] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.309484] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.309524] ? __kthread_parkme+0x82/0x180 [ 26.309558] ? preempt_count_sub+0x50/0x80 [ 26.309595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.309633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.309670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.309708] kthread+0x337/0x6f0 [ 26.309728] ? trace_preempt_on+0x20/0xc0 [ 26.309765] ? __pfx_kthread+0x10/0x10 [ 26.309796] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.309821] ? calculate_sigpending+0x7b/0xa0 [ 26.309845] ? __pfx_kthread+0x10/0x10 [ 26.309867] ret_from_fork+0x116/0x1d0 [ 26.309887] ? __pfx_kthread+0x10/0x10 [ 26.309908] ret_from_fork_asm+0x1a/0x30 [ 26.309940] </TASK> [ 26.309961] [ 26.317850] Allocated by task 245: [ 26.318042] kasan_save_stack+0x45/0x70 [ 26.318238] kasan_save_track+0x18/0x40 [ 26.318429] kasan_save_alloc_info+0x3b/0x50 [ 26.318619] __kasan_kmalloc+0xb7/0xc0 [ 26.318803] __kmalloc_cache_noprof+0x189/0x420 [ 26.319211] ksize_uaf+0xaa/0x6c0 [ 26.319362] kunit_try_run_case+0x1a5/0x480 [ 26.319575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.319849] kthread+0x337/0x6f0 [ 26.320044] ret_from_fork+0x116/0x1d0 [ 26.320208] ret_from_fork_asm+0x1a/0x30 [ 26.320398] [ 26.320486] Freed by task 245: [ 26.320599] kasan_save_stack+0x45/0x70 [ 26.320830] kasan_save_track+0x18/0x40 [ 26.321069] kasan_save_free_info+0x3f/0x60 [ 26.321265] __kasan_slab_free+0x5e/0x80 [ 26.321468] kfree+0x222/0x3f0 [ 26.321638] ksize_uaf+0x12c/0x6c0 [ 26.321833] kunit_try_run_case+0x1a5/0x480 [ 26.322045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.322306] kthread+0x337/0x6f0 [ 26.322467] ret_from_fork+0x116/0x1d0 [ 26.322646] ret_from_fork_asm+0x1a/0x30 [ 26.322832] [ 26.322897] The buggy address belongs to the object at ffff888105800500 [ 26.322897] which belongs to the cache kmalloc-128 of size 128 [ 26.323265] The buggy address is located 120 bytes inside of [ 26.323265] freed 128-byte region [ffff888105800500, ffff888105800580) [ 26.323800] [ 26.323890] The buggy address belongs to the physical page: [ 26.324248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 26.324522] flags: 0x200000000000000(node=0|zone=2) [ 26.324679] page_type: f5(slab) [ 26.324796] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.325235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.325604] page dumped because: kasan: bad access detected [ 26.325974] [ 26.326066] Memory state around the buggy address: [ 26.326312] ffff888105800400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.326629] ffff888105800480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.327136] >ffff888105800500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.327357] ^ [ 26.327571] ffff888105800580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.327781] ffff888105800600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.328293] ================================================================== [ 26.259359] ================================================================== [ 26.259851] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 26.260255] Read of size 1 at addr ffff888105800500 by task kunit_try_catch/245 [ 26.260552] [ 26.260657] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.260723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.260735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.260756] Call Trace: [ 26.260768] <TASK> [ 26.260784] dump_stack_lvl+0x73/0xb0 [ 26.260859] print_report+0xd1/0x640 [ 26.260883] ? __virt_addr_valid+0x1db/0x2d0 [ 26.260930] ? ksize_uaf+0x19d/0x6c0 [ 26.260961] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.260988] ? ksize_uaf+0x19d/0x6c0 [ 26.261010] kasan_report+0x141/0x180 [ 26.261049] ? ksize_uaf+0x19d/0x6c0 [ 26.261083] ? ksize_uaf+0x19d/0x6c0 [ 26.261105] __kasan_check_byte+0x3d/0x50 [ 26.261132] ksize+0x20/0x60 [ 26.261152] ksize_uaf+0x19d/0x6c0 [ 26.261175] ? __pfx_ksize_uaf+0x10/0x10 [ 26.261198] ? __schedule+0x10da/0x2b60 [ 26.261220] ? __pfx_read_tsc+0x10/0x10 [ 26.261245] ? ktime_get_ts64+0x86/0x230 [ 26.261287] kunit_try_run_case+0x1a5/0x480 [ 26.261325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.261349] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.261371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.261397] ? __kthread_parkme+0x82/0x180 [ 26.261418] ? preempt_count_sub+0x50/0x80 [ 26.261442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.261467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.261491] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.261515] kthread+0x337/0x6f0 [ 26.261535] ? trace_preempt_on+0x20/0xc0 [ 26.261559] ? __pfx_kthread+0x10/0x10 [ 26.261580] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.261604] ? calculate_sigpending+0x7b/0xa0 [ 26.261629] ? __pfx_kthread+0x10/0x10 [ 26.261651] ret_from_fork+0x116/0x1d0 [ 26.261670] ? __pfx_kthread+0x10/0x10 [ 26.261691] ret_from_fork_asm+0x1a/0x30 [ 26.261724] </TASK> [ 26.261735] [ 26.272930] Allocated by task 245: [ 26.273212] kasan_save_stack+0x45/0x70 [ 26.273401] kasan_save_track+0x18/0x40 [ 26.273605] kasan_save_alloc_info+0x3b/0x50 [ 26.273825] __kasan_kmalloc+0xb7/0xc0 [ 26.274017] __kmalloc_cache_noprof+0x189/0x420 [ 26.274243] ksize_uaf+0xaa/0x6c0 [ 26.274445] kunit_try_run_case+0x1a5/0x480 [ 26.274596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.274819] kthread+0x337/0x6f0 [ 26.274997] ret_from_fork+0x116/0x1d0 [ 26.275365] ret_from_fork_asm+0x1a/0x30 [ 26.275600] [ 26.275691] Freed by task 245: [ 26.275978] kasan_save_stack+0x45/0x70 [ 26.276224] kasan_save_track+0x18/0x40 [ 26.276393] kasan_save_free_info+0x3f/0x60 [ 26.276582] __kasan_slab_free+0x5e/0x80 [ 26.276777] kfree+0x222/0x3f0 [ 26.277024] ksize_uaf+0x12c/0x6c0 [ 26.277192] kunit_try_run_case+0x1a5/0x480 [ 26.277417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.277617] kthread+0x337/0x6f0 [ 26.277733] ret_from_fork+0x116/0x1d0 [ 26.277860] ret_from_fork_asm+0x1a/0x30 [ 26.278005] [ 26.278070] The buggy address belongs to the object at ffff888105800500 [ 26.278070] which belongs to the cache kmalloc-128 of size 128 [ 26.278997] The buggy address is located 0 bytes inside of [ 26.278997] freed 128-byte region [ffff888105800500, ffff888105800580) [ 26.279446] [ 26.279513] The buggy address belongs to the physical page: [ 26.279684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 26.280313] flags: 0x200000000000000(node=0|zone=2) [ 26.280564] page_type: f5(slab) [ 26.280743] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.281452] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.281754] page dumped because: kasan: bad access detected [ 26.282207] [ 26.282326] Memory state around the buggy address: [ 26.282551] ffff888105800400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.282823] ffff888105800480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.283248] >ffff888105800500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.283540] ^ [ 26.283725] ffff888105800580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284064] ffff888105800600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.284384] ================================================================== [ 26.285311] ================================================================== [ 26.285613] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 26.285822] Read of size 1 at addr ffff888105800500 by task kunit_try_catch/245 [ 26.286462] [ 26.286654] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.286720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.286732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.286751] Call Trace: [ 26.286764] <TASK> [ 26.286778] dump_stack_lvl+0x73/0xb0 [ 26.286857] print_report+0xd1/0x640 [ 26.286881] ? __virt_addr_valid+0x1db/0x2d0 [ 26.286904] ? ksize_uaf+0x5fe/0x6c0 [ 26.286925] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.286967] ? ksize_uaf+0x5fe/0x6c0 [ 26.286989] kasan_report+0x141/0x180 [ 26.287011] ? ksize_uaf+0x5fe/0x6c0 [ 26.287038] __asan_report_load1_noabort+0x18/0x20 [ 26.287063] ksize_uaf+0x5fe/0x6c0 [ 26.287107] ? __pfx_ksize_uaf+0x10/0x10 [ 26.287130] ? __schedule+0x10da/0x2b60 [ 26.287152] ? __pfx_read_tsc+0x10/0x10 [ 26.287174] ? ktime_get_ts64+0x86/0x230 [ 26.287215] kunit_try_run_case+0x1a5/0x480 [ 26.287240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.287263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.287285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.287338] ? __kthread_parkme+0x82/0x180 [ 26.287360] ? preempt_count_sub+0x50/0x80 [ 26.287384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.287409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.287434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.287458] kthread+0x337/0x6f0 [ 26.287479] ? trace_preempt_on+0x20/0xc0 [ 26.287503] ? __pfx_kthread+0x10/0x10 [ 26.287524] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.287549] ? calculate_sigpending+0x7b/0xa0 [ 26.287573] ? __pfx_kthread+0x10/0x10 [ 26.287595] ret_from_fork+0x116/0x1d0 [ 26.287614] ? __pfx_kthread+0x10/0x10 [ 26.287635] ret_from_fork_asm+0x1a/0x30 [ 26.287667] </TASK> [ 26.287694] [ 26.295280] Allocated by task 245: [ 26.295452] kasan_save_stack+0x45/0x70 [ 26.295647] kasan_save_track+0x18/0x40 [ 26.295892] kasan_save_alloc_info+0x3b/0x50 [ 26.296054] __kasan_kmalloc+0xb7/0xc0 [ 26.296360] __kmalloc_cache_noprof+0x189/0x420 [ 26.296585] ksize_uaf+0xaa/0x6c0 [ 26.296770] kunit_try_run_case+0x1a5/0x480 [ 26.296979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.297265] kthread+0x337/0x6f0 [ 26.297436] ret_from_fork+0x116/0x1d0 [ 26.297826] ret_from_fork_asm+0x1a/0x30 [ 26.298034] [ 26.298168] Freed by task 245: [ 26.298324] kasan_save_stack+0x45/0x70 [ 26.298540] kasan_save_track+0x18/0x40 [ 26.298705] kasan_save_free_info+0x3f/0x60 [ 26.298993] __kasan_slab_free+0x5e/0x80 [ 26.299174] kfree+0x222/0x3f0 [ 26.299286] ksize_uaf+0x12c/0x6c0 [ 26.299405] kunit_try_run_case+0x1a5/0x480 [ 26.299631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.299979] kthread+0x337/0x6f0 [ 26.300251] ret_from_fork+0x116/0x1d0 [ 26.300405] ret_from_fork_asm+0x1a/0x30 [ 26.300540] [ 26.300604] The buggy address belongs to the object at ffff888105800500 [ 26.300604] which belongs to the cache kmalloc-128 of size 128 [ 26.300977] The buggy address is located 0 bytes inside of [ 26.300977] freed 128-byte region [ffff888105800500, ffff888105800580) [ 26.301489] [ 26.301641] The buggy address belongs to the physical page: [ 26.302020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 26.302381] flags: 0x200000000000000(node=0|zone=2) [ 26.302573] page_type: f5(slab) [ 26.302689] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.302916] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.303568] page dumped because: kasan: bad access detected [ 26.303919] [ 26.304044] Memory state around the buggy address: [ 26.304323] ffff888105800400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.304707] ffff888105800480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305209] >ffff888105800500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.305445] ^ [ 26.305559] ffff888105800580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.305813] ffff888105800600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.306153] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 26.194219] ================================================================== [ 26.194641] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 26.194926] Read of size 1 at addr ffff888106253173 by task kunit_try_catch/243 [ 26.195329] [ 26.195660] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.195706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.195717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.195737] Call Trace: [ 26.195750] <TASK> [ 26.195766] dump_stack_lvl+0x73/0xb0 [ 26.195795] print_report+0xd1/0x640 [ 26.195818] ? __virt_addr_valid+0x1db/0x2d0 [ 26.195870] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.195894] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.195920] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.195952] kasan_report+0x141/0x180 [ 26.195975] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 26.196003] __asan_report_load1_noabort+0x18/0x20 [ 26.196028] ksize_unpoisons_memory+0x81c/0x9b0 [ 26.196052] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.196086] ? finish_task_switch.isra.0+0x153/0x700 [ 26.196108] ? __switch_to+0x47/0xf80 [ 26.196135] ? __schedule+0x10da/0x2b60 [ 26.196157] ? __pfx_read_tsc+0x10/0x10 [ 26.196179] ? ktime_get_ts64+0x86/0x230 [ 26.196204] kunit_try_run_case+0x1a5/0x480 [ 26.196228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.196251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.196272] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.196299] ? __kthread_parkme+0x82/0x180 [ 26.196320] ? preempt_count_sub+0x50/0x80 [ 26.196344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.196368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.196391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.196415] kthread+0x337/0x6f0 [ 26.196436] ? trace_preempt_on+0x20/0xc0 [ 26.196458] ? __pfx_kthread+0x10/0x10 [ 26.196479] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.196503] ? calculate_sigpending+0x7b/0xa0 [ 26.196527] ? __pfx_kthread+0x10/0x10 [ 26.196549] ret_from_fork+0x116/0x1d0 [ 26.196568] ? __pfx_kthread+0x10/0x10 [ 26.196589] ret_from_fork_asm+0x1a/0x30 [ 26.196620] </TASK> [ 26.196631] [ 26.204367] Allocated by task 243: [ 26.204550] kasan_save_stack+0x45/0x70 [ 26.204749] kasan_save_track+0x18/0x40 [ 26.204968] kasan_save_alloc_info+0x3b/0x50 [ 26.205342] __kasan_kmalloc+0xb7/0xc0 [ 26.205778] __kmalloc_cache_noprof+0x189/0x420 [ 26.206052] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.206257] kunit_try_run_case+0x1a5/0x480 [ 26.206406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.206638] kthread+0x337/0x6f0 [ 26.206829] ret_from_fork+0x116/0x1d0 [ 26.207027] ret_from_fork_asm+0x1a/0x30 [ 26.207291] [ 26.207376] The buggy address belongs to the object at ffff888106253100 [ 26.207376] which belongs to the cache kmalloc-128 of size 128 [ 26.207836] The buggy address is located 0 bytes to the right of [ 26.207836] allocated 115-byte region [ffff888106253100, ffff888106253173) [ 26.208426] [ 26.208520] The buggy address belongs to the physical page: [ 26.208761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 26.209211] flags: 0x200000000000000(node=0|zone=2) [ 26.209442] page_type: f5(slab) [ 26.209593] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.209988] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.210381] page dumped because: kasan: bad access detected [ 26.210607] [ 26.210696] Memory state around the buggy address: [ 26.210981] ffff888106253000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.211301] ffff888106253080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.211520] >ffff888106253100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.211733] ^ [ 26.211941] ffff888106253180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.212285] ffff888106253200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.213016] ================================================================== [ 26.233070] ================================================================== [ 26.233337] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.233567] Read of size 1 at addr ffff88810625317f by task kunit_try_catch/243 [ 26.233787] [ 26.233864] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.233908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.233919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.233938] Call Trace: [ 26.234105] <TASK> [ 26.234122] dump_stack_lvl+0x73/0xb0 [ 26.234152] print_report+0xd1/0x640 [ 26.234175] ? __virt_addr_valid+0x1db/0x2d0 [ 26.234199] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.234222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.234248] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.234272] kasan_report+0x141/0x180 [ 26.234295] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.234324] __asan_report_load1_noabort+0x18/0x20 [ 26.234348] ksize_unpoisons_memory+0x7b6/0x9b0 [ 26.234373] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.234396] ? finish_task_switch.isra.0+0x153/0x700 [ 26.234418] ? __switch_to+0x47/0xf80 [ 26.234444] ? __schedule+0x10da/0x2b60 [ 26.234465] ? __pfx_read_tsc+0x10/0x10 [ 26.234487] ? ktime_get_ts64+0x86/0x230 [ 26.234513] kunit_try_run_case+0x1a5/0x480 [ 26.234537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.234560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.234582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.234609] ? __kthread_parkme+0x82/0x180 [ 26.234629] ? preempt_count_sub+0x50/0x80 [ 26.234652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.234677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.234700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.234725] kthread+0x337/0x6f0 [ 26.234745] ? trace_preempt_on+0x20/0xc0 [ 26.234768] ? __pfx_kthread+0x10/0x10 [ 26.234789] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.234813] ? calculate_sigpending+0x7b/0xa0 [ 26.234837] ? __pfx_kthread+0x10/0x10 [ 26.234908] ret_from_fork+0x116/0x1d0 [ 26.234928] ? __pfx_kthread+0x10/0x10 [ 26.234962] ret_from_fork_asm+0x1a/0x30 [ 26.234994] </TASK> [ 26.235004] [ 26.243111] Allocated by task 243: [ 26.243289] kasan_save_stack+0x45/0x70 [ 26.243485] kasan_save_track+0x18/0x40 [ 26.243673] kasan_save_alloc_info+0x3b/0x50 [ 26.243879] __kasan_kmalloc+0xb7/0xc0 [ 26.244071] __kmalloc_cache_noprof+0x189/0x420 [ 26.244447] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.244599] kunit_try_run_case+0x1a5/0x480 [ 26.244744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.245018] kthread+0x337/0x6f0 [ 26.245201] ret_from_fork+0x116/0x1d0 [ 26.245390] ret_from_fork_asm+0x1a/0x30 [ 26.245591] [ 26.245685] The buggy address belongs to the object at ffff888106253100 [ 26.245685] which belongs to the cache kmalloc-128 of size 128 [ 26.246407] The buggy address is located 12 bytes to the right of [ 26.246407] allocated 115-byte region [ffff888106253100, ffff888106253173) [ 26.246991] [ 26.247100] The buggy address belongs to the physical page: [ 26.247284] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 26.247623] flags: 0x200000000000000(node=0|zone=2) [ 26.247902] page_type: f5(slab) [ 26.248078] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.248362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.248696] page dumped because: kasan: bad access detected [ 26.248991] [ 26.249080] Memory state around the buggy address: [ 26.249268] ffff888106253000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.249563] ffff888106253080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.250039] >ffff888106253100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.250336] ^ [ 26.250618] ffff888106253180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.250996] ffff888106253200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.251290] ================================================================== [ 26.213717] ================================================================== [ 26.213961] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.214518] Read of size 1 at addr ffff888106253178 by task kunit_try_catch/243 [ 26.214867] [ 26.214985] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.215031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.215042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.215061] Call Trace: [ 26.215075] <TASK> [ 26.215089] dump_stack_lvl+0x73/0xb0 [ 26.215127] print_report+0xd1/0x640 [ 26.215150] ? __virt_addr_valid+0x1db/0x2d0 [ 26.215173] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.215196] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.215222] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.215246] kasan_report+0x141/0x180 [ 26.215269] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.215297] __asan_report_load1_noabort+0x18/0x20 [ 26.215322] ksize_unpoisons_memory+0x7e9/0x9b0 [ 26.215346] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 26.215369] ? finish_task_switch.isra.0+0x153/0x700 [ 26.215391] ? __switch_to+0x47/0xf80 [ 26.215417] ? __schedule+0x10da/0x2b60 [ 26.215438] ? __pfx_read_tsc+0x10/0x10 [ 26.215460] ? ktime_get_ts64+0x86/0x230 [ 26.215484] kunit_try_run_case+0x1a5/0x480 [ 26.215509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.215532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.215554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.215580] ? __kthread_parkme+0x82/0x180 [ 26.215600] ? preempt_count_sub+0x50/0x80 [ 26.215624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.215648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.215673] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.215698] kthread+0x337/0x6f0 [ 26.215719] ? trace_preempt_on+0x20/0xc0 [ 26.215742] ? __pfx_kthread+0x10/0x10 [ 26.215763] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.215788] ? calculate_sigpending+0x7b/0xa0 [ 26.215812] ? __pfx_kthread+0x10/0x10 [ 26.215834] ret_from_fork+0x116/0x1d0 [ 26.215854] ? __pfx_kthread+0x10/0x10 [ 26.215875] ret_from_fork_asm+0x1a/0x30 [ 26.215906] </TASK> [ 26.215917] [ 26.224241] Allocated by task 243: [ 26.224373] kasan_save_stack+0x45/0x70 [ 26.224517] kasan_save_track+0x18/0x40 [ 26.224652] kasan_save_alloc_info+0x3b/0x50 [ 26.224817] __kasan_kmalloc+0xb7/0xc0 [ 26.225017] __kmalloc_cache_noprof+0x189/0x420 [ 26.225378] ksize_unpoisons_memory+0xc7/0x9b0 [ 26.225593] kunit_try_run_case+0x1a5/0x480 [ 26.225806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.226218] kthread+0x337/0x6f0 [ 26.226394] ret_from_fork+0x116/0x1d0 [ 26.226560] ret_from_fork_asm+0x1a/0x30 [ 26.226755] [ 26.226928] The buggy address belongs to the object at ffff888106253100 [ 26.226928] which belongs to the cache kmalloc-128 of size 128 [ 26.227454] The buggy address is located 5 bytes to the right of [ 26.227454] allocated 115-byte region [ffff888106253100, ffff888106253173) [ 26.228166] [ 26.228257] The buggy address belongs to the physical page: [ 26.228489] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 26.228808] flags: 0x200000000000000(node=0|zone=2) [ 26.229043] page_type: f5(slab) [ 26.229216] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.229615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.230052] page dumped because: kasan: bad access detected [ 26.230315] [ 26.230388] Memory state around the buggy address: [ 26.230567] ffff888106253000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.230788] ffff888106253080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.231123] >ffff888106253100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 26.231541] ^ [ 26.231982] ffff888106253180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.232328] ffff888106253200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.232601] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 26.160896] ================================================================== [ 26.161978] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 26.162609] Free of addr ffff8881057d7660 by task kunit_try_catch/241 [ 26.163516] [ 26.163619] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.163670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.163683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.163703] Call Trace: [ 26.163717] <TASK> [ 26.163735] dump_stack_lvl+0x73/0xb0 [ 26.163766] print_report+0xd1/0x640 [ 26.163961] ? __virt_addr_valid+0x1db/0x2d0 [ 26.163994] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.164022] ? kfree_sensitive+0x2e/0x90 [ 26.164043] kasan_report_invalid_free+0x10a/0x130 [ 26.164069] ? kfree_sensitive+0x2e/0x90 [ 26.164145] ? kfree_sensitive+0x2e/0x90 [ 26.164165] check_slab_allocation+0x101/0x130 [ 26.164188] __kasan_slab_pre_free+0x28/0x40 [ 26.164209] kfree+0xf0/0x3f0 [ 26.164232] ? kfree_sensitive+0x2e/0x90 [ 26.164254] kfree_sensitive+0x2e/0x90 [ 26.164274] kmalloc_double_kzfree+0x19c/0x350 [ 26.164298] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 26.164322] ? __schedule+0x10da/0x2b60 [ 26.164344] ? __pfx_read_tsc+0x10/0x10 [ 26.164367] ? ktime_get_ts64+0x86/0x230 [ 26.164391] kunit_try_run_case+0x1a5/0x480 [ 26.164416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.164439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.164461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.164488] ? __kthread_parkme+0x82/0x180 [ 26.164508] ? preempt_count_sub+0x50/0x80 [ 26.164531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.164556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.164579] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.164603] kthread+0x337/0x6f0 [ 26.164623] ? trace_preempt_on+0x20/0xc0 [ 26.164647] ? __pfx_kthread+0x10/0x10 [ 26.164668] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.164693] ? calculate_sigpending+0x7b/0xa0 [ 26.164716] ? __pfx_kthread+0x10/0x10 [ 26.164738] ret_from_fork+0x116/0x1d0 [ 26.164758] ? __pfx_kthread+0x10/0x10 [ 26.164778] ret_from_fork_asm+0x1a/0x30 [ 26.164820] </TASK> [ 26.164832] [ 26.178401] Allocated by task 241: [ 26.178637] kasan_save_stack+0x45/0x70 [ 26.178782] kasan_save_track+0x18/0x40 [ 26.179209] kasan_save_alloc_info+0x3b/0x50 [ 26.179601] __kasan_kmalloc+0xb7/0xc0 [ 26.179906] __kmalloc_cache_noprof+0x189/0x420 [ 26.180342] kmalloc_double_kzfree+0xa9/0x350 [ 26.180505] kunit_try_run_case+0x1a5/0x480 [ 26.180653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.180861] kthread+0x337/0x6f0 [ 26.180992] ret_from_fork+0x116/0x1d0 [ 26.181319] ret_from_fork_asm+0x1a/0x30 [ 26.181497] [ 26.181571] Freed by task 241: [ 26.181693] kasan_save_stack+0x45/0x70 [ 26.181884] kasan_save_track+0x18/0x40 [ 26.182126] kasan_save_free_info+0x3f/0x60 [ 26.182306] __kasan_slab_free+0x5e/0x80 [ 26.182480] kfree+0x222/0x3f0 [ 26.182595] kfree_sensitive+0x67/0x90 [ 26.182726] kmalloc_double_kzfree+0x12b/0x350 [ 26.182939] kunit_try_run_case+0x1a5/0x480 [ 26.183263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.183553] kthread+0x337/0x6f0 [ 26.183717] ret_from_fork+0x116/0x1d0 [ 26.184065] ret_from_fork_asm+0x1a/0x30 [ 26.184248] [ 26.184335] The buggy address belongs to the object at ffff8881057d7660 [ 26.184335] which belongs to the cache kmalloc-16 of size 16 [ 26.184788] The buggy address is located 0 bytes inside of [ 26.184788] 16-byte region [ffff8881057d7660, ffff8881057d7670) [ 26.185336] [ 26.185413] The buggy address belongs to the physical page: [ 26.185609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 26.185974] flags: 0x200000000000000(node=0|zone=2) [ 26.186203] page_type: f5(slab) [ 26.186413] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.186658] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.187414] page dumped because: kasan: bad access detected [ 26.187638] [ 26.187729] Memory state around the buggy address: [ 26.187936] ffff8881057d7500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.188271] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.188537] >ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.188908] ^ [ 26.189198] ffff8881057d7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.189474] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.189766] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 26.115641] ================================================================== [ 26.116437] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 26.117170] Read of size 1 at addr ffff8881057d7660 by task kunit_try_catch/241 [ 26.118179] [ 26.118453] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.118508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.118521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.118543] Call Trace: [ 26.118557] <TASK> [ 26.118573] dump_stack_lvl+0x73/0xb0 [ 26.118605] print_report+0xd1/0x640 [ 26.118629] ? __virt_addr_valid+0x1db/0x2d0 [ 26.118653] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.118676] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.118703] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.118726] kasan_report+0x141/0x180 [ 26.118748] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.118884] ? kmalloc_double_kzfree+0x19c/0x350 [ 26.118916] __kasan_check_byte+0x3d/0x50 [ 26.118939] kfree_sensitive+0x22/0x90 [ 26.118975] kmalloc_double_kzfree+0x19c/0x350 [ 26.118998] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 26.119023] ? __schedule+0x10da/0x2b60 [ 26.119051] ? __pfx_read_tsc+0x10/0x10 [ 26.119075] ? ktime_get_ts64+0x86/0x230 [ 26.119100] kunit_try_run_case+0x1a5/0x480 [ 26.119126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.119149] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.119171] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.119198] ? __kthread_parkme+0x82/0x180 [ 26.119221] ? preempt_count_sub+0x50/0x80 [ 26.119246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.119271] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.119295] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.119320] kthread+0x337/0x6f0 [ 26.119340] ? trace_preempt_on+0x20/0xc0 [ 26.119364] ? __pfx_kthread+0x10/0x10 [ 26.119385] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.119409] ? calculate_sigpending+0x7b/0xa0 [ 26.119433] ? __pfx_kthread+0x10/0x10 [ 26.119454] ret_from_fork+0x116/0x1d0 [ 26.119474] ? __pfx_kthread+0x10/0x10 [ 26.119495] ret_from_fork_asm+0x1a/0x30 [ 26.119527] </TASK> [ 26.119539] [ 26.135507] Allocated by task 241: [ 26.136072] kasan_save_stack+0x45/0x70 [ 26.136572] kasan_save_track+0x18/0x40 [ 26.137162] kasan_save_alloc_info+0x3b/0x50 [ 26.137751] __kasan_kmalloc+0xb7/0xc0 [ 26.138289] __kmalloc_cache_noprof+0x189/0x420 [ 26.138827] kmalloc_double_kzfree+0xa9/0x350 [ 26.139255] kunit_try_run_case+0x1a5/0x480 [ 26.139707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.140325] kthread+0x337/0x6f0 [ 26.140709] ret_from_fork+0x116/0x1d0 [ 26.141204] ret_from_fork_asm+0x1a/0x30 [ 26.141626] [ 26.141712] Freed by task 241: [ 26.142144] kasan_save_stack+0x45/0x70 [ 26.142653] kasan_save_track+0x18/0x40 [ 26.143228] kasan_save_free_info+0x3f/0x60 [ 26.143638] __kasan_slab_free+0x5e/0x80 [ 26.143964] kfree+0x222/0x3f0 [ 26.144439] kfree_sensitive+0x67/0x90 [ 26.144961] kmalloc_double_kzfree+0x12b/0x350 [ 26.145467] kunit_try_run_case+0x1a5/0x480 [ 26.145631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.146043] kthread+0x337/0x6f0 [ 26.146502] ret_from_fork+0x116/0x1d0 [ 26.147021] ret_from_fork_asm+0x1a/0x30 [ 26.147615] [ 26.147920] The buggy address belongs to the object at ffff8881057d7660 [ 26.147920] which belongs to the cache kmalloc-16 of size 16 [ 26.148759] The buggy address is located 0 bytes inside of [ 26.148759] freed 16-byte region [ffff8881057d7660, ffff8881057d7670) [ 26.149768] [ 26.150031] The buggy address belongs to the physical page: [ 26.150800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 26.151833] flags: 0x200000000000000(node=0|zone=2) [ 26.152474] page_type: f5(slab) [ 26.152933] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.153590] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.154027] page dumped because: kasan: bad access detected [ 26.154781] [ 26.155125] Memory state around the buggy address: [ 26.155690] ffff8881057d7500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.156605] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.157058] >ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.157965] ^ [ 26.158776] ffff8881057d7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.159043] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.160026] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 26.083156] ================================================================== [ 26.083596] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 26.084337] Read of size 1 at addr ffff888106254228 by task kunit_try_catch/237 [ 26.084734] [ 26.084826] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.084878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.084926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.084960] Call Trace: [ 26.085045] <TASK> [ 26.085105] dump_stack_lvl+0x73/0xb0 [ 26.085151] print_report+0xd1/0x640 [ 26.085175] ? __virt_addr_valid+0x1db/0x2d0 [ 26.085200] ? kmalloc_uaf2+0x4a8/0x520 [ 26.085221] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.085247] ? kmalloc_uaf2+0x4a8/0x520 [ 26.085302] kasan_report+0x141/0x180 [ 26.085326] ? kmalloc_uaf2+0x4a8/0x520 [ 26.085351] __asan_report_load1_noabort+0x18/0x20 [ 26.085376] kmalloc_uaf2+0x4a8/0x520 [ 26.085397] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 26.085417] ? finish_task_switch.isra.0+0x153/0x700 [ 26.085440] ? __switch_to+0x47/0xf80 [ 26.085468] ? __schedule+0x10da/0x2b60 [ 26.085490] ? __pfx_read_tsc+0x10/0x10 [ 26.085513] ? ktime_get_ts64+0x86/0x230 [ 26.085539] kunit_try_run_case+0x1a5/0x480 [ 26.085564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.085587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.085610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.085636] ? __kthread_parkme+0x82/0x180 [ 26.085656] ? preempt_count_sub+0x50/0x80 [ 26.085680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.085704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.085728] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.085752] kthread+0x337/0x6f0 [ 26.085772] ? trace_preempt_on+0x20/0xc0 [ 26.085844] ? __pfx_kthread+0x10/0x10 [ 26.085866] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.085890] ? calculate_sigpending+0x7b/0xa0 [ 26.085915] ? __pfx_kthread+0x10/0x10 [ 26.085937] ret_from_fork+0x116/0x1d0 [ 26.085970] ? __pfx_kthread+0x10/0x10 [ 26.085991] ret_from_fork_asm+0x1a/0x30 [ 26.086022] </TASK> [ 26.086034] [ 26.094642] Allocated by task 237: [ 26.094837] kasan_save_stack+0x45/0x70 [ 26.095110] kasan_save_track+0x18/0x40 [ 26.095308] kasan_save_alloc_info+0x3b/0x50 [ 26.095549] __kasan_kmalloc+0xb7/0xc0 [ 26.095741] __kmalloc_cache_noprof+0x189/0x420 [ 26.096133] kmalloc_uaf2+0xc6/0x520 [ 26.096393] kunit_try_run_case+0x1a5/0x480 [ 26.096642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.096996] kthread+0x337/0x6f0 [ 26.097297] ret_from_fork+0x116/0x1d0 [ 26.097523] ret_from_fork_asm+0x1a/0x30 [ 26.097722] [ 26.097809] Freed by task 237: [ 26.097962] kasan_save_stack+0x45/0x70 [ 26.098272] kasan_save_track+0x18/0x40 [ 26.098507] kasan_save_free_info+0x3f/0x60 [ 26.098738] __kasan_slab_free+0x5e/0x80 [ 26.099015] kfree+0x222/0x3f0 [ 26.099233] kmalloc_uaf2+0x14c/0x520 [ 26.099457] kunit_try_run_case+0x1a5/0x480 [ 26.099704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.100040] kthread+0x337/0x6f0 [ 26.100379] ret_from_fork+0x116/0x1d0 [ 26.100545] ret_from_fork_asm+0x1a/0x30 [ 26.100740] [ 26.101117] The buggy address belongs to the object at ffff888106254200 [ 26.101117] which belongs to the cache kmalloc-64 of size 64 [ 26.101912] The buggy address is located 40 bytes inside of [ 26.101912] freed 64-byte region [ffff888106254200, ffff888106254240) [ 26.102450] [ 26.102541] The buggy address belongs to the physical page: [ 26.102797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106254 [ 26.103362] flags: 0x200000000000000(node=0|zone=2) [ 26.103540] page_type: f5(slab) [ 26.103702] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.104709] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.105302] page dumped because: kasan: bad access detected [ 26.105575] [ 26.105667] Memory state around the buggy address: [ 26.106002] ffff888106254100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.106363] ffff888106254180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.106710] >ffff888106254200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.107176] ^ [ 26.107430] ffff888106254280: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 26.107730] ffff888106254300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.108093] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 26.040572] ================================================================== [ 26.041220] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 26.041474] Write of size 33 at addr ffff888105809b00 by task kunit_try_catch/235 [ 26.041707] [ 26.042102] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.042159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.042172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.042192] Call Trace: [ 26.042205] <TASK> [ 26.042229] dump_stack_lvl+0x73/0xb0 [ 26.042259] print_report+0xd1/0x640 [ 26.042282] ? __virt_addr_valid+0x1db/0x2d0 [ 26.042305] ? kmalloc_uaf_memset+0x1a3/0x360 [ 26.042326] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.042352] ? kmalloc_uaf_memset+0x1a3/0x360 [ 26.042374] kasan_report+0x141/0x180 [ 26.042396] ? kmalloc_uaf_memset+0x1a3/0x360 [ 26.042422] kasan_check_range+0x10c/0x1c0 [ 26.042446] __asan_memset+0x27/0x50 [ 26.042469] kmalloc_uaf_memset+0x1a3/0x360 [ 26.042490] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 26.042513] ? __schedule+0x10da/0x2b60 [ 26.042534] ? __pfx_read_tsc+0x10/0x10 [ 26.042555] ? ktime_get_ts64+0x86/0x230 [ 26.042579] kunit_try_run_case+0x1a5/0x480 [ 26.042603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.042625] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.042647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.042673] ? __kthread_parkme+0x82/0x180 [ 26.042694] ? preempt_count_sub+0x50/0x80 [ 26.042717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.042740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.042764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.042986] kthread+0x337/0x6f0 [ 26.043016] ? trace_preempt_on+0x20/0xc0 [ 26.043041] ? __pfx_kthread+0x10/0x10 [ 26.043062] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.043087] ? calculate_sigpending+0x7b/0xa0 [ 26.043110] ? __pfx_kthread+0x10/0x10 [ 26.043146] ret_from_fork+0x116/0x1d0 [ 26.043165] ? __pfx_kthread+0x10/0x10 [ 26.043186] ret_from_fork_asm+0x1a/0x30 [ 26.043217] </TASK> [ 26.043228] [ 26.059674] Allocated by task 235: [ 26.060077] kasan_save_stack+0x45/0x70 [ 26.060385] kasan_save_track+0x18/0x40 [ 26.060525] kasan_save_alloc_info+0x3b/0x50 [ 26.060674] __kasan_kmalloc+0xb7/0xc0 [ 26.061102] __kmalloc_cache_noprof+0x189/0x420 [ 26.061582] kmalloc_uaf_memset+0xa9/0x360 [ 26.062191] kunit_try_run_case+0x1a5/0x480 [ 26.062575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.063145] kthread+0x337/0x6f0 [ 26.063524] ret_from_fork+0x116/0x1d0 [ 26.063930] ret_from_fork_asm+0x1a/0x30 [ 26.064095] [ 26.064262] Freed by task 235: [ 26.064548] kasan_save_stack+0x45/0x70 [ 26.064900] kasan_save_track+0x18/0x40 [ 26.065236] kasan_save_free_info+0x3f/0x60 [ 26.065388] __kasan_slab_free+0x5e/0x80 [ 26.065525] kfree+0x222/0x3f0 [ 26.065641] kmalloc_uaf_memset+0x12b/0x360 [ 26.066081] kunit_try_run_case+0x1a5/0x480 [ 26.066548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.067167] kthread+0x337/0x6f0 [ 26.067515] ret_from_fork+0x116/0x1d0 [ 26.067933] ret_from_fork_asm+0x1a/0x30 [ 26.068477] [ 26.068672] The buggy address belongs to the object at ffff888105809b00 [ 26.068672] which belongs to the cache kmalloc-64 of size 64 [ 26.069849] The buggy address is located 0 bytes inside of [ 26.069849] freed 64-byte region [ffff888105809b00, ffff888105809b40) [ 26.070444] [ 26.070521] The buggy address belongs to the physical page: [ 26.070698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105809 [ 26.071447] flags: 0x200000000000000(node=0|zone=2) [ 26.072000] page_type: f5(slab) [ 26.072373] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.073172] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.073929] page dumped because: kasan: bad access detected [ 26.074259] [ 26.074411] Memory state around the buggy address: [ 26.074889] ffff888105809a00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 26.075398] ffff888105809a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.075628] >ffff888105809b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 26.076055] ^ [ 26.076410] ffff888105809b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077224] ffff888105809c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.077893] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 26.010550] ================================================================== [ 26.011375] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 26.011704] Read of size 1 at addr ffff8881057d7648 by task kunit_try_catch/233 [ 26.012233] [ 26.012429] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 26.012590] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.012607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.012628] Call Trace: [ 26.012642] <TASK> [ 26.012659] dump_stack_lvl+0x73/0xb0 [ 26.012690] print_report+0xd1/0x640 [ 26.012713] ? __virt_addr_valid+0x1db/0x2d0 [ 26.012738] ? kmalloc_uaf+0x320/0x380 [ 26.012758] ? kasan_complete_mode_report_info+0x64/0x200 [ 26.012786] ? kmalloc_uaf+0x320/0x380 [ 26.012928] kasan_report+0x141/0x180 [ 26.012969] ? kmalloc_uaf+0x320/0x380 [ 26.012995] __asan_report_load1_noabort+0x18/0x20 [ 26.013020] kmalloc_uaf+0x320/0x380 [ 26.013040] ? __pfx_kmalloc_uaf+0x10/0x10 [ 26.013072] ? __schedule+0x10da/0x2b60 [ 26.013096] ? __pfx_read_tsc+0x10/0x10 [ 26.013119] ? ktime_get_ts64+0x86/0x230 [ 26.013148] kunit_try_run_case+0x1a5/0x480 [ 26.013172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013195] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 26.013217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.013244] ? __kthread_parkme+0x82/0x180 [ 26.013264] ? preempt_count_sub+0x50/0x80 [ 26.013288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.013312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.013336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.013360] kthread+0x337/0x6f0 [ 26.013380] ? trace_preempt_on+0x20/0xc0 [ 26.013404] ? __pfx_kthread+0x10/0x10 [ 26.013425] ? _raw_spin_unlock_irq+0x47/0x80 [ 26.013449] ? calculate_sigpending+0x7b/0xa0 [ 26.013473] ? __pfx_kthread+0x10/0x10 [ 26.013495] ret_from_fork+0x116/0x1d0 [ 26.013515] ? __pfx_kthread+0x10/0x10 [ 26.013536] ret_from_fork_asm+0x1a/0x30 [ 26.013568] </TASK> [ 26.013579] [ 26.023118] Allocated by task 233: [ 26.023405] kasan_save_stack+0x45/0x70 [ 26.023659] kasan_save_track+0x18/0x40 [ 26.023834] kasan_save_alloc_info+0x3b/0x50 [ 26.024273] __kasan_kmalloc+0xb7/0xc0 [ 26.024452] __kmalloc_cache_noprof+0x189/0x420 [ 26.024787] kmalloc_uaf+0xaa/0x380 [ 26.025293] kunit_try_run_case+0x1a5/0x480 [ 26.025487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.025725] kthread+0x337/0x6f0 [ 26.026108] ret_from_fork+0x116/0x1d0 [ 26.026288] ret_from_fork_asm+0x1a/0x30 [ 26.026477] [ 26.026706] Freed by task 233: [ 26.026827] kasan_save_stack+0x45/0x70 [ 26.027222] kasan_save_track+0x18/0x40 [ 26.027423] kasan_save_free_info+0x3f/0x60 [ 26.027608] __kasan_slab_free+0x5e/0x80 [ 26.027775] kfree+0x222/0x3f0 [ 26.027930] kmalloc_uaf+0x12c/0x380 [ 26.028381] kunit_try_run_case+0x1a5/0x480 [ 26.028661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.028921] kthread+0x337/0x6f0 [ 26.029226] ret_from_fork+0x116/0x1d0 [ 26.029414] ret_from_fork_asm+0x1a/0x30 [ 26.029592] [ 26.029676] The buggy address belongs to the object at ffff8881057d7640 [ 26.029676] which belongs to the cache kmalloc-16 of size 16 [ 26.030562] The buggy address is located 8 bytes inside of [ 26.030562] freed 16-byte region [ffff8881057d7640, ffff8881057d7650) [ 26.031704] [ 26.031799] The buggy address belongs to the physical page: [ 26.032256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 26.032711] flags: 0x200000000000000(node=0|zone=2) [ 26.033141] page_type: f5(slab) [ 26.033276] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 26.033620] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 26.033922] page dumped because: kasan: bad access detected [ 26.034179] [ 26.034537] Memory state around the buggy address: [ 26.034760] ffff8881057d7500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.035397] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 26.035840] >ffff8881057d7600: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 26.036161] ^ [ 26.036538] ffff8881057d7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.036921] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.037438] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 25.981102] ================================================================== [ 25.981600] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.982444] Read of size 64 at addr ffff888106254004 by task kunit_try_catch/231 [ 25.982975] [ 25.983080] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.983232] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.983251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.983273] Call Trace: [ 25.983286] <TASK> [ 25.983361] dump_stack_lvl+0x73/0xb0 [ 25.983395] print_report+0xd1/0x640 [ 25.983418] ? __virt_addr_valid+0x1db/0x2d0 [ 25.983443] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.983467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.983493] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.983518] kasan_report+0x141/0x180 [ 25.983540] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.983569] kasan_check_range+0x10c/0x1c0 [ 25.983593] __asan_memmove+0x27/0x70 [ 25.983617] kmalloc_memmove_invalid_size+0x16f/0x330 [ 25.983642] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 25.983668] ? __schedule+0x10da/0x2b60 [ 25.983690] ? __pfx_read_tsc+0x10/0x10 [ 25.983712] ? ktime_get_ts64+0x86/0x230 [ 25.983737] kunit_try_run_case+0x1a5/0x480 [ 25.983761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.983796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.983819] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.983845] ? __kthread_parkme+0x82/0x180 [ 25.983865] ? preempt_count_sub+0x50/0x80 [ 25.983889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.983913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.983937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.983972] kthread+0x337/0x6f0 [ 25.983992] ? trace_preempt_on+0x20/0xc0 [ 25.984015] ? __pfx_kthread+0x10/0x10 [ 25.984036] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.984115] ? calculate_sigpending+0x7b/0xa0 [ 25.984141] ? __pfx_kthread+0x10/0x10 [ 25.984163] ret_from_fork+0x116/0x1d0 [ 25.984182] ? __pfx_kthread+0x10/0x10 [ 25.984203] ret_from_fork_asm+0x1a/0x30 [ 25.984234] </TASK> [ 25.984245] [ 25.994969] Allocated by task 231: [ 25.995421] kasan_save_stack+0x45/0x70 [ 25.995716] kasan_save_track+0x18/0x40 [ 25.996094] kasan_save_alloc_info+0x3b/0x50 [ 25.996388] __kasan_kmalloc+0xb7/0xc0 [ 25.996568] __kmalloc_cache_noprof+0x189/0x420 [ 25.996769] kmalloc_memmove_invalid_size+0xac/0x330 [ 25.997015] kunit_try_run_case+0x1a5/0x480 [ 25.997536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.997750] kthread+0x337/0x6f0 [ 25.998236] ret_from_fork+0x116/0x1d0 [ 25.998509] ret_from_fork_asm+0x1a/0x30 [ 25.998704] [ 25.998987] The buggy address belongs to the object at ffff888106254000 [ 25.998987] which belongs to the cache kmalloc-64 of size 64 [ 25.999667] The buggy address is located 4 bytes inside of [ 25.999667] allocated 64-byte region [ffff888106254000, ffff888106254040) [ 26.000497] [ 26.000723] The buggy address belongs to the physical page: [ 26.001033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106254 [ 26.001629] flags: 0x200000000000000(node=0|zone=2) [ 26.001861] page_type: f5(slab) [ 26.002347] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 26.002746] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.003290] page dumped because: kasan: bad access detected [ 26.003497] [ 26.003587] Memory state around the buggy address: [ 26.003808] ffff888106253f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.004096] ffff888106253f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.004782] >ffff888106254000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 26.005314] ^ [ 26.005626] ffff888106254080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.005958] ffff888106254100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.006737] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 25.953048] ================================================================== [ 25.953512] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 25.954048] Read of size 18446744073709551614 at addr ffff888106248e84 by task kunit_try_catch/229 [ 25.954897] [ 25.955113] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.955165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.955178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.955199] Call Trace: [ 25.955212] <TASK> [ 25.955226] dump_stack_lvl+0x73/0xb0 [ 25.955256] print_report+0xd1/0x640 [ 25.955279] ? __virt_addr_valid+0x1db/0x2d0 [ 25.955303] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.955327] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.955353] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.955683] kasan_report+0x141/0x180 [ 25.955720] ? kmalloc_memmove_negative_size+0x171/0x330 [ 25.955751] kasan_check_range+0x10c/0x1c0 [ 25.955775] __asan_memmove+0x27/0x70 [ 25.955867] kmalloc_memmove_negative_size+0x171/0x330 [ 25.955893] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.955922] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 25.955963] kunit_try_run_case+0x1a5/0x480 [ 25.955988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.956011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.956034] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.956061] ? __kthread_parkme+0x82/0x180 [ 25.956082] ? preempt_count_sub+0x50/0x80 [ 25.956105] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.956129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.956153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.956177] kthread+0x337/0x6f0 [ 25.956197] ? trace_preempt_on+0x20/0xc0 [ 25.956221] ? __pfx_kthread+0x10/0x10 [ 25.956242] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.956266] ? calculate_sigpending+0x7b/0xa0 [ 25.956289] ? __pfx_kthread+0x10/0x10 [ 25.956311] ret_from_fork+0x116/0x1d0 [ 25.956331] ? __pfx_kthread+0x10/0x10 [ 25.956351] ret_from_fork_asm+0x1a/0x30 [ 25.956382] </TASK> [ 25.956394] [ 25.966616] Allocated by task 229: [ 25.967134] kasan_save_stack+0x45/0x70 [ 25.967407] kasan_save_track+0x18/0x40 [ 25.967592] kasan_save_alloc_info+0x3b/0x50 [ 25.967783] __kasan_kmalloc+0xb7/0xc0 [ 25.968179] __kmalloc_cache_noprof+0x189/0x420 [ 25.968475] kmalloc_memmove_negative_size+0xac/0x330 [ 25.968667] kunit_try_run_case+0x1a5/0x480 [ 25.969182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.969437] kthread+0x337/0x6f0 [ 25.969584] ret_from_fork+0x116/0x1d0 [ 25.969763] ret_from_fork_asm+0x1a/0x30 [ 25.970319] [ 25.970422] The buggy address belongs to the object at ffff888106248e80 [ 25.970422] which belongs to the cache kmalloc-64 of size 64 [ 25.971170] The buggy address is located 4 bytes inside of [ 25.971170] 64-byte region [ffff888106248e80, ffff888106248ec0) [ 25.971704] [ 25.971959] The buggy address belongs to the physical page: [ 25.972339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106248 [ 25.972644] flags: 0x200000000000000(node=0|zone=2) [ 25.973104] page_type: f5(slab) [ 25.973253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 25.973594] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.973918] page dumped because: kasan: bad access detected [ 25.974558] [ 25.974642] Memory state around the buggy address: [ 25.974870] ffff888106248d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.975478] ffff888106248e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.975897] >ffff888106248e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 25.976242] ^ [ 25.976545] ffff888106248f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.976854] ffff888106248f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.977323] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 25.926274] ================================================================== [ 25.927414] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 25.927716] Write of size 16 at addr ffff888106253069 by task kunit_try_catch/227 [ 25.927956] [ 25.928042] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.928180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.928196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.928218] Call Trace: [ 25.928232] <TASK> [ 25.928250] dump_stack_lvl+0x73/0xb0 [ 25.928282] print_report+0xd1/0x640 [ 25.928305] ? __virt_addr_valid+0x1db/0x2d0 [ 25.928328] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.928350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.928376] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.928398] kasan_report+0x141/0x180 [ 25.928421] ? kmalloc_oob_memset_16+0x166/0x330 [ 25.928449] kasan_check_range+0x10c/0x1c0 [ 25.928473] __asan_memset+0x27/0x50 [ 25.928497] kmalloc_oob_memset_16+0x166/0x330 [ 25.928519] ? __kasan_check_write+0x18/0x20 [ 25.928542] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.928565] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.928590] ? trace_hardirqs_on+0x37/0xe0 [ 25.928613] ? __pfx_read_tsc+0x10/0x10 [ 25.928635] ? ktime_get_ts64+0x86/0x230 [ 25.928660] kunit_try_run_case+0x1a5/0x480 [ 25.928684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.928708] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.928731] ? __kthread_parkme+0x82/0x180 [ 25.928751] ? preempt_count_sub+0x50/0x80 [ 25.928775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.928798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.928874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.928899] kthread+0x337/0x6f0 [ 25.928919] ? trace_preempt_on+0x20/0xc0 [ 25.928953] ? __pfx_kthread+0x10/0x10 [ 25.928974] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.928999] ? calculate_sigpending+0x7b/0xa0 [ 25.929022] ? __pfx_kthread+0x10/0x10 [ 25.929044] ret_from_fork+0x116/0x1d0 [ 25.929071] ? __pfx_kthread+0x10/0x10 [ 25.929092] ret_from_fork_asm+0x1a/0x30 [ 25.929128] </TASK> [ 25.929139] [ 25.938874] Allocated by task 227: [ 25.939334] kasan_save_stack+0x45/0x70 [ 25.939534] kasan_save_track+0x18/0x40 [ 25.939713] kasan_save_alloc_info+0x3b/0x50 [ 25.940177] __kasan_kmalloc+0xb7/0xc0 [ 25.940369] __kmalloc_cache_noprof+0x189/0x420 [ 25.940548] kmalloc_oob_memset_16+0xac/0x330 [ 25.940765] kunit_try_run_case+0x1a5/0x480 [ 25.941097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.941471] kthread+0x337/0x6f0 [ 25.941635] ret_from_fork+0x116/0x1d0 [ 25.941805] ret_from_fork_asm+0x1a/0x30 [ 25.942395] [ 25.942486] The buggy address belongs to the object at ffff888106253000 [ 25.942486] which belongs to the cache kmalloc-128 of size 128 [ 25.943212] The buggy address is located 105 bytes inside of [ 25.943212] allocated 120-byte region [ffff888106253000, ffff888106253078) [ 25.943713] [ 25.943806] The buggy address belongs to the physical page: [ 25.944031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106253 [ 25.944366] flags: 0x200000000000000(node=0|zone=2) [ 25.944581] page_type: f5(slab) [ 25.944729] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.945532] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.945822] page dumped because: kasan: bad access detected [ 25.946387] [ 25.946573] Memory state around the buggy address: [ 25.946789] ffff888106252f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.947320] ffff888106252f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.947699] >ffff888106253000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.948121] ^ [ 25.948554] ffff888106253080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.949026] ffff888106253100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.949348] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 25.891100] ================================================================== [ 25.891481] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 25.891719] Write of size 8 at addr ffff888105800471 by task kunit_try_catch/225 [ 25.892501] [ 25.892691] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.892777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.892790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.892812] Call Trace: [ 25.892824] <TASK> [ 25.892869] dump_stack_lvl+0x73/0xb0 [ 25.892902] print_report+0xd1/0x640 [ 25.892927] ? __virt_addr_valid+0x1db/0x2d0 [ 25.892962] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.892984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.893011] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.893033] kasan_report+0x141/0x180 [ 25.893079] ? kmalloc_oob_memset_8+0x166/0x330 [ 25.893107] kasan_check_range+0x10c/0x1c0 [ 25.893134] __asan_memset+0x27/0x50 [ 25.893188] kmalloc_oob_memset_8+0x166/0x330 [ 25.893212] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.893235] ? __schedule+0x10da/0x2b60 [ 25.893268] ? __pfx_read_tsc+0x10/0x10 [ 25.893291] ? ktime_get_ts64+0x86/0x230 [ 25.893317] kunit_try_run_case+0x1a5/0x480 [ 25.893344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.893368] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.893421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.893448] ? __kthread_parkme+0x82/0x180 [ 25.893479] ? preempt_count_sub+0x50/0x80 [ 25.893503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.893528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.893552] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.893576] kthread+0x337/0x6f0 [ 25.893596] ? trace_preempt_on+0x20/0xc0 [ 25.893621] ? __pfx_kthread+0x10/0x10 [ 25.893642] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.893666] ? calculate_sigpending+0x7b/0xa0 [ 25.893690] ? __pfx_kthread+0x10/0x10 [ 25.893712] ret_from_fork+0x116/0x1d0 [ 25.893731] ? __pfx_kthread+0x10/0x10 [ 25.893752] ret_from_fork_asm+0x1a/0x30 [ 25.893808] </TASK> [ 25.893828] [ 25.906930] Allocated by task 225: [ 25.907074] kasan_save_stack+0x45/0x70 [ 25.907272] kasan_save_track+0x18/0x40 [ 25.907739] kasan_save_alloc_info+0x3b/0x50 [ 25.908272] __kasan_kmalloc+0xb7/0xc0 [ 25.908700] __kmalloc_cache_noprof+0x189/0x420 [ 25.909226] kmalloc_oob_memset_8+0xac/0x330 [ 25.909616] kunit_try_run_case+0x1a5/0x480 [ 25.909770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.910624] kthread+0x337/0x6f0 [ 25.911028] ret_from_fork+0x116/0x1d0 [ 25.911173] ret_from_fork_asm+0x1a/0x30 [ 25.911320] [ 25.911389] The buggy address belongs to the object at ffff888105800400 [ 25.911389] which belongs to the cache kmalloc-128 of size 128 [ 25.911766] The buggy address is located 113 bytes inside of [ 25.911766] allocated 120-byte region [ffff888105800400, ffff888105800478) [ 25.913020] [ 25.913260] The buggy address belongs to the physical page: [ 25.913793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 25.914632] flags: 0x200000000000000(node=0|zone=2) [ 25.915257] page_type: f5(slab) [ 25.915397] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.915636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.916052] page dumped because: kasan: bad access detected [ 25.916580] [ 25.916763] Memory state around the buggy address: [ 25.917311] ffff888105800300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.918066] ffff888105800380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.918770] >ffff888105800400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.919286] ^ [ 25.919711] ffff888105800480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.920333] ffff888105800500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.920566] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 25.845384] ================================================================== [ 25.846546] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 25.847302] Write of size 4 at addr ffff8881046caf75 by task kunit_try_catch/223 [ 25.848190] [ 25.848420] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.848470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.848482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.848503] Call Trace: [ 25.848516] <TASK> [ 25.848533] dump_stack_lvl+0x73/0xb0 [ 25.848598] print_report+0xd1/0x640 [ 25.848623] ? __virt_addr_valid+0x1db/0x2d0 [ 25.848648] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.848681] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.848708] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.848731] kasan_report+0x141/0x180 [ 25.848753] ? kmalloc_oob_memset_4+0x166/0x330 [ 25.848839] kasan_check_range+0x10c/0x1c0 [ 25.848870] __asan_memset+0x27/0x50 [ 25.848894] kmalloc_oob_memset_4+0x166/0x330 [ 25.848917] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.848941] ? __schedule+0x2070/0x2b60 [ 25.848976] ? __pfx_read_tsc+0x10/0x10 [ 25.848999] ? ktime_get_ts64+0x86/0x230 [ 25.849025] kunit_try_run_case+0x1a5/0x480 [ 25.849058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.849081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.849103] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.849133] ? __kthread_parkme+0x82/0x180 [ 25.849154] ? preempt_count_sub+0x50/0x80 [ 25.849178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.849202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.849227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.849252] kthread+0x337/0x6f0 [ 25.849272] ? trace_preempt_on+0x20/0xc0 [ 25.849296] ? __pfx_kthread+0x10/0x10 [ 25.849317] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.849342] ? calculate_sigpending+0x7b/0xa0 [ 25.849368] ? __pfx_kthread+0x10/0x10 [ 25.849389] ret_from_fork+0x116/0x1d0 [ 25.849409] ? __pfx_kthread+0x10/0x10 [ 25.849430] ret_from_fork_asm+0x1a/0x30 [ 25.849462] </TASK> [ 25.849474] [ 25.863932] Allocated by task 223: [ 25.864370] kasan_save_stack+0x45/0x70 [ 25.864671] kasan_save_track+0x18/0x40 [ 25.866155] kasan_save_alloc_info+0x3b/0x50 [ 25.866316] __kasan_kmalloc+0xb7/0xc0 [ 25.866449] __kmalloc_cache_noprof+0x189/0x420 [ 25.866605] kmalloc_oob_memset_4+0xac/0x330 [ 25.866752] kunit_try_run_case+0x1a5/0x480 [ 25.866897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.868054] kthread+0x337/0x6f0 [ 25.868375] ret_from_fork+0x116/0x1d0 [ 25.868710] ret_from_fork_asm+0x1a/0x30 [ 25.869066] [ 25.869215] The buggy address belongs to the object at ffff8881046caf00 [ 25.869215] which belongs to the cache kmalloc-128 of size 128 [ 25.871195] The buggy address is located 117 bytes inside of [ 25.871195] allocated 120-byte region [ffff8881046caf00, ffff8881046caf78) [ 25.873160] [ 25.873645] The buggy address belongs to the physical page: [ 25.874414] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ca [ 25.875465] flags: 0x200000000000000(node=0|zone=2) [ 25.876233] page_type: f5(slab) [ 25.876548] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.877683] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.879009] page dumped because: kasan: bad access detected [ 25.879493] [ 25.879677] Memory state around the buggy address: [ 25.880932] ffff8881046cae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.881652] ffff8881046cae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.882594] >ffff8881046caf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.883603] ^ [ 25.884657] ffff8881046caf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.885980] ffff8881046cb000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.886687] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 25.810458] ================================================================== [ 25.811644] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 25.812410] Write of size 2 at addr ffff888105800377 by task kunit_try_catch/221 [ 25.813266] [ 25.813446] CPU: 0 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.813496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.813508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.813528] Call Trace: [ 25.813541] <TASK> [ 25.813557] dump_stack_lvl+0x73/0xb0 [ 25.813585] print_report+0xd1/0x640 [ 25.813608] ? __virt_addr_valid+0x1db/0x2d0 [ 25.813631] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.813653] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.813680] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.813703] kasan_report+0x141/0x180 [ 25.813726] ? kmalloc_oob_memset_2+0x166/0x330 [ 25.813753] kasan_check_range+0x10c/0x1c0 [ 25.813777] __asan_memset+0x27/0x50 [ 25.813886] kmalloc_oob_memset_2+0x166/0x330 [ 25.813910] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.813958] ? __schedule+0x10da/0x2b60 [ 25.813980] ? __pfx_read_tsc+0x10/0x10 [ 25.814003] ? ktime_get_ts64+0x86/0x230 [ 25.814027] kunit_try_run_case+0x1a5/0x480 [ 25.814062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.814085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.814107] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.814134] ? __kthread_parkme+0x82/0x180 [ 25.814155] ? preempt_count_sub+0x50/0x80 [ 25.814179] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.814204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.814228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.814253] kthread+0x337/0x6f0 [ 25.814274] ? trace_preempt_on+0x20/0xc0 [ 25.814298] ? __pfx_kthread+0x10/0x10 [ 25.814319] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.814344] ? calculate_sigpending+0x7b/0xa0 [ 25.814369] ? __pfx_kthread+0x10/0x10 [ 25.814391] ret_from_fork+0x116/0x1d0 [ 25.814411] ? __pfx_kthread+0x10/0x10 [ 25.814432] ret_from_fork_asm+0x1a/0x30 [ 25.814464] </TASK> [ 25.814476] [ 25.827856] Allocated by task 221: [ 25.828386] kasan_save_stack+0x45/0x70 [ 25.828848] kasan_save_track+0x18/0x40 [ 25.829291] kasan_save_alloc_info+0x3b/0x50 [ 25.829723] __kasan_kmalloc+0xb7/0xc0 [ 25.829961] __kmalloc_cache_noprof+0x189/0x420 [ 25.830203] kmalloc_oob_memset_2+0xac/0x330 [ 25.830633] kunit_try_run_case+0x1a5/0x480 [ 25.831101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.831636] kthread+0x337/0x6f0 [ 25.831767] ret_from_fork+0x116/0x1d0 [ 25.832330] ret_from_fork_asm+0x1a/0x30 [ 25.832727] [ 25.832923] The buggy address belongs to the object at ffff888105800300 [ 25.832923] which belongs to the cache kmalloc-128 of size 128 [ 25.833718] The buggy address is located 119 bytes inside of [ 25.833718] allocated 120-byte region [ffff888105800300, ffff888105800378) [ 25.834564] [ 25.834639] The buggy address belongs to the physical page: [ 25.835085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 25.835844] flags: 0x200000000000000(node=0|zone=2) [ 25.836477] page_type: f5(slab) [ 25.836874] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.837379] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.837619] page dumped because: kasan: bad access detected [ 25.837795] [ 25.838005] Memory state around the buggy address: [ 25.838508] ffff888105800200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.839215] ffff888105800280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.839887] >ffff888105800300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.840615] ^ [ 25.841196] ffff888105800380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.841423] ffff888105800400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.841641] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 25.775451] ================================================================== [ 25.775837] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 25.776240] Write of size 128 at addr ffff888105800200 by task kunit_try_catch/219 [ 25.776486] [ 25.776566] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.776611] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.776623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.776643] Call Trace: [ 25.776655] <TASK> [ 25.776670] dump_stack_lvl+0x73/0xb0 [ 25.776698] print_report+0xd1/0x640 [ 25.776721] ? __virt_addr_valid+0x1db/0x2d0 [ 25.776744] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.776766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.776916] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.776982] kasan_report+0x141/0x180 [ 25.777005] ? kmalloc_oob_in_memset+0x15f/0x320 [ 25.777032] kasan_check_range+0x10c/0x1c0 [ 25.777056] __asan_memset+0x27/0x50 [ 25.777080] kmalloc_oob_in_memset+0x15f/0x320 [ 25.777103] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.777131] ? __schedule+0x10da/0x2b60 [ 25.777152] ? __pfx_read_tsc+0x10/0x10 [ 25.777174] ? ktime_get_ts64+0x86/0x230 [ 25.777198] kunit_try_run_case+0x1a5/0x480 [ 25.777223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.777278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.777300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.777326] ? __kthread_parkme+0x82/0x180 [ 25.777380] ? preempt_count_sub+0x50/0x80 [ 25.777438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.777463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.777487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.777511] kthread+0x337/0x6f0 [ 25.777532] ? trace_preempt_on+0x20/0xc0 [ 25.777555] ? __pfx_kthread+0x10/0x10 [ 25.777576] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.777601] ? calculate_sigpending+0x7b/0xa0 [ 25.777624] ? __pfx_kthread+0x10/0x10 [ 25.777646] ret_from_fork+0x116/0x1d0 [ 25.777665] ? __pfx_kthread+0x10/0x10 [ 25.777686] ret_from_fork_asm+0x1a/0x30 [ 25.777717] </TASK> [ 25.777728] [ 25.792420] Allocated by task 219: [ 25.792654] kasan_save_stack+0x45/0x70 [ 25.793165] kasan_save_track+0x18/0x40 [ 25.793384] kasan_save_alloc_info+0x3b/0x50 [ 25.793536] __kasan_kmalloc+0xb7/0xc0 [ 25.793667] __kmalloc_cache_noprof+0x189/0x420 [ 25.793992] kmalloc_oob_in_memset+0xac/0x320 [ 25.794496] kunit_try_run_case+0x1a5/0x480 [ 25.794911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.795507] kthread+0x337/0x6f0 [ 25.795909] ret_from_fork+0x116/0x1d0 [ 25.796362] ret_from_fork_asm+0x1a/0x30 [ 25.796816] [ 25.796990] The buggy address belongs to the object at ffff888105800200 [ 25.796990] which belongs to the cache kmalloc-128 of size 128 [ 25.797809] The buggy address is located 0 bytes inside of [ 25.797809] allocated 120-byte region [ffff888105800200, ffff888105800278) [ 25.798560] [ 25.798761] The buggy address belongs to the physical page: [ 25.799381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 25.800148] flags: 0x200000000000000(node=0|zone=2) [ 25.800656] page_type: f5(slab) [ 25.800991] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.802097] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.802486] page dumped because: kasan: bad access detected [ 25.803073] [ 25.803234] Memory state around the buggy address: [ 25.803687] ffff888105800100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.803920] ffff888105800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.804488] >ffff888105800200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.805252] ^ [ 25.805970] ffff888105800280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.806682] ffff888105800300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.807264] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 25.750228] ================================================================== [ 25.750657] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 25.750983] Read of size 16 at addr ffff8881057d7620 by task kunit_try_catch/217 [ 25.751605] [ 25.751736] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.751838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.751853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.751872] Call Trace: [ 25.751885] <TASK> [ 25.751900] dump_stack_lvl+0x73/0xb0 [ 25.751930] print_report+0xd1/0x640 [ 25.751966] ? __virt_addr_valid+0x1db/0x2d0 [ 25.751990] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.752010] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.752037] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.752069] kasan_report+0x141/0x180 [ 25.752091] ? kmalloc_uaf_16+0x47b/0x4c0 [ 25.752117] __asan_report_load16_noabort+0x18/0x20 [ 25.752142] kmalloc_uaf_16+0x47b/0x4c0 [ 25.752164] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 25.752186] ? __schedule+0x10da/0x2b60 [ 25.752208] ? __pfx_read_tsc+0x10/0x10 [ 25.752229] ? ktime_get_ts64+0x86/0x230 [ 25.752254] kunit_try_run_case+0x1a5/0x480 [ 25.752278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.752303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.752325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.752351] ? __kthread_parkme+0x82/0x180 [ 25.752372] ? preempt_count_sub+0x50/0x80 [ 25.752395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.752419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.752443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.752468] kthread+0x337/0x6f0 [ 25.752489] ? trace_preempt_on+0x20/0xc0 [ 25.752515] ? __pfx_kthread+0x10/0x10 [ 25.752537] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.752562] ? calculate_sigpending+0x7b/0xa0 [ 25.752586] ? __pfx_kthread+0x10/0x10 [ 25.752608] ret_from_fork+0x116/0x1d0 [ 25.752628] ? __pfx_kthread+0x10/0x10 [ 25.752650] ret_from_fork_asm+0x1a/0x30 [ 25.752681] </TASK> [ 25.752692] [ 25.760014] Allocated by task 217: [ 25.760148] kasan_save_stack+0x45/0x70 [ 25.760293] kasan_save_track+0x18/0x40 [ 25.760602] kasan_save_alloc_info+0x3b/0x50 [ 25.760813] __kasan_kmalloc+0xb7/0xc0 [ 25.761007] __kmalloc_cache_noprof+0x189/0x420 [ 25.761506] kmalloc_uaf_16+0x15b/0x4c0 [ 25.761679] kunit_try_run_case+0x1a5/0x480 [ 25.761941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.762129] kthread+0x337/0x6f0 [ 25.762248] ret_from_fork+0x116/0x1d0 [ 25.762380] ret_from_fork_asm+0x1a/0x30 [ 25.762635] [ 25.762726] Freed by task 217: [ 25.762842] kasan_save_stack+0x45/0x70 [ 25.763031] kasan_save_track+0x18/0x40 [ 25.763223] kasan_save_free_info+0x3f/0x60 [ 25.763424] __kasan_slab_free+0x5e/0x80 [ 25.763566] kfree+0x222/0x3f0 [ 25.763684] kmalloc_uaf_16+0x1d6/0x4c0 [ 25.763820] kunit_try_run_case+0x1a5/0x480 [ 25.763978] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.764437] kthread+0x337/0x6f0 [ 25.764630] ret_from_fork+0x116/0x1d0 [ 25.765032] ret_from_fork_asm+0x1a/0x30 [ 25.765252] [ 25.765348] The buggy address belongs to the object at ffff8881057d7620 [ 25.765348] which belongs to the cache kmalloc-16 of size 16 [ 25.766026] The buggy address is located 0 bytes inside of [ 25.766026] freed 16-byte region [ffff8881057d7620, ffff8881057d7630) [ 25.766533] [ 25.766621] The buggy address belongs to the physical page: [ 25.766914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d7 [ 25.767272] flags: 0x200000000000000(node=0|zone=2) [ 25.767455] page_type: f5(slab) [ 25.767585] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 25.768112] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.768475] page dumped because: kasan: bad access detected [ 25.768724] [ 25.768797] Memory state around the buggy address: [ 25.769614] ffff8881057d7500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.770420] ffff8881057d7580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.770756] >ffff8881057d7600: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 25.771037] ^ [ 25.771644] ffff8881057d7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.772149] ffff8881057d7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.772444] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 25.725402] ================================================================== [ 25.726367] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 25.726647] Write of size 16 at addr ffff888105f9f180 by task kunit_try_catch/215 [ 25.727034] [ 25.727169] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.727219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.727231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.727251] Call Trace: [ 25.727264] <TASK> [ 25.727280] dump_stack_lvl+0x73/0xb0 [ 25.727309] print_report+0xd1/0x640 [ 25.727332] ? __virt_addr_valid+0x1db/0x2d0 [ 25.727355] ? kmalloc_oob_16+0x452/0x4a0 [ 25.727376] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.727402] ? kmalloc_oob_16+0x452/0x4a0 [ 25.727423] kasan_report+0x141/0x180 [ 25.727446] ? kmalloc_oob_16+0x452/0x4a0 [ 25.727471] __asan_report_store16_noabort+0x1b/0x30 [ 25.727497] kmalloc_oob_16+0x452/0x4a0 [ 25.727518] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 25.727541] ? __schedule+0x10da/0x2b60 [ 25.727562] ? __pfx_read_tsc+0x10/0x10 [ 25.727584] ? ktime_get_ts64+0x86/0x230 [ 25.727610] kunit_try_run_case+0x1a5/0x480 [ 25.727636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.727659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.727682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.727708] ? __kthread_parkme+0x82/0x180 [ 25.727729] ? preempt_count_sub+0x50/0x80 [ 25.727752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.727858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.727887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.727911] kthread+0x337/0x6f0 [ 25.727931] ? trace_preempt_on+0x20/0xc0 [ 25.727969] ? __pfx_kthread+0x10/0x10 [ 25.727990] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.728014] ? calculate_sigpending+0x7b/0xa0 [ 25.728038] ? __pfx_kthread+0x10/0x10 [ 25.728079] ret_from_fork+0x116/0x1d0 [ 25.728099] ? __pfx_kthread+0x10/0x10 [ 25.728119] ret_from_fork_asm+0x1a/0x30 [ 25.728150] </TASK> [ 25.728162] [ 25.735621] Allocated by task 215: [ 25.735873] kasan_save_stack+0x45/0x70 [ 25.736104] kasan_save_track+0x18/0x40 [ 25.736291] kasan_save_alloc_info+0x3b/0x50 [ 25.736483] __kasan_kmalloc+0xb7/0xc0 [ 25.736648] __kmalloc_cache_noprof+0x189/0x420 [ 25.736920] kmalloc_oob_16+0xa8/0x4a0 [ 25.737134] kunit_try_run_case+0x1a5/0x480 [ 25.737325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.737558] kthread+0x337/0x6f0 [ 25.737705] ret_from_fork+0x116/0x1d0 [ 25.737998] ret_from_fork_asm+0x1a/0x30 [ 25.738211] [ 25.738302] The buggy address belongs to the object at ffff888105f9f180 [ 25.738302] which belongs to the cache kmalloc-16 of size 16 [ 25.738887] The buggy address is located 0 bytes inside of [ 25.738887] allocated 13-byte region [ffff888105f9f180, ffff888105f9f18d) [ 25.739441] [ 25.739539] The buggy address belongs to the physical page: [ 25.739752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f9f [ 25.740204] flags: 0x200000000000000(node=0|zone=2) [ 25.740408] page_type: f5(slab) [ 25.740567] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.740954] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.741290] page dumped because: kasan: bad access detected [ 25.741468] [ 25.741533] Memory state around the buggy address: [ 25.741689] ffff888105f9f080: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 25.742144] ffff888105f9f100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 25.742442] >ffff888105f9f180: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 25.742739] ^ [ 25.743001] ffff888105f9f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.743353] ffff888105f9f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.743676] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 25.671770] ================================================================== [ 25.672497] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 25.672828] Read of size 1 at addr ffff8881049ae200 by task kunit_try_catch/213 [ 25.673271] [ 25.673397] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.673448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.673461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.673483] Call Trace: [ 25.673496] <TASK> [ 25.673513] dump_stack_lvl+0x73/0xb0 [ 25.673543] print_report+0xd1/0x640 [ 25.673566] ? __virt_addr_valid+0x1db/0x2d0 [ 25.673591] ? krealloc_uaf+0x1b8/0x5e0 [ 25.673611] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.673651] ? krealloc_uaf+0x1b8/0x5e0 [ 25.673673] kasan_report+0x141/0x180 [ 25.673704] ? krealloc_uaf+0x1b8/0x5e0 [ 25.673728] ? krealloc_uaf+0x1b8/0x5e0 [ 25.673750] __kasan_check_byte+0x3d/0x50 [ 25.673772] krealloc_noprof+0x3f/0x340 [ 25.673812] krealloc_uaf+0x1b8/0x5e0 [ 25.673834] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.673854] ? finish_task_switch.isra.0+0x153/0x700 [ 25.673877] ? __switch_to+0x47/0xf80 [ 25.673904] ? __schedule+0x10da/0x2b60 [ 25.673926] ? __pfx_read_tsc+0x10/0x10 [ 25.673957] ? ktime_get_ts64+0x86/0x230 [ 25.673984] kunit_try_run_case+0x1a5/0x480 [ 25.674010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.674033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.674055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.674082] ? __kthread_parkme+0x82/0x180 [ 25.674103] ? preempt_count_sub+0x50/0x80 [ 25.674126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.674150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.674174] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.674198] kthread+0x337/0x6f0 [ 25.674218] ? trace_preempt_on+0x20/0xc0 [ 25.674242] ? __pfx_kthread+0x10/0x10 [ 25.674263] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.674287] ? calculate_sigpending+0x7b/0xa0 [ 25.674311] ? __pfx_kthread+0x10/0x10 [ 25.674333] ret_from_fork+0x116/0x1d0 [ 25.674352] ? __pfx_kthread+0x10/0x10 [ 25.674372] ret_from_fork_asm+0x1a/0x30 [ 25.674404] </TASK> [ 25.674415] [ 25.684686] Allocated by task 213: [ 25.684905] kasan_save_stack+0x45/0x70 [ 25.685187] kasan_save_track+0x18/0x40 [ 25.685369] kasan_save_alloc_info+0x3b/0x50 [ 25.685573] __kasan_kmalloc+0xb7/0xc0 [ 25.685745] __kmalloc_cache_noprof+0x189/0x420 [ 25.686027] krealloc_uaf+0xbb/0x5e0 [ 25.686213] kunit_try_run_case+0x1a5/0x480 [ 25.686375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.686552] kthread+0x337/0x6f0 [ 25.686671] ret_from_fork+0x116/0x1d0 [ 25.686803] ret_from_fork_asm+0x1a/0x30 [ 25.686964] [ 25.687057] Freed by task 213: [ 25.687231] kasan_save_stack+0x45/0x70 [ 25.687420] kasan_save_track+0x18/0x40 [ 25.687607] kasan_save_free_info+0x3f/0x60 [ 25.687814] __kasan_slab_free+0x5e/0x80 [ 25.688011] kfree+0x222/0x3f0 [ 25.688313] krealloc_uaf+0x13d/0x5e0 [ 25.688548] kunit_try_run_case+0x1a5/0x480 [ 25.688702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.689016] kthread+0x337/0x6f0 [ 25.689188] ret_from_fork+0x116/0x1d0 [ 25.689544] ret_from_fork_asm+0x1a/0x30 [ 25.689725] [ 25.689869] The buggy address belongs to the object at ffff8881049ae200 [ 25.689869] which belongs to the cache kmalloc-256 of size 256 [ 25.690448] The buggy address is located 0 bytes inside of [ 25.690448] freed 256-byte region [ffff8881049ae200, ffff8881049ae300) [ 25.690959] [ 25.691057] The buggy address belongs to the physical page: [ 25.691339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.691620] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.691853] flags: 0x200000000000040(head|node=0|zone=2) [ 25.692042] page_type: f5(slab) [ 25.692166] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.692511] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.692857] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.693328] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.693569] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.693805] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.694378] page dumped because: kasan: bad access detected [ 25.694633] [ 25.694721] Memory state around the buggy address: [ 25.695173] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.695495] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.695775] >ffff8881049ae200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.696126] ^ [ 25.696259] ffff8881049ae280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.696565] ffff8881049ae300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.696836] ================================================================== [ 25.697618] ================================================================== [ 25.697864] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 25.698164] Read of size 1 at addr ffff8881049ae200 by task kunit_try_catch/213 [ 25.698660] [ 25.698751] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.698835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.698849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.698869] Call Trace: [ 25.698882] <TASK> [ 25.698896] dump_stack_lvl+0x73/0xb0 [ 25.698924] print_report+0xd1/0x640 [ 25.698958] ? __virt_addr_valid+0x1db/0x2d0 [ 25.698981] ? krealloc_uaf+0x53c/0x5e0 [ 25.699002] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.699028] ? krealloc_uaf+0x53c/0x5e0 [ 25.699050] kasan_report+0x141/0x180 [ 25.699080] ? krealloc_uaf+0x53c/0x5e0 [ 25.699106] __asan_report_load1_noabort+0x18/0x20 [ 25.699131] krealloc_uaf+0x53c/0x5e0 [ 25.699152] ? __pfx_krealloc_uaf+0x10/0x10 [ 25.699174] ? finish_task_switch.isra.0+0x153/0x700 [ 25.699197] ? __switch_to+0x47/0xf80 [ 25.699223] ? __schedule+0x10da/0x2b60 [ 25.699245] ? __pfx_read_tsc+0x10/0x10 [ 25.699266] ? ktime_get_ts64+0x86/0x230 [ 25.699292] kunit_try_run_case+0x1a5/0x480 [ 25.699316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.699338] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.699360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.699387] ? __kthread_parkme+0x82/0x180 [ 25.699408] ? preempt_count_sub+0x50/0x80 [ 25.699431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.699455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.699478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.699502] kthread+0x337/0x6f0 [ 25.699522] ? trace_preempt_on+0x20/0xc0 [ 25.699545] ? __pfx_kthread+0x10/0x10 [ 25.699566] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.699590] ? calculate_sigpending+0x7b/0xa0 [ 25.699614] ? __pfx_kthread+0x10/0x10 [ 25.699635] ret_from_fork+0x116/0x1d0 [ 25.699654] ? __pfx_kthread+0x10/0x10 [ 25.699675] ret_from_fork_asm+0x1a/0x30 [ 25.699706] </TASK> [ 25.699717] [ 25.707284] Allocated by task 213: [ 25.707467] kasan_save_stack+0x45/0x70 [ 25.707628] kasan_save_track+0x18/0x40 [ 25.707761] kasan_save_alloc_info+0x3b/0x50 [ 25.707917] __kasan_kmalloc+0xb7/0xc0 [ 25.708069] __kmalloc_cache_noprof+0x189/0x420 [ 25.708293] krealloc_uaf+0xbb/0x5e0 [ 25.708475] kunit_try_run_case+0x1a5/0x480 [ 25.708662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.708862] kthread+0x337/0x6f0 [ 25.709080] ret_from_fork+0x116/0x1d0 [ 25.709228] ret_from_fork_asm+0x1a/0x30 [ 25.709367] [ 25.709432] Freed by task 213: [ 25.709542] kasan_save_stack+0x45/0x70 [ 25.709676] kasan_save_track+0x18/0x40 [ 25.709868] kasan_save_free_info+0x3f/0x60 [ 25.710099] __kasan_slab_free+0x5e/0x80 [ 25.710294] kfree+0x222/0x3f0 [ 25.710455] krealloc_uaf+0x13d/0x5e0 [ 25.710639] kunit_try_run_case+0x1a5/0x480 [ 25.710907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.711201] kthread+0x337/0x6f0 [ 25.711370] ret_from_fork+0x116/0x1d0 [ 25.711556] ret_from_fork_asm+0x1a/0x30 [ 25.711747] [ 25.712025] The buggy address belongs to the object at ffff8881049ae200 [ 25.712025] which belongs to the cache kmalloc-256 of size 256 [ 25.712611] The buggy address is located 0 bytes inside of [ 25.712611] freed 256-byte region [ffff8881049ae200, ffff8881049ae300) [ 25.713152] [ 25.713225] The buggy address belongs to the physical page: [ 25.713447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.713871] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.714252] flags: 0x200000000000040(head|node=0|zone=2) [ 25.714509] page_type: f5(slab) [ 25.714653] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.715039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.715378] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.715703] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.716107] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.716421] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.716729] page dumped because: kasan: bad access detected [ 25.717130] [ 25.717246] Memory state around the buggy address: [ 25.717464] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.717733] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.718091] >ffff8881049ae200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.718411] ^ [ 25.718578] ffff8881049ae280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.718887] ffff8881049ae300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.719243] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 25.640255] ================================================================== [ 25.640849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.641135] Write of size 1 at addr ffff88810612e0eb by task kunit_try_catch/211 [ 25.641931] [ 25.642111] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.642156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.642168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.642188] Call Trace: [ 25.642203] <TASK> [ 25.642218] dump_stack_lvl+0x73/0xb0 [ 25.642245] print_report+0xd1/0x640 [ 25.642267] ? __virt_addr_valid+0x1db/0x2d0 [ 25.642291] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642315] ? kasan_addr_to_slab+0x11/0xa0 [ 25.642336] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642360] kasan_report+0x141/0x180 [ 25.642383] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642412] __asan_report_store1_noabort+0x1b/0x30 [ 25.642437] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.642463] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.642488] ? finish_task_switch.isra.0+0x153/0x700 [ 25.642510] ? __switch_to+0x47/0xf80 [ 25.642536] ? __schedule+0x10da/0x2b60 [ 25.642558] ? __pfx_read_tsc+0x10/0x10 [ 25.642582] krealloc_large_less_oob+0x1c/0x30 [ 25.642605] kunit_try_run_case+0x1a5/0x480 [ 25.642664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.642726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.642766] ? __kthread_parkme+0x82/0x180 [ 25.642786] ? preempt_count_sub+0x50/0x80 [ 25.642809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.642833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.642857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.642882] kthread+0x337/0x6f0 [ 25.642902] ? trace_preempt_on+0x20/0xc0 [ 25.642926] ? __pfx_kthread+0x10/0x10 [ 25.642957] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.642981] ? calculate_sigpending+0x7b/0xa0 [ 25.643017] ? __pfx_kthread+0x10/0x10 [ 25.643039] ret_from_fork+0x116/0x1d0 [ 25.643059] ? __pfx_kthread+0x10/0x10 [ 25.643079] ret_from_fork_asm+0x1a/0x30 [ 25.643112] </TASK> [ 25.643122] [ 25.657443] The buggy address belongs to the physical page: [ 25.657873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.658623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.659000] flags: 0x200000000000040(head|node=0|zone=2) [ 25.659517] page_type: f8(unknown) [ 25.660013] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.660551] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.660790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.661395] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.662220] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.663034] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.663913] page dumped because: kasan: bad access detected [ 25.664500] [ 25.664653] Memory state around the buggy address: [ 25.665024] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.665296] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.666299] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.667179] ^ [ 25.667407] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.668093] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.668480] ================================================================== [ 25.353471] ================================================================== [ 25.353779] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.354528] Write of size 1 at addr ffff8881049ae0d0 by task kunit_try_catch/207 [ 25.355326] [ 25.355434] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.355481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.355493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.355512] Call Trace: [ 25.355523] <TASK> [ 25.355538] dump_stack_lvl+0x73/0xb0 [ 25.355565] print_report+0xd1/0x640 [ 25.355588] ? __virt_addr_valid+0x1db/0x2d0 [ 25.355612] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.355662] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355686] kasan_report+0x141/0x180 [ 25.355709] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.355738] __asan_report_store1_noabort+0x1b/0x30 [ 25.355763] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.356071] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.356104] ? finish_task_switch.isra.0+0x153/0x700 [ 25.356127] ? __switch_to+0x47/0xf80 [ 25.356153] ? __schedule+0x10da/0x2b60 [ 25.356175] ? __pfx_read_tsc+0x10/0x10 [ 25.356201] krealloc_less_oob+0x1c/0x30 [ 25.356223] kunit_try_run_case+0x1a5/0x480 [ 25.356248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.356293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.356320] ? __kthread_parkme+0x82/0x180 [ 25.356340] ? preempt_count_sub+0x50/0x80 [ 25.356363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.356388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.356412] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.356436] kthread+0x337/0x6f0 [ 25.356456] ? trace_preempt_on+0x20/0xc0 [ 25.356479] ? __pfx_kthread+0x10/0x10 [ 25.356500] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.356525] ? calculate_sigpending+0x7b/0xa0 [ 25.356549] ? __pfx_kthread+0x10/0x10 [ 25.356571] ret_from_fork+0x116/0x1d0 [ 25.356591] ? __pfx_kthread+0x10/0x10 [ 25.356612] ret_from_fork_asm+0x1a/0x30 [ 25.356644] </TASK> [ 25.356654] [ 25.367780] Allocated by task 207: [ 25.368014] kasan_save_stack+0x45/0x70 [ 25.368328] kasan_save_track+0x18/0x40 [ 25.368496] kasan_save_alloc_info+0x3b/0x50 [ 25.368681] __kasan_krealloc+0x190/0x1f0 [ 25.369217] krealloc_noprof+0xf3/0x340 [ 25.369399] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.369700] krealloc_less_oob+0x1c/0x30 [ 25.370174] kunit_try_run_case+0x1a5/0x480 [ 25.370354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.370726] kthread+0x337/0x6f0 [ 25.370936] ret_from_fork+0x116/0x1d0 [ 25.371320] ret_from_fork_asm+0x1a/0x30 [ 25.371478] [ 25.371571] The buggy address belongs to the object at ffff8881049ae000 [ 25.371571] which belongs to the cache kmalloc-256 of size 256 [ 25.372362] The buggy address is located 7 bytes to the right of [ 25.372362] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.373019] [ 25.373155] The buggy address belongs to the physical page: [ 25.373382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.373736] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.374385] flags: 0x200000000000040(head|node=0|zone=2) [ 25.374613] page_type: f5(slab) [ 25.375144] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.375483] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.375994] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.376479] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.376775] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.377441] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.377738] page dumped because: kasan: bad access detected [ 25.378168] [ 25.378271] Memory state around the buggy address: [ 25.378442] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.378763] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.379385] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.379755] ^ [ 25.380204] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.380476] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.380790] ================================================================== [ 25.325331] ================================================================== [ 25.326168] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.326520] Write of size 1 at addr ffff8881049ae0c9 by task kunit_try_catch/207 [ 25.326966] [ 25.327056] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.327104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.327116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.327248] Call Trace: [ 25.327264] <TASK> [ 25.327280] dump_stack_lvl+0x73/0xb0 [ 25.327309] print_report+0xd1/0x640 [ 25.327332] ? __virt_addr_valid+0x1db/0x2d0 [ 25.327357] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327381] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.327407] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327432] kasan_report+0x141/0x180 [ 25.327454] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327484] __asan_report_store1_noabort+0x1b/0x30 [ 25.327509] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.327536] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.327561] ? finish_task_switch.isra.0+0x153/0x700 [ 25.327582] ? __switch_to+0x47/0xf80 [ 25.327609] ? __schedule+0x10da/0x2b60 [ 25.327631] ? __pfx_read_tsc+0x10/0x10 [ 25.327656] krealloc_less_oob+0x1c/0x30 [ 25.327678] kunit_try_run_case+0x1a5/0x480 [ 25.327702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.327747] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.327773] ? __kthread_parkme+0x82/0x180 [ 25.327793] ? preempt_count_sub+0x50/0x80 [ 25.327817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.327841] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.327865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.327889] kthread+0x337/0x6f0 [ 25.327909] ? trace_preempt_on+0x20/0xc0 [ 25.327932] ? __pfx_kthread+0x10/0x10 [ 25.327965] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.327989] ? calculate_sigpending+0x7b/0xa0 [ 25.328013] ? __pfx_kthread+0x10/0x10 [ 25.328035] ret_from_fork+0x116/0x1d0 [ 25.328258] ? __pfx_kthread+0x10/0x10 [ 25.328288] ret_from_fork_asm+0x1a/0x30 [ 25.328321] </TASK> [ 25.328332] [ 25.339025] Allocated by task 207: [ 25.339390] kasan_save_stack+0x45/0x70 [ 25.339592] kasan_save_track+0x18/0x40 [ 25.339765] kasan_save_alloc_info+0x3b/0x50 [ 25.340189] __kasan_krealloc+0x190/0x1f0 [ 25.340399] krealloc_noprof+0xf3/0x340 [ 25.340569] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.340790] krealloc_less_oob+0x1c/0x30 [ 25.341044] kunit_try_run_case+0x1a5/0x480 [ 25.341250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.341781] kthread+0x337/0x6f0 [ 25.342234] ret_from_fork+0x116/0x1d0 [ 25.342386] ret_from_fork_asm+0x1a/0x30 [ 25.342585] [ 25.342678] The buggy address belongs to the object at ffff8881049ae000 [ 25.342678] which belongs to the cache kmalloc-256 of size 256 [ 25.343517] The buggy address is located 0 bytes to the right of [ 25.343517] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.344157] [ 25.344264] The buggy address belongs to the physical page: [ 25.344486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.345156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.345467] flags: 0x200000000000040(head|node=0|zone=2) [ 25.345714] page_type: f5(slab) [ 25.346017] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.346538] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.347092] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.347540] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.347998] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.348558] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.348871] page dumped because: kasan: bad access detected [ 25.349273] [ 25.349378] Memory state around the buggy address: [ 25.349577] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.350254] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.350644] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.351070] ^ [ 25.351377] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.351760] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.352408] ================================================================== [ 25.409204] ================================================================== [ 25.409507] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.410157] Write of size 1 at addr ffff8881049ae0ea by task kunit_try_catch/207 [ 25.410707] [ 25.410888] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.410936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.410958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.410978] Call Trace: [ 25.410993] <TASK> [ 25.411008] dump_stack_lvl+0x73/0xb0 [ 25.411035] print_report+0xd1/0x640 [ 25.411218] ? __virt_addr_valid+0x1db/0x2d0 [ 25.411251] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.411303] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411327] kasan_report+0x141/0x180 [ 25.411350] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411379] __asan_report_store1_noabort+0x1b/0x30 [ 25.411404] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.411431] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.411456] ? finish_task_switch.isra.0+0x153/0x700 [ 25.411477] ? __switch_to+0x47/0xf80 [ 25.411503] ? __schedule+0x10da/0x2b60 [ 25.411525] ? __pfx_read_tsc+0x10/0x10 [ 25.411550] krealloc_less_oob+0x1c/0x30 [ 25.411572] kunit_try_run_case+0x1a5/0x480 [ 25.411596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.411619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.411641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.411667] ? __kthread_parkme+0x82/0x180 [ 25.411687] ? preempt_count_sub+0x50/0x80 [ 25.411710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.411735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.411759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.411825] kthread+0x337/0x6f0 [ 25.411849] ? trace_preempt_on+0x20/0xc0 [ 25.411872] ? __pfx_kthread+0x10/0x10 [ 25.411893] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.411917] ? calculate_sigpending+0x7b/0xa0 [ 25.411953] ? __pfx_kthread+0x10/0x10 [ 25.411975] ret_from_fork+0x116/0x1d0 [ 25.411994] ? __pfx_kthread+0x10/0x10 [ 25.412015] ret_from_fork_asm+0x1a/0x30 [ 25.412047] </TASK> [ 25.412069] [ 25.422459] Allocated by task 207: [ 25.422640] kasan_save_stack+0x45/0x70 [ 25.422970] kasan_save_track+0x18/0x40 [ 25.423319] kasan_save_alloc_info+0x3b/0x50 [ 25.423490] __kasan_krealloc+0x190/0x1f0 [ 25.423690] krealloc_noprof+0xf3/0x340 [ 25.423859] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.424388] krealloc_less_oob+0x1c/0x30 [ 25.424649] kunit_try_run_case+0x1a5/0x480 [ 25.425008] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.425305] kthread+0x337/0x6f0 [ 25.425553] ret_from_fork+0x116/0x1d0 [ 25.425736] ret_from_fork_asm+0x1a/0x30 [ 25.426260] [ 25.426353] The buggy address belongs to the object at ffff8881049ae000 [ 25.426353] which belongs to the cache kmalloc-256 of size 256 [ 25.427024] The buggy address is located 33 bytes to the right of [ 25.427024] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.427708] [ 25.427796] The buggy address belongs to the physical page: [ 25.428370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.428715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.429308] flags: 0x200000000000040(head|node=0|zone=2) [ 25.429559] page_type: f5(slab) [ 25.429713] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.430305] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.430704] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.431383] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.431685] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.432401] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.432861] page dumped because: kasan: bad access detected [ 25.433214] [ 25.433309] Memory state around the buggy address: [ 25.433500] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.434083] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.434351] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.434659] ^ [ 25.434931] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.435497] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.435963] ================================================================== [ 25.578529] ================================================================== [ 25.578755] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.580125] Write of size 1 at addr ffff88810612e0da by task kunit_try_catch/211 [ 25.581261] [ 25.581622] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.581672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.581684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.581823] Call Trace: [ 25.581840] <TASK> [ 25.581855] dump_stack_lvl+0x73/0xb0 [ 25.581958] print_report+0xd1/0x640 [ 25.581987] ? __virt_addr_valid+0x1db/0x2d0 [ 25.582011] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582035] ? kasan_addr_to_slab+0x11/0xa0 [ 25.582056] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582080] kasan_report+0x141/0x180 [ 25.582103] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582147] __asan_report_store1_noabort+0x1b/0x30 [ 25.582172] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.582198] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.582235] ? finish_task_switch.isra.0+0x153/0x700 [ 25.582257] ? __switch_to+0x47/0xf80 [ 25.582295] ? __schedule+0x10da/0x2b60 [ 25.582317] ? __pfx_read_tsc+0x10/0x10 [ 25.582342] krealloc_large_less_oob+0x1c/0x30 [ 25.582376] kunit_try_run_case+0x1a5/0x480 [ 25.582401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.582424] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.582457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.582484] ? __kthread_parkme+0x82/0x180 [ 25.582504] ? preempt_count_sub+0x50/0x80 [ 25.582538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.582563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.582586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.582622] kthread+0x337/0x6f0 [ 25.582643] ? trace_preempt_on+0x20/0xc0 [ 25.582666] ? __pfx_kthread+0x10/0x10 [ 25.582699] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.582723] ? calculate_sigpending+0x7b/0xa0 [ 25.582747] ? __pfx_kthread+0x10/0x10 [ 25.582824] ret_from_fork+0x116/0x1d0 [ 25.582855] ? __pfx_kthread+0x10/0x10 [ 25.582876] ret_from_fork_asm+0x1a/0x30 [ 25.582908] </TASK> [ 25.582918] [ 25.598507] The buggy address belongs to the physical page: [ 25.599446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.600453] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.601366] flags: 0x200000000000040(head|node=0|zone=2) [ 25.602033] page_type: f8(unknown) [ 25.602199] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.603179] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.603453] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.603691] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.604534] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.605438] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.606419] page dumped because: kasan: bad access detected [ 25.607161] [ 25.607395] Memory state around the buggy address: [ 25.607565] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.607791] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.608201] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.608903] ^ [ 25.609572] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.610347] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.611167] ================================================================== [ 25.611879] ================================================================== [ 25.612441] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 25.612690] Write of size 1 at addr ffff88810612e0ea by task kunit_try_catch/211 [ 25.613185] [ 25.613450] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.613497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.613509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.613529] Call Trace: [ 25.613546] <TASK> [ 25.613563] dump_stack_lvl+0x73/0xb0 [ 25.613592] print_report+0xd1/0x640 [ 25.613615] ? __virt_addr_valid+0x1db/0x2d0 [ 25.613640] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613664] ? kasan_addr_to_slab+0x11/0xa0 [ 25.613685] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613710] kasan_report+0x141/0x180 [ 25.613732] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613761] __asan_report_store1_noabort+0x1b/0x30 [ 25.613786] krealloc_less_oob_helper+0xe90/0x11d0 [ 25.613812] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.613838] ? finish_task_switch.isra.0+0x153/0x700 [ 25.613862] ? __switch_to+0x47/0xf80 [ 25.613889] ? __schedule+0x10da/0x2b60 [ 25.613910] ? __pfx_read_tsc+0x10/0x10 [ 25.613936] krealloc_large_less_oob+0x1c/0x30 [ 25.614011] kunit_try_run_case+0x1a5/0x480 [ 25.614040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.614070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.614105] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.614132] ? __kthread_parkme+0x82/0x180 [ 25.614153] ? preempt_count_sub+0x50/0x80 [ 25.614177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.614201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.614225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.614250] kthread+0x337/0x6f0 [ 25.614271] ? trace_preempt_on+0x20/0xc0 [ 25.614296] ? __pfx_kthread+0x10/0x10 [ 25.614318] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.614343] ? calculate_sigpending+0x7b/0xa0 [ 25.614367] ? __pfx_kthread+0x10/0x10 [ 25.614389] ret_from_fork+0x116/0x1d0 [ 25.614409] ? __pfx_kthread+0x10/0x10 [ 25.614430] ret_from_fork_asm+0x1a/0x30 [ 25.614462] </TASK> [ 25.614473] [ 25.629279] The buggy address belongs to the physical page: [ 25.629971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.630623] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.630881] flags: 0x200000000000040(head|node=0|zone=2) [ 25.631374] page_type: f8(unknown) [ 25.631718] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.632307] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.632588] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.632827] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.633664] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.634598] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.635433] page dumped because: kasan: bad access detected [ 25.635875] [ 25.635965] Memory state around the buggy address: [ 25.636476] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.637278] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.637675] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.637896] ^ [ 25.638211] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.638858] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.639448] ================================================================== [ 25.381727] ================================================================== [ 25.382137] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 25.382959] Write of size 1 at addr ffff8881049ae0da by task kunit_try_catch/207 [ 25.383445] [ 25.383607] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.383657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.383669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.383689] Call Trace: [ 25.383704] <TASK> [ 25.383719] dump_stack_lvl+0x73/0xb0 [ 25.383866] print_report+0xd1/0x640 [ 25.383892] ? __virt_addr_valid+0x1db/0x2d0 [ 25.383916] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.383940] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.383980] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384005] kasan_report+0x141/0x180 [ 25.384028] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384057] __asan_report_store1_noabort+0x1b/0x30 [ 25.384082] krealloc_less_oob_helper+0xec6/0x11d0 [ 25.384109] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.384133] ? finish_task_switch.isra.0+0x153/0x700 [ 25.384155] ? __switch_to+0x47/0xf80 [ 25.384180] ? __schedule+0x10da/0x2b60 [ 25.384201] ? __pfx_read_tsc+0x10/0x10 [ 25.384227] krealloc_less_oob+0x1c/0x30 [ 25.384248] kunit_try_run_case+0x1a5/0x480 [ 25.384274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.384319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.384346] ? __kthread_parkme+0x82/0x180 [ 25.384366] ? preempt_count_sub+0x50/0x80 [ 25.384389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.384413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.384438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.384462] kthread+0x337/0x6f0 [ 25.384482] ? trace_preempt_on+0x20/0xc0 [ 25.384505] ? __pfx_kthread+0x10/0x10 [ 25.384526] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.384550] ? calculate_sigpending+0x7b/0xa0 [ 25.384574] ? __pfx_kthread+0x10/0x10 [ 25.384596] ret_from_fork+0x116/0x1d0 [ 25.384615] ? __pfx_kthread+0x10/0x10 [ 25.384636] ret_from_fork_asm+0x1a/0x30 [ 25.384668] </TASK> [ 25.384680] [ 25.395256] Allocated by task 207: [ 25.395402] kasan_save_stack+0x45/0x70 [ 25.395704] kasan_save_track+0x18/0x40 [ 25.395910] kasan_save_alloc_info+0x3b/0x50 [ 25.396388] __kasan_krealloc+0x190/0x1f0 [ 25.396554] krealloc_noprof+0xf3/0x340 [ 25.396954] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.397437] krealloc_less_oob+0x1c/0x30 [ 25.397648] kunit_try_run_case+0x1a5/0x480 [ 25.398042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.398321] kthread+0x337/0x6f0 [ 25.398475] ret_from_fork+0x116/0x1d0 [ 25.398648] ret_from_fork_asm+0x1a/0x30 [ 25.398834] [ 25.399293] The buggy address belongs to the object at ffff8881049ae000 [ 25.399293] which belongs to the cache kmalloc-256 of size 256 [ 25.399783] The buggy address is located 17 bytes to the right of [ 25.399783] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.400641] [ 25.400739] The buggy address belongs to the physical page: [ 25.401025] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.401372] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.401693] flags: 0x200000000000040(head|node=0|zone=2) [ 25.402325] page_type: f5(slab) [ 25.402463] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.403058] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.403508] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.403975] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.404438] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.404749] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.405321] page dumped because: kasan: bad access detected [ 25.405523] [ 25.405686] Memory state around the buggy address: [ 25.406125] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.406432] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.406735] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.407036] ^ [ 25.407543] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.407859] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.408439] ================================================================== [ 25.437389] ================================================================== [ 25.437709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 25.438183] Write of size 1 at addr ffff8881049ae0eb by task kunit_try_catch/207 [ 25.438751] [ 25.439006] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.439113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.439126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.439146] Call Trace: [ 25.439162] <TASK> [ 25.439178] dump_stack_lvl+0x73/0xb0 [ 25.439206] print_report+0xd1/0x640 [ 25.439230] ? __virt_addr_valid+0x1db/0x2d0 [ 25.439253] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.439303] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439327] kasan_report+0x141/0x180 [ 25.439350] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439378] __asan_report_store1_noabort+0x1b/0x30 [ 25.439403] krealloc_less_oob_helper+0xd47/0x11d0 [ 25.439430] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.439455] ? finish_task_switch.isra.0+0x153/0x700 [ 25.439477] ? __switch_to+0x47/0xf80 [ 25.439503] ? __schedule+0x10da/0x2b60 [ 25.439524] ? __pfx_read_tsc+0x10/0x10 [ 25.439549] krealloc_less_oob+0x1c/0x30 [ 25.439571] kunit_try_run_case+0x1a5/0x480 [ 25.439596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.439619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.439641] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.439667] ? __kthread_parkme+0x82/0x180 [ 25.439687] ? preempt_count_sub+0x50/0x80 [ 25.439710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.439735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.439759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.439784] kthread+0x337/0x6f0 [ 25.439804] ? trace_preempt_on+0x20/0xc0 [ 25.439827] ? __pfx_kthread+0x10/0x10 [ 25.439848] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.439872] ? calculate_sigpending+0x7b/0xa0 [ 25.439896] ? __pfx_kthread+0x10/0x10 [ 25.439918] ret_from_fork+0x116/0x1d0 [ 25.439938] ? __pfx_kthread+0x10/0x10 [ 25.439969] ret_from_fork_asm+0x1a/0x30 [ 25.440002] </TASK> [ 25.440013] [ 25.450489] Allocated by task 207: [ 25.450750] kasan_save_stack+0x45/0x70 [ 25.451208] kasan_save_track+0x18/0x40 [ 25.451377] kasan_save_alloc_info+0x3b/0x50 [ 25.451589] __kasan_krealloc+0x190/0x1f0 [ 25.451761] krealloc_noprof+0xf3/0x340 [ 25.451936] krealloc_less_oob_helper+0x1aa/0x11d0 [ 25.452180] krealloc_less_oob+0x1c/0x30 [ 25.452672] kunit_try_run_case+0x1a5/0x480 [ 25.453001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.453408] kthread+0x337/0x6f0 [ 25.453575] ret_from_fork+0x116/0x1d0 [ 25.454033] ret_from_fork_asm+0x1a/0x30 [ 25.454206] [ 25.454290] The buggy address belongs to the object at ffff8881049ae000 [ 25.454290] which belongs to the cache kmalloc-256 of size 256 [ 25.455222] The buggy address is located 34 bytes to the right of [ 25.455222] allocated 201-byte region [ffff8881049ae000, ffff8881049ae0c9) [ 25.455836] [ 25.455936] The buggy address belongs to the physical page: [ 25.456398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ae [ 25.456751] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.457170] flags: 0x200000000000040(head|node=0|zone=2) [ 25.457406] page_type: f5(slab) [ 25.457561] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.458171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.458451] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122 [ 25.458996] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.459443] head: 0200000000000001 ffffea0004126b81 00000000ffffffff 00000000ffffffff [ 25.460104] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.460399] page dumped because: kasan: bad access detected [ 25.460770] [ 25.460927] Memory state around the buggy address: [ 25.461218] ffff8881049adf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.461540] ffff8881049ae000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.462080] >ffff8881049ae080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 25.462635] ^ [ 25.462974] ffff8881049ae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.463434] ffff8881049ae180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.463745] ================================================================== [ 25.549657] ================================================================== [ 25.550230] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551206] Write of size 1 at addr ffff88810612e0d0 by task kunit_try_catch/211 [ 25.551479] [ 25.551675] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.551723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.551735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.551756] Call Trace: [ 25.551772] <TASK> [ 25.551789] dump_stack_lvl+0x73/0xb0 [ 25.551816] print_report+0xd1/0x640 [ 25.551839] ? __virt_addr_valid+0x1db/0x2d0 [ 25.551864] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551888] ? kasan_addr_to_slab+0x11/0xa0 [ 25.551909] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.551993] kasan_report+0x141/0x180 [ 25.552030] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 25.552071] __asan_report_store1_noabort+0x1b/0x30 [ 25.552098] krealloc_less_oob_helper+0xe23/0x11d0 [ 25.552124] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.552149] ? finish_task_switch.isra.0+0x153/0x700 [ 25.552171] ? __switch_to+0x47/0xf80 [ 25.552197] ? __schedule+0x10da/0x2b60 [ 25.552218] ? __pfx_read_tsc+0x10/0x10 [ 25.552256] krealloc_large_less_oob+0x1c/0x30 [ 25.552279] kunit_try_run_case+0x1a5/0x480 [ 25.552305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.552328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.552350] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.552377] ? __kthread_parkme+0x82/0x180 [ 25.552398] ? preempt_count_sub+0x50/0x80 [ 25.552421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.552446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.552470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.552494] kthread+0x337/0x6f0 [ 25.552514] ? trace_preempt_on+0x20/0xc0 [ 25.552538] ? __pfx_kthread+0x10/0x10 [ 25.552560] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.552584] ? calculate_sigpending+0x7b/0xa0 [ 25.552608] ? __pfx_kthread+0x10/0x10 [ 25.552630] ret_from_fork+0x116/0x1d0 [ 25.552650] ? __pfx_kthread+0x10/0x10 [ 25.552670] ret_from_fork_asm+0x1a/0x30 [ 25.552703] </TASK> [ 25.552714] [ 25.568867] The buggy address belongs to the physical page: [ 25.569512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.569757] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.570274] flags: 0x200000000000040(head|node=0|zone=2) [ 25.570521] page_type: f8(unknown) [ 25.570685] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.570980] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.571276] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.571570] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.571867] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.573103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.573536] page dumped because: kasan: bad access detected [ 25.574123] [ 25.574220] Memory state around the buggy address: [ 25.574660] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.575271] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.575753] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.576413] ^ [ 25.576616] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.577304] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.577752] ================================================================== [ 25.516627] ================================================================== [ 25.517531] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 25.518084] Write of size 1 at addr ffff88810612e0c9 by task kunit_try_catch/211 [ 25.519105] [ 25.519461] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.519515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.519537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.519559] Call Trace: [ 25.519574] <TASK> [ 25.519590] dump_stack_lvl+0x73/0xb0 [ 25.519621] print_report+0xd1/0x640 [ 25.519768] ? __virt_addr_valid+0x1db/0x2d0 [ 25.519823] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519850] ? kasan_addr_to_slab+0x11/0xa0 [ 25.519872] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519897] kasan_report+0x141/0x180 [ 25.519920] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 25.519962] __asan_report_store1_noabort+0x1b/0x30 [ 25.519989] krealloc_less_oob_helper+0xd70/0x11d0 [ 25.520017] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 25.520042] ? finish_task_switch.isra.0+0x153/0x700 [ 25.520073] ? __switch_to+0x47/0xf80 [ 25.520100] ? __schedule+0x10da/0x2b60 [ 25.520121] ? __pfx_read_tsc+0x10/0x10 [ 25.520148] krealloc_large_less_oob+0x1c/0x30 [ 25.520171] kunit_try_run_case+0x1a5/0x480 [ 25.520196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.520220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.520241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.520267] ? __kthread_parkme+0x82/0x180 [ 25.520287] ? preempt_count_sub+0x50/0x80 [ 25.520310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.520334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.520358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.520383] kthread+0x337/0x6f0 [ 25.520403] ? trace_preempt_on+0x20/0xc0 [ 25.520427] ? __pfx_kthread+0x10/0x10 [ 25.520448] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.520473] ? calculate_sigpending+0x7b/0xa0 [ 25.520498] ? __pfx_kthread+0x10/0x10 [ 25.520520] ret_from_fork+0x116/0x1d0 [ 25.520539] ? __pfx_kthread+0x10/0x10 [ 25.520560] ret_from_fork_asm+0x1a/0x30 [ 25.520593] </TASK> [ 25.520604] [ 25.537324] The buggy address belongs to the physical page: [ 25.537869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10612c [ 25.538306] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.539108] flags: 0x200000000000040(head|node=0|zone=2) [ 25.539753] page_type: f8(unknown) [ 25.540159] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.540460] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.540700] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.541418] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.542172] head: 0200000000000002 ffffea0004184b01 00000000ffffffff 00000000ffffffff [ 25.542972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.543732] page dumped because: kasan: bad access detected [ 25.544347] [ 25.544509] Memory state around the buggy address: [ 25.545154] ffff88810612df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.545735] ffff88810612e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.546435] >ffff88810612e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 25.547039] ^ [ 25.547627] ffff88810612e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.548072] ffff88810612e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.548796] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 25.493443] ================================================================== [ 25.493788] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.494206] Write of size 1 at addr ffff888102b420f0 by task kunit_try_catch/209 [ 25.494593] [ 25.494701] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.494748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.494780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.494809] Call Trace: [ 25.494822] <TASK> [ 25.494837] dump_stack_lvl+0x73/0xb0 [ 25.494866] print_report+0xd1/0x640 [ 25.494957] ? __virt_addr_valid+0x1db/0x2d0 [ 25.494983] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.495007] ? kasan_addr_to_slab+0x11/0xa0 [ 25.495028] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.495052] kasan_report+0x141/0x180 [ 25.495084] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.495113] __asan_report_store1_noabort+0x1b/0x30 [ 25.495138] krealloc_more_oob_helper+0x7eb/0x930 [ 25.495160] ? __schedule+0x10da/0x2b60 [ 25.495218] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.495243] ? finish_task_switch.isra.0+0x153/0x700 [ 25.495265] ? __switch_to+0x47/0xf80 [ 25.495292] ? __schedule+0x10da/0x2b60 [ 25.495313] ? __pfx_read_tsc+0x10/0x10 [ 25.495368] krealloc_large_more_oob+0x1c/0x30 [ 25.495392] kunit_try_run_case+0x1a5/0x480 [ 25.495417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.495440] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.495462] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.495520] ? __kthread_parkme+0x82/0x180 [ 25.495540] ? preempt_count_sub+0x50/0x80 [ 25.495563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.495588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.495613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.495659] kthread+0x337/0x6f0 [ 25.495680] ? trace_preempt_on+0x20/0xc0 [ 25.495705] ? __pfx_kthread+0x10/0x10 [ 25.495726] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.495751] ? calculate_sigpending+0x7b/0xa0 [ 25.495776] ? __pfx_kthread+0x10/0x10 [ 25.495811] ret_from_fork+0x116/0x1d0 [ 25.495831] ? __pfx_kthread+0x10/0x10 [ 25.495851] ret_from_fork_asm+0x1a/0x30 [ 25.495884] </TASK> [ 25.495894] [ 25.504445] The buggy address belongs to the physical page: [ 25.504686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 25.505149] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.505566] flags: 0x200000000000040(head|node=0|zone=2) [ 25.505872] page_type: f8(unknown) [ 25.506054] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.506405] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.506742] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.507212] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.507540] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff [ 25.507870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.508335] page dumped because: kasan: bad access detected [ 25.508592] [ 25.508673] Memory state around the buggy address: [ 25.508996] ffff888102b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.509316] ffff888102b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.509640] >ffff888102b42080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.509984] ^ [ 25.510356] ffff888102b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.510660] ffff888102b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.510930] ================================================================== [ 25.290940] ================================================================== [ 25.291678] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 25.292339] Write of size 1 at addr ffff8881049ad8f0 by task kunit_try_catch/205 [ 25.292656] [ 25.292764] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.292810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.292822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292841] Call Trace: [ 25.292853] <TASK> [ 25.293227] dump_stack_lvl+0x73/0xb0 [ 25.293264] print_report+0xd1/0x640 [ 25.293288] ? __virt_addr_valid+0x1db/0x2d0 [ 25.293311] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.293335] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.293362] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.293387] kasan_report+0x141/0x180 [ 25.293410] ? krealloc_more_oob_helper+0x7eb/0x930 [ 25.293439] __asan_report_store1_noabort+0x1b/0x30 [ 25.293465] krealloc_more_oob_helper+0x7eb/0x930 [ 25.293488] ? __schedule+0x10da/0x2b60 [ 25.293512] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.293537] ? finish_task_switch.isra.0+0x153/0x700 [ 25.293560] ? __switch_to+0x47/0xf80 [ 25.293586] ? __schedule+0x10da/0x2b60 [ 25.293607] ? __pfx_read_tsc+0x10/0x10 [ 25.293632] krealloc_more_oob+0x1c/0x30 [ 25.293655] kunit_try_run_case+0x1a5/0x480 [ 25.293679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293702] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.293725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.293752] ? __kthread_parkme+0x82/0x180 [ 25.293773] ? preempt_count_sub+0x50/0x80 [ 25.293852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.293877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.293926] kthread+0x337/0x6f0 [ 25.293959] ? trace_preempt_on+0x20/0xc0 [ 25.293984] ? __pfx_kthread+0x10/0x10 [ 25.294005] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.294031] ? calculate_sigpending+0x7b/0xa0 [ 25.294065] ? __pfx_kthread+0x10/0x10 [ 25.294088] ret_from_fork+0x116/0x1d0 [ 25.294107] ? __pfx_kthread+0x10/0x10 [ 25.294129] ret_from_fork_asm+0x1a/0x30 [ 25.294161] </TASK> [ 25.294172] [ 25.304736] Allocated by task 205: [ 25.304928] kasan_save_stack+0x45/0x70 [ 25.305168] kasan_save_track+0x18/0x40 [ 25.305886] kasan_save_alloc_info+0x3b/0x50 [ 25.306111] __kasan_krealloc+0x190/0x1f0 [ 25.306459] krealloc_noprof+0xf3/0x340 [ 25.306701] krealloc_more_oob_helper+0x1a9/0x930 [ 25.307067] krealloc_more_oob+0x1c/0x30 [ 25.307273] kunit_try_run_case+0x1a5/0x480 [ 25.307602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.308014] kthread+0x337/0x6f0 [ 25.308190] ret_from_fork+0x116/0x1d0 [ 25.308502] ret_from_fork_asm+0x1a/0x30 [ 25.308708] [ 25.309023] The buggy address belongs to the object at ffff8881049ad800 [ 25.309023] which belongs to the cache kmalloc-256 of size 256 [ 25.309528] The buggy address is located 5 bytes to the right of [ 25.309528] allocated 235-byte region [ffff8881049ad800, ffff8881049ad8eb) [ 25.310425] [ 25.310525] The buggy address belongs to the physical page: [ 25.310747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ac [ 25.311472] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.311758] flags: 0x200000000000040(head|node=0|zone=2) [ 25.312253] page_type: f5(slab) [ 25.312442] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 25.313110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.313435] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 25.314082] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.314511] head: 0200000000000001 ffffea0004126b01 00000000ffffffff 00000000ffffffff [ 25.314819] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.315342] page dumped because: kasan: bad access detected [ 25.315591] [ 25.315763] Memory state around the buggy address: [ 25.316125] ffff8881049ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.316755] ffff8881049ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.317259] >ffff8881049ad880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.317575] ^ [ 25.318175] ffff8881049ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.318445] ffff8881049ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.318750] ================================================================== [ 25.467437] ================================================================== [ 25.467818] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 25.468477] Write of size 1 at addr ffff888102b420eb by task kunit_try_catch/209 [ 25.468732] [ 25.468818] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.468868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.468881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.468901] Call Trace: [ 25.468915] <TASK> [ 25.468933] dump_stack_lvl+0x73/0xb0 [ 25.469445] print_report+0xd1/0x640 [ 25.469472] ? __virt_addr_valid+0x1db/0x2d0 [ 25.469504] ? krealloc_more_oob_helper+0x821/0x930 [ 25.469528] ? kasan_addr_to_slab+0x11/0xa0 [ 25.469549] ? krealloc_more_oob_helper+0x821/0x930 [ 25.469574] kasan_report+0x141/0x180 [ 25.469597] ? krealloc_more_oob_helper+0x821/0x930 [ 25.469626] __asan_report_store1_noabort+0x1b/0x30 [ 25.469651] krealloc_more_oob_helper+0x821/0x930 [ 25.469674] ? __schedule+0x10da/0x2b60 [ 25.469696] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.469720] ? finish_task_switch.isra.0+0x153/0x700 [ 25.469742] ? __switch_to+0x47/0xf80 [ 25.469774] ? __schedule+0x10da/0x2b60 [ 25.469794] ? __pfx_read_tsc+0x10/0x10 [ 25.469819] krealloc_large_more_oob+0x1c/0x30 [ 25.469842] kunit_try_run_case+0x1a5/0x480 [ 25.469867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.469890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.469912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.469939] ? __kthread_parkme+0x82/0x180 [ 25.469969] ? preempt_count_sub+0x50/0x80 [ 25.469992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.470016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.470040] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.470064] kthread+0x337/0x6f0 [ 25.470084] ? trace_preempt_on+0x20/0xc0 [ 25.470106] ? __pfx_kthread+0x10/0x10 [ 25.470178] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.470203] ? calculate_sigpending+0x7b/0xa0 [ 25.470228] ? __pfx_kthread+0x10/0x10 [ 25.470249] ret_from_fork+0x116/0x1d0 [ 25.470269] ? __pfx_kthread+0x10/0x10 [ 25.470290] ret_from_fork_asm+0x1a/0x30 [ 25.470330] </TASK> [ 25.470342] [ 25.484000] The buggy address belongs to the physical page: [ 25.484705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 25.485602] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.486464] flags: 0x200000000000040(head|node=0|zone=2) [ 25.487114] page_type: f8(unknown) [ 25.487600] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.488379] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.488638] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.488892] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.489266] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff [ 25.489611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.489908] page dumped because: kasan: bad access detected [ 25.490182] [ 25.490299] Memory state around the buggy address: [ 25.490544] ffff888102b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.490988] ffff888102b42000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.491419] >ffff888102b42080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 25.491806] ^ [ 25.492208] ffff888102b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.492502] ffff888102b42180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.492824] ================================================================== [ 25.266383] ================================================================== [ 25.267508] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 25.267821] Write of size 1 at addr ffff8881049ad8eb by task kunit_try_catch/205 [ 25.268244] [ 25.268362] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.268411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.268423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.268444] Call Trace: [ 25.268457] <TASK> [ 25.268473] dump_stack_lvl+0x73/0xb0 [ 25.268504] print_report+0xd1/0x640 [ 25.268528] ? __virt_addr_valid+0x1db/0x2d0 [ 25.268552] ? krealloc_more_oob_helper+0x821/0x930 [ 25.268577] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.268604] ? krealloc_more_oob_helper+0x821/0x930 [ 25.268628] kasan_report+0x141/0x180 [ 25.268651] ? krealloc_more_oob_helper+0x821/0x930 [ 25.268681] __asan_report_store1_noabort+0x1b/0x30 [ 25.268706] krealloc_more_oob_helper+0x821/0x930 [ 25.268729] ? __schedule+0x10da/0x2b60 [ 25.268751] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 25.268776] ? finish_task_switch.isra.0+0x153/0x700 [ 25.268799] ? __switch_to+0x47/0xf80 [ 25.268828] ? __schedule+0x10da/0x2b60 [ 25.268849] ? __pfx_read_tsc+0x10/0x10 [ 25.268875] krealloc_more_oob+0x1c/0x30 [ 25.268897] kunit_try_run_case+0x1a5/0x480 [ 25.268923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.268958] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.268981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.269019] ? __kthread_parkme+0x82/0x180 [ 25.269041] ? preempt_count_sub+0x50/0x80 [ 25.269065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.269144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.269170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.269194] kthread+0x337/0x6f0 [ 25.269215] ? trace_preempt_on+0x20/0xc0 [ 25.269240] ? __pfx_kthread+0x10/0x10 [ 25.269262] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.269287] ? calculate_sigpending+0x7b/0xa0 [ 25.269311] ? __pfx_kthread+0x10/0x10 [ 25.269334] ret_from_fork+0x116/0x1d0 [ 25.269353] ? __pfx_kthread+0x10/0x10 [ 25.269375] ret_from_fork_asm+0x1a/0x30 [ 25.269407] </TASK> [ 25.269418] [ 25.277539] Allocated by task 205: [ 25.277679] kasan_save_stack+0x45/0x70 [ 25.277847] kasan_save_track+0x18/0x40 [ 25.278271] kasan_save_alloc_info+0x3b/0x50 [ 25.278534] __kasan_krealloc+0x190/0x1f0 [ 25.278695] krealloc_noprof+0xf3/0x340 [ 25.278986] krealloc_more_oob_helper+0x1a9/0x930 [ 25.279172] krealloc_more_oob+0x1c/0x30 [ 25.279308] kunit_try_run_case+0x1a5/0x480 [ 25.279572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.279900] kthread+0x337/0x6f0 [ 25.280052] ret_from_fork+0x116/0x1d0 [ 25.280189] ret_from_fork_asm+0x1a/0x30 [ 25.280329] [ 25.280395] The buggy address belongs to the object at ffff8881049ad800 [ 25.280395] which belongs to the cache kmalloc-256 of size 256 [ 25.280920] The buggy address is located 0 bytes to the right of [ 25.280920] allocated 235-byte region [ffff8881049ad800, ffff8881049ad8eb) [ 25.281613] [ 25.281705] The buggy address belongs to the physical page: [ 25.282193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049ac [ 25.282454] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.282688] flags: 0x200000000000040(head|node=0|zone=2) [ 25.282929] page_type: f5(slab) [ 25.283110] raw: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 25.283457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.284876] head: 0200000000000040 ffff888100041b40 ffffea000402a900 dead000000000004 [ 25.285306] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.285552] head: 0200000000000001 ffffea0004126b01 00000000ffffffff 00000000ffffffff [ 25.286110] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.286407] page dumped because: kasan: bad access detected [ 25.286656] [ 25.286745] Memory state around the buggy address: [ 25.286962] ffff8881049ad780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.288036] ffff8881049ad800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.288380] >ffff8881049ad880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 25.288686] ^ [ 25.289291] ffff8881049ad900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289615] ffff8881049ad980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.289864] ==================================================================
Failure - kunit/_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.189718] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail> _block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 fail
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 25.245937] ================================================================== [ 25.246522] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 25.246816] Read of size 1 at addr ffff8881062f0000 by task kunit_try_catch/203 [ 25.247300] [ 25.247420] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.247468] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.247480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.247500] Call Trace: [ 25.247645] <TASK> [ 25.247676] dump_stack_lvl+0x73/0xb0 [ 25.247705] print_report+0xd1/0x640 [ 25.247728] ? __virt_addr_valid+0x1db/0x2d0 [ 25.247753] ? page_alloc_uaf+0x356/0x3d0 [ 25.247775] ? kasan_addr_to_slab+0x11/0xa0 [ 25.247797] ? page_alloc_uaf+0x356/0x3d0 [ 25.247819] kasan_report+0x141/0x180 [ 25.247846] ? page_alloc_uaf+0x356/0x3d0 [ 25.247874] __asan_report_load1_noabort+0x18/0x20 [ 25.247899] page_alloc_uaf+0x356/0x3d0 [ 25.247922] ? __pfx_page_alloc_uaf+0x10/0x10 [ 25.247956] ? __schedule+0x10da/0x2b60 [ 25.247978] ? __pfx_read_tsc+0x10/0x10 [ 25.248055] ? ktime_get_ts64+0x86/0x230 [ 25.248082] kunit_try_run_case+0x1a5/0x480 [ 25.248107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.248130] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.248153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.248179] ? __kthread_parkme+0x82/0x180 [ 25.248200] ? preempt_count_sub+0x50/0x80 [ 25.248224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.248249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.248273] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.248298] kthread+0x337/0x6f0 [ 25.248318] ? trace_preempt_on+0x20/0xc0 [ 25.248342] ? __pfx_kthread+0x10/0x10 [ 25.248363] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.248387] ? calculate_sigpending+0x7b/0xa0 [ 25.248411] ? __pfx_kthread+0x10/0x10 [ 25.248434] ret_from_fork+0x116/0x1d0 [ 25.248454] ? __pfx_kthread+0x10/0x10 [ 25.248475] ret_from_fork_asm+0x1a/0x30 [ 25.248507] </TASK> [ 25.248518] [ 25.257520] The buggy address belongs to the physical page: [ 25.258224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062f0 [ 25.258507] flags: 0x200000000000000(node=0|zone=2) [ 25.258714] page_type: f0(buddy) [ 25.259439] raw: 0200000000000000 ffff88817fffb460 ffff88817fffb460 0000000000000000 [ 25.260103] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 25.260427] page dumped because: kasan: bad access detected [ 25.260635] [ 25.260710] Memory state around the buggy address: [ 25.261187] ffff8881062eff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.261493] ffff8881062eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.261782] >ffff8881062f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.262807] ^ [ 25.262936] ffff8881062f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.263567] ffff8881062f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.263938] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 25.221931] ================================================================== [ 25.222652] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 25.223170] Free of addr ffff888102b40001 by task kunit_try_catch/199 [ 25.223486] [ 25.223595] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.223642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.223655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.223675] Call Trace: [ 25.223688] <TASK> [ 25.223702] dump_stack_lvl+0x73/0xb0 [ 25.223729] print_report+0xd1/0x640 [ 25.223752] ? __virt_addr_valid+0x1db/0x2d0 [ 25.223779] ? kasan_addr_to_slab+0x11/0xa0 [ 25.223838] ? kfree+0x274/0x3f0 [ 25.223861] kasan_report_invalid_free+0x10a/0x130 [ 25.223886] ? kfree+0x274/0x3f0 [ 25.223910] ? kfree+0x274/0x3f0 [ 25.224001] __kasan_kfree_large+0x86/0xd0 [ 25.224026] free_large_kmalloc+0x52/0x110 [ 25.224060] kfree+0x274/0x3f0 [ 25.224082] ? kmalloc_large_invalid_free+0x8f/0x2b0 [ 25.224108] kmalloc_large_invalid_free+0x120/0x2b0 [ 25.224131] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 25.224176] ? __schedule+0x10da/0x2b60 [ 25.224197] ? __pfx_read_tsc+0x10/0x10 [ 25.224233] ? ktime_get_ts64+0x86/0x230 [ 25.224258] kunit_try_run_case+0x1a5/0x480 [ 25.224283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.224306] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.224328] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.224354] ? __kthread_parkme+0x82/0x180 [ 25.224375] ? preempt_count_sub+0x50/0x80 [ 25.224398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.224423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.224447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.224471] kthread+0x337/0x6f0 [ 25.224491] ? trace_preempt_on+0x20/0xc0 [ 25.224514] ? __pfx_kthread+0x10/0x10 [ 25.224535] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.224559] ? calculate_sigpending+0x7b/0xa0 [ 25.224583] ? __pfx_kthread+0x10/0x10 [ 25.224605] ret_from_fork+0x116/0x1d0 [ 25.224624] ? __pfx_kthread+0x10/0x10 [ 25.224645] ret_from_fork_asm+0x1a/0x30 [ 25.224677] </TASK> [ 25.224689] [ 25.233403] The buggy address belongs to the physical page: [ 25.233686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 25.234138] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.234579] flags: 0x200000000000040(head|node=0|zone=2) [ 25.234920] page_type: f8(unknown) [ 25.235093] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.235416] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.235818] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.236173] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.236428] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff [ 25.236924] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.237446] page dumped because: kasan: bad access detected [ 25.237714] [ 25.237831] Memory state around the buggy address: [ 25.238039] ffff888102b3ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238298] ffff888102b3ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238575] >ffff888102b40000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.238786] ^ [ 25.238899] ffff888102b40080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.239344] ffff888102b40100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.239703] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 25.204622] ================================================================== [ 25.205111] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 25.205633] Read of size 1 at addr ffff888106128000 by task kunit_try_catch/197 [ 25.206035] [ 25.206198] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.206269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.206281] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.206315] Call Trace: [ 25.206328] <TASK> [ 25.206343] dump_stack_lvl+0x73/0xb0 [ 25.206372] print_report+0xd1/0x640 [ 25.206394] ? __virt_addr_valid+0x1db/0x2d0 [ 25.206419] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.206440] ? kasan_addr_to_slab+0x11/0xa0 [ 25.206461] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.206483] kasan_report+0x141/0x180 [ 25.206506] ? kmalloc_large_uaf+0x2f1/0x340 [ 25.206534] __asan_report_load1_noabort+0x18/0x20 [ 25.206559] kmalloc_large_uaf+0x2f1/0x340 [ 25.206581] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 25.206603] ? __schedule+0x10da/0x2b60 [ 25.206642] ? __pfx_read_tsc+0x10/0x10 [ 25.206665] ? ktime_get_ts64+0x86/0x230 [ 25.206689] kunit_try_run_case+0x1a5/0x480 [ 25.206714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.206737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.206758] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.206843] ? __kthread_parkme+0x82/0x180 [ 25.206869] ? preempt_count_sub+0x50/0x80 [ 25.206893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.206917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.206951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.206976] kthread+0x337/0x6f0 [ 25.206996] ? trace_preempt_on+0x20/0xc0 [ 25.207020] ? __pfx_kthread+0x10/0x10 [ 25.207041] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.207077] ? calculate_sigpending+0x7b/0xa0 [ 25.207101] ? __pfx_kthread+0x10/0x10 [ 25.207122] ret_from_fork+0x116/0x1d0 [ 25.207142] ? __pfx_kthread+0x10/0x10 [ 25.207162] ret_from_fork_asm+0x1a/0x30 [ 25.207194] </TASK> [ 25.207205] [ 25.215172] The buggy address belongs to the physical page: [ 25.215369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810612e600 pfn:0x106128 [ 25.215778] flags: 0x200000000000000(node=0|zone=2) [ 25.216204] raw: 0200000000000000 ffffea0004184b08 ffff88815b139fc0 0000000000000000 [ 25.216539] raw: ffff88810612e600 0000000000000000 00000000ffffffff 0000000000000000 [ 25.216963] page dumped because: kasan: bad access detected [ 25.217231] [ 25.217359] Memory state around the buggy address: [ 25.217631] ffff888106127f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.217955] ffff888106127f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.218285] >ffff888106128000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.218594] ^ [ 25.218755] ffff888106128080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.219137] ffff888106128100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.219426] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 25.182098] ================================================================== [ 25.182732] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 25.183128] Write of size 1 at addr ffff888102b4200a by task kunit_try_catch/195 [ 25.183434] [ 25.183536] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.183582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.183594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.183614] Call Trace: [ 25.183627] <TASK> [ 25.183642] dump_stack_lvl+0x73/0xb0 [ 25.183669] print_report+0xd1/0x640 [ 25.183692] ? __virt_addr_valid+0x1db/0x2d0 [ 25.183716] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.183738] ? kasan_addr_to_slab+0x11/0xa0 [ 25.183759] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.183782] kasan_report+0x141/0x180 [ 25.183805] ? kmalloc_large_oob_right+0x2e9/0x330 [ 25.183832] __asan_report_store1_noabort+0x1b/0x30 [ 25.183858] kmalloc_large_oob_right+0x2e9/0x330 [ 25.183880] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 25.183905] ? __schedule+0x10da/0x2b60 [ 25.183928] ? __pfx_read_tsc+0x10/0x10 [ 25.183960] ? ktime_get_ts64+0x86/0x230 [ 25.183984] kunit_try_run_case+0x1a5/0x480 [ 25.184009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184032] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.184076] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.184104] ? __kthread_parkme+0x82/0x180 [ 25.184126] ? preempt_count_sub+0x50/0x80 [ 25.184150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.184175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.184199] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.184223] kthread+0x337/0x6f0 [ 25.184245] ? trace_preempt_on+0x20/0xc0 [ 25.184268] ? __pfx_kthread+0x10/0x10 [ 25.184290] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.184316] ? calculate_sigpending+0x7b/0xa0 [ 25.184340] ? __pfx_kthread+0x10/0x10 [ 25.184362] ret_from_fork+0x116/0x1d0 [ 25.184381] ? __pfx_kthread+0x10/0x10 [ 25.184402] ret_from_fork_asm+0x1a/0x30 [ 25.184435] </TASK> [ 25.184446] [ 25.193778] The buggy address belongs to the physical page: [ 25.194458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 25.194816] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.195392] flags: 0x200000000000040(head|node=0|zone=2) [ 25.195674] page_type: f8(unknown) [ 25.196153] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.196505] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.196973] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 25.197277] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 25.197546] head: 0200000000000002 ffffea00040ad001 00000000ffffffff 00000000ffffffff [ 25.197995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 25.198336] page dumped because: kasan: bad access detected [ 25.198557] [ 25.198645] Memory state around the buggy address: [ 25.198961] ffff888102b41f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.199283] ffff888102b41f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.199589] >ffff888102b42000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.199877] ^ [ 25.200216] ffff888102b42080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.200554] ffff888102b42100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.201007] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 25.156206] ================================================================== [ 25.156816] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 25.157364] Write of size 1 at addr ffff888106289f00 by task kunit_try_catch/193 [ 25.157687] [ 25.157773] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.157832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.157844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.157865] Call Trace: [ 25.157898] <TASK> [ 25.157913] dump_stack_lvl+0x73/0xb0 [ 25.157941] print_report+0xd1/0x640 [ 25.157976] ? __virt_addr_valid+0x1db/0x2d0 [ 25.158060] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158100] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.158127] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158150] kasan_report+0x141/0x180 [ 25.158173] ? kmalloc_big_oob_right+0x316/0x370 [ 25.158200] __asan_report_store1_noabort+0x1b/0x30 [ 25.158225] kmalloc_big_oob_right+0x316/0x370 [ 25.158249] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 25.158293] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 25.158318] ? trace_hardirqs_on+0x37/0xe0 [ 25.158342] ? __pfx_read_tsc+0x10/0x10 [ 25.158365] ? ktime_get_ts64+0x86/0x230 [ 25.158389] kunit_try_run_case+0x1a5/0x480 [ 25.158414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.158439] ? queued_spin_lock_slowpath+0x116/0xb40 [ 25.158462] ? __kthread_parkme+0x82/0x180 [ 25.158483] ? preempt_count_sub+0x50/0x80 [ 25.158506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.158531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.158555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.158580] kthread+0x337/0x6f0 [ 25.158600] ? trace_preempt_on+0x20/0xc0 [ 25.158623] ? __pfx_kthread+0x10/0x10 [ 25.158644] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.158668] ? calculate_sigpending+0x7b/0xa0 [ 25.158692] ? __pfx_kthread+0x10/0x10 [ 25.158715] ret_from_fork+0x116/0x1d0 [ 25.158734] ? __pfx_kthread+0x10/0x10 [ 25.158756] ret_from_fork_asm+0x1a/0x30 [ 25.158822] </TASK> [ 25.158835] [ 25.166622] Allocated by task 193: [ 25.166752] kasan_save_stack+0x45/0x70 [ 25.166892] kasan_save_track+0x18/0x40 [ 25.167032] kasan_save_alloc_info+0x3b/0x50 [ 25.167432] __kasan_kmalloc+0xb7/0xc0 [ 25.167662] __kmalloc_cache_noprof+0x189/0x420 [ 25.168038] kmalloc_big_oob_right+0xa9/0x370 [ 25.168267] kunit_try_run_case+0x1a5/0x480 [ 25.168491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.168743] kthread+0x337/0x6f0 [ 25.168980] ret_from_fork+0x116/0x1d0 [ 25.169180] ret_from_fork_asm+0x1a/0x30 [ 25.169430] [ 25.169499] The buggy address belongs to the object at ffff888106288000 [ 25.169499] which belongs to the cache kmalloc-8k of size 8192 [ 25.170214] The buggy address is located 0 bytes to the right of [ 25.170214] allocated 7936-byte region [ffff888106288000, ffff888106289f00) [ 25.170895] [ 25.171037] The buggy address belongs to the physical page: [ 25.171295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106288 [ 25.171572] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.171798] flags: 0x200000000000040(head|node=0|zone=2) [ 25.172050] page_type: f5(slab) [ 25.172215] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 25.172475] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 25.173022] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 25.173272] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 25.173638] head: 0200000000000003 ffffea000418a201 00000000ffffffff 00000000ffffffff [ 25.174243] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 25.174645] page dumped because: kasan: bad access detected [ 25.174970] [ 25.175052] Memory state around the buggy address: [ 25.175211] ffff888106289e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.175581] ffff888106289e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.175959] >ffff888106289f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.176282] ^ [ 25.176432] ffff888106289f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.176756] ffff88810628a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.177307] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 25.132969] ================================================================== [ 25.133311] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.133742] Write of size 1 at addr ffff8881046cae78 by task kunit_try_catch/191 [ 25.134263] [ 25.134374] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.134421] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.134433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.134452] Call Trace: [ 25.134464] <TASK> [ 25.134478] dump_stack_lvl+0x73/0xb0 [ 25.134527] print_report+0xd1/0x640 [ 25.134550] ? __virt_addr_valid+0x1db/0x2d0 [ 25.134589] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134627] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.134667] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134705] kasan_report+0x141/0x180 [ 25.134728] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134772] __asan_report_store1_noabort+0x1b/0x30 [ 25.134798] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 25.134883] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.134912] ? __schedule+0x10da/0x2b60 [ 25.134933] ? __pfx_read_tsc+0x10/0x10 [ 25.134968] ? ktime_get_ts64+0x86/0x230 [ 25.134992] kunit_try_run_case+0x1a5/0x480 [ 25.135017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.135041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.135069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.135119] ? __kthread_parkme+0x82/0x180 [ 25.135140] ? preempt_count_sub+0x50/0x80 [ 25.135164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.135188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.135213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.135238] kthread+0x337/0x6f0 [ 25.135257] ? trace_preempt_on+0x20/0xc0 [ 25.135297] ? __pfx_kthread+0x10/0x10 [ 25.135319] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.135344] ? calculate_sigpending+0x7b/0xa0 [ 25.135368] ? __pfx_kthread+0x10/0x10 [ 25.135390] ret_from_fork+0x116/0x1d0 [ 25.135409] ? __pfx_kthread+0x10/0x10 [ 25.135430] ret_from_fork_asm+0x1a/0x30 [ 25.135477] </TASK> [ 25.135488] [ 25.143652] Allocated by task 191: [ 25.143845] kasan_save_stack+0x45/0x70 [ 25.144083] kasan_save_track+0x18/0x40 [ 25.144365] kasan_save_alloc_info+0x3b/0x50 [ 25.144601] __kasan_kmalloc+0xb7/0xc0 [ 25.144771] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.145070] kmalloc_track_caller_oob_right+0x19a/0x520 [ 25.145401] kunit_try_run_case+0x1a5/0x480 [ 25.145574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.145750] kthread+0x337/0x6f0 [ 25.145916] ret_from_fork+0x116/0x1d0 [ 25.146295] ret_from_fork_asm+0x1a/0x30 [ 25.146515] [ 25.146607] The buggy address belongs to the object at ffff8881046cae00 [ 25.146607] which belongs to the cache kmalloc-128 of size 128 [ 25.147282] The buggy address is located 0 bytes to the right of [ 25.147282] allocated 120-byte region [ffff8881046cae00, ffff8881046cae78) [ 25.147821] [ 25.147967] The buggy address belongs to the physical page: [ 25.148249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ca [ 25.148527] flags: 0x200000000000000(node=0|zone=2) [ 25.148776] page_type: f5(slab) [ 25.149002] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.149368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.149724] page dumped because: kasan: bad access detected [ 25.149986] [ 25.150076] Memory state around the buggy address: [ 25.150299] ffff8881046cad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.150614] ffff8881046cad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.150923] >ffff8881046cae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.151145] ^ [ 25.151361] ffff8881046cae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.152071] ffff8881046caf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.152394] ================================================================== [ 25.109098] ================================================================== [ 25.109743] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.110610] Write of size 1 at addr ffff8881046cad78 by task kunit_try_catch/191 [ 25.111348] [ 25.111554] CPU: 1 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.111603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.111615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.111636] Call Trace: [ 25.111650] <TASK> [ 25.111667] dump_stack_lvl+0x73/0xb0 [ 25.111708] print_report+0xd1/0x640 [ 25.111731] ? __virt_addr_valid+0x1db/0x2d0 [ 25.111757] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111782] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.111809] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111846] kasan_report+0x141/0x180 [ 25.111869] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111899] __asan_report_store1_noabort+0x1b/0x30 [ 25.111925] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 25.111960] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 25.112009] ? __schedule+0x10da/0x2b60 [ 25.112032] ? __pfx_read_tsc+0x10/0x10 [ 25.112055] ? ktime_get_ts64+0x86/0x230 [ 25.112092] kunit_try_run_case+0x1a5/0x480 [ 25.112119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.112143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.112165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.112201] ? __kthread_parkme+0x82/0x180 [ 25.112223] ? preempt_count_sub+0x50/0x80 [ 25.112247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.112298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.112322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.112347] kthread+0x337/0x6f0 [ 25.112368] ? trace_preempt_on+0x20/0xc0 [ 25.112392] ? __pfx_kthread+0x10/0x10 [ 25.112413] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.112438] ? calculate_sigpending+0x7b/0xa0 [ 25.112461] ? __pfx_kthread+0x10/0x10 [ 25.112484] ret_from_fork+0x116/0x1d0 [ 25.112504] ? __pfx_kthread+0x10/0x10 [ 25.112526] ret_from_fork_asm+0x1a/0x30 [ 25.112557] </TASK> [ 25.112569] [ 25.122918] Allocated by task 191: [ 25.123193] kasan_save_stack+0x45/0x70 [ 25.123448] kasan_save_track+0x18/0x40 [ 25.123632] kasan_save_alloc_info+0x3b/0x50 [ 25.123904] __kasan_kmalloc+0xb7/0xc0 [ 25.124167] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 25.124410] kmalloc_track_caller_oob_right+0x99/0x520 [ 25.124649] kunit_try_run_case+0x1a5/0x480 [ 25.124956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.125252] kthread+0x337/0x6f0 [ 25.125402] ret_from_fork+0x116/0x1d0 [ 25.125576] ret_from_fork_asm+0x1a/0x30 [ 25.125758] [ 25.125926] The buggy address belongs to the object at ffff8881046cad00 [ 25.125926] which belongs to the cache kmalloc-128 of size 128 [ 25.126565] The buggy address is located 0 bytes to the right of [ 25.126565] allocated 120-byte region [ffff8881046cad00, ffff8881046cad78) [ 25.127184] [ 25.127276] The buggy address belongs to the physical page: [ 25.127648] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046ca [ 25.127922] flags: 0x200000000000000(node=0|zone=2) [ 25.128444] page_type: f5(slab) [ 25.128636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.129025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.129399] page dumped because: kasan: bad access detected [ 25.129654] [ 25.129742] Memory state around the buggy address: [ 25.130154] ffff8881046cac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.130424] ffff8881046cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.130764] >ffff8881046cad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.131176] ^ [ 25.131415] ffff8881046cad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.131750] ffff8881046cae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.132126] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 25.070437] ================================================================== [ 25.071655] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 25.072316] Read of size 1 at addr ffff888106087000 by task kunit_try_catch/189 [ 25.072558] [ 25.072653] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.072702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.072715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.072736] Call Trace: [ 25.072751] <TASK> [ 25.072769] dump_stack_lvl+0x73/0xb0 [ 25.072809] print_report+0xd1/0x640 [ 25.072832] ? __virt_addr_valid+0x1db/0x2d0 [ 25.072856] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.072880] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.072906] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.072930] kasan_report+0x141/0x180 [ 25.072964] ? kmalloc_node_oob_right+0x369/0x3c0 [ 25.072993] __asan_report_load1_noabort+0x18/0x20 [ 25.073017] kmalloc_node_oob_right+0x369/0x3c0 [ 25.073042] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 25.073312] ? __schedule+0x10da/0x2b60 [ 25.073342] ? __pfx_read_tsc+0x10/0x10 [ 25.073365] ? ktime_get_ts64+0x86/0x230 [ 25.073391] kunit_try_run_case+0x1a5/0x480 [ 25.073418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.073441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.073464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.073490] ? __kthread_parkme+0x82/0x180 [ 25.073510] ? preempt_count_sub+0x50/0x80 [ 25.073534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.073558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.073582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.073606] kthread+0x337/0x6f0 [ 25.073625] ? trace_preempt_on+0x20/0xc0 [ 25.073649] ? __pfx_kthread+0x10/0x10 [ 25.073669] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.073694] ? calculate_sigpending+0x7b/0xa0 [ 25.073717] ? __pfx_kthread+0x10/0x10 [ 25.073739] ret_from_fork+0x116/0x1d0 [ 25.073758] ? __pfx_kthread+0x10/0x10 [ 25.073779] ret_from_fork_asm+0x1a/0x30 [ 25.074095] </TASK> [ 25.074109] [ 25.087823] Allocated by task 189: [ 25.088250] kasan_save_stack+0x45/0x70 [ 25.088691] kasan_save_track+0x18/0x40 [ 25.089198] kasan_save_alloc_info+0x3b/0x50 [ 25.089392] __kasan_kmalloc+0xb7/0xc0 [ 25.089765] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.090280] kmalloc_node_oob_right+0xab/0x3c0 [ 25.090445] kunit_try_run_case+0x1a5/0x480 [ 25.090591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.090768] kthread+0x337/0x6f0 [ 25.090940] ret_from_fork+0x116/0x1d0 [ 25.091386] ret_from_fork_asm+0x1a/0x30 [ 25.091776] [ 25.091930] The buggy address belongs to the object at ffff888106086000 [ 25.091930] which belongs to the cache kmalloc-4k of size 4096 [ 25.093210] The buggy address is located 0 bytes to the right of [ 25.093210] allocated 4096-byte region [ffff888106086000, ffff888106087000) [ 25.094645] [ 25.094721] The buggy address belongs to the physical page: [ 25.095372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106080 [ 25.096043] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.096300] flags: 0x200000000000040(head|node=0|zone=2) [ 25.096572] page_type: f5(slab) [ 25.096695] raw: 0200000000000040 ffff888100042140 ffffea0004182400 dead000000000002 [ 25.097664] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.098546] head: 0200000000000040 ffff888100042140 ffffea0004182400 dead000000000002 [ 25.099400] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 25.100230] head: 0200000000000003 ffffea0004182001 00000000ffffffff 00000000ffffffff [ 25.101086] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 25.101781] page dumped because: kasan: bad access detected [ 25.102416] [ 25.102509] Memory state around the buggy address: [ 25.102669] ffff888106086f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.103186] ffff888106086f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.103857] >ffff888106087000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.104468] ^ [ 25.104586] ffff888106087080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.104863] ffff888106087100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.105566] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 25.022494] ================================================================== [ 25.022926] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 25.024059] Read of size 1 at addr ffff888105f9f15f by task kunit_try_catch/187 [ 25.025254] [ 25.025654] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 25.025711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.025724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.025746] Call Trace: [ 25.025760] <TASK> [ 25.025778] dump_stack_lvl+0x73/0xb0 [ 25.025823] print_report+0xd1/0x640 [ 25.025847] ? __virt_addr_valid+0x1db/0x2d0 [ 25.025871] ? kmalloc_oob_left+0x361/0x3c0 [ 25.025892] ? kasan_complete_mode_report_info+0x64/0x200 [ 25.025918] ? kmalloc_oob_left+0x361/0x3c0 [ 25.025940] kasan_report+0x141/0x180 [ 25.025975] ? kmalloc_oob_left+0x361/0x3c0 [ 25.026001] __asan_report_load1_noabort+0x18/0x20 [ 25.026026] kmalloc_oob_left+0x361/0x3c0 [ 25.026048] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 25.026083] ? __schedule+0x10da/0x2b60 [ 25.026104] ? __pfx_read_tsc+0x10/0x10 [ 25.026126] ? ktime_get_ts64+0x86/0x230 [ 25.026152] kunit_try_run_case+0x1a5/0x480 [ 25.026178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.026203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 25.026225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.026251] ? __kthread_parkme+0x82/0x180 [ 25.026273] ? preempt_count_sub+0x50/0x80 [ 25.026297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.026322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.026346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.026370] kthread+0x337/0x6f0 [ 25.026390] ? trace_preempt_on+0x20/0xc0 [ 25.026414] ? __pfx_kthread+0x10/0x10 [ 25.026435] ? _raw_spin_unlock_irq+0x47/0x80 [ 25.026459] ? calculate_sigpending+0x7b/0xa0 [ 25.026482] ? __pfx_kthread+0x10/0x10 [ 25.026504] ret_from_fork+0x116/0x1d0 [ 25.026523] ? __pfx_kthread+0x10/0x10 [ 25.026544] ret_from_fork_asm+0x1a/0x30 [ 25.026575] </TASK> [ 25.026587] [ 25.040180] Allocated by task 21: [ 25.040599] kasan_save_stack+0x45/0x70 [ 25.041102] kasan_save_track+0x18/0x40 [ 25.041552] kasan_save_alloc_info+0x3b/0x50 [ 25.042041] __kasan_kmalloc+0xb7/0xc0 [ 25.042466] __kmalloc_cache_node_noprof+0x188/0x420 [ 25.042956] build_sched_domains+0x38c/0x5d80 [ 25.043352] partition_sched_domains+0x471/0x9c0 [ 25.043723] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.044386] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.044967] sched_cpu_activate+0x2bf/0x330 [ 25.045309] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.045734] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.046167] smpboot_thread_fn+0x2bc/0x730 [ 25.046429] kthread+0x337/0x6f0 [ 25.046766] ret_from_fork+0x116/0x1d0 [ 25.047210] ret_from_fork_asm+0x1a/0x30 [ 25.047352] [ 25.047441] Freed by task 21: [ 25.047564] kasan_save_stack+0x45/0x70 [ 25.047698] kasan_save_track+0x18/0x40 [ 25.047827] kasan_save_free_info+0x3f/0x60 [ 25.047986] __kasan_slab_free+0x5e/0x80 [ 25.048475] kfree+0x222/0x3f0 [ 25.048741] build_sched_domains+0x2072/0x5d80 [ 25.049375] partition_sched_domains+0x471/0x9c0 [ 25.049919] rebuild_sched_domains_locked+0x97d/0xd50 [ 25.050458] cpuset_update_active_cpus+0x80f/0x1a90 [ 25.050642] sched_cpu_activate+0x2bf/0x330 [ 25.051046] cpuhp_invoke_callback+0x2a1/0xf00 [ 25.051765] cpuhp_thread_fun+0x2ce/0x5c0 [ 25.052373] smpboot_thread_fn+0x2bc/0x730 [ 25.052934] kthread+0x337/0x6f0 [ 25.053503] ret_from_fork+0x116/0x1d0 [ 25.054061] ret_from_fork_asm+0x1a/0x30 [ 25.054523] [ 25.054886] The buggy address belongs to the object at ffff888105f9f140 [ 25.054886] which belongs to the cache kmalloc-16 of size 16 [ 25.055745] The buggy address is located 15 bytes to the right of [ 25.055745] allocated 16-byte region [ffff888105f9f140, ffff888105f9f150) [ 25.057500] [ 25.057812] The buggy address belongs to the physical page: [ 25.058476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f9f [ 25.058738] flags: 0x200000000000000(node=0|zone=2) [ 25.059542] page_type: f5(slab) [ 25.060058] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 25.061088] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 25.061619] page dumped because: kasan: bad access detected [ 25.061977] [ 25.062340] Memory state around the buggy address: [ 25.063018] ffff888105f9f000: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 25.063874] ffff888105f9f080: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 25.064579] >ffff888105f9f100: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 25.065103] ^ [ 25.065818] ffff888105f9f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.066771] ffff888105f9f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.067303] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 24.990551] ================================================================== [ 24.991282] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 24.991875] Read of size 1 at addr ffff888105800180 by task kunit_try_catch/185 [ 24.992712] [ 24.992805] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 24.992851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.992865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.992884] Call Trace: [ 24.992900] <TASK> [ 24.992915] dump_stack_lvl+0x73/0xb0 [ 24.992953] print_report+0xd1/0x640 [ 24.992977] ? __virt_addr_valid+0x1db/0x2d0 [ 24.993000] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.993022] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.993048] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.993070] kasan_report+0x141/0x180 [ 24.993103] ? kmalloc_oob_right+0x68a/0x7f0 [ 24.993150] __asan_report_load1_noabort+0x18/0x20 [ 24.993184] kmalloc_oob_right+0x68a/0x7f0 [ 24.993213] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.993236] ? __schedule+0x10da/0x2b60 [ 24.993259] ? __pfx_read_tsc+0x10/0x10 [ 24.993281] ? ktime_get_ts64+0x86/0x230 [ 24.993306] kunit_try_run_case+0x1a5/0x480 [ 24.993330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.993353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.993375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.993401] ? __kthread_parkme+0x82/0x180 [ 24.993421] ? preempt_count_sub+0x50/0x80 [ 24.993446] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.993471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.993495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.993519] kthread+0x337/0x6f0 [ 24.993538] ? trace_preempt_on+0x20/0xc0 [ 24.993562] ? __pfx_kthread+0x10/0x10 [ 24.993582] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.993606] ? calculate_sigpending+0x7b/0xa0 [ 24.993630] ? __pfx_kthread+0x10/0x10 [ 24.993652] ret_from_fork+0x116/0x1d0 [ 24.993672] ? __pfx_kthread+0x10/0x10 [ 24.993692] ret_from_fork_asm+0x1a/0x30 [ 24.993724] </TASK> [ 24.993734] [ 25.006526] Allocated by task 185: [ 25.006814] kasan_save_stack+0x45/0x70 [ 25.007098] kasan_save_track+0x18/0x40 [ 25.007441] kasan_save_alloc_info+0x3b/0x50 [ 25.007832] __kasan_kmalloc+0xb7/0xc0 [ 25.008287] __kmalloc_cache_noprof+0x189/0x420 [ 25.008485] kmalloc_oob_right+0xa9/0x7f0 [ 25.008625] kunit_try_run_case+0x1a5/0x480 [ 25.008769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.008975] kthread+0x337/0x6f0 [ 25.009093] ret_from_fork+0x116/0x1d0 [ 25.009570] ret_from_fork_asm+0x1a/0x30 [ 25.009928] [ 25.010095] The buggy address belongs to the object at ffff888105800100 [ 25.010095] which belongs to the cache kmalloc-128 of size 128 [ 25.011281] The buggy address is located 13 bytes to the right of [ 25.011281] allocated 115-byte region [ffff888105800100, ffff888105800173) [ 25.011938] [ 25.012139] The buggy address belongs to the physical page: [ 25.012609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 25.013451] flags: 0x200000000000000(node=0|zone=2) [ 25.013886] page_type: f5(slab) [ 25.014199] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.014574] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.014963] page dumped because: kasan: bad access detected [ 25.015276] [ 25.015426] Memory state around the buggy address: [ 25.015832] ffff888105800080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.016506] ffff888105800100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 25.016733] >ffff888105800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.017037] ^ [ 25.017349] ffff888105800200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.017985] ffff888105800280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.018533] ================================================================== [ 24.957694] ================================================================== [ 24.958819] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 24.959381] Write of size 1 at addr ffff888105800178 by task kunit_try_catch/185 [ 24.959620] [ 24.959703] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 24.959751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.959764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.959784] Call Trace: [ 24.959797] <TASK> [ 24.959812] dump_stack_lvl+0x73/0xb0 [ 24.959969] print_report+0xd1/0x640 [ 24.959994] ? __virt_addr_valid+0x1db/0x2d0 [ 24.960018] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.960040] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.960066] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.960088] kasan_report+0x141/0x180 [ 24.960110] ? kmalloc_oob_right+0x6bd/0x7f0 [ 24.960297] __asan_report_store1_noabort+0x1b/0x30 [ 24.960324] kmalloc_oob_right+0x6bd/0x7f0 [ 24.960347] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.960370] ? __schedule+0x10da/0x2b60 [ 24.960393] ? __pfx_read_tsc+0x10/0x10 [ 24.960415] ? ktime_get_ts64+0x86/0x230 [ 24.960441] kunit_try_run_case+0x1a5/0x480 [ 24.960465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960488] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.960510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.960536] ? __kthread_parkme+0x82/0x180 [ 24.960557] ? preempt_count_sub+0x50/0x80 [ 24.960581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.960605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.960629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.960653] kthread+0x337/0x6f0 [ 24.960673] ? trace_preempt_on+0x20/0xc0 [ 24.960697] ? __pfx_kthread+0x10/0x10 [ 24.960718] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.960742] ? calculate_sigpending+0x7b/0xa0 [ 24.960766] ? __pfx_kthread+0x10/0x10 [ 24.960804] ret_from_fork+0x116/0x1d0 [ 24.960825] ? __pfx_kthread+0x10/0x10 [ 24.960847] ret_from_fork_asm+0x1a/0x30 [ 24.960878] </TASK> [ 24.960889] [ 24.974725] Allocated by task 185: [ 24.975034] kasan_save_stack+0x45/0x70 [ 24.975704] kasan_save_track+0x18/0x40 [ 24.976209] kasan_save_alloc_info+0x3b/0x50 [ 24.976711] __kasan_kmalloc+0xb7/0xc0 [ 24.977202] __kmalloc_cache_noprof+0x189/0x420 [ 24.977695] kmalloc_oob_right+0xa9/0x7f0 [ 24.978223] kunit_try_run_case+0x1a5/0x480 [ 24.978407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.978594] kthread+0x337/0x6f0 [ 24.978716] ret_from_fork+0x116/0x1d0 [ 24.979284] ret_from_fork_asm+0x1a/0x30 [ 24.979676] [ 24.979859] The buggy address belongs to the object at ffff888105800100 [ 24.979859] which belongs to the cache kmalloc-128 of size 128 [ 24.981245] The buggy address is located 5 bytes to the right of [ 24.981245] allocated 115-byte region [ffff888105800100, ffff888105800173) [ 24.981739] [ 24.981890] The buggy address belongs to the physical page: [ 24.982594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 24.983482] flags: 0x200000000000000(node=0|zone=2) [ 24.984048] page_type: f5(slab) [ 24.984390] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.984738] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.985540] page dumped because: kasan: bad access detected [ 24.986127] [ 24.986285] Memory state around the buggy address: [ 24.986465] ffff888105800000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.987345] ffff888105800080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.988016] >ffff888105800100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.988371] ^ [ 24.988591] ffff888105800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.988858] ffff888105800200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.989541] ================================================================== [ 24.922296] ================================================================== [ 24.922911] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 24.923620] Write of size 1 at addr ffff888105800173 by task kunit_try_catch/185 [ 24.924625] [ 24.925997] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 24.926347] Tainted: [N]=TEST [ 24.926380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.926607] Call Trace: [ 24.926675] <TASK> [ 24.926833] dump_stack_lvl+0x73/0xb0 [ 24.926925] print_report+0xd1/0x640 [ 24.926968] ? __virt_addr_valid+0x1db/0x2d0 [ 24.926995] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.927017] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.927044] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.927292] kasan_report+0x141/0x180 [ 24.927319] ? kmalloc_oob_right+0x6f0/0x7f0 [ 24.927347] __asan_report_store1_noabort+0x1b/0x30 [ 24.927373] kmalloc_oob_right+0x6f0/0x7f0 [ 24.927396] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 24.927419] ? __schedule+0x10da/0x2b60 [ 24.927443] ? __pfx_read_tsc+0x10/0x10 [ 24.927468] ? ktime_get_ts64+0x86/0x230 [ 24.927496] kunit_try_run_case+0x1a5/0x480 [ 24.927524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.927547] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.927571] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.927598] ? __kthread_parkme+0x82/0x180 [ 24.927621] ? preempt_count_sub+0x50/0x80 [ 24.927647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.927672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.927697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.927722] kthread+0x337/0x6f0 [ 24.927743] ? trace_preempt_on+0x20/0xc0 [ 24.927769] ? __pfx_kthread+0x10/0x10 [ 24.927840] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.927866] ? calculate_sigpending+0x7b/0xa0 [ 24.927891] ? __pfx_kthread+0x10/0x10 [ 24.927913] ret_from_fork+0x116/0x1d0 [ 24.927936] ? __pfx_kthread+0x10/0x10 [ 24.927970] ret_from_fork_asm+0x1a/0x30 [ 24.928038] </TASK> [ 24.928109] [ 24.938505] Allocated by task 185: [ 24.938997] kasan_save_stack+0x45/0x70 [ 24.939377] kasan_save_track+0x18/0x40 [ 24.939563] kasan_save_alloc_info+0x3b/0x50 [ 24.939748] __kasan_kmalloc+0xb7/0xc0 [ 24.940137] __kmalloc_cache_noprof+0x189/0x420 [ 24.940439] kmalloc_oob_right+0xa9/0x7f0 [ 24.940733] kunit_try_run_case+0x1a5/0x480 [ 24.940997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.941297] kthread+0x337/0x6f0 [ 24.941654] ret_from_fork+0x116/0x1d0 [ 24.941868] ret_from_fork_asm+0x1a/0x30 [ 24.942270] [ 24.942430] The buggy address belongs to the object at ffff888105800100 [ 24.942430] which belongs to the cache kmalloc-128 of size 128 [ 24.944022] The buggy address is located 0 bytes to the right of [ 24.944022] allocated 115-byte region [ffff888105800100, ffff888105800173) [ 24.944773] [ 24.945061] The buggy address belongs to the physical page: [ 24.946029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105800 [ 24.946834] flags: 0x200000000000000(node=0|zone=2) [ 24.947478] page_type: f5(slab) [ 24.948155] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.948495] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.949690] page dumped because: kasan: bad access detected [ 24.950382] [ 24.950611] Memory state around the buggy address: [ 24.951532] ffff888105800000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.952398] ffff888105800080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.953233] >ffff888105800100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 24.954047] ^ [ 24.954732] ffff888105800180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.955608] ffff888105800200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.956027] ==================================================================
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 194.318490] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2961 [ 194.318900] Modules linked in: [ 194.319500] CPU: 1 UID: 0 PID: 2961 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 194.320074] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.320419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.320973] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 194.321250] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.322190] RSP: 0000:ffff888102ba7c78 EFLAGS: 00010286 [ 194.322448] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 194.322756] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb8c64fbc [ 194.323137] RBP: ffff888102ba7ca0 R08: 0000000000000000 R09: ffffed10211b2940 [ 194.323503] R10: ffff888108d94a07 R11: 0000000000000000 R12: ffffffffb8c64fa8 [ 194.323763] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102ba7d38 [ 194.324184] FS: 0000000000000000(0000) GS:ffff8881a050d000(0000) knlGS:0000000000000000 [ 194.324575] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.324827] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 194.325189] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9583 [ 194.325632] DR3: ffffffffbacb9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.325996] Call Trace: [ 194.326192] <TASK> [ 194.326526] drm_test_rect_calc_vscale+0x108/0x270 [ 194.326840] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 194.327205] ? __schedule+0x10da/0x2b60 [ 194.327424] ? __pfx_read_tsc+0x10/0x10 [ 194.327633] ? ktime_get_ts64+0x86/0x230 [ 194.327833] kunit_try_run_case+0x1a5/0x480 [ 194.328127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.328396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.328611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.328878] ? __kthread_parkme+0x82/0x180 [ 194.329132] ? preempt_count_sub+0x50/0x80 [ 194.329362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.329579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.329823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.330192] kthread+0x337/0x6f0 [ 194.330309] ? trace_preempt_on+0x20/0xc0 [ 194.330750] ? __pfx_kthread+0x10/0x10 [ 194.331012] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.331180] ? calculate_sigpending+0x7b/0xa0 [ 194.331415] ? __pfx_kthread+0x10/0x10 [ 194.331701] ret_from_fork+0x116/0x1d0 [ 194.332043] ? __pfx_kthread+0x10/0x10 [ 194.332277] ret_from_fork_asm+0x1a/0x30 [ 194.332531] </TASK> [ 194.332654] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 194.338483] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2963 [ 194.339050] Modules linked in: [ 194.339693] CPU: 1 UID: 0 PID: 2963 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 194.340310] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.340678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.341210] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 194.341544] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.342556] RSP: 0000:ffff888102847c78 EFLAGS: 00010286 [ 194.342849] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 194.343376] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb8c64ff4 [ 194.343672] RBP: ffff888102847ca0 R08: 0000000000000000 R09: ffffed10211b2960 [ 194.343975] R10: ffff888108d94b07 R11: 0000000000000000 R12: ffffffffb8c64fe0 [ 194.344482] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102847d38 [ 194.344888] FS: 0000000000000000(0000) GS:ffff8881a050d000(0000) knlGS:0000000000000000 [ 194.345213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.345528] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 194.345831] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9583 [ 194.346174] DR3: ffffffffbacb9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.346605] Call Trace: [ 194.346713] <TASK> [ 194.347003] drm_test_rect_calc_vscale+0x108/0x270 [ 194.347279] ? __kasan_check_write+0x18/0x20 [ 194.347501] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 194.347725] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 194.348113] ? trace_hardirqs_on+0x37/0xe0 [ 194.348438] ? __pfx_read_tsc+0x10/0x10 [ 194.348585] ? ktime_get_ts64+0x86/0x230 [ 194.348809] kunit_try_run_case+0x1a5/0x480 [ 194.349039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.349335] ? queued_spin_lock_slowpath+0x116/0xb40 [ 194.349617] ? __kthread_parkme+0x82/0x180 [ 194.349868] ? preempt_count_sub+0x50/0x80 [ 194.350204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.350450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.350631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.351156] kthread+0x337/0x6f0 [ 194.351350] ? trace_preempt_on+0x20/0xc0 [ 194.351491] ? __pfx_kthread+0x10/0x10 [ 194.351662] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.351878] ? calculate_sigpending+0x7b/0xa0 [ 194.352130] ? __pfx_kthread+0x10/0x10 [ 194.352447] ret_from_fork+0x116/0x1d0 [ 194.352611] ? __pfx_kthread+0x10/0x10 [ 194.352789] ret_from_fork_asm+0x1a/0x30 [ 194.353144] </TASK> [ 194.353278] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 194.283388] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2951 [ 194.283909] Modules linked in: [ 194.284131] CPU: 0 UID: 0 PID: 2951 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 194.284579] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.284883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.285306] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 194.285512] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b ff 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.286336] RSP: 0000:ffff888102847c78 EFLAGS: 00010286 [ 194.286574] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 194.286899] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb8c64ff8 [ 194.287246] RBP: ffff888102847ca0 R08: 0000000000000000 R09: ffffed10211b28e0 [ 194.287525] R10: ffff888108d94707 R11: 0000000000000000 R12: ffffffffb8c64fe0 [ 194.287865] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102847d38 [ 194.288185] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 194.288482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.288875] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 194.289192] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 194.289444] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.289737] Call Trace: [ 194.289966] <TASK> [ 194.290137] drm_test_rect_calc_hscale+0x108/0x270 [ 194.290380] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 194.290595] ? __schedule+0x10da/0x2b60 [ 194.290866] ? __pfx_read_tsc+0x10/0x10 [ 194.291108] ? ktime_get_ts64+0x86/0x230 [ 194.291292] kunit_try_run_case+0x1a5/0x480 [ 194.291476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.291682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.291915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.292115] ? __kthread_parkme+0x82/0x180 [ 194.292316] ? preempt_count_sub+0x50/0x80 [ 194.292511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.292696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.292933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.293398] kthread+0x337/0x6f0 [ 194.293573] ? trace_preempt_on+0x20/0xc0 [ 194.293874] ? __pfx_kthread+0x10/0x10 [ 194.294061] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.294222] ? calculate_sigpending+0x7b/0xa0 [ 194.294382] ? __pfx_kthread+0x10/0x10 [ 194.294573] ret_from_fork+0x116/0x1d0 [ 194.294759] ? __pfx_kthread+0x10/0x10 [ 194.295059] ret_from_fork_asm+0x1a/0x30 [ 194.295273] </TASK> [ 194.295394] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 194.260209] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2949 [ 194.260750] Modules linked in: [ 194.261599] CPU: 1 UID: 0 PID: 2949 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 194.262287] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 194.262639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 194.263229] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 194.263476] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b ff 23 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 194.265142] RSP: 0000:ffff888102ba7c78 EFLAGS: 00010286 [ 194.265736] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 194.266621] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb8c64fc0 [ 194.267242] RBP: ffff888102ba7ca0 R08: 0000000000000000 R09: ffffed102061bb20 [ 194.267987] R10: ffff8881030dd907 R11: 0000000000000000 R12: ffffffffb8c64fa8 [ 194.268311] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102ba7d38 [ 194.268529] FS: 0000000000000000(0000) GS:ffff8881a050d000(0000) knlGS:0000000000000000 [ 194.268768] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.269419] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 194.270229] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9583 [ 194.270906] DR3: ffffffffbacb9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 194.271593] Call Trace: [ 194.271885] <TASK> [ 194.272202] drm_test_rect_calc_hscale+0x108/0x270 [ 194.272624] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 194.272816] ? __schedule+0x10da/0x2b60 [ 194.273042] ? __pfx_read_tsc+0x10/0x10 [ 194.273448] ? ktime_get_ts64+0x86/0x230 [ 194.273900] kunit_try_run_case+0x1a5/0x480 [ 194.274387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.274849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 194.275323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 194.275649] ? __kthread_parkme+0x82/0x180 [ 194.275833] ? preempt_count_sub+0x50/0x80 [ 194.276255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 194.276730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 194.277306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 194.277615] kthread+0x337/0x6f0 [ 194.277739] ? trace_preempt_on+0x20/0xc0 [ 194.278231] ? __pfx_kthread+0x10/0x10 [ 194.278645] ? _raw_spin_unlock_irq+0x47/0x80 [ 194.279133] ? calculate_sigpending+0x7b/0xa0 [ 194.279567] ? __pfx_kthread+0x10/0x10 [ 194.279890] ret_from_fork+0x116/0x1d0 [ 194.280053] ? __pfx_kthread+0x10/0x10 [ 194.280188] ret_from_fork_asm+0x1a/0x30 [ 194.280339] </TASK> [ 194.280426] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 193.543200] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 193.543304] WARNING: drivers/gpu/drm/drm_gem_shmem_helper.c:180 at drm_gem_shmem_free+0x3ed/0x6c0, CPU#0: kunit_try_catch/2754 [ 193.545202] Modules linked in: [ 193.545690] CPU: 0 UID: 0 PID: 2754 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 193.547174] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.547901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.548469] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 193.548657] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 3d c8 81 00 48 c7 c1 20 8f c1 b8 4c 89 f2 48 c7 c7 40 8b c1 b8 48 89 c6 e8 a4 63 6f fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 193.550637] RSP: 0000:ffff888105ba7d18 EFLAGS: 00010286 [ 193.551287] RAX: 0000000000000000 RBX: ffff888108c1d400 RCX: 1ffffffff7324aac [ 193.551955] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 193.552784] RBP: ffff888105ba7d48 R08: 0000000000000000 R09: fffffbfff7324aac [ 193.553354] R10: 0000000000000003 R11: 000000000004b308 R12: ffff888105582800 [ 193.553579] R13: ffff888108c1d4f8 R14: ffff888108c6d000 R15: ffff8881003c7b48 [ 193.554081] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 193.555088] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.555690] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 193.556774] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 193.557575] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.558495] Call Trace: [ 193.558607] <TASK> [ 193.558698] ? trace_preempt_on+0x20/0xc0 [ 193.559004] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 193.559302] drm_gem_shmem_free_wrapper+0x12/0x20 [ 193.559539] __kunit_action_free+0x57/0x70 [ 193.559758] kunit_remove_resource+0x133/0x200 [ 193.559999] ? preempt_count_sub+0x50/0x80 [ 193.560218] kunit_cleanup+0x7a/0x120 [ 193.560419] kunit_try_run_case_cleanup+0xbd/0xf0 [ 193.560646] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 193.560894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.561416] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.561634] kthread+0x337/0x6f0 [ 193.561915] ? trace_preempt_on+0x20/0xc0 [ 193.562239] ? __pfx_kthread+0x10/0x10 [ 193.562436] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.562663] ? calculate_sigpending+0x7b/0xa0 [ 193.563011] ? __pfx_kthread+0x10/0x10 [ 193.563239] ret_from_fork+0x116/0x1d0 [ 193.563486] ? __pfx_kthread+0x10/0x10 [ 193.563692] ret_from_fork_asm+0x1a/0x30 [ 193.564069] </TASK> [ 193.564242] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_framebuffer-at-drm_framebuffer_init
------------[ cut here ]------------ [ 193.402545] WARNING: drivers/gpu/drm/drm_framebuffer.c:870 at drm_framebuffer_init+0x49/0x8d0, CPU#0: kunit_try_catch/2735 [ 193.403525] Modules linked in: [ 193.404209] CPU: 0 UID: 0 PID: 2735 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 193.405648] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.406503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.407015] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 193.407623] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 193.408780] RSP: 0000:ffff888105bb7b20 EFLAGS: 00010246 [ 193.409325] RAX: ffff888105bb7ba8 RBX: ffff888105bb7c28 RCX: 1ffff11020b76f8e [ 193.409631] RDX: dffffc0000000000 RSI: ffff888105e2b000 RDI: ffff888105e2b000 [ 193.409931] RBP: ffff888105bb7b70 R08: ffff888105e2b000 R09: ffffffffb8c08d40 [ 193.410246] R10: 0000000000000003 R11: 00000000eaf48602 R12: 1ffff11020b76f71 [ 193.410667] R13: ffff888105bb7c70 R14: ffff888105bb7db8 R15: 0000000000000000 [ 193.411102] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 193.411546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.411977] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 193.412356] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 193.412742] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.413252] Call Trace: [ 193.413434] <TASK> [ 193.413588] ? trace_preempt_on+0x20/0xc0 [ 193.413863] ? add_dr+0xc1/0x1d0 [ 193.414032] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 193.414362] ? add_dr+0x148/0x1d0 [ 193.414543] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 193.414795] ? __drmm_add_action+0x1a4/0x280 [ 193.415143] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.415354] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.415607] ? __drmm_add_action_or_reset+0x22/0x50 [ 193.415899] ? __schedule+0x10da/0x2b60 [ 193.416128] ? __pfx_read_tsc+0x10/0x10 [ 193.416340] ? ktime_get_ts64+0x86/0x230 [ 193.416519] kunit_try_run_case+0x1a5/0x480 [ 193.416733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.416895] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.417266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.417724] ? __kthread_parkme+0x82/0x180 [ 193.417876] ? preempt_count_sub+0x50/0x80 [ 193.418127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.418529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.418774] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.419165] kthread+0x337/0x6f0 [ 193.419366] ? trace_preempt_on+0x20/0xc0 [ 193.419552] ? __pfx_kthread+0x10/0x10 [ 193.419757] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.420144] ? calculate_sigpending+0x7b/0xa0 [ 193.420496] ? __pfx_kthread+0x10/0x10 [ 193.420640] ret_from_fork+0x116/0x1d0 [ 193.420774] ? __pfx_kthread+0x10/0x10 [ 193.420935] ret_from_fork_asm+0x1a/0x30 [ 193.421158] </TASK> [ 193.421373] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 193.370614] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 193.370742] WARNING: drivers/gpu/drm/drm_framebuffer.c:833 at drm_framebuffer_free+0x13f/0x1c0, CPU#0: kunit_try_catch/2731 [ 193.372415] Modules linked in: [ 193.372691] CPU: 0 UID: 0 PID: 2731 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 193.373422] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 193.373615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.373904] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 193.374325] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 2b 06 89 00 48 c7 c1 e0 37 c0 b8 4c 89 fa 48 c7 c7 40 38 c0 b8 48 89 c6 e8 92 a1 76 fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 193.375141] RSP: 0000:ffff888105d3fb68 EFLAGS: 00010282 [ 193.375594] RAX: 0000000000000000 RBX: ffff888105d3fc40 RCX: 1ffffffff7324aac [ 193.375896] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 193.376373] RBP: ffff888105d3fb90 R08: 0000000000000000 R09: fffffbfff7324aac [ 193.376750] R10: 0000000000000003 R11: 0000000000049af8 R12: ffff888105d3fc18 [ 193.377073] R13: ffff888105ddb800 R14: ffff888105e29000 R15: ffff888103f1b580 [ 193.377463] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 193.377924] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.378233] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 193.378555] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 193.379056] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 193.379382] Call Trace: [ 193.379512] <TASK> [ 193.379653] drm_test_framebuffer_free+0x1ab/0x610 [ 193.379973] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 193.380350] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.380718] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 193.381407] ? __drmm_add_action_or_reset+0x22/0x50 [ 193.381664] ? __schedule+0x10da/0x2b60 [ 193.381994] ? __pfx_read_tsc+0x10/0x10 [ 193.382246] ? ktime_get_ts64+0x86/0x230 [ 193.382444] kunit_try_run_case+0x1a5/0x480 [ 193.382675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.383085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 193.383339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 193.383588] ? __kthread_parkme+0x82/0x180 [ 193.383799] ? preempt_count_sub+0x50/0x80 [ 193.383992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 193.384345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 193.384583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 193.384963] kthread+0x337/0x6f0 [ 193.385164] ? trace_preempt_on+0x20/0xc0 [ 193.385400] ? __pfx_kthread+0x10/0x10 [ 193.385555] ? _raw_spin_unlock_irq+0x47/0x80 [ 193.385765] ? calculate_sigpending+0x7b/0xa0 [ 193.385996] ? __pfx_kthread+0x10/0x10 [ 193.386225] ret_from_fork+0x116/0x1d0 [ 193.386369] ? __pfx_kthread+0x10/0x10 [ 193.386574] ret_from_fork_asm+0x1a/0x30 [ 193.386899] </TASK> [ 193.387265] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-driversgpudrmdrm_connector-at-drm_connector_dynamic_register
------------[ cut here ]------------ [ 192.128465] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#1: kunit_try_catch/2179 [ 192.129400] Modules linked in: [ 192.129745] CPU: 1 UID: 0 PID: 2179 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 192.131148] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.131728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.132496] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 192.132790] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 58 2b 02 48 89 df e8 68 [ 192.134514] RSP: 0000:ffff888104bcfc90 EFLAGS: 00010246 [ 192.134706] RAX: dffffc0000000000 RBX: ffff8881051ca000 RCX: 0000000000000000 [ 192.135209] RDX: 1ffff11020a39434 RSI: ffffffffb5e10188 RDI: ffff8881051ca1a0 [ 192.136050] RBP: ffff888104bcfca0 R08: 1ffff11020078f6a R09: ffffed1020979f65 [ 192.137101] R10: 0000000000000003 R11: ffffffffb5386fb8 R12: 0000000000000000 [ 192.137694] R13: ffff888104bcfd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 192.138326] FS: 0000000000000000(0000) GS:ffff8881a050d000(0000) knlGS:0000000000000000 [ 192.139216] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.139592] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 192.139863] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9583 [ 192.140606] DR3: ffffffffbacb9585 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.141353] Call Trace: [ 192.141692] <TASK> [ 192.141827] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 192.142373] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 192.143077] ? __schedule+0x10da/0x2b60 [ 192.143449] ? __pfx_read_tsc+0x10/0x10 [ 192.143594] ? ktime_get_ts64+0x86/0x230 [ 192.143735] kunit_try_run_case+0x1a5/0x480 [ 192.144014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.144544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.145108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.145606] ? __kthread_parkme+0x82/0x180 [ 192.146162] ? preempt_count_sub+0x50/0x80 [ 192.146651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.147002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.147470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.147662] kthread+0x337/0x6f0 [ 192.147818] ? trace_preempt_on+0x20/0xc0 [ 192.148321] ? __pfx_kthread+0x10/0x10 [ 192.148680] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.149222] ? calculate_sigpending+0x7b/0xa0 [ 192.149742] ? __pfx_kthread+0x10/0x10 [ 192.150235] ret_from_fork+0x116/0x1d0 [ 192.150512] ? __pfx_kthread+0x10/0x10 [ 192.150911] ret_from_fork_asm+0x1a/0x30 [ 192.151193] </TASK> [ 192.151286] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 192.049351] WARNING: drivers/gpu/drm/drm_connector.c:903 at drm_connector_dynamic_register+0xbf/0x110, CPU#0: kunit_try_catch/2171 [ 192.049830] Modules linked in: [ 192.050002] CPU: 0 UID: 0 PID: 2171 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 192.051181] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 192.051436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 192.052549] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 192.052906] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 58 2b 02 48 89 df e8 68 [ 192.053727] RSP: 0000:ffff88810430fc90 EFLAGS: 00010246 [ 192.054120] RAX: dffffc0000000000 RBX: ffff888104ad2000 RCX: 0000000000000000 [ 192.054395] RDX: 1ffff1102095a434 RSI: ffffffffb5e10188 RDI: ffff888104ad21a0 [ 192.054687] RBP: ffff88810430fca0 R08: 1ffff11020078f6a R09: ffffed1020861f65 [ 192.055164] R10: 0000000000000003 R11: ffffffffb5386fb8 R12: 0000000000000000 [ 192.055461] R13: ffff88810430fd38 R14: ffff8881003c7c58 R15: ffff8881003c7c60 [ 192.055726] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 192.056127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.056385] CR2: 00007ffff7ffe000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 192.056643] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 192.057046] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 192.057354] Call Trace: [ 192.057484] <TASK> [ 192.057616] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 192.057972] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 192.058525] ? __schedule+0x10da/0x2b60 [ 192.058735] ? __pfx_read_tsc+0x10/0x10 [ 192.058888] ? ktime_get_ts64+0x86/0x230 [ 192.059340] kunit_try_run_case+0x1a5/0x480 [ 192.059556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.059763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 192.060141] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 192.060392] ? __kthread_parkme+0x82/0x180 [ 192.060569] ? preempt_count_sub+0x50/0x80 [ 192.060758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 192.061062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 192.061293] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 192.061551] kthread+0x337/0x6f0 [ 192.061722] ? trace_preempt_on+0x20/0xc0 [ 192.061978] ? __pfx_kthread+0x10/0x10 [ 192.062124] ? _raw_spin_unlock_irq+0x47/0x80 [ 192.062292] ? calculate_sigpending+0x7b/0xa0 [ 192.062585] ? __pfx_kthread+0x10/0x10 [ 192.062771] ret_from_fork+0x116/0x1d0 [ 192.063211] ? __pfx_kthread+0x10/0x10 [ 192.063415] ret_from_fork_asm+0x1a/0x30 [ 192.063611] </TASK> [ 192.063716] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 120.721026] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#0: kunit_try_catch/707 [ 120.721767] Modules linked in: [ 120.722111] CPU: 0 UID: 0 PID: 707 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 120.722567] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 120.723185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.723538] RIP: 0010:intlog10+0x2a/0x40 [ 120.723746] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 120.724747] RSP: 0000:ffff88810a797cb0 EFLAGS: 00010246 [ 120.725215] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff110214f2fb4 [ 120.725630] RDX: 1ffffffff71534a8 RSI: 1ffff110214f2fb3 RDI: 0000000000000000 [ 120.725921] RBP: ffff88810a797d60 R08: 0000000000000000 R09: ffffed1020d1e740 [ 120.726346] R10: ffff8881068f3a07 R11: 0000000000000000 R12: 1ffff110214f2f97 [ 120.726612] R13: ffffffffb8a9a540 R14: 0000000000000000 R15: ffff88810a797d38 [ 120.726927] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 120.727255] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.727500] CR2: dffffc0000000000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 120.727784] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 120.728305] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.728636] Call Trace: [ 120.728799] <TASK> [ 120.729089] ? intlog10_test+0xf2/0x220 [ 120.729289] ? __pfx_intlog10_test+0x10/0x10 [ 120.729483] ? __schedule+0x10da/0x2b60 [ 120.730545] ? __pfx_read_tsc+0x10/0x10 [ 120.731005] ? ktime_get_ts64+0x86/0x230 [ 120.731279] kunit_try_run_case+0x1a5/0x480 [ 120.731478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.731705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.731983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.732427] ? __kthread_parkme+0x82/0x180 [ 120.732646] ? preempt_count_sub+0x50/0x80 [ 120.733055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.733317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.733621] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.734048] kthread+0x337/0x6f0 [ 120.734273] ? trace_preempt_on+0x20/0xc0 [ 120.734494] ? __pfx_kthread+0x10/0x10 [ 120.734679] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.735197] ? calculate_sigpending+0x7b/0xa0 [ 120.735437] ? __pfx_kthread+0x10/0x10 [ 120.735613] ret_from_fork+0x116/0x1d0 [ 120.735789] ? __pfx_kthread+0x10/0x10 [ 120.736172] ret_from_fork_asm+0x1a/0x30 [ 120.736366] </TASK> [ 120.736520] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 120.679300] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#0: kunit_try_catch/689 [ 120.680531] Modules linked in: [ 120.680702] CPU: 0 UID: 0 PID: 689 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) [ 120.681839] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 120.682665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 120.683707] RIP: 0010:intlog2+0xdf/0x110 [ 120.684194] Code: a9 b8 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 d2 99 92 02 90 <0f> 0b 90 31 c0 e9 c7 99 92 02 89 45 e4 e8 0f 48 55 ff 8b 45 e4 eb [ 120.685364] RSP: 0000:ffff88810a85fcb0 EFLAGS: 00010246 [ 120.685734] RAX: 0000000000000000 RBX: ffff8881003c7ae8 RCX: 1ffff1102150bfb4 [ 120.686388] RDX: 1ffffffff71534fc RSI: 1ffff1102150bfb3 RDI: 0000000000000000 [ 120.686702] RBP: ffff88810a85fd60 R08: 0000000000000000 R09: ffffed1020d1e620 [ 120.687485] R10: ffff8881068f3107 R11: 0000000000000000 R12: 1ffff1102150bf97 [ 120.688059] R13: ffffffffb8a9a7e0 R14: 0000000000000000 R15: ffff88810a85fd38 [ 120.688284] FS: 0000000000000000(0000) GS:ffff8881a040d000(0000) knlGS:0000000000000000 [ 120.688523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.688702] CR2: dffffc0000000000 CR3: 000000004bcbc000 CR4: 00000000000006f0 [ 120.689342] DR0: ffffffffbacb9580 DR1: ffffffffbacb9581 DR2: ffffffffbacb9582 [ 120.690073] DR3: ffffffffbacb9583 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 120.690702] Call Trace: [ 120.691153] <TASK> [ 120.691405] ? intlog2_test+0xf2/0x220 [ 120.691808] ? __pfx_intlog2_test+0x10/0x10 [ 120.692369] ? __pfx_intlog2_test+0x10/0x10 [ 120.692693] kunit_try_run_case+0x1a5/0x480 [ 120.693116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.693538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 120.693707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 120.694131] ? __kthread_parkme+0x82/0x180 [ 120.694562] ? preempt_count_sub+0x50/0x80 [ 120.695142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 120.695473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 120.695659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 120.696079] kthread+0x337/0x6f0 [ 120.696458] ? trace_preempt_on+0x20/0xc0 [ 120.696981] ? __pfx_kthread+0x10/0x10 [ 120.697437] ? _raw_spin_unlock_irq+0x47/0x80 [ 120.697805] ? calculate_sigpending+0x7b/0xa0 [ 120.698236] ? __pfx_kthread+0x10/0x10 [ 120.698383] ret_from_fork+0x116/0x1d0 [ 120.698520] ? __pfx_kthread+0x10/0x10 [ 120.698654] ret_from_fork_asm+0x1a/0x30 [ 120.698995] </TASK> [ 120.699207] ---[ end trace 0000000000000000 ]---
Failure - kunit/test_mb_mark_used_cost_ext4_mballoc_test
<8>[ 247.994297] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_ext4_mballoc_test RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_test_mb_mark_used_cost
<8>[ 247.892087] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_test_mb_mark_used_cost RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.793347] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits16cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.688988] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits12cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64
<8>[ 247.587139] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=test_mb_mark_used_cost_block_bits10cluster_bits3blocks_per_group8192group_count4desc_size64 RESULT=fail>
Failure - kunit/_test_mark_diskspace_used
<8>[ 247.486684] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_test_mark_diskspace_used RESULT=fail> _test_mark_diskspace_used fail